Cyber Attack on Monroe University Exposes Personal Data of Over 320,000 People

New York-based Monroe University reported that in December 2024, cyber criminals infiltrated its internal systems, compromising and gaining access to the personal information of more than 320,000 individuals.

 

Founded in 1933 as a secretarial school in the Bronx, Monroe University has grown into a private institution serving more than 9,000 students annually across campuses in the Bronx and New Rochelle, New York, as well as in the Caribbean nation of Saint Lucia.

 

In a data security incident notice filed with the Office of Maine Attorney General, Monroe University reported that on September 30, 2025, it detected unauthorised access within its internal network.

 

The University immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to secure the affected systems including taking them offline and notified relevant law enforcement authorities about the same.

 

“Based on the results of the investigation, we believe the unauthorised party had access to certain Monroe systems between December 9, 2024, and December 23, 2024, and acquired copies of some files on our network during that time,” officials of Monroe University said.

 

The compromised data included names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, government identification numbers, medical information, health insurance information, electronic account or email usernames and passwords, financial account information, and student data.

 

The filing with the Maine state regulator also states that Monroe University has identified at least 320,973 individuals impacted by the incident. 

 

While the University found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.