Cyber Incident Victim: New Jersey City University

New Jersey City University experienced a cybersecurity breach between June 4 and June 10, 2024, during which hackers infiltrated the institution’s network and potentially copied sensitive files. The attack caused a system-wide outage that disrupted campus operations, though services were restored to normal functionality following the incident. University administrators confirmed the compromised data included personally identifiable information of approximately 6,000 students, faculty, and staff, encompassing names, Social Security numbers, driver’s license details, financial account numbers, and credit card information. Attackers demanded a $700,000 ransom, a figure characterized by cybersecurity expert Scott Schober as financially burdensome for the cash-strapped institution. The breach highlighted the growing targeting of universities, with Schober noting a 35% annual increase in such attacks and emphasizing the high value of academic data due to its combination of identity and financial details ideal for exploitation.

NJCU initiated response measures by preparing notification emails to potentially affected individuals, offering free identity monitoring services, and establishing a dedicated assistance line for those fearing identity theft. The university did not disclose whether the ransom was paid or specify technical details about the attack methodology or data exfiltration scope beyond the confirmed copying of files. The incident occurred against a backdrop of documented financial instability at NJCU, including state oversight of its efforts to address millions in debt. No additional threat actor claims, forensic findings, or regulatory investigations were cited in the disclosure. Impacted parties were directed to contact the university directly for support, with no public mention of law enforcement involvement or long-term security enhancements at the time of reporting.