Education Sector Security Intelligence

Santa Monica Community College (SMC) is notifying individuals of a data breach where employee W-2 forms were emailed to two former student workers. The unauthorized access occurred from April 13, 2026, to May 21, 2026. The exposed information may include first and last name in combination with Social Security numbers. SMC has confirmed the email has been deleted and has no evidence of misuse. The college is offering complimentary credit monitoring and identity protection services and has reviewed its data protection policies and procedures.

Nelson University disclosed a data breach on March 21, 2025. The notification letter does not specify the date of the incident or the number of records affected. The exposed data includes names, addresses, dates of birth, and Social Security numbers. The university is offering a confidential toll-free response line for further questions and has provided guidance on placing security freezes, obtaining free credit reports, and reporting identity theft to relevant authorities like the FTC and state Attorney General offices.

Bellflower Unified School District experienced unauthorized activity within its computer systems. A third-party forensic investigation determined that personal information, including first and last name, may have been accessed by an unauthorized third party. The district is offering complimentary credit monitoring services and advises individuals to remain vigilant in monitoring their accounts.

The Bozeman School District #7 disclosed a data breach on June 3, 2026. The specifics of the breach, including the date it occurred, the date it was discovered, the number of records affected, the types of data exposed, and the attack vector, are not provided in the available information.

Strategic Education Inc. disclosed a data breach on June 1, 2026. No further details regarding the date of occurrence, discovery, records affected, data exposed, or attack vector were provided in the available information.

The University of Dallas experienced a data breach that was disclosed on May 29, 2026. Specific details regarding the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not available in the provided information.

Educational Employees Credit Union experienced a data breach on December 15, 2025, when an unauthorized individual gained access to an employee email account for a limited period. The credit union discovered the incident on the same day and initiated an investigation with cybersecurity professionals. The investigation concluded on May 8, 2026, determining that certain emails containing personal information may have been accessed or removed. While there is no evidence of financial fraud or identity theft, the credit union is offering two years of complimentary identity monitoring services through Kroll, which include credit monitoring, fraud consultation, and identity theft restoration.

The University of St. Thomas-Houston disclosed a data breach on May 26, 2026. Specific details regarding the date of occurrence, discovery, number of records affected, types of data exposed, and the attack vector are not provided in the available information.

The Pierce County Library System experienced a data breach that was disclosed on May 25, 2026. The specifics of the breach, including the date of occurrence, the number of records affected, the types of data exposed, and the attack vector, are not provided in the available information.

Southern California University of Health Sciences disclosed a data breach on May 19, 2026. The specifics of the breach, including the date it occurred, the date it was discovered, the number of records affected, the types of data exposed, and the attack vector, were not provided in the available information.

The Dental Studies Institute disclosed a data breach on May 13, 2026. No further details regarding the date of the incident, the number of records affected, the specific data exposed, or the attack vector were provided in the available information.

Las Lomitas Elementary School District (LLESD) was notified by Instructure, the publisher of the Canvas LMS, on May 5, 2026, that a criminal threat actor had gained access to LLESD information on the Canvas platform. The breach affected students in 6th, 7th, and 8th grade during the 2023-2024 school year, their caregivers, and staff. The exposed data includes first and last names, email addresses, and class enrollments. Instructure stated there was no indication that passwords, dates of birth, government identifiers, or financial information were involved. LLESD IT confirmed the compromised data after reviewing the information within Canvas.

The Wisconsin Education Association Council (WEAC) disclosed a data breach on May 11, 2026. The specifics of the breach, including the date it occurred, the number of records affected, the types of data exposed, and the attack vector, are not publicly available at this time.

The Chaffey Joint Union High School District disclosed a data breach on May 1, 2026, affecting data shared with Canvas, a platform provided by Instructure. The breach involved messages within Canvas, the content of which may vary by individual. The district has temporarily disabled data sharing between Canvas and its student information system, is monitoring local Canvas activity, and is receiving updates from Instructure. Parents and guardians are advised to reset their Canvas passwords, while students are not required to take immediate action. The district recommends vigilance for unusual activity on Canvas and related email accounts and advises caution regarding unverified communications about the incident.

Information regarding a data breach at Goodwin University, Inc. was disclosed on May 4, 2026. Specific details about the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not provided in the available information.

Blanchard Training & Development, Inc. discovered unusual activity in its network on March 4, 2026, which an investigation revealed may have involved the copying of certain personal information by an unauthorized individual between March 3 and March 4, 2026. The company is providing affected individuals with 12 months of free credit monitoring and fraud assistance services through Cyberscout.

Fort Scott Community College (KS) reports November 2025 cybersecurity incident affecting 4,016 individuals. SSNs and financial account information compromised. Second community college breach disclosed in 2026 following Clackamas CC.

Portland Public Schools (ME) discloses February 2025 network intrusion affecting 12,128 students, staff, and community members. Nearly a year elapsed between the unauthorized access and confirmation of data exposure.

Trocaire College (Buffalo, NY) discloses March 2025 breach affecting 23,436 individuals. SSNs, driver's licenses, and passport numbers among exposed data. Ten-month gap from intrusion to notification.

Clackamas Community College (OR) reports two separate intrusions in September and October 2025 resulting in file exfiltration. 33,381 individuals affected. Attackers returned six weeks after initial account compromise was detected and reset.