Clackamas Community College Data Breach Exposes Sensitive Information of Over 33,000 Individuals
Clackamas Community College, a public two-year institution in Oregon with campuses in Oregon City, Clackamas, and Wilsonville, is investigating a data breach that compromised the personal information of 33,381 individuals across the U.S. The breach was first detected on September 10, 2025, when suspicious activity was identified in a user account. Despite resetting the account, further unauthorized access occurred on October 24, 2025, prompting the college to engage a forensic security firm.
The investigation confirmed that an unauthorized third party accessed and exfiltrated files containing sensitive data. By December 18, 2025, the college determined that personally identifiable information had been exposed. Affected individuals began receiving written notifications on January 8, 2026, with the breach impacting residents in multiple states, including one in Maine and nine in Massachusetts.
Exposed data includes:
- Full names
- Dates of birth
- Social Security numbers
- Student records
- Government and tax identification numbers
- Medical information
- Passport numbers
- Financial account details
In response, Clackamas Community College is offering affected individuals a complimentary one-year membership of credit monitoring and identity theft protection services through IDX. The college has also advised impacted parties to monitor their accounts, place fraud alerts or credit freezes, and report any suspicious activity to authorities.
Legal firms, including Shamis & Gentile P.A., are investigating potential compensation claims for those affected. The breach underscores the ongoing risks of unauthorized access to educational institutions’ systems and the far-reaching consequences of exposed personal data.
Source: https://www.claimdepot.com/investigations/clackamas-community-college-data-breach-2026
Clackamas Community College cybersecurity rating report: https://www.rankiteo.com/company/clackamas-community-college
"id": "CLA1768252483",
"linkid": "clackamas-community-college",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33,381',
'industry': 'Education',
'location': 'Oregon City, Oregon, USA',
'name': 'Clackamas Community College',
'size': '20,000 students annually',
'type': 'Educational Institution'}],
'attack_vector': 'Compromised user account',
'customer_advisories': 'Written notifications sent to affected individuals '
'with instructions for protective steps',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '33,381',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Date of birth',
'Social Security number',
'Student record information',
'Government identification '
'number',
'Tax identification number',
'Medical information',
'Passport number',
'Financial account information']},
'date_detected': '2025-09-10',
'date_publicly_disclosed': '2026-01-08',
'description': 'Clackamas Community College discovered suspicious activity '
'tied to one of its user accounts, leading to a data breach '
'where an unauthorized third party accessed certain systems '
'and acquired files containing sensitive personally '
'identifiable information.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Compromised user account'},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': 'Forensic investigation, '
'credit monitoring services '
'offered',
'root_causes': 'Suspicious activity tied to a user '
'account'},
'recommendations': ['Enroll in free credit monitoring and identity theft '
'protection service',
'Review account statements and monitor credit reports',
'Place a fraud alert or credit freeze on credit files',
'Report signs of identity theft or fraud to law '
'enforcement, FTC, and state attorney general offices'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'response': {'communication_strategy': 'Written notifications to affected '
'individuals',
'containment_measures': 'Account reset, immediate threat '
'containment',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Engaged forensic investigation, offered '
'credit monitoring services',
'third_party_assistance': 'Forensic security firm'},
'threat_actor': 'Unauthorized third party',
'title': 'Clackamas Community College Data Breach',
'type': 'Data Breach'}