What happened
Baker University, a private institution in Baldwin City, Kansas, has disclosed a data breach dating back to December 2024, in which attackers gained unauthorized access to its network and exfiltrated sensitive personal, financial, and health data. The breach occurred between December 2 and December 19, 2024 and was uncovered following a network outage. The university’s investigation concluded that files containing personally identifiable information (PII) and protected health information (PHI) were accessed.
Who is affected
The breach affects 53,624 individuals affiliated with Baker University, including students, staff and others whose data was stored on the compromised systems. Information potentially exposed includes names, dates of birth, driver’s license numbers, Social Security numbers, financial account data, health insurance and medical information, passport details, student and tax identification numbers.Â
Baker University President Jody Fournier confirmed the incident and noted that the institution has been working with external cybersecurity experts in response.
Why CISOs should care
This incident underscores persistent risks even in smaller higher education environments: threat actors continue to target institutions of all sizes for comprehensive identity datasets. Higher education networks often contain mixed sensitive data that can be highly valuable to attackers. The breach also highlights extended dwell time, as the compromise went undetected for weeks, and the need for robust detection and response capabilities.
3 Practical Actions for CISOs
- Enhance Detection and Monitoring: Ensure advanced network monitoring and threat detection tools are in place to shorten dwell time. Prioritize anomaly detection for lateral movement and unusual data access patterns.
- Segment and Protect Sensitive Data: Review and strengthen access controls and network segmentation, particularly where PII and PHI coexist, to limit blast radius in case of compromise.
- Review Incident Response Plans: Update and test incident response and communication plans regularly, including coordination with external incident response partners and timely regulatory reporting.