University of Dallas discloses 2025 data breach that impacted student data

The University of Dallas said it suffered a serious cyber security incident in August 2025 that compromised the personal, financial and health information of thousands of individuals.

 

The university said in a data security incident notice published on its website this week that it suffered unauthorised access to its computer environment over a ten-day period in August 2025 that enabled threat actors to steal detailed personal data records of thousands of individuals.

 

The university said that after detecting suspicious activity in its IT network, it conducted a thorough investigation with help from third party cyber security specialists and determined that threat actors gained access to some of its systems between August 11 and August 20, 2025.

 

"In response to this event, we took immediate steps to secure our environment and completed a thorough and comprehensive investigation with the assistance of third-party cybersecurity and data privacy specialists. Additionally, UD promptly notified law enforcement," it said.

 

University of Dallas said the threat actors accessed vast amounts of data records, including names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, digital signatures, U.S. alien registration numbers, other government identification numbers and financial account information of individuals.

 

The data breach also affected individuals associated with the U.S. armed forces, as the breached data included military identification numbers. The threat actors were also able to access individuals’ healthcare information such as their medical information and health insurance information.

 

The university did not disclose the number of affected individuals in its press release, but revealed in a regulatory notification filed with the Office of the Attorney General of Texas that the data security incident compromised the data of 7,313 residents of the state of Texas. The data breach may also have affected thousands of individuals residing in other U.S. states of abroad.

 

"We are reviewing existing security policies and have implemented additional cybersecurity measures to limit the likelihood of a similar event. We are also notifying potentially impacted individuals, including you, so they may take steps to best protect their information, should they feel it is appropriate to do so," the university added.

 

University of Dallas is now advising all affected individuals to obtain a free copy of their credit reports to monitor signs of fraudulent activity and place a one year fraud alert on their credit files if they believe their data has been misused. Affected individuals can also place a credit freeze on their accounts, ensuring that banks and financial institutions will not be able to provide credit, loans, and services without obtaining their consent.

 

At the time of reporting, no cyber crime group has claimed responsibility for the cyber attack on the University of Dallas. The university has also not mentioned if it has been able to identity the attackers or whether it had received a ransom note after the attack took place.