The University of Hawaii Cancer Center confirmed a ransomware attack that exposed personal records belonging to roughly 1.24 million people.

Social Security numbers, driver’s license data, and health information were among the stolen files.

How the UH Cancer Center Data Breach Happened

On August 31, 2025, attackers targeted servers within the Cancer Center’s Epidemiology Division.

About 1.15 million people had records in historical files from Hawaii’s Department of Transportation and Honolulu voter registration rolls, collected in 1998 and 2000. Government agencies used Social Security numbers as standard identifiers at that time.

Another 87,493 participants in the Multiethnic Cohort (MEC) Study were also affected. That research project began in 1993 and tracked residents of Hawaii and Los Angeles, California.

Stolen data included:

• Names paired with Social Security numbers
• Driver’s license numbers (based on SSNs in Hawaii at that time)
• Voter registration records
• Health-related research information from cancer and diet studies

TROYPOINT Tip: Protect your identity and personal info from a data breach by using Aura Identity Theft Protection which is TROYPOINT’s recommended identity theft protection.

Aura Identity Theft Protection Review

UH Cancer Center’s Response

The university paid a ransom to obtain a decryption tool and received assurance that stolen data was destroyed. No evidence has surfaced showing the information was published or misused.

Notification letters went out to MEC Study participants on February 23, 2026. An additional 900,000 individuals are being contacted by email. Clinical trials, patient care, and student records were not affected.

How to Protect Yourself After This Breach

If your information may have been involved, take these steps:

• Call the dedicated hotline at (844) 443-0842 to verify your status and enroll in free credit monitoring
• Sign up for 12 months of complimentary monitoring and $1 million in identity theft insurance before May 31, 2026
• Place a fraud alert or credit freeze with Equifax, Experian, and TransUnion
• Check Have I Been Pwned to see if your email appeared in past breaches
• Monitor bank and credit card statements for suspicious activity

Final Thoughts

This marks the second ransomware incident tied to the University of Hawaii system in recent years. Hawaii Community College paid a ransom in 2023 after a separate attack compromised 28,000 records.

The six-month gap between discovery and public notification left affected individuals exposed for far too long.

For more details on this story, refer to the official data incident notice (PDF) and the University of Hawaii press release.

We want to know your thoughts. What do you think about this story? Let us know in the comment section below!

Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.