Amid the ongoing political row with the Trump administration, Columbia University has suffered a sophisticated cyber attack by a politically motivated hacktivist who copied student data.
The attack also locked students and staff out of their email accounts and education software, while a smiling picture of President Donald Trump appeared on some computer screens.
Columbia University is at loggerheads with the Trump administration over its handling of the pro-Palestine protests, sometimes organized by foreign students and alumni on student visas.
Trump has repeatedly urged Columbia and other universities to act and address the protests, which some believe are fueling anti-semitism across American higher learning institutions.
However, some universities have declined to crack down on the disruptive protests, often citing the freedom of expression. This has prompted the Trump administration to threaten to withdraw federal funding for the Ivy League colleges, with hundreds of billions of dollars already pulled away from Harvard University.
However, unlike some elite universities that have taken a strong stance in support of the protests, Columbia is negotiating with Trump on how to address the issue amicably.
Sophisticated political hacktivist compromised Columbia University student data
Columbia University has confirmed that the cyber attack, which it attributed to a “sophisticated” hacktivist, leaked student data.
“We now have initial indications that the unauthorized actor also unlawfully stole data from a limited portion of our network,” the university stated.
The elite university also claimed the attack had the hallmarks of a political campaign, which was further supported by the display of Trump’s picture across computer screens.
In March, a politically motivated hacktivist breached New York University and exfiltrated gigabytes of student data to prove that the top-tier institution was violating the Supreme Court’s ruling against race-based admissions.
However, NYU claimed that the hacktivist had cherry-picked the stolen student data to prop up their baseless claim and that the institution had fully complied with the Supreme Court ruling.
Meanwhile, the nature of the student data the hacktivist stole from Columbia University remains under investigation, as well as the number of students affected.
“We are investigating the scope of the apparent theft and will share our findings with the University community as well as anyone whose personal information was compromised,” the university stated.
However, Bloomberg reported that the hacktivist stole Social Security Numbers (SSNs), citizenship documents, university-issued ID numbers, application decisions, employee salaries, and other sensitive records.
Politically motivated cyber attack
A university official also stated that the stolen records appeared to be critical to the hacktivist’s political agenda. Bloomberg also reported that the attacker confirmed stealing 1.6 gigabytes of data and stated their motive was to check if Columbia had complied with the Supreme Court ruling against affirmative action. They also claimed to have spent more than two months trying to infiltrate Columbia’s network.
With over 2.5 million application records stolen, the student data could also be used to expose some of the protest leaders, some of whom attended the beleaguered universities on scholarships.
Similarly, the attacker could use the data to determine whether the institution was making race-based hiring decisions under the diversity, equity, and inclusion (DEI) policy, which President Trump banned through an executive order.
Ironically, threat actors hardly take credit for politically motivated cyber attacks, especially if they occur on U.S. soil, to avoid political backlash and potential prosecution, as political hacks are unlikely to be treated differently.
Meanwhile, Columbia says it engaged external cybersecurity experts to address the cyber attack and has implemented additional security measures to prevent a similar incident.
The University also confirmed that the Irving Medical Center was not impacted, and therefore, highly sensitive patient data was not compromised.
