Columbia University Applicant Data Stolen in Politically Motivated Attack ⇥ theverge.com

Cameron Fozi, Bloomberg:

Personal information about Columbia University students and applicants — including whether they were accepted or rejected by the school — has been stolen, according to a Bloomberg News review of data provided by a person who claimed to have hacked the school in June.

[…]

The alleged hacker, speaking via text and claiming to work alone, said they sought to acquire information about university applications that would suggest a continuation of affirmative action policies in Columbia’s admissions, following a 2023 Supreme Court decision that effectively barred the practice. The Columbia official said the school’s admissions processes are compliant with the Supreme Court decision.

Elizabeth Lopatto, the Verge:

And yet, there has been precious little reporting on the Columbia hack. Wired hasn’t covered it, and, until this story, neither has The Verge. Nor have The Chronicle of Higher Education, CyberScoop, 404 Media, TechCrunch, or Krebs on Security. These — including The Verge — are small to medium-size entities, and there’s any number of possible reasons why they didn’t pick it up. (On our end, it was partly because we were short-staffed during a national holiday, and partly because we didn’t immediately piece together how extraordinary this particular hack is.) But coverage at the much bigger, well-resourced institutions is also scanty. The Wall Street Journal passed on the story. Reuters has a brief on the initial outage; AP has a short write-up as well, which The Washington Post ran as part of their syndication deal.

The most extensive reporting comes from Bloomberg and The New York Times.

It is remarkable how little — and, from the Times in particular, how poor — coverage is of this attack. According to Fozi, the same person has claimed responsibility for two other politically motivated university data breaches. That is an interesting story.