Back to news
Cybersecurity Alert
July 13, 2026 by EmailMeNow IT Consulting

Was Southern Methodist University Breached? We Scanned Their Domain Security

Southern Methodist University appears on the Texas OAG breach list dated October 17, 2025 covering 266 Texans with SSNs and dates of birth exposed. Audits score smu.edu at 44% — well below the 100% ideal.

Source: Texas OAG

NewsData BreachTexasHigher EducationCybersecurity
Southern Methodist University Dallas data breach cybersecurity illustration

Yes — Southern Methodist University (SMU, Dallas) is listed on the Texas Attorney General Data Security Breach Reports portal with a publication date of October 17, 2025, affecting 266 Texans. Consumer notice was marked Yes via U.S. Mail.

Texas OAG records list exposed information categories as name, Social Security number, date of birth, and other. Unlike larger 2026 campus filings (TTUHSC, St. Thomas, Nelson), SMU has released comparatively little public forensic narrative beyond the statutory AG listing — so this post anchors on the OAG record plus an independent domain audit.

We scanned smu.edu on July 13, 2026 against the 100% ideal.

Breach Impact (Texas OAG)

FieldDetail
EntitySouthern Methodist University
Address (OAG)6425 Boaz Lane, Dallas, TX 75275
Texans affected266
Data typesName; SSN; DOB; other
Notice providedYes — U.S. Mail
Date published at OAGOct 17, 2025

Illustration: Dallas private university breach notice highlighting SSN and date-of-birth exposure

Independent Cybersecurity Audit

DomainOverallIdentityTransportWebsitevs 100% ideal
smu.edu44%25%15%45%Below Average

Key findings: SMU matches Rice and UH at 44% overall — far from 100%. 25% identity leaves room for spoofed @smu.edu HR, advancement, and “credit monitoring” phishing long after a SSN/DOB disclosure. Transport 15% is the common Texas campus floor.

Illustration: smu.edu email security audit at 44% with identity and transport gaps

Audit: smu.edu

Priority Actions

Community members who received mail: Treat the letter as authoritative; ignore unexpected enrollment links that arrive by email without matching letter codes.

SMU IT / security: Raise DMARC to reject, enforce MTA-STS, and publish a clear incident URL — larger peers (St. Thomas, Tech HSC) show how silence increases spoofing success.


audit.emailmenow.com · Contact

Sources: Texas OAG — Data Security Breach Reports · EmailMeNow audit — smu.edu