Strauss Borrelli PLLC, a leading data breach law firm, is investigating the University of St. Thomas (“St. Thomas”) regarding its recent data security incident. The St. Thomas cybersecurity incident may impact the privacy of sensitive personal information belonging to an undetermined number of individuals.
ABOUT THE UNIVERSITY OF ST. THOMAS:
St. Thomas is a Catholic university based in Texas. Founded in 1947, St. Thomas offers a range of academic programs for undergraduate and graduate students, including programs in accounting, economics, marketing, nursing, international studies, general business, art history, and more.3,4 Headquartered in Houston, Texas, St. Thomas employs over 200 individuals.4
WHAT HAPPENED?
Recently, it was reported by multiple online sources that St. Thomas had experienced a cybersecurity incident impacting the privacy of its data. According to these sources, a cyberattack impacted St. Thomas servers in early August that compromised student, faculty, and staff records.1,2 A ransomware company claimed credit for the St. Thomas cyberattack and reportedly took 1.8 terabytes of data, which equates to hundreds of thousands of documents.1,2 Files reviewed from a small portion of what the ransomware company posted online related to St. Thomas appear to show staffers’ credit card, bank account, and Social Security numbers; passports and licenses; logins and passwords related to work-related accounts; some students’ home addresses, email, and phone numbers; donor contact information; and monthly country club membership fees.1 Additionally, the files reviewed contain unverified documents detailing confidential information pertaining to St. Thomas student and faculty conduct and disciplinary actions, including the names of relevant student and faculty members.1
According to an online source, a spokesperson for St. Thomas said that the university is working on a statement and there is an ongoing investigation.2 In early September, the new president of St. Thomas said that specialists were determining the scope of the “data impacted” and that affected individuals would receive a formal notification after the investigation’s completion, offering free credit monitoring codes to students, faculty, and staff in the meantime.1 As of October 16, 2025, St. Thomas has not shared a statement or acknowledgement of the cyber security incident on its website or social media pages.2
If you believe you may have been affected by the University of St. Thomas data security incident:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS:
