Dordt University notifies 34K+ people of April 2024 data breach
Dordt University has begun issuing data breach notifications to 34,251 people following a cyber attack that started in April 2024. This attack was claimed by ransomware gang BianLian in June 2024, with 3 TB of data allegedly stolen.

According to Dordt’s notification, “a limited amount of data was potentially accessed and acquired from our network between approximately April 21, 2024, and May 16, 2024.” The data impacted includes:

  •  First and last names
  • Dates of birth
  • Account numbers, routing numbers, and security codes
  • Social Security numbers
  • Driver’s license numbers
  • Usernames and passwords
  • Health insurance information
  • Medical information

This corresponds with the proof pack that was uploaded by BianLian in June 2024, which was analyzed by Suspect File. The 10-page proof pack included an employee’s Form I-9, a driver’s license, a Social Security document, a COVID-19 vaccination report card, and an Excel file containing the details of 420 students.

Dordt University hasn’t confirmed BianLian’s claim and whether or not a ransom was demanded/paid. Comparitech has contacted the university for more information and to ask why it has taken so long to issue the notifications. We will update this article if we receive a response.

Those affected are being offered free access to identity theft protection services via Experian.

Who is BianLian?

Since it first originated in 2021, we’ve tracked 85 confirmed attacks via BianLian. Nearly 4.5 million records have been breached across these attacks.

Over half of its attacks (44) were carried out in 2024 and over 3 million records were impacted in these attacks. This attack on Dordt University was its only confirmed claim on an educational institution in 2024.

BianLian stopped posting victims to its data leak site in March of this year. Up until then, we’d noted four confirmed attacks and a further 28 unconfirmed attacks via the group. The four confirmed attacks in 2025 are three US healthcare providers (Alabama Ophthalmology Associates, Sonrisas Dental Health, and Minnesota Orthodontics) and an Australian finance firm, Hall Chadwick.

In the case of Alabama Ophthalmology Associates, 131,000 people had their data impacted.

BianLian was initially renowned for extorting its victims twice (one for the decryption of systems and two for the deletion of stolen data). However, in 2023, the FBI noted that, like many other ransomware groups, BianLian stopped encrypting systems and focused solely on extorting victims for stolen data.

Ransomware attacks on the US education sector

In 2024, we logged 79 attacks on US education providers with these attacks affecting nearly 3 million records. We also noted 64 unconfirmed attacks.

Other recently confirmed attacks from 2024 include Alvin Independent School District. Last month, it started notifying nearly 49,000 people of a breach following its attack in June 2024. This was claimed by Fog with 60 GB of data allegedly stolen.

Both Alvin ISD and Dordt University took way longer than the sector average to start issuing their data breach notifications. Our recent report found that US educational institutions took an average of 4.8 months to notify victims of a data breach following a ransomware attack. In Dordt’s case, it’s taken 14 months.

So far this year, we’ve seen 22 confirmed and are monitoring a further 49 unconfirmed attacks.

About Dordt University

Dordt University is located in Sioux Center, Iowa. The Christian university enrolls over 1,500 students per year and offers around 90 different courses.