Cambridge Data Breach Affects 1,089 U.S. Residents

On April 8, 2025, Cambridge University Press & Assessment discovered a significant data breach affecting individuals in several U.S. states. According to regulatory filings, the breach occurred between June 3 and June 7, 2024. The incident exposed a range of sensitive personally identifiable information (PII), including names, Social Security numbers, government-issued identification numbers (such as passport or state ID numbers), and financial account details like credit or debit card numbers. No protected health information (PHI) was reported as compromised.

The breach impacted at least 394 individuals in Texas, 68 in Maine, 574 in Massachusetts, and 53 in New Hampshire. The total number of affected people in the United States has not been disclosed. Cambridge University Press & Assessment notified affected consumers by written U.S. mail on April 23, 2025. The company also reported the breach to multiple state authorities, including the California Attorney General, Maine Attorney General, Massachusetts Attorney General, Texas Attorney General, Vermont Attorney General, and New Hampshire Attorney General.

While the specific method by which the breach occurred has not been publicly disclosed, the exposure of highly sensitive data such as Social Security numbers and financial account information makes this breach particularly serious. The incident did not involve protected health information, but the types of data exposed could be used for identity theft or financial fraud.

Cambridge University Press & Assessment's response

After discovering the breach, Cambridge University Press & Assessment promptly notified affected consumers by written letter. The company also reported the incident to state authorities within the required timeframes. While the details of the company’s internal investigation or remediation steps have not been made public, it is standard practice for organizations facing this type of breach to review their security protocols, enhance monitoring, and cooperate with law enforcement as needed.

If you received a notification letter, it is important to take the following steps:

• Review the notice carefully to understand what information may have been exposed.
• Consider placing a fraud alert or security freeze on your credit files with the major credit bureaus.
• Monitor your financial accounts and credit reports for suspicious activity.
• Be alert for phishing attempts or unusual communications that reference your personal information.
• If your Social Security number was exposed, consider enrolling in identity theft protection or credit monitoring services, if offered.