126/69 Wednesday, March 4, 2026
The University of Hawaii Cancer Center has confirmed that a ransomware group gained access to systems within its Epidemiology Division in August 2025, potentially exposing the personal data of more than 1.2 million individuals. The university has begun sending notification letters and emails to affected individuals, including participants in past health research studies and people whose information was included in state databases. Investigators determined that research files were accessed without authorization and encrypted as part of the ransomware attack, which delayed system recovery and the full assessment of the incident.
The compromised data includes records dating back from 1993 to the mid-2000s and contains sensitive information such as full names, Social Security numbers, driver’s license numbers, voter registration details, and health information collected from multiple epidemiological and cancer research projects. However, the university stated that the incident only affected systems supporting research activities within the Epidemiology Division and did not impact student records, clinical trials, or patient care systems in other areas of the cancer center.
The investigation also revealed that the attackers not only exfiltrated data but also encrypted computer systems, causing operational disruption and complicating data recovery efforts. As a result, the university decided to pay the ransom in exchange for a decryption tool and assurances from the attackers that the stolen data would be destroyed. The director of the cancer center expressed regret over the incident and pledged to strengthen data security measures for research systems to prevent similar breaches in the future.