Skip to main content
A hacker sits in front of multiple computer monitors

Dordt University Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating a recently announced data breach incident at Dordt University, a private Christian liberal arts college in Sioux Center, Iowa. The breach has allegedly impacted 34,251 individuals across the United States. Contact our attorneys if you have received a data breach notification letter in the mail or believe your data may be compromised. We represent clients in all fifty states and offer free consultations.

What Happened at Dordt University?

On June 19, 2025, Dordt University, disclosed a cybersecurity incident after unauthorized access was detected on the university’s network between April 21, 2024, and May 16, 2024. The breach may have exposed a wide range of sensitive personal and health information. The attack may have been claimed by the BianLian ransomware group and victims are urged to remain vigilant for suspicious activity on their accounts.

An investigation conducted by cybersecurity experts confirmed that cybercriminals accessed and potentially copied files containing highly sensitive data in 2024. The exposed information varies by individual but includes first and last names combined with the following: dates of birth, account numbers, routing numbers, security codes, Social Security numbers, driver’s license numbers, usernames and passwords, health insurance details, and medical information.

The university has not publicly detailed the exact method of intrusion, but the sophistication suggests a targeted attack, possibly involving ransomware, as claimed by the BianLian group, which allegedly stole approximately 3 terabytes of data.

The breach’s scope poses multiple risks for the 34,251 affected individuals, including students, alumni, staff, and possibly their families. Among other risks of fraud and identity theft, with health insurance and medical information compromised, victims face risks of unauthorized medical claims or insurance fraud. This could lead to incorrect medical records or denied coverage, complicating healthcare access.

At the time of writing, the full extent of the breach’s impact remains unclear, with ongoing investigations likely to reveal more details in the weeks to come. For now, the affected individuals must navigate a landscape of heightened risk, armed with caution and, potentially, collective legal action. Contact our legal team to learn more and to consider taking legal action.