Education company Kaplan reports data breach impacting more than 230,000

Steven

Education company Kaplan reports data breach impacting more than 230,000

Summary

Kaplan, the US-based educational services firm, notified state regulators that a cybersecurity incident in late 2025 exposed personal data for at least 230,941 people. The company reported that hackers had access to Kaplan servers between 30 October and 18 November 2025 and “took certain files” containing names, Social Security numbers and driver’s licence numbers. Kaplan filed breach notices in at least seven states; disclosed totals from a subset of those states add up to the 230,941 figure. No hacking group has publicly claimed responsibility. Several law firms have begun investigating and issuing class-action alerts on behalf of potential victims.

Key Points

  • Kaplan reported a breach affecting at least 230,941 people, based on state disclosures.
  • Exposed data included names, Social Security numbers and driver’s licence numbers.
  • Unauthorized access occurred from 30 October to 18 November 2025, according to Kaplan’s notifications.
  • State tallies included: 19,075 in Maine; ~26,600 in South Carolina; 173,676 in Texas; and >11,600 in New Hampshire.
  • Kaplan filed notices in at least seven states but did not provide a single consolidated total to media requests.
  • No hacking group has claimed responsibility and law enforcement is involved in the investigation.
  • Kaplan serves roughly 1.2 million students, operates in 27 countries and is owned by Graham Holdings (reported $4.9bn revenue in the prior year).
  • Class-action law firms have begun outreach related to the incident.

Why should I read this?

Look, this one matters. If you or someone you know used Kaplan services, your sensitive info might be out there — SSNs and driving licence numbers can lead to identity theft. The article saves you the legwork: who was affected, when the breach happened, what was taken and that legal action is already stirring. Quick read, useful next steps.

Context and relevance

This breach sits at the intersection of education and consumer identity risk. As educational providers hold extensive personally identifiable information for students and test-takers, incidents like this highlight persistent gaps in data protection. Organisations that manage exam registrations, certifications or corporate learning programmes should reassess exposure risks and notification practices. For individuals, the incident underscores the need for monitoring credit reports and considering identity-protection measures when Social Security numbers are involved.

Source

Source: https://therecord.media/kaplan-data-breach-hack-notification