A recent hack of Columbia University’s computer system compromised the personal information of hundreds of thousands of people, including students and applicants, new documents show. Over all, about 870,000 individuals were affected by the breach.

The university provided draft notices to officials in Maine and California that it intends to send to affected parties in their states, according to the state attorneys general’s websites. Both states require that their residents be swiftly informed of any breach that includes their data, according to Bloomberg, which reported on the notices.

The notices said a technical outage disrupted some of the university’s IT systems in June, which led university leaders to suspect a possible cybersecurity attack. An investigation revealed that a hacker had taken files from Columbia’s system in May.

The stolen data includes any personal information prospective students provided in their applications or current students gave Columbia over the course of their studies, including their contact details, Social Security numbers, birthdays, demographic information, academic history, financial aid information, insurance details and health information. No patient data from the Columbia University Irving Medical Center seems to have been compromised, according to the notices. The university encouraged those affected to monitor account statements and credit reports to keep an eye out for any fraudulent activity. It also offered them two years of free credit monitoring and identity restoration services from a financial and risk advisory firm.

“We have implemented a number of safeguards across our systems to enhance our security,” the letters read. “Moving forward, we will be examining what additional steps we can take and additional safeguards we can implement to prevent something like this from happening again.”

A public statement from the university’s Office of Public Affairs last week said that since June 24, Columbia has seen no evidence of any further unauthorized access to the university’s system. Starting Aug. 7, the university promised to begin notifying affected students, employees and applicants on a rolling basis via mail.

“We recognize the concern this matter may have raised and appreciate your ongoing patience during this challenging time,” the statement read. “Please know we are committed to supporting the University community.”

A Columbia official previously told Bloomberg that the hacker seemed to be trying to further a “political agenda.” The investigation into the matter also found that the hacker was “highly sophisticated” and “very targeted.”

The alleged hacker, who got in contact with Bloomberg, gave the news outlet 1.6 gigabytes of data, claiming it contained decades’ worth of applications to Columbia. That application data included New York City mayoral candidate Zohran Mamdani, who applied to Columbia but didn’t get in.

Bloomberg confirmed with eight Columbia students and alumni, who applied between 2019 and 2024, that the information about them contained in the data was accurate. They verified that details such as their university-issued ID codes, citizenship statuses and admissions decisions were all correct. The data provided to Bloomberg didn’t contain names, Social Security numbers or birth dates.

The person claiming to be the hacker, who didn’t provide their name, texted Bloomberg that the purpose of the stolen data was to prove the university continued affirmative action in admissions after the 2023 Supreme Court ruling against such practices. They claimed to have hacked about 460 gigabytes of data total from the university—including 1.8 million Social Security numbers of employees, students and their family members—after spending more than two months ensuring their access to Columbia’s computer systems.