Class Action U Logo
Check Your Eligibility

Loyola University Chicago Data Breach

Loyola University Chicago experienced a data breach involving a flaw in the third-party vendor’s program used to generate Universal IDs (UVIDs) for LOCUS accounts. The flaw allowed unintended users to access accounts containing personally identifiable information (PII). The University is notifying affected individuals and offering advice on how to protect their information.

Loyola University Chicago
Date of Breach: November 2025
CAU logo

Who was affected:

Clients of Loyola University Chicago

Impacted Data:

Names

Social Security numbers

Personal contact information

Academic information associated with the account

Check Your Eligibility

Loyola University Chicago (the “University”) has notified individuals about a data security incident that impacted a small number of LOCUS accounts. The breach was due to a flaw in the third-party vendor’s program used to generate Universal IDs (UVIDs) for LOCUS account owners. This issue resulted in unintended users accessing personal information from affected accounts. This article outlines the breach, the information involved, and what individuals can do to protect themselves.

Loyola University Chicago’s Data Breach Investigation

The breach occurred when a flaw in the vendor’s program caused data from multiple LOCUS account holders to be combined. This resulted in unintended users, referred to as “Unintended Users,” having access to the actual account owner’s data. Both the LOCUS account owner and the Unintended User’s UVIDs were merged in the vendor’s system, granting access to the account.

The University was first notified of the issue in early November 2025 when an Unintended User reported that, upon logging in, they were taken to a different LOCUS account that was not their own. Loyola’s Information Security Office (ISO) immediately began investigating the incident and took immediate steps to contain and address the issue.

The University contacted the third-party vendor and suspended the use of the vendor’s program used to generate UVIDs. They also took remedial actions to secure the affected accounts and prevent further unauthorized access.

When Did This Breach Occur?

The breach was identified in the first half of November 2025, after an Unintended User reported accessing another individual’s LOCUS account due to the flaw in the vendor’s program. The issue itself began when the vendor’s program was used to combine data from multiple users, but the problem became known only after the Unintended User accessed the account.

What Information Was Breached?

The breach involved a small number of LOCUS accounts, and both the actual account owners and the unintended users were impacted. The compromised information includes personally identifiable information (PII), which may have included:

  • Names

  • Social Security numbers

  • Personal contact information

  • Academic information associated with the account

While the total number of impacted LOCUS accounts is small, it is essential for affected individuals to take steps to protect their personal data.

What You Can Do

If you were affected by the Loyola University Chicago data breach, it’s important to take the following steps to protect your personal information:

  • Change your account passwords: If you still have access to your LOCUS account, it is recommended that you change your password to a strong, unique one to secure your account.

  • Monitor your accounts: Keep an eye on your financial and academic records for any suspicious activity that could indicate misuse of your information.

  • Request a credit report: If your Social Security number or other sensitive personal data was compromised, you can request a free credit report from each of the three major credit reporting agencies: Equifax, Experian, and TransUnion.

  • Place a fraud alert: Consider placing a fraud alert on your credit report, which requires businesses to verify your identity before opening new accounts in your name.

  • Review your academic and personal records: Watch for any unusual activity related to your academic or personal records that may be connected to this breach.

Loyola University Chicago is taking steps to ensure the integrity of its IT systems moving forward, including further audits and enhanced security measures to prevent future breaches.

File a Data Breach Lawsuit Against Loyola University Chicago

If you were notified that your information was compromised in this data breach, you may be entitled to file a class action lawsuit against Loyola University Chicago for failing to protect your personal information. Data breaches like this can lead to identity theft and other forms of harm, and affected individuals may be entitled to compensation.

At Class Action U, we specialize in helping individuals whose personal data has been exposed in security incidents. If you were impacted by this breach, we can connect you with experienced attorneys to explore your legal options.

Contact us today for a free consultation to learn more about your rights and whether you are eligible to file a lawsuit.There’s no cost to reach out to our legal partner, and no obligation to take further action after speaking with someone from our team.

VIEW PDF
Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Soapy Joe’s Car Wash Data Breach
Date of Breach: October 6, 2025, to December 19, 2025
Share Ourselves Data Breach
Date of Breach: October 2, 2025
Dot Foods and Dot Transportation Data Breach
Date of Breach: December 3, 2025
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.