Loyola University Chicago Data Breach Lawsuit Investigation
Notice date – December 5, 2025: Loyola University Chicago has advised certain students and account holders that a programming flaw in a vendor’s Universal ID (UVID) system allowed unintended users to view another person’s LOCUS account. If you received the breach letter, you may be entitled to compensation and free identity-protection services. Use the information below to decide your next steps.
Key Facts of the Breach
- Date breach discovered: First half of November 2025
- Date consumer letters mailed: December 5, 2025
- Regulatory filing date: December 15, 2025 (Massachusetts)
- Total individuals affected: 1 (reported to MA Attorney General)
- Free services offered: Two-year credit monitoring & identity restoration from Experian IdentityWorks
What Happened
Loyola University Chicago (Loyola University Chicago) relies on a third-party vendor to create Universal IDs that allow access to student and employee LOCUS accounts. According to the University’s filing with the Massachusetts Attorney General, a flaw in the vendor’s program combined ID data for certain users. This allowed both the rightful account owner and an “unintended user” to log in to the same LOCUS account.
The issue surfaced in early November 2025 when an unintended user was routed to another individual’s account and promptly reported the incident to Loyola’s Information Security Office (ISO). The University’s investigation determined that the number of unintended users roughly matched the number of affected account owners.
Information Exposed
The University states that the following data may have been visible inside impacted LOCUS accounts:
- Name
- Phone number
- Bank account information
- Last four digits of Social Security number
- Class information and grades
- Financial aid information
- Date of birth
- Other details stored within the LOCUS profile
How Loyola Responded
Upon learning of the flaw, Loyola’s ISO immediately took investigative, containment, and remedial steps:
- Contacted the vendor and suspended use of the affected UVID program.
- Temporarily locked impacted LOCUS accounts.
- Arranged complimentary credit monitoring and identity-restoration services through Experian.
Complimentary Credit Monitoring
Eligible recipients can enroll in a two-year Experian IdentityWorks membership that includes:
- Daily credit-file monitoring
- Identity restoration assistance
- $0 deductible identity theft insurance (subject to policy limits)
Instructions for activation and enrollment deadlines are provided in the mailed notification letter.
Actions You Can Take Now
Loyola recommends the following federally approved resources:
- FTC: Credit Freezes & Fraud Alerts
- FTC: Identity Theft Basics
- FTC: Free Credit Reports
- Request Your Free Annual Credit Report
In addition, remain vigilant by reviewing bank and credit-card statements, reporting any unauthorized activity to the financial institution, law enforcement, and credit bureaus:
Timeline of Events
- Early November 2025 – Unintended user discovers cross-account access, contacts ISO.
- Mid-November 2025 – ISO suspends vendor program and locks affected accounts.
- December 5, 2025 – Breach letters mailed to impacted individuals.
- December 15, 2025 – Incident reported to Massachusetts Attorney General.
Company Overview
Loyola University Chicago is a private Jesuit research university headquartered in Chicago, Illinois.
- Website: luc.edu
- Founded: 1870
- Industry: Higher Education
- Headquarters: 1032 W. Sheridan Rd., Chicago, IL, United States
- Social Channels: Facebook, YouTube, X/Twitter
Frequently Asked Questions
I received a data breach letter from Loyola University Chicago — what should I do?
Follow the activation instructions for the free Experian IdentityWorks membership, monitor your financial accounts closely, and consider placing a fraud alert or credit freeze using the FTC resources linked above.
How do I submit a claim related to the Loyola University Chicago data breach?
You may consult a consumer-rights attorney regarding potential legal claims. Keep your breach letter, enrollment documents, and any evidence of fraudulent activity as supporting proof.
Am I eligible to join a lawsuit against Loyola University Chicago?
Eligibility typically depends on whether your personal information was accessed and whether you suffered financial or time losses. Speaking with legal counsel can clarify your options.
What information was exposed in the Loyola University Chicago breach?
Potentially exposed data includes your name, phone number, bank account details, last four digits of your Social Security number, class and grade information, financial aid data, date of birth, and other LOCUS account content.
Did Loyola University Chicago offer credit monitoring, and for how long?
Yes. The University is offering two years of no-cost credit monitoring and identity-restoration services through Experian IdentityWorks.
How many people were affected by the Loyola University Chicago breach?
The University’s filing with the Massachusetts Attorney General lists one impacted individual in that state. No additional figures were provided.
How can I get the official breach notice (PDF) for Loyola University Chicago?
You can download the filing directly from the Massachusetts Attorney General’s website using the button near the top of this article.