The College of Hawaii has confirmed {that a} ransomware gang stole the information of almost 1.2 million people after breaching its Most cancers Heart’s Epidemiology Division in August 2025.
Based in 1907, the College of Hawaii (UH) System operates 3 universities and seven group schools, in addition to a number of campuses and analysis facilities throughout the Hawaiian Islands. The UH Most cancers Heart has over 300 school and employees, in addition to a further 200 affiliate members.
On February 23, the UH Most cancers Heart despatched notification letters to greater than 87,000 folks enrolled in its Multiethnic Cohort (MEC) Research between 1993 and 1996. The college is now additionally notifying all different probably impacted people whose contact particulars have been discovered (roughly 900,000 e-mail addresses).
“The MEC Research individuals probably impacted a complete 87,493 people. Further people whose private info could have been included within the historic driver’s license and voter registration information with SSN identifiers quantity roughly 1.15 million,” the college stated in a discover printed on Friday.
“There was no affect to info held by the UH Most cancers Heart’s Medical Trials operations, affected person care, or another divisions of the UH Most cancers Heart. There was no affect to UH pupil information.”
The compromised paperwork embrace two recordsdata containing names and Social Safety numbers (SSNs) from a State Division of Transportation doc (collected in 2000) and voter registration knowledge (from 1998), recordsdata containing SSNs driver’s license (DL) numbers, and well being info on the MEC Research (between 1993 and 1996), and three different eating regimen and most cancers research, in addition to two extra recordsdata from 1999 and the mid-2000s with SSNs and names collected from public well being registries for epidemiological analysis.
In a December report back to the state legislature, the college revealed that the incident affected a single UH Most cancers Heart analysis mission and was remoted to techniques supporting its Epidemiology Division, and did not affect scientific operations or affected person care.
A follow-up investigation has proven that the attackers accessed analysis recordsdata on the College of Hawaii Most cancers Heart (UHCC), probably stealing private info like Social Safety Numbers (SSNs) and driver’s license (DL) numbers.
The attackers additionally encrypted the compromised techniques, inflicting intensive harm and delaying UH’s restoration efforts and investigation into the assault’s affect.
When it first confirmed the assault, the College of Hawaii additionally famous that it paid the attackers to acquire a decryption device and “safe destruction of the data the risk actors illegally obtained” to “shield the people whose delicate info could have been compromised.”
“The UH Most cancers Heart deeply regrets that this incident occurred and that so many people have been impacted,” UH Most cancers Heart director Naoto T. Ueno added. “We take this matter extraordinarily critically and are dedicated to transparency, accountability and strengthening protections for the analysis knowledge entrusted to us.”
In July 2023, the Hawaiʻi Group Faculty (a part of the College of Hawaii) additionally confirmed that it paid a ransomware gang to forestall the leak of information stolen from roughly 28,000 folks.
Malware is getting smarter. The Pink Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your security stack is blinded.
