Lee University in Cleveland, Tennessee, recently disclosed a significant data breach that occurred in March 2024, involving third-party software. The breach exposed confidential data, including personally identifiable information (PII), financial data, and protected health information (PHI), to an unauthorized party who exploited a vulnerability in the software.
According to reports from the university’s investigation, the breach impacted both students and employees, although specific details about the compromised data have not been fully disclosed. Upon detecting unusual activity in the network, Lee University took immediate steps to contain the incident and engaged third-party cybersecurity experts to assess the breach’s scope and impact.
By March 2025, the university had reviewed the compromised files and began the process of notifying affected individuals. As of March 27, 2025, it was confirmed that over 3,000 individuals in Texas had their information compromised as a result of the breach.
In response to the breach, Lee University has provided resources for those affected, including complimentary identity protection services like credit monitoring and identity restoration. The university has advised individuals to take proactive measures to safeguard their personal information, such as notifying financial institutions, changing passwords, and obtaining free credit reports. It also recommended placing fraud alerts or security freezes on credit reports as additional security precautions.
As part of its breach response efforts, the university has filed disclosures with multiple states, including California, New Hampshire, Vermont, and Texas. These disclosures are intended to ensure transparency and compliance with state regulations regarding data breach notifications.
Despite the ongoing investigations, Lee University is dedicated to enhancing its security measures to prevent future unauthorized access to its systems. The university remains committed to supporting those affected by the breach and encourages them to enroll in the identity protection services offered through its support team.
In conclusion, the data breach at Lee University underscores the ongoing challenges and risks associated with cybersecurity threats. As institutions continue to navigate the evolving landscape of data security, proactive measures and swift responses are crucial in mitigating the impact of such incidents and safeguarding individuals’ sensitive information.