Educational services giant Kaplan is facing intense scrutiny following a massive cybersecurity incident that compromised the sensitive personal information of at least 230,000 individuals.
According to filings submitted to state regulators last week, the Florida-based company discovered that unauthorized actors maintained access to its servers for nearly three weeks, specifically between October 30 and November 18, 2025. While Kaplan has not publicly confirmed the total scope of the breach, notification letters filed in at least seven states reveal that hackers successfully exfiltrated files containing names, Social Security numbers, and driver’s license numbers.
Disclosures from Maine, South Carolina, Texas, and New Hampshire alone account for 230,941 affected people, with Texas reporting the largest impact at over 173,000 residents. The breach strikes at the heart of an institution that serves 1.2 million students globally, ranging from high schoolers preparing for the SAT and ACT to professionals seeking medical and law school admissions. Despite the scale of the theft, no hacking group has yet claimed responsibility for the intrusion. Kaplan, a subsidiary of Graham Holdings, which reported $4.9 billion in revenue last year, now faces mounting legal pressure as several law firms have already initiated class-action lawsuits. Law enforcement remains involved in the ongoing investigation into the security failure.
