Johns Hopkins University and Johns Hopkins Health System is investigating a recent cybersecurity attack targeting a widely used software tool that affected our networks, as well as thousands of other large organizations around the world.
The University takes the privacy and security of our community members extremely seriously. Our cybersecurity team is working closely with data security experts and law enforcement to determine what information was compromised. This investigation is ongoing, and we will be updating this website regularly as more information becomes available.
Until we know more, we strongly urge all students, faculty and staff—as well as dependents—to take immediate steps to protect your personal information as a precautionary measure.
- Monitor Your Accounts: Regularly review your bank statements, credit reports, and insurance statements for any unusual activity. If you notice anything suspicious, promptly report it to your financial institutions.
- Fraud Alerts and Credit Freezes: Consider placing fraud alerts or credit freezes with major credit bureaus. This will add an extra layer of security and make it harder for anyone to open new accounts using your information.
- Strong Passwords and Account Security: Update your online accounts with unique and strong passwords. Enable multi-factor authentication wherever possible.
- Be Wary of Suspicious Emails or Communications: Stay vigilant against phishing attempts and suspicious emails or messages. Do not click on any links or provide personal information unless you are certain of the source’s authenticity.
For more information on identity theft, we recommend that you visit the Federal Trade Commission’s Identity Theft Guide at www.identitytheft.gov.
If there is anything else that we can do to assist you, please call the designated call center at (888) 703-9247 weekdays between the hours of 9 a.m. and 9 p.m. ET.
Frequently Asked Questions
Who was affected by the data breach?
Johns Hopkins University and Johns Hopkins Health System networks, along with thousands of other large organizations around the world, were affected by a cybersecurity attack targeting a widely used software tool.
When did the breach occur?
The breach occurred on May 31. Johns Hopkins took immediate steps to secure our systems and our cybersecurity team is working closely with data security experts and law enforcement to determine what information was compromised. This investigation is ongoing.
How did it happen?
The breach occurred as a result of a sophisticated cybersecurity attack targeting a vulnerability in a widely-used software tool. The attack impacted thousands of large organizations around the world.
Has Hopkins addressed the security problem?
We took immediate action to secure our systems and are working closely with cybersecurity experts and law enforcement to determine what information was compromised. The attack has had no negative impact on the operations of either Johns Hopkins University or the Johns Hopkins Health System.
What information was taken?
Our initial investigation suggests that the data breach may have impacted sensitive personal and financial information, [including names, contact information, and health billing records.] We are working now to assess the full scope of the incident and will be reaching out to all impacted individuals in the coming weeks.
Has Hopkins notified those affected by the breach?
We will notify affected individuals as soon as we know the full scope and breadth of the incident. If you were impacted, in the coming weeks you will receive additional information and resources to help you protect your personal information.
Will Hopkins provide credit monitoring to all impacted individuals?
Yes. We will notify affected individuals and will provide additional resources, including credit monitoring services to help protect your personal information. For assistance enrolling in credit monitoring, please call (888) 703-9247 weekdays between the hours of 9 a.m. and 9 p.m. ET.
If I was contacted via email, what email address did it come from?
The emails were sent on October 10, 2023 and October 11, 2023. The email address that sent the communication was The Johns Hopkins University SIS-noreply@jhu.edu with Subject Line: Important Notice Regarding Your Student Information.
