Attivo Networks Blogs

2,500 students, alumni and staffers affected by University of Buffalo data breach

SC media logo

The University of Buffalo reported that about 2,700 students, alumni, faculty and staff accounts were compromised when a third-party vendor was breached.

The school said in a statement login credentials were compromised when an unnamed third-party vendor suffered a data breach. Those involved had their passwords and usernames exposed when they logged into a non-UB website using their school login information. The issue was discovered on May 12 and the school is still investigating which of the external website was involved.

“At this point, we do not have evidence that individuals’ financial, academic or private information was viewed or stolen; however we are contacting impacted individuals to make them aware of this issue and to inform them how to take precautions to protect themselves against possible misuse of their information,” UB Associate Vice President for Media Relations John Della Contrada said in a statement.

About 1,800 of those affected were students, 862 were alumni with the remaining 28 accounts belonging to staff and faculty. Della Contrada said to SC Media that all passwords have now been reset.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

2 × one =

Ready to find out what’s lurking in your network?

Scroll to Top