A hacker hijacked New York University’s (NYU) website on Saturday morning, leaking highly sensitive admissions data for more than 3 million applicants spanning over three decades.
The breach, which lasted approximately two hours, also included accusations that NYU has continued to factor race into its admissions decisions despite the U.S. Supreme Court’s 2023 ban on affirmative action.
The attack was first noticed around 10:30 a.m. on March 22, when a Reddit user reported that NYU.edu had been redirected to a GitHub-hosted page. The unauthorized page displayed three statistical charts purportedly showing average SAT, ACT, and GPA scores for NYU’s 2024–25 admitted class, suggesting disparities along racial lines. Below the visuals were links to four downloadable CSV files containing admissions records stretching back to at least 1989. These files included names, demographic details, standardized test scores, financial aid records, family information, and even data on rejected and Early Decision applicants.
In a public statement posted to X, NYU confirmed that “malicious hackers took control of the systems that display NYU’s web presence and redirected traffic” to a page created by the attackers. The university emphasized that its IT team responded “immediately,” and by noon, the defacement had been removed and the official site restored. NYU stated that law enforcement has been notified and will be working closely with the university on the ongoing investigation.
The breach appears to be the work of a group using the pseudonym “Computer Niggy Exploitation,” which also claimed responsibility for a similar data leak at the University of Minnesota in July 2023. That incident exposed over 7 million Social Security numbers, prompting a class-action lawsuit. At NYU, while no SSNs were reportedly included in the exposed data, the scope of compromised personal and academic information poses a significant risk of identity theft and other forms of misuse.
Founded in 1831, New York University is one of the largest private universities in the United States, with over 60,000 students enrolled across undergraduate and graduate programs. Its central Manhattan location and global academic reputation make it a high-profile target in an era of increasing politically and ideologically motivated cyberattacks on academic institutions.
Reddit users and cybersecurity enthusiasts analyzing the incident suggested it was likely a DNS hijacking attack — possibly achieved via a registrar account compromise or manipulation of DNS records. During the attack, www.nyu.edu resolved to dsvdfvx64.github.io, a GitHub-hosted page where the stolen data was temporarily made available. WHOIS records confirmed NYU’s ownership remained intact, further pointing to DNS-level manipulation rather than a full infrastructure breach.
The hacker’s stated motive was to highlight what they framed as racial discrepancies in NYU’s admissions process. They alleged that the average GPAs and test scores of Black and Hispanic students admitted for the 2024–25 cycle were lower than those of white and Asian applicants.
Law firms working with ClassAction.org have launched an investigation into whether a class action lawsuit is warranted. Individuals who applied to NYU and whose information was compromised are being asked to come forward.
Remote Access Backdoor Discovered in Chinese Robot Dog Unitree Go1
Leave a Reply