Baker University Data Breach: Attackers Stole Personal, Health, and Financial Data of 53,000

Baker University has disclosed a major data breach, revealing that attackers infiltrated its network for over two weeks in December 2024 and stole the sensitive personal, health, and financial information of more than 53,000 individuals. The breach, detected following a network outage, exposes a significant cache of data belonging to students, employees, and others affiliated with the private Kansas institution.

The attackers maintained unauthorized access to the university's systems from December 2 to December 19, 2024, during which they exfiltrated sensitive documents. The breach notification confirms the compromised data includes information related to those affiliated with Baker University, a school with nearly 2,000 enrolled students and over 300 employees. The incident underscores a critical failure in network security that allowed threat actors to operate undetected for an extended period.

This breach places over 53,000 individuals at heightened risk of identity theft, financial fraud, and medical privacy violations. The exposure of health and financial data, in particular, raises severe compliance and liability questions under regulations like HIPAA. The year-long gap between the intrusion and public disclosure also prompts scrutiny of the university's incident response and transparency protocols, potentially damaging institutional trust and triggering regulatory investigations.