BYU-Pathway Worldwide detected unauthorized network access that affected the personal data of some students. At this time, there is no evidence that this personal information has been used for fraudulent or other harmful purposes.
We worked with U.S. federal law enforcement authorities and third-party cybersecurity experts to establish the origin, nature, and scope of this incident and to mitigate possible impacts. We have taken steps to further enhance the security of our data, including vendor access.
This incident has been reviewed with staff, and security measures have been reemphasized to protect against similar incidents in the future. Our top priority is the privacy and security of our students, and we are taking all necessary steps to keep student information safe. We regret any inconvenience or concern this incident may have caused.
Anyone with questions about the security of their information can learn more by referencing the frequently asked questions below.
Frequently Asked Questions
- What happened?
- What personal information was affected?
- Who can I talk to about this?
- What is being done to prevent this from happening again?
- What steps do I need to take?
- Was this incident related to BYU-Pathway's new system transition?
- Why did BYU-Pathway have my data?
What happened?
The BYU-Pathway information security team recently became aware of a potential security incident involving a vendor’s account. Evidence indicated the vendor’s account was compromised by an unknown third party, which allowed unauthorized access to certain systems.
We immediately notified federal law enforcement authorities in the United States and have worked with authorities and cybersecurity experts to investigate the incident. BYU-Pathway and law enforcement have been unable to determine the identity of the unknown third party who accessed the systems, but forensic investigators have not detected any further unauthorized access or activity since June 24, 2025.
What personal information was affected?
The breached systems contain personal data of current or previous online students served by BYU-Pathway and its partners BYU-Idaho and Ensign College. The data accessed may include name; Social Security or national identification number, if provided; account ID (but not password); contact information, such as address and phone number; gender and marital status; religious affiliation, if provided; age; and records of educational courses.
Who can I talk to about this?
If you were notified that your account was affected and you have further questions or concerns, please call toll-free at 833-594-5317 (Monday–Friday, 7:00 a.m.–7:00 p.m. [MDT/UTC-6], excluding major U.S. holidays).
What is being done to prevent this from happening again?
The privacy and security of our students is our top priority. We are taking all necessary steps to protect their information, including working with staff and adding extra safeguards around system access. We have also been working with external cybersecurity experts, U.S. federal law enforcement, and our legal team to further enhance the security of our data.
What steps do I need to take?
We have no indication at this time that student personal data has been misused or published. We recommend that you remain vigilant about the security of your personal data by monitoring your personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and acting on any suspicious activity. You should promptly report to your local law enforcement authorities any fraudulent activity, scam, or identity theft.
Was this incident related to BYU-Pathway's new system transition?
No, a vendor's account was compromised by an unknown third party.
Why did BYU-Pathway have my data?
The personal data involved was the result of the creation of a BYU-Pathway student account. Students who have earned or are currently pursuing an online certificate or degree from BYU‑Idaho or Ensign College may have a BYU-Pathway student account, as BYU-Pathway is a service provider for online students at those institutions.