CUIT
Company Details
Linkedin ID:
columbia-university-information-technology
Website:
Employees number:
64
Number of followers:
928
NAICS:
5415
Industry Type:
Homepage:
columbia.edu
IP Addresses:
0
Company ID:
COL_2720298
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Columbia University Information Technology Vendor Cyber Rating & Cyber Score
columbia.eduColumbia University Information Technology (CUIT) supports mission critical technology for over 40,000 faculty, staff and students. CUIT provides Columbia University students, faculty and staff with central computing and communications services including email, telephone service, web publishing, computer labs, electronic classrooms, course management and student information applications, office and administrative applications, and management of the high-speed campus ethernet and wireless networks. CUIT also manages an array of computer labs, terminal clusters, ColumbiaNet stations, multimedia classrooms, and provides a variety of technical support services. The CUIT organization is comprised of the following groups: Academic & Research Services, Enterprise Applications, Infrastructure Services, Enterprise Architecture & IT Internal Controls, Information Security, Client Support Services, IT Business Services, and the PMO. Columbia University is an equal opportunity/affirmative action – Race/Gender/Disability/Veterans employer.
Columbia University Information Technology A.I CyberSecurity Scoring
CUIT Risk Score (AI oriented)Between 650 and 699
CUIT
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CUIT Global Score (TPRM)XXXX
CUIT
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CUIT Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Columbia University
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A hacktivist with a political agenda broke into Columbia University IT systems and stole targeted student data, including details from 2.5 million applications. The hacker provided 1.6 gigabytes of data to Bloomberg News, which included information on applicants' acceptance status, citizenship, university ID numbers, and academic programs. The hacker claimed to have obtained 460 gigabytes of data, including financial aid packages, employee pay, and 1.8 million Social Security numbers belonging to employees, applicants, students, and their family members. The university has not received a ransom demand and is investigating the scope of the theft.
CUIT Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CUIT
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Columbia University Information Technology in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Columbia University Information Technology in 2026.
Incident Types CUIT vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Columbia University Information Technology in 2026.
Incident History — CUIT (X = Date, Y = Severity)
CUIT cyber incidents detection timeline including parent company and subsidiaries
CUIT Company Subsidiaries
Columbia University Information Technology (CUIT) supports mission critical technology for over 40,000 faculty, staff and students. CUIT provides Columbia University students, faculty and staff with central computing and communications services including email, telephone service, web publishing, computer labs, electronic classrooms, course management and student information applications, office and administrative applications, and management of the high-speed campus ethernet and wireless networks. CUIT also manages an array of computer labs, terminal clusters, ColumbiaNet stations, multimedia classrooms, and provides a variety of technical support services. The CUIT organization is comprised of the following groups: Academic & Research Services, Enterprise Applications, Infrastructure Services, Enterprise Architecture & IT Internal Controls, Information Security, Client Support Services, IT Business Services, and the PMO. Columbia University is an equal opportunity/affirmative action – Race/Gender/Disability/Veterans employer.
Loading...
CUIT Similar Companies
UST
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to
Luxoft, a DXC Technology Company (NYSE: DXC), is a digital strategy and software engineering firm providing bespoke technology solutions that drive business change for customers the world over. Acquired by U.S. company DXC Technology in 2019, Luxoft is a global operation in 44 cities and 21 countrie
At CDW, we know how to make technology work so people can do great things. Our experts bring a full-stack, full-lifestyle approach with custom solutions, services and relationships to bring your vision to life. Through decades of experience, scale, and deep industry expertise, we deliver the full
inDrive is a global mobility and urban services platform. The inDrive app has been downloaded over 400 million times, and has been the second most downloaded mobility app for the third consecutive year. In addition to ride-hailing, inDrive provides an expanding list of urban services, including inte
Sutherland
Artificial Intelligence. Automation. Cloud Engineering. Advanced Analytics. For Enterprises, these are key factors of success. For us, they’re our core expertise. We work with global iconic brands. We bring them a unique value proposition through market-leading technologies and business process e
Infosys
Infosys is a global leader in next-generation digital services and consulting. We enable clients in more than 50 countries to navigate their digital transformation. With over three decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through
Mastercard
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Ou
Capgemini
Capgemini is an AI-powered global business and technology transformation partner, delivering tangible business value. We imagine the future of organizations and make it real with AI, technology and people. With our strong heritage of nearly 60 years, we are a responsible and diverse group of 420,000
Expleo Group
Expleo is a global engineering, technology and consulting service provider that partners with leading organisations to guide them through their business transformation, helping them achieve operational excellence and future-proof their businesses. Expleo benefits from more than 50 years of experi
.png)
CUIT CyberSecurity News
February 11, 2026 12:54 PM
The Deepfake Scam Era Is Upon Us. Here’s How to Get Ready.
If you've fallen for an online scam or hack recently, you're far from alone. Experts say that both the volume and sophistication of online attacks are...
December 19, 2025 08:00 AM
Lawsuits filed against University after cybersecurity incidents
Multiple lawsuits have been filed against Princeton in the wake of a widespread cybersecurity breach.
November 25, 2025 08:00 AM
Hackers Strike Ivy League Schools Already Under Political Pressure
Hackers have struck elite US universities in recent weeks, pilfering sensitive data from donors and making off with students' information in...
November 25, 2025 08:00 AM
Harvard Alumni Affairs Databases Breached
The University is investigating the cyberattack, which may have compromised the personal information of alumni, donors, students, faculty,...
November 18, 2025 08:00 AM
Princeton Database Breached in Targeted Phishing Incident
The database kept by the University's Advancement department contains information about alumni, donors, and other Princetonians.
November 14, 2025 08:00 AM
UPenn experiences cyber attack
On Oct. 31, Drexel University's neighboring university, the University of Pennsylvania, was subject to a data breach affecting 1.2 million...
November 05, 2025 01:01 AM
Penn says data breach is ‘contained’ as extent of stolen data remains unclear
In the Nov. 4 email, Joshua Beeman — the interim vice president of information technology and interim chief information officer — wrote that Penn is still...
October 20, 2025 07:00 AM
As cyber threats grow, utilities say lapsed information-sharing law stymies security
The Cybersecurity Information Sharing Act of 2015 has expired, and utilities say the U.S. faces a “more complex and dangerous security...
September 30, 2025 07:00 AM
Andrew McLaughlin
A 2022 spin-out from Google, SandboxAQ combines AI Large Quantitative Models (LQMs) and deep expertise in physics, biology, and chemistry to...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CUIT CyberSecurity History Information
Official Website of Columbia University Information Technology
The official website of Columbia University Information Technology is http://cuit.columbia.edu/.
Columbia University Information Technology’s AI-Generated Cybersecurity Score
According to Rankiteo, Columbia University Information Technology’s AI-generated cybersecurity score is 666, reflecting their Weak security posture.
How many security badges does Columbia University Information Technology’ have ?
According to Rankiteo, Columbia University Information Technology currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Columbia University Information Technology been affected by any supply chain cyber incidents ?
According to Rankiteo, Columbia University Information Technology has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Columbia University Information Technology have SOC 2 Type 1 certification ?
According to Rankiteo, Columbia University Information Technology is not certified under SOC 2 Type 1.
Does Columbia University Information Technology have SOC 2 Type 2 certification ?
According to Rankiteo, Columbia University Information Technology does not hold a SOC 2 Type 2 certification.
Does Columbia University Information Technology comply with GDPR ?
According to Rankiteo, Columbia University Information Technology is not listed as GDPR compliant.
Does Columbia University Information Technology have PCI DSS certification ?
According to Rankiteo, Columbia University Information Technology does not currently maintain PCI DSS compliance.
Does Columbia University Information Technology comply with HIPAA ?
According to Rankiteo, Columbia University Information Technology is not compliant with HIPAA regulations.
Does Columbia University Information Technology have ISO 27001 certification ?
According to Rankiteo,Columbia University Information Technology is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Columbia University Information Technology
Columbia University Information Technology operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Columbia University Information Technology
Columbia University Information Technology employs approximately 64 people worldwide.
Subsidiaries Owned by Columbia University Information Technology
Columbia University Information Technology presently has no subsidiaries across any sectors.
Columbia University Information Technology’s LinkedIn Followers
Columbia University Information Technology’s official LinkedIn profile has approximately 928 followers.
NAICS Classification of Columbia University Information Technology
Columbia University Information Technology is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Columbia University Information Technology’s Presence on Crunchbase
No, Columbia University Information Technology does not have a profile on Crunchbase.
Columbia University Information Technology’s Presence on LinkedIn
Yes, Columbia University Information Technology maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/columbia-university-information-technology.
Cybersecurity Incidents Involving Columbia University Information Technology
As of April 02, 2026, Rankiteo reports that Columbia University Information Technology has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Columbia University Information Technology has an estimated 39,885 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Columbia University Information Technology ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Columbia University Information Technology detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cyber forensics firm, and recovery measures with recovered most systems quickly, and communication strategy with investigating the scope and will share findings with the community, and enhanced monitoring with continue to monitor closely for further unlawful activity..
Incident Details
Can you provide details on each incident ?
Title: Hacktivist Data Breach at Columbia University
Description: A hacktivist with a political agenda broke into Columbia University IT systems and stole targeted student data.
Date Detected: 2023-06-24
Type: Data Breach
Attack Vector: Unspecified
Threat Actor: Hacktivist
Motivation: Political agenda
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COL416070325
Data Compromised: Student data, Application details, Citizenship status, University id numbers, Academic programs, Financial aid packages, Employee pay, Social security numbers
Systems Affected: University IT systemsWebsiteOther systems
Downtime: Intermittent
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Student Data, Application Details, Citizenship Status, University Id Numbers, Academic Programs, Financial Aid Packages, Employee Pay, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach COL416070325
Entity Name: Columbia University
Entity Type: Educational Institution
Industry: Education
Location: New York, USA
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COL416070325
Third Party Assistance: Cyber Forensics Firm.
Recovery Measures: Recovered most systems quickly
Communication Strategy: Investigating the scope and will share findings with the community
Enhanced Monitoring: Continue to monitor closely for further unlawful activity
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Cyber forensics firm, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COL416070325
Type of Data Compromised: Student data, Application details, Citizenship status, University id numbers, Academic programs, Financial aid packages, Employee pay, Social security numbers
Number of Records Exposed: 2.5 million applications, 1.8 million Social Security numbers
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Recovered most systems quickly.
References
Where can I find more information about each incident ?
Incident : Data Breach COL416070325
Source: Bloomberg News
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Bloomberg News.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach COL416070325
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Investigating the scope and will share findings with the community.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach COL416070325
Reconnaissance Period: Two months
High Value Targets: Student Data, Application Details, Citizenship Status, University Id Numbers, Academic Programs, Financial Aid Packages, Employee Pay, Social Security Numbers,
Data Sold on Dark Web: Student Data, Application Details, Citizenship Status, University Id Numbers, Academic Programs, Financial Aid Packages, Employee Pay, Social Security Numbers,
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cyber Forensics Firm, , Continue to monitor closely for further unlawful activity.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Hacktivist.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-06-24.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Student data, Application details, Citizenship status, University ID numbers, Academic programs, Financial aid packages, Employee pay, Social Security numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was University IT systemsWebsiteOther systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cyber forensics firm, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Financial aid packages, Student data, University ID numbers, Academic programs, Citizenship status, Social Security numbers, Employee pay and Application details.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.3M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Bloomberg News.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Two months.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=columbia-university-information-technology' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
