The University of Hawaii Cancer Center experienced a significant data breach on August 31, 2025, affecting the personal information of approximately 1.2 million individuals. This event, a result of a ransomware attack, compromised servers used for research operations while leaving clinical operations and patient care unaffected.
Details of the Security Incident
The university revealed last week that the ransomware attack was characterized by extensive encryption, which complicated efforts to restore affected systems and evaluate the compromised data. As a result, the institution engaged with the threat actors to mitigate the impact on individuals whose sensitive data was potentially exposed. Although the university obtained a decryption tool and ensured the destruction of the stolen data, it refrained from disclosing details regarding any ransom payment.
Scope of the Data Compromised
The breach primarily impacted data linked to a research study initiated in 1993, involving over 215,000 participants recruited between 1993 and 1996. Specifically, records of 87,493 participants were compromised, including names, Social Security numbers, and some research and health information. In addition, the incident also exposed the names, driver’s license details, Social Security numbers, and voter registration records of approximately 1.15 million individuals.
University’s Response and Ongoing Investigation
In response to the breach, the University of Hawaii is offering 12 months of complimentary credit monitoring and identity theft protection services to those affected. The institution has assured that the clinical trials operations and other divisions, including student records, were not impacted. An investigation is ongoing, with assistance from law enforcement and cybersecurity experts, to uncover any additional compromised information.
This breach is part of a growing list of cyber attacks affecting large organizations globally, emphasizing the crucial need for robust cybersecurity measures. The University of Hawaii continues to work diligently to protect sensitive information and prevent future incidents.
