New York University’s admissions database was hacked on March 22, and admissions data dating back to 1989 was published on the website. An anonymous hacker claimed responsibility on X, revealing her intent to expose NYU’s suspected use of affirmative action – a policy designed to increase diversity in organizations – despite the Supreme Court banning it in 2023.

Affirmative action was first implemented in college admissions in the 1960s, with admissions officers accepting students of underrepresented groups despite potentially having lower grades and test scores than other applicants. While some consider this a huge step forward for equality, others criticize the policy for undermining meritocracy, “reverse discrimination”, and neglecting to account for income. Following the 2023 Supreme Court decision, universities have seen a decrease in the admission of students of color, especially in more selective schools. 

The alleged data posted on NYU’s website indicated that the average ACT, SAT and GPA of admitted Hispanic and Black students were lower than those of admitted Asian and White students. Under the assumption that this is accurate, it reveals that NYU is still implementing Affirmative Action. This data was displayed on the website for at least two hours before NYU’s IT team shut it down. NYU spokesperson John Beckman stated that “the university reported the hack to law enforcement, is taking steps to make sure the attackers are out of our systems and is reviewing the university’s systems to bolster their security.” 

Following the hacking, NYU is now facing 10 class action lawsuits. According to Washington Square News, NYU’s student newspaper, the lawsuits are alleging NYU “mishandled applicants personal information and failed to meet national cybersecurity standards.”

Hacking into college admissions databases is not limited to this instance. Washington Square News shared that Georgetown, Stanford, the University of Minnesota, and other schools have been hacked, exposing sensitive information about students. More specifically, two alumni filed a lawsuit after hackers released more than 7 million social security numbers from the University of Minnesota’s admissions database. They claimed that the university didn’t take proper precautions to protect the information of students and alumni, which violated the Minnesota Government Data Practices Act. 

NYU currently offers Cybersecurity Awareness Training to faculty, staff and students. This is an optional program designed to help people recognize and report potential cybersecurity threats. Additional efforts that colleges across the country are taking include collaboration with cybersecurity experts and agencies and using advanced technology for threat detection and prevention. 

Unfortunately, cybersecurity threats are getting increasingly difficult to intercept as technology gets more advanced. As reliance on the internet grows, so does the risk of having personal information stolen. While technology brings great benefits to our society, it is important to be cognizant of storing personal data online.