My SSN was exposed in a breach at Columbia-a school I have no connection with

Here's a weird one. Columbia University had a data breach last June that exposed 1.8 million Social Security numbers. The strange part? Some victims have absolutely no connection to the school.

One person got a letter from Columbia via their dad, informing them their SSN and other sensitive info was compromised. They've never applied to Columbia, never worked there, never had any relationship with the university. Yet somehow, their data was sitting in Columbia's systems.

Columbia's public notices only addressed "members of the Columbia community" and talked about student, applicant, and employee data being accessed by an unauthorized party. Major news outlets reported the breach as affecting people affiliated with Columbia, noting the hacker was apparently motivated by Columbia's affirmative action policies.

But that narrative missed a crucial detail. There's a whole group of breach victims who have zero Columbia connection trying to figure out why the school had their information in the first place.

This matters because it highlights how organizations collect and store personal data in ways most people don't understand or consent to. Your SSN might be sitting in databases you've never heard of, exposed to breaches at institutions you've never interacted with.

For anyone using AI tools that integrate with third-party services or educational platforms, this is a reminder that data flows in unexpected directions. The organizations holding your information aren't always the ones you directly gave it to.