NYU website defaced as hacker leaks info on a million students

• The NYU website was recently defaced to show data alleging racism in the university
• The files exposed sensitive information on millions of students
• The university's IT team mitigated the attack within three hours

A hacking group calling itself “Computer Niggy Exploitation” has struck the website of New York University (NYU) in an attempt to expose the university’s alleged racism - but has also exposed sensitive information on millions of NYU applicants.

The NYU website was defaced, and instead of the usual homepage, displayed three charts showing what the group claims to be NYU’s average admitted SAT scores, ACT scores, and GPAs for the 2024-2025 cycle.

The group reminded that the Supreme Court killed “affirmative action” back in 2023, but the NYU “continued anyway”, and that the data shows that the average admitted test scores and GPAs for Asian and Caucasian applicants were higher, compared to Hispanic and Black applicants.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Sensitive data leaks

Affirmative action is a policy designed to promote opportunities for historically marginalized groups, particularly in education and employment, by considering factors like race or gender in admissions and hiring decisions.

In the US, the Supreme Court effectively ended race-based affirmative action in college admissions on June 29, 2023, with its ruling in Students for Fair Admissions v. Harvard and Students for Fair Admissions v. University of North Carolina.

But here is where it gets even worse. The four CSV files that were accessible on the website revealed NYU admissions data since 1989, including 3 million admitted students’ applications, demographic data, city, zip codes, and citizenships. Furthermore, the CSVs also showed Common Application data with information such as rejected students, financial aid, Early Decision students, and information on siblings and parents.

The Record says that the group tried to redact the files so that the students couldn’t be identified, but failed, according to Zack Ganot, one of the people running DataBreach.com. Full names, addresses, phone numbers, grade point averages, email addresses, were all exposed.

Ganot uploaded the database to his platform, allowing students to check if their information leaked. More details can be found here.

The defacement lasted for approximately two hours, after which the university’s IT team managed to regain control.

You might also like

• Massive online data breach sees 2.7 billion records leaked - here's what we know
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app