The California Office of the Attorney General reported a data breach involving Pacific Oaks College on August 7, 2024. The breach was discovered on July 23, 2024, when an internal page was found publicly accessible, exposing private information such as personal email addresses and preferred names for diplomas under the Family Educational Rights and Privacy Act (FERPA).

The Washington State Office of the Attorney General disclosed a ransomware attack targeting Saybrook University between February 7, 2020, and May 20, 2020, officially reported on September 8, 2020. The breach compromised the personal information of 935 Washington residents, exposing sensitive data such as full names, dates of birth, and potentially other identifying details. The attack was executed via ransomware, a malicious software variant that encrypts files and demands payment for decryption, often coupled with threats of data exposure. While the exact method of infiltration (e.g., phishing, unpatched vulnerabilities) was not specified, the prolonged duration (over three months) suggests a sophisticated or undetected intrusion. The exposed data—though not explicitly confirmed to include financial records—poses risks of identity theft, fraud, or targeted scams for affected individuals. As an educational institution, Saybrook University’s breach underscores vulnerabilities in sectors handling personally identifiable information (PII), particularly when cybercriminals exploit systemic weaknesses. The incident aligns with broader trends where higher education institutions face escalating ransomware threats due to legacy systems, decentralized data storage, or limited cybersecurity resources. The breach’s public disclosure via a state authority further amplifies reputational damage and potential regulatory scrutiny under data protection laws.