More than 2.3 million people associated with Moody Bible Institute may have had their personal information exposed following a cyberattack claimed by the hacking group ShinyHunters, according to breach notification service Have I Been Pwned.
The Christian college disclosed the incident last month, saying it was among several higher education institutions targeted by cybercriminals claiming to have accessed internal systems.
Moody said its Information Technology Services team "immediately implemented security protocols" to address the vulnerability and had engaged internal and external cybersecurity experts to investigate the incident.
The institute also said it had notified law enforcement and was cooperating with the ongoing investigation.
"As of today, this complex investigation remains ongoing with many details we are still working to understand, including the nature of the data compromised," Moody said in a statement issued on 22 June.
According to Have I Been Pwned, the leaked data includes more than 2.3 million records containing names, dates of birth, physical and email addresses, phone numbers, genders and marital status. The breach is also reported to include documents relating to donors, supporters, students and alumni.
Moody has not publicly commented since its initial statement and has not confirmed the full extent of any data exposed.
The institute urged those connected with Moody to remain vigilant by monitoring financial and online accounts, using fraud alerts and credit freezes where appropriate, and maintaining strong passwords while the investigation continues.
"Throughout this process, we are grateful for the Lord's faithfulness and for the dedicated teams and outside experts working tirelessly to protect our ministry and those we serve," the statement said.
"We are confident that God remains sovereign over every circumstance, and we trust Him to grant wisdom and discernment as we navigate this situation together."