Baker University Data Breach Exposes Personal Information of Over 50,000 Individuals

Baker University reported that a data security incident last year resulted in the exposure of sensitive personal information belonging to more than 50,000 individuals.

 

Baker University, a private liberal arts institution affiliated with the Methodist tradition, is based in Baldwin City, Kansas. It provides undergraduate, graduate, and doctoral programs that emphasise interdisciplinary study and a commitment to serving a diverse student population through on-campus and online learning options.

 

In a filing with the Office of Maine Attorney General, Baker University said that in December 2024, it identified unauthorised activities within its internal network. University authorities immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The investigation determined there was unauthorised access and/or acquisition of certain files and folders within our network between December 2, 2024, and December 19, 2024,” Baker University said. 

 

The compromised data included names, Social Security numbers, and financial account information. The filing with the Maine state regulator also states that the University has identified at least 53,624 individuals impacted by the incident.

 

“Upon becoming aware of this incident, we immediately took steps to confirm the security of our environment. We reviewed existing security policies and implemented additional measures to further protect against similar incidents moving forward,” the University added.

 

Baker University has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the ransomware attack on Baker University. The institution also did not share details on who was behind the cyber attack, how much data was compromised, or whether it has received a ransom demand.