While students were enjoying their weekend, hackers infiltrated NYU’s website on March 22, 2025, releasing a trove of private admissions data for over 3 million applicants dating back to 1989. The attack lasted only two hours, but that was plenty of time to cause massive damage. The hackers, apparently not fans of subtlety, replaced NYU’s homepage with charts and graphs showcasing admissions statistics by race.
Four CSV files containing sensitive information were just sitting there, openly accessible to anyone with an internet connection. Names, test scores, zip codes, family details, financial aid information—all out in the open. Great job securing that data, NYU. The breach affected both accepted and rejected applicants over a 36-year period. Talk about a long-term privacy nightmare.
NYU’s idea of data security: leave millions of sensitive records in plain sight, then act surprised when disaster strikes.
The hackers, who previously targeted the University of Minnesota in 2023, claimed they wanted to “prove they’re breaking the law” regarding admissions practices in the post-affirmative action era. Their displayed data suggested Asian students had the highest average test scores, followed by white students who boasted the highest GPAs. Hispanic and Black students reportedly had lower average scores. This hack comes after NYU had seen a significant drop in minority enrollment following the Supreme Court’s affirmative action ruling in 2023. Nothing like airing an institution’s dirty laundry to make a political point.
NYU officials confirmed the “malicious hack” and notified law enforcement immediately. They regained control of their website by noon but the damage was already done. The university is now reviewing security protocols and advising applicants to watch for signs of identity theft. The exposed data included sensitive citizenship status of applicants, adding another layer of potential vulnerability for international students. A bit late for that advice, no? With the average cost of a data breach reaching 2.98 million dollars, NYU could face devastating financial consequences beyond just reputational damage.
A class action lawsuit investigation is already underway, with potential violations of the Family Educational Rights and Privacy Act being examined. Affected individuals might receive compensation for their loss of privacy.
The breach has ignited fresh debate about both data security in educational institutions and the controversial environment of college admissions after the Supreme Court’s affirmative action ruling. One thing’s certain—trust in universities just took another hit.
