FBI Investigating University of Rochester Data Breach

The New York school says the data breach resulted from a software vulnerability in a product provided by a third-party file transfer company.

FBI Investigating University of Rochester Data Breach

Photo: Rawpixel.com, Adobe Stock

ROCHESTER, N.Y. — The FBI is working with the University of Rochester and an outside data forensic firm to investigate a data breach disclosed by the school last week.

According to a statement issued by the school on June 2, the data breach resulted from a software vulnerability in a product provided by a third-party file transfer company and has impacted approximately 2,500 organizations worldwide. A university spokesperson said it messaged all students and employees on Friday to inform them of the breach.

“At this time, we believe faculty, staff, and students could be impacted, but we do not yet know the full scope of the impact to University community members or which personal data was accessed, as the investigation is ongoing,” the statement reads. “We will provide updates as soon as available.”

The school urges faculty, staff, students, and dependents to take steps to protect their personal information, such as changing passwords, implementing two-factor or multi-factor authentication, and checking credit card and bank records. It also recommends anyone who notices suspicious activity on their personal or campus-related accounts contact financial institutions and credit monitoring agencies.

Data breaches continue to impact nearly all business sectors. According to a 2022 report from the Identity Theft Resource Center, there were 1,802 data breaches worldwide exposing the data of tens of millions.

Experian, a credit-rating agency, reported last fall there were 5.8 million instances of fraud complaints in 2021 — up nearly one-fifth from the year prior. Additionally, financial losses increased 77% to $6.1 billion, and consumer identity theft complaints totaled around 1.43 million.

Cybercriminals are also changing and escalating their tactics. In Dec. 2022, a hacker group that gained access to Knox College’s student data began emailing students directly with their ransom demands. The message claimed the hackers had personal data, including Social Security numbers, medical records, and psychological assessments. The group said it would sell the stolen information online if demands weren’t met.

On March 7, a ransomware gang released stolen data from Minneapolis Public Schools (MPS) after it refused to pay a ransom. Many of the files outlined campus rape cases, child abuse inquiries, student mental health crises, and suspension reports. The data breach also exposed campus security map documents, including specific locations of campus surveillance cameras.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Amy is Campus Safety’s Executive Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy has many close relatives and friends who are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ