On Saturday, the hacker replaced the NYU homepage with charts and links to large student datasets categorizing standardized testing scores based on race. The hacker claimed personal information identifying students was redacted but linked to four different datasets that included personal information on NYU applicants, their citizenship status and more.
Cybersecurity expert Zack Ganot, who helps run DataBreach.com, said the hacker did not redact the information correctly and leaked the personal information of more than one million people. The data exposed includes full names, addresses, phone numbers, grade point averages, email addresses, and more.
Ganot uploaded the information to his platform, which will allow students to search their names to see if they are impacted. NYU’s school newspaper reported the hackers exposed over 3 million applicants’ names, test scores, majors, zip codes, and information on financial aid dating back to at least 1989.
NYU spokesperson John Beckman told Recorded Future News the school’s IT team is working with a cybersecurity consultant to “complete their review of the incident so that NYU, in accordance with applicable law, can provide notice to anyone whose personal information was subject to unauthorized access in connection with this incident.”
“On March 22, someone accessed NYU’s IT systems without authorization and took control of the systems that direct web traffic to NYU’s website,” Beckman said.
“The University responded immediately, working with a cybersecurity specialist consultant to regain control of the system and redirect traffic back to its real website in less than three hours. We promptly reported the incident to law enforcement authorities.”
Beckman did not respond to requests for comment about whether the hacker was identified or how many students may be impacted.
The hacker claimed to be part of a group called “Computer Niggy Exploitation” — which previously attacked the University of Minnesota and leaked 7 million Social Security numbers and other information on current and former students at the school.
The cybercriminal claims these attacks are in response to the Supreme Court decision in 2023 striking down affirmative action — with the goal of proving that schools are not abiding by the ruling by continuing to admit Black and Latino students.
NYU’s student newspaper noted that despite the claims made by the hacker, the number of Black and Latino students at the school did fall significantly after the Supreme Court ruling.
“Even if the hacker meant to highlight illegal discrimination, leaking the personal data of over a million people is reckless,” Ganot explained. “The collateral damage is real — and the privacy consequences for over 1 million people won’t just disappear after the headlines fade.”
