Kaplan is currently managing a major data breach that exposed the personal records of more than 230,000 individuals across multiple states. The company discovered that hackers had access to their systems for three weeks in late 2025, stealing sensitive data including Social Security numbers and driver’s license information.

The educational services provider Kaplan is under significant pressure after confirming a data breach that impacted at least 230,000 people. Documents filed with state regulators indicate that unauthorized individuals infiltrated the company's servers from October 30 to November 18, 2025. While the Florida-based organization has not released a comprehensive global figure regarding the incident, reports from various state agencies confirm that the stolen data includes names, Social Security numbers, and driver's license details.

The scale of the exposure was highlighted in specific filings from states like Maine, South Carolina, and New Hampshire. Texas reported the most significant impact, with more than 173,000 of its residents listed as victims of the theft. This security failure is particularly notable given Kaplan's role as a massive global educator, serving over one million students ranging from college applicants to postgraduate medical and legal professionals.

Despite the sensitivity of the information taken and the duration of the unauthorized access, no specific hacking collective has claimed responsibility for the attack. The lack of an immediate ransom demand or public credit for the breach has left some questions about the attackers' motives unanswered. Meanwhile, federal and local law enforcement agencies are continuing their investigation into how the security protocols were bypassed.

As a subsidiary of Graham Holdings, which earned nearly 5 billion dollars in revenue last year, Kaplan has the resources to address the technical fallout, but the legal consequences are already mounting. Several law firms have started the process of filing class-action lawsuits on behalf of the affected students and professionals. These legal actions focus on the alleged failure of the company to adequately protect the private data it collects during the enrollment process.

The company is now tasked with notifying all affected parties and offering identity theft protection services as required by state laws. This incident serves as a stark reminder of the risks inherent in the massive collection of student data by private educational firms. As the investigation continues, Kaplan will likely face further regulatory scrutiny regarding its cybersecurity infrastructure and the timeline of its response to the intrusion.

Source: https://www.itcpeacademy.org/blog/news-kaplan-data-breach-exposes-personal-records-of-over-230000-individuals