A weird text from my dad in February sent me on a months-long quest to solve a mystery that has been troubling an odd group of victims from a Columbia University data breach last year. That group? People with absolutely no connection to the school.
The text included a photo of a letter from Columbia, informing me that I was a victim of a data breach last June, one that exposed a wide range of sensitive information, including 1.8 million Social Security numbers.
Columbia’s public notices about the breach were addressed exclusively to “members of the Columbia community.” In the notices, Columbia warned that an “unauthorized party obtained information about students and applicants related to admissions, enrollment, and financial aid processes, as well as certain personal information associated with some Columbia employees.” Major news reports that followed only referenced people affiliated with Columbia as victims, while pointing out that the hacktivist behind the breach was reportedly motivated to expose Columbia’s history of “affirmative action-based” admissions.
