Baker University says 2024 data breach impacts 53,000 people
by Sergiu Gatlan · BleepingComputerBaker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals.
Founded in 1858, Baker University is a private university in Baldwin City, Kansas, with nearly 2,000 enrolled students (1,457 undergraduates) and over 300 employees.
The school detected suspicious activity on its network after a December 2024 outage and found that attackers had access to its systems from December 2 to 19, stealing sensitive documents.
"Through this review, Baker University determined that information which may have been involved included data related to those affiliated with Baker University," it said in a breach notification letter shared on the school's website.
"Although the information varied by individual, the information includes name, date of birth, Driver's license number, financial account information, health insurance information, medical information, passport information, Social Security number, student identification number, and tax identification number."
In a filing with the Office of the Maine Attorney General, Baker University revealed that the resulting data breach impacts 53,624 individuals.
While the school said it found no evidence that the information was used for fraudulent activities, it is now offering free credit monitoring services to those affected and encourages potentially affected individuals to regularly check their account statements and credit reports for suspicious activity.
"The confidentiality, privacy, and security of our Baker community's personal information is one of our university's highest priorities," said Baker University president Jody Fournier. "Our team has been working alongside an external team of experts at a cyber security firm since the incident and has rebuilt one of our primary platforms that was compromised during the cyber incident."
The university has yet to share the nature of the attack and attribute the incident to a specific cybercrime operation or state-backed threat group.
Several other U.S. universities have also been breached in voice phishing attacks since late October, with Harvard University, Princeton University, and the University of Pennsylvania disclosing that their development and alumni activities systems were hacked to steal the personal information of students, alumni, donors, and staff.
The Clop ransomware gang also breached Harvard University and the University of Pennsylvania in a data theft campaign that exploited a zero-day vulnerability in their Oracle E-Business Suite (EBS) financial platforms to steal sensitive personal and financial data belonging to students, staff, and suppliers.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.