Organisation: Baker University
Incident date: December 2–19, 2024
Nature of incident: Unauthorized access and data theft
Status: Confirmed
Reported by: Baker University; Office of the Maine Attorney General
Baker University has confirmed a data breach following unauthorized access to its network in December 2024, resulting in the theft of personal, health, and financial information linked to 53,624 individuals. The incident became public on December 23, 2025, after a formal notice on the university’s website and a filing with the Office of the Maine Attorney General.
According to Baker University’s data security notice, suspicious activity in December 2024 led to a network outage and an internal investigation. Forensic review determined that attackers accessed and exfiltrated files and folders between December 2 and December 19, 2024. The school then began a file-by-file review to identify affected individuals and data categories, before notifying regulators and affected individuals.
The compromised information varies by person but may include full name, date of birth, driver’s license number, passport number, Social Security number, tax identification number, student ID, financial account information, health insurance details, and other medical information.
For affected individuals, exposure of identity and financial data raises the risk of identity theft, tax fraud, and targeted phishing that may exploit detailed biographical and medical information. The university says it has not seen evidence of misuse so far, but is urging recipients to monitor bank and credit accounts and review explanations of benefits for unusual activity.
Beyond individual risk, the breach underscores the broader exposure of higher-education institutions that hold mixed datasets combining student, staff, alumni, and health-related information. Similar compromises at other U.S. universities in recent months highlight the sector’s ongoing challenges in securing legacy platforms and networked systems against data-theft campaigns.
Baker University reports that it has engaged external cybersecurity specialists, rebuilt a primary platform compromised in the incident, and implemented additional safeguards to prevent similar attacks. The institution is notifying affected individuals directly and offering complimentary credit monitoring, while also coordinating with state and federal regulators as required by breach notification laws.
This incident places Baker University among a growing list of U.S. universities disclosing significant data theft events, reinforcing the need for continuous monitoring, segmented architectures, and rapid response capabilities in the education sector.
Worried about your online data? Run a leak check now at Am I Hacked and protect your online security today.