Monroe University, a New York-based for-profit university, suffered a cyberattack between December 9 and December 23, 2024, in which threat actors exfiltrated data on 320,973 individuals — including students, staff, and associated individuals. The breach was not discovered until September 30, 2025, a gap of nine months. Data stolen included names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, government IDs, medical details, health insurance information, student records, passwords, and financial account details. The responsible group was not publicly named. Monroe University (formerly Monroe College) had previously suffered a ransomware attack in 2019 where attackers demanded 170 bitcoin.