Comparison Overview

Columbia University Information Technology

VS

US Government Agencies

Columbia University Information Technology

615 West 131st street New York, NY 10027, US
Last Update: 2025-05-01 (UTC)
View Profile
Between 650 and 699
http://cuit.columbia.edu

Columbia University Information Technology (CUIT) supports mission critical technology for over 40,000 faculty, staff and students. CUIT provides Columbia University students, faculty and staff with central computing and communications services including email, telephone service, web publishing, computer labs, electronic classrooms, course management and student information applications, office and administrative applications, and management of the high-speed campus ethernet and wireless networks. CUIT also manages an array of computer labs, terminal clusters, ColumbiaNet stations, multimedia classrooms, and provides a variety of technical support services. The CUIT organization is comprised of the following groups: Academic & Research Services, Enterprise Applications, Infrastructure Services, Enterprise Architecture & IT Internal Controls, Information Security, Client Support Services, IT Business Services, and the PMO. Columbia University is an equal opportunity/affirmative action – Race/Gender/Disability/Veterans employer.

NAICS: 5415
NAICS Definition: Computer Systems Design and Related Services
Employees: 201-500
Subsidiaries: 0
12-month incidents
1
Known data breaches
1
Attack type number
1
View Profile

US Government Agencies

None
Last Update: 2025-10-28 (UTC)
Between 700 and 749
https://financemanager.us/

https://financemanager.us/

NAICS: 5415
NAICS Definition: Computer Systems Design and Related Services
Employees: 1,251
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
1

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/columbia-university-information-technology.jpeg
Columbia University Information Technology
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/defaultcompany.jpeg
US Government Agencies
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Columbia University Information Technology
100%
Compliance Rate
0/4 Standards Verified
US Government Agencies
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs IT Services and IT Consulting Industry Average (This Year)

Columbia University Information Technology has 61.29% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs IT Services and IT Consulting Industry Average (This Year)

No incidents recorded for US Government Agencies in 2025.

Incident History — Columbia University Information Technology (X = Date, Y = Severity)

Columbia University Information Technology cyber incidents detection timeline including parent company and subsidiaries

Incident History — US Government Agencies (X = Date, Y = Severity)

US Government Agencies cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/columbia-university-information-technology.jpeg
Columbia University Information Technology
Incidents

Date Detected: 7/2025
Type:Breach
Attack Vector: Unspecified
Motivation: Political agenda
Blog: Blog
https://images.rankiteo.com/companyimages/defaultcompany.jpeg
US Government Agencies
Incidents

Date Detected: 6/2020
Type:Ransomware
Motivation: Financial gain through ransom payments
Blog: Blog

FAQ

US Government Agencies company demonstrates a stronger AI Cybersecurity Score compared to Columbia University Information Technology company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Columbia University Information Technology and US Government Agencies have experienced a similar number of publicly disclosed cyber incidents.

In the current year, Columbia University Information Technology company has reported more cyber incidents than US Government Agencies company.

US Government Agencies company has confirmed experiencing a ransomware attack, while Columbia University Information Technology company has not reported such incidents publicly.

Columbia University Information Technology company has disclosed at least one data breach, while the other US Government Agencies company has not reported such incidents publicly.

Neither US Government Agencies company nor Columbia University Information Technology company has reported experiencing targeted cyberattacks publicly.

Neither Columbia University Information Technology company nor US Government Agencies company has reported experiencing or disclosing vulnerabilities publicly.

Neither Columbia University Information Technology nor US Government Agencies holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Columbia University Information Technology company nor US Government Agencies company has publicly disclosed detailed information about the number of their subsidiaries.

US Government Agencies company employs more people globally than Columbia University Information Technology company, reflecting its scale as a IT Services and IT Consulting.

Neither Columbia University Information Technology nor US Government Agencies holds SOC 2 Type 1 certification.

Neither Columbia University Information Technology nor US Government Agencies holds SOC 2 Type 2 certification.

Neither Columbia University Information Technology nor US Government Agencies holds ISO 27001 certification.

Neither Columbia University Information Technology nor US Government Agencies holds PCI DSS certification.

Neither Columbia University Information Technology nor US Government Agencies holds HIPAA certification.

Neither Columbia University Information Technology nor US Government Agencies holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected files can lead to RCE. Must be chained with a prompt injection or malicious model attach. Only affects systems supporting NTFS. This issue is fixed in version 2.0.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Description

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes (./.cursor/./././././mcp.json etc.), and requires human approval to complete the operation. However, the same kind of manipulation using backslashes was not correctly detected, allowing an attacker who had already achieved prompt injection or some other level of control to overwrite sensitive editor files without approval on Windows machines. This issue is fixed in version 2.0.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Description

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the server. If an attacker is able to convince a victim to navigate to a malicious deeplink, the victim will not see the correct speedbump modal, and if they choose to accept, will execute commands specified by the attackers deeplink.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
Description

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the title field. When a user views the link details page and the shareable links are rendered, the malicious JavaScript executes in their browser. This vulnerability affects multiple sharing services and can be exploited to steal session cookies, perform actions on behalf of users, or deliver malware. This issue is fixed in version 2.4.0.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References