Monroe University Data Breach Class Action, 320,973 Students’ Social Security Numbers Exposed—Here’s How to File Your Claim
A class action lawsuit filed in January 2026 alleges Monroe University failed to protect the personal information of 320,973 students and applicants after hackers had unrestricted access to university systems for two weeks in December 2024. The breach exposed Social Security numbers, dates of birth, driver’s license numbers, passport information, financial account details, and protected health information—yet the university waited until January 2, 2026 to notify affected individuals.
Plaintiff Rosemary Maysonet filed the lawsuit in New York federal court, claiming Monroe University’s negligence placed hundreds of thousands of people at heightened risk of identity theft and financial fraud for years to come.
What Happened During the Monroe University Breach
Between December 9 and December 23, 2024, cybercriminals gained unauthorized access to Monroe University’s computer systems and acquired copies of files containing highly sensitive student data. The intrusion lasted 14 days before the university detected suspicious activity.
Monroe University completed its file review on September 30, 2025—nine months after the breach occurred. Only then did the university determine that the compromised files contained personally identifiable information and protected health information belonging to current students, former students, and applicants.
The delay meant affected individuals couldn’t take immediate protective steps against identity theft and fraud during the critical window when stolen data typically hits the dark web.
Personal Information Exposed in the Breach
The compromised data varied by individual but potentially included names paired with Social Security numbers, dates of birth, driver’s license numbers, passport numbers, other government identification numbers, financial account information, student identification numbers, financial aid details, medical information, and health insurance information.
This combination creates severe identity theft risks. Unlike a stolen credit card you can cancel, you cannot change your Social Security number or medical history. Criminals can exploit this data for years to open fraudulent accounts, file fake tax returns, or access medical services in your name.
The breach notification letters began arriving in early January 2026, offering affected individuals one year of free credit monitoring through Cyberscout, a TransUnion company. Students must enroll within 90 days of receiving notification.
The Class Action Lawsuit Allegations
The complaint filed in U.S. District Court for the Southern District of New York seeks to represent a nationwide class of individuals whose information was compromised. Maysonet alleges Monroe University violated its duty to safeguard sensitive student data through negligence, breach of implied contract, and unjust enrichment.
The lawsuit claims Monroe University failed to implement adequate data security measures despite knowing universities increasingly face cyberattacks. The complaint argues the delayed notification prevented timely protective action and violated students’ privacy rights.
Similar to other data breach class action lawsuits Like AT&T, the Monroe case seeks compensatory damages, reimbursement for out-of-pocket expenses, injunctive relief requiring improved cybersecurity practices, long-term credit monitoring services, and attorneys’ fees.
How to Verify If You’re Affected
Monroe University is mailing breach notification letters to all 320,973 affected individuals. If you attended Monroe University, applied for admission, or provided information to the university at any time, watch for official correspondence from Monroe University or its legal representatives.
The notification letter will explain what specific information of yours was exposed and provide instructions for enrolling in the free credit monitoring service. Save this letter—it proves you’re part of the potential settlement class.
You can also contact Monroe University directly to verify whether your information was involved in the breach. Keep records of all communications.
What to Do If You Received a Breach Notification
First, enroll in the free Triple Bureau Credit Monitoring service Monroe University is offering. This provides alerts from Experian, Equifax, and TransUnion when changes occur to your credit files.
Next, place fraud alerts or credit freezes with all three major credit bureaus. A fraud alert makes it harder for identity thieves to open accounts in your name. A credit freeze completely blocks access to your credit report.
Monitor your financial accounts, student loan accounts, and medical insurance statements for unauthorized activity. Report suspicious charges or unfamiliar accounts immediately to your bank and credit card companies.
If you discover fraudulent activity that you can link to this breach, document everything: dates, amounts, account numbers, and copies of all correspondence. This documentation will be critical if you file a claim for reimbursement.
Healthcare data breaches carry unique risks beyond financial fraud. Criminals can use stolen medical information to obtain prescriptions, file fraudulent insurance claims, or access medical services—potentially contaminating your medical records with incorrect information that could affect future treatment. Understanding these risks is similar to what victims face in other major healthcare kaiser data breaches.
Frequently Asked Questions
Will there be a settlement in the Monroe University data breach class action?
The lawsuit was just filed in January 2026 and is in its earliest stages. Settlement negotiations typically take months or years, depending on how the case progresses through discovery and legal proceedings.
How much compensation could I receive if there’s a settlement?
Compensation amounts depend on multiple factors including the final settlement fund size, number of claimants, whether you can document financial losses, and the severity of harm you suffered. Recent data breach settlements have ranged from $20-$160 per person for basic claims.
Do I need to hire a lawyer to participate?
No. Class action lawsuits allow affected individuals to participate without hiring their own attorneys. If a settlement is reached, you’ll receive instructions on how to file a claim for your share of the settlement fund.
What if I haven’t experienced identity theft or fraud yet?
You can still participate in the class action and claim compensation. Courts recognize that data breach victims face ongoing risk even without immediate fraud, and settlements often compensate for this elevated risk and the time spent protecting yourself.
How long do I have to take action?
Monitor your mail for official communications from Monroe University, the court, or the settlement administrator. These will include specific deadlines for filing claims, opting out, or objecting to any proposed settlement.
Last Updated: January 21, 2026
Disclaimer: This article provides general information only and does not constitute legal advice.
Were you affected by the Monroe University data breach? Share your experience in the comments below or consult with a consumer protection attorney to discuss your legal rights.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah