The hacker claimed to be accessing the system via an unpatched SQL injection vulnerability.
The company said the attack involved 'organized, highly professional hacker activities.'
In 18.3 million cases, the exposed data includes hashed passwords.
The routers were 'affected by an attack from outside,' the company said.
The data potentially accessed ranges from students' names and Social Security numbers to credit card numbers and expiration dates.
The proof-of-concept worm could jump from one smart bulb to another via ZigBee wireless connectivity.
In 20,000 cases, the bank says, the breaches resulted in 'money being withdrawn fraudulently.'
Hacks happen. But sometimes organizations seem to make themselves targets with behavior that is a bit too boastful, judgmental or egotistical.
Confidential medical information for U.S. athletes including Simone Biles and Serena Williams was published online.
Downtime resulting from ransomware attacks can cost companies more than $8,500 an hour, a recent survey found.
And nine percent would do it for free, a recent survey found.
Intel Security and Kaspersky Labs worked with international law enforcement agencies on a website that offers decryption keys for several variants of ransomware.