Monroe University has confirmed that hackers stole personal, financial, and health information of more than 320,000 people after breaking into its systems during a cyberattack in December 2024.
Founded in 1933 as a secretarial school in the Bronx, Monroe University is now a private institution serving over 9,000 students each year. It operates campuses in New York, including the Bronx and New Rochelle, as well as in the Caribbean nation of Saint Lucia.
According to data breach notifications submitted to the Office of the Maine Attorney General, the attackers had unauthorized access to the university’s network for about two weeks, from December 9 to December 23, 2024.
After reviewing the stolen files, Monroe University confirmed in September 2025 that the breach affected exactly 320,973 individuals. In an official statement, the university said it discovered on September 30, 2025, that the compromised files contained personal information belonging to certain individuals.
The exposed data varied depending on the person but may have included names, dates of birth, Social Security numbers, driver’s license numbers, passport details, government identification numbers, medical and health insurance information, email usernames and passwords, financial account information, and student records.
The university began sending written notification letters on January 2 to those affected by the breach. In these letters, Monroe University advised individuals to carefully monitor their credit reports and financial statements for signs of fraud or identity theft.
To help reduce the risk of misuse, the university is offering one year of free credit monitoring services through Cyberscout. This service alerts users to changes in their credit files and potential suspicious activity.
When contacted for additional details about the incident, a Monroe University spokesperson was not immediately available to comment.
This is not the first time the institution has been targeted by cybercriminals. When it was still known as Monroe College, the school suffered a ransomware attack in which attackers demanded 170 bitcoins, worth around two million dollars at the time, in exchange for a decryption tool.
The Monroe University incident is part of a growing wave of cyberattacks targeting U.S. universities. In recent months, the University of Hawaii disclosed that its Cancer Center was breached during a ransomware attack in August 2025.
Baker University also reported a data breach in December, revealing that hackers who accessed its network in 2024 stole personal, health, and financial data of more than 53,000 people.
Several major universities, including Harvard University, Princeton University, and the University of Pennsylvania, have also been hit by voice phishing attacks since October. These incidents led to the theft of data belonging to donors, staff, students, and alumni from compromised systems.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
In addition, the Clop ransomware group breached Oracle E-Business Suite platforms used by Harvard University and the University of Pennsylvania, stealing personal and financial data from students, employees, and suppliers.
