University of Rochester Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating the University of Rochester regarding its recent data breach. The University of Rochester data breach involved sensitive personal information belonging to an undetermined number of individuals.


The University of Rochester is a private, nonsectarian, research-focused educational institution located in Rochester, New York. Accordingly, the University of Rochester offers 7 academic schools and a variety of interdisciplinary programs to students seeking bachelor’s, master’s, and doctoral degrees. Founded in 1850, the University of Rochester enrolls 12,000 students and competes in the NCAA’s Division III for athletics. Through its affiliation with the UR Medicine health system, the University of Rochester is the largest employer in the Greater Rochester area, with 1,000 faculty members and 30,000 staff members.


Recently, the University of Rochester discovered that it had experienced a data breach in which the sensitive personal information in its systems may have been accessed. While the investigation is ongoing, the University of Rochester determined that the data breach resulted from a software vulnerability in a product provided by a third-party file transfer company. On June 2, 2023, the University of Rochester posted a notice to their website indicating that faculty, staff, and students may be impacted by this breach.

If you are a current or former student, faculty member, or staff member of the University of Rochester:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the University of Rochester data breach, you may consider taking the following steps to protect your personal information.

  1. Change passwords and security questions for online accounts;
  2. Regularly review account statements for signs of fraud or unauthorized activity;
  3. Monitor credit reports for signs of identity theft; and
  4. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: