Education Sector Security Intelligence

The University of Dallas experienced a data breach that was disclosed on May 29, 2026. Specific details regarding the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not available in the provided information.

Educational Employees Credit Union experienced a data breach on December 15, 2025, when an unauthorized individual gained access to an employee email account for a limited period. The credit union discovered the incident on the same day and initiated an investigation with cybersecurity professionals. The investigation concluded on May 8, 2026, determining that certain emails containing personal information may have been accessed or removed. While there is no evidence of financial fraud or identity theft, the credit union is offering two years of complimentary identity monitoring services through Kroll, which include credit monitoring, fraud consultation, and identity theft restoration.

The University of St. Thomas-Houston disclosed a data breach on May 26, 2026. Specific details regarding the date of occurrence, discovery, number of records affected, types of data exposed, and the attack vector are not provided in the available information.

The Pierce County Library System experienced a data breach that was disclosed on May 25, 2026. The specifics of the breach, including the date of occurrence, the number of records affected, the types of data exposed, and the attack vector, are not provided in the available information.

Southern California University of Health Sciences disclosed a data breach on May 19, 2026. The specifics of the breach, including the date it occurred, the date it was discovered, the number of records affected, the types of data exposed, and the attack vector, were not provided in the available information.

The Dental Studies Institute disclosed a data breach on May 13, 2026. No further details regarding the date of the incident, the number of records affected, the specific data exposed, or the attack vector were provided in the available information.

Las Lomitas Elementary School District (LLESD) was notified by Instructure, the publisher of the Canvas LMS, on May 5, 2026, that a criminal threat actor had gained access to LLESD information on the Canvas platform. The breach affected students in 6th, 7th, and 8th grade during the 2023-2024 school year, their caregivers, and staff. The exposed data includes first and last names, email addresses, and class enrollments. Instructure stated there was no indication that passwords, dates of birth, government identifiers, or financial information were involved. LLESD IT confirmed the compromised data after reviewing the information within Canvas.

The Wisconsin Education Association Council (WEAC) disclosed a data breach on May 11, 2026. The specifics of the breach, including the date it occurred, the number of records affected, the types of data exposed, and the attack vector, are not publicly available at this time.

The Chaffey Joint Union High School District disclosed a data breach on May 1, 2026, affecting data shared with Canvas, a platform provided by Instructure. The breach involved messages within Canvas, the content of which may vary by individual. The district has temporarily disabled data sharing between Canvas and its student information system, is monitoring local Canvas activity, and is receiving updates from Instructure. Parents and guardians are advised to reset their Canvas passwords, while students are not required to take immediate action. The district recommends vigilance for unusual activity on Canvas and related email accounts and advises caution regarding unverified communications about the incident.

Information regarding a data breach at Goodwin University, Inc. was disclosed on May 4, 2026. Specific details about the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not provided in the available information.

Blanchard Training & Development, Inc. discovered unusual activity in its network on March 4, 2026, which an investigation revealed may have involved the copying of certain personal information by an unauthorized individual between March 3 and March 4, 2026. The company is providing affected individuals with 12 months of free credit monitoring and fraud assistance services through Cyberscout.

Fort Scott Community College (KS) reports November 2025 cybersecurity incident affecting 4,016 individuals. SSNs and financial account information compromised. Second community college breach disclosed in 2026 following Clackamas CC.

Portland Public Schools (ME) discloses February 2025 network intrusion affecting 12,128 students, staff, and community members. Nearly a year elapsed between the unauthorized access and confirmation of data exposure.

Trocaire College (Buffalo, NY) discloses March 2025 breach affecting 23,436 individuals. SSNs, driver's licenses, and passport numbers among exposed data. Ten-month gap from intrusion to notification.

Clackamas Community College (OR) reports two separate intrusions in September and October 2025 resulting in file exfiltration. 33,381 individuals affected. Attackers returned six weeks after initial account compromise was detected and reset.