My SSN was exposed in a breach at Columbia—a school I have no connection with A data breach at Columbia University exposed the Social Security numbers of individuals with no connection to the school, including the author, who received a notification months after the public announcement. The university eventually explained that decades of third-party data collection, combined with failed data removal initiatives, led to the inclusion of unaffiliated individuals’ data, though the exact source of the author’s SSN remains unclear.

• Columbia University experienced a data breach exposing 1.8 million Social Security numbers.
• Victims with no affiliation to Columbia, like the author, received notifications months after those connected to the university.
• The breach victims included individuals who had never applied to, attended, or worked for Columbia.
• Columbia’s explanation involved decades of third-party data collection and unsuccessful data-removal initiatives.
• The university suggested potential sources for the author’s SSN included SAT, ACT, or GRE tests, or scholarship information requests from 2001.
• Both the College Board and ACT confirmed they stopped sharing SSNs as student identifiers in 2018 and around 2010, respectively.
• Columbia discontinued its use of SSNs as student identifiers in 2012 and intended to delete older data, but an legacy database was missed.
• Columbia will publicly acknowledge this group of unaffiliated victims for the first time.
• Critics suggest that universities should remove historical data proactively and that a more active FTC or new legislation could address such data retention practices. Continue reading https://arstechnica.com/tech-policy/2026/06/my-ssn-was-exposed-in-a-breach-at-columbia-a-school-i-have-no-connection-with/