BYU-Pathway Data Breach Exposes Student Information
In June 2025, BYU-Pathway Worldwide experienced a cybersecurity breach that exposed the personal data of students and users. The breach stemmed from unauthorized access to a vendor’s account, which allowed a third party to view sensitive information. BYU-Pathway acted swiftly to contain the incident, notify authorities, and strengthen its security infrastructure.
What Triggered the Security Breach?
On or around June 17, 2025, BYU-Pathway’s information security team identified suspicious activity linked to a vendor account. After confirming unauthorized access on June 24, 2025, the team immediately revoked the vendor’s system access. BYU-Pathway also engaged federal law enforcement, partnered with cybersecurity experts, and launched a full investigation to assess the breach’s scope and prevent further exposure.
Who Carried Out the Attack?
Despite conducting an in-depth forensic investigation, BYU-Pathway and its cybersecurity partners could not identify the attacker. However, they confirmed that no further unauthorized activity occurred after the vendor’s access was terminated on June 24. The attacker’s identity and intent remain unknown.
What Information Was Exposed?
The compromised systems contained a wide range of sensitive data. Depending on what you previously submitted, the affected information may include:
Your full name
Social Security number (if provided)
Account ID (but not password)
Contact details, such as mailing address and phone number
Gender and marital status
Religious affiliation (if provided)
Age
Educational course history
If you are a current student, you can view any potentially affected records by logging into your secure BYU-Pathway account.
How Is BYU-Pathway Responding?
In response to the breach, BYU-Pathway activated its incident response protocol and took decisive steps to safeguard user data. Specifically, the organization:
Shut down unauthorized access immediately
Involved federal law enforcement and third-party cybersecurity professionals
Conducted a thorough forensic review of systems and accounts
Reinforced security policies across internal teams and vendors
Notified state attorneys general and regulatory agencies where legally required
Launched free credit monitoring for affected individuals
What Steps Can You Take Now?
Although BYU-Pathway has no evidence that your personal data has been misused or published, staying proactive remains essential. To protect your identity and reduce risk:
Monitor your financial accounts regularly for suspicious activity
Change your passwords frequently and use unique credentials for each account
Report any signs of fraud to your local police or financial institutions
Consider placing a fraud alert or credit freeze with a major credit bureau
Contact the Major Credit Bureaus:
Equifax
P.O. Box 105788, Atlanta, GA 30348
1-888-298-0045 | www.equifax.com/personalExperian
P.O. Box 9554, Allen, TX 75013
1-888-397-3742 | www.experian.comTransUnion
P.O. Box 2000, Chester, PA 19016
1-800-680-7289 | www.transunion.com
Report Identity Theft or Data Misuse:
If you suspect identity theft or data fraud, immediately report it to the Federal Trade Commission (FTC):
600 Pennsylvania Ave. NW, Washington, DC 20580
1-877-ID-THEFT (1-877-438-4338)
Need Help or Have Questions?
For more information or assistance, BYU-Pathway offers multiple support options:
Visit the official BYU-Pathway website
Call the toll-free help line: 833-594-5317
(Available Monday–Friday, 7:00 a.m.–7:00 p.m. MDT, excluding U.S. holidays)