Ransomware Attacks on Education Sector Surge in 2025, U.S. Hit Hardest Ransomware attacks on educational institutions worldwide reached 251 incidents in 2025, a slight increase from the previous year, with the U.S. bearing the brunt of the assaults, according to a report by Comparitech. Of the total attacks, 130 targeted U.S. schools, accounting for over half of global activity in the sector. The U.K. (12 attacks), France (9), Brazil (9), and Japan (9) followed as the next most affected countries. While U.S. attacks declined marginally, the scale of data breaches grew significantly. Cybercriminals stole 3.89 million records from American institutions over 98% of all reported stolen education sector data including personal and financial information. Globally, breached records rose by 27%, though the true number of affected individuals may be higher, as the report only includes data from government sources. Cl0p, a Russian ransomware syndicate, emerged as a dominant threat, responsible for five confirmed attacks that compromised 3.6 million records over 90% of Comparitech’s confirmed breaches. The group exploited a zero-day vulnerability in Oracle’s E-Business Suite, allowing unauthorized access to sensitive data. Among its victims: - University of Phoenix (August 2025) – Nearly 3.5 million records exposed, the largest breach in the sector this year. - Dartmouth College (99,596 records) and University of Pennsylvania (46,491 records) – Among the top three most severe incidents. - Wits University (South Africa) – Part of Cl0p’s global campaign. In 2023, Cl0p also breached nearly 900 colleges by infiltrating a third-party service used by the National Student Clearinghouse and TIAA, a retirement financial service for faculty. Other major U.S. incidents included: - Cherokee County School District (Georgia) – Over 46,000 individuals affected, with 624GB of data stolen. - Harvard University (October 2025) – 1.3 terabytes of archive files exposed, per SecurityWeek. The report highlights the growing sophistication of ransomware gangs and the vulnerabilities in education sector data systems, with third-party platforms increasingly targeted as entry points.

The Maine Office of the Attorney General reported a data breach involving TIAA and TIAA Life on September 27, 2024. The breach occurred between October 29, 2023, and November 2, 2023, due to external system breach (hacking), affecting a total of 8,977 individuals, with 81 residents specifically impacted. Identity theft protection services were offered to affected individuals for 24 months through Kroll.

The Washington State Office of the Attorney General reported a data breach involving TIAA-CREF Life Insurance Company on August 2, 2023. The breach occurred between May 29, 2023, and May 30, 2023, affecting the personal information of 904 Washington residents, including names, Social Security numbers, dates of birth, addresses, and gender. The breach resulted from unauthorized access to MOVEit Transfer software by a third party.

The Maine Office of the Attorney General reported that TIAA Bank experienced a data breach on December 13, 2022, due to insider wrongdoing. The breach potentially affected 2,580 individuals, including 19 Maine residents, and involved the unauthorized access to financial account information. Complimentary identity theft protection services, including 24 months of Experian IdentityWorks, were offered to affected individuals.

The Maine Office of the Attorney General reported a data breach involving TIAA on March 1, 2021. The breach occurred on May 5, 2020, affecting a total of 9 individuals, including 1 resident. The breach involved the manual input of stolen credentials, compromising financial account numbers or credit/debit card numbers.