Clackamas Community College Hit by Second Ransomware Attack in Two Years, Exposing 33,000 Individuals
Clackamas Community College in Oregon has notified 33,381 individuals of a data breach discovered in October 2025, marking its second ransomware attack in two years. The compromised data includes names, Social Security numbers, student records, government and tax ID numbers, medical information, passport numbers, and financial account details.
The ransomware group Medusa claimed responsibility for the attack on October 29, 2025, demanding a $300,000 ransom for 1.2 terabytes of stolen data. The gang posted sample documents as proof of the breach, though Clackamas has not verified the claim. It remains unclear whether the college paid the ransom or how the attackers gained access.
According to Clackamas’ notice, suspicious activity was first detected on September 10, 2025, prompting an account reset. A second incident on October 24, 2025, led to a forensic investigation, which confirmed unauthorized access and data exfiltration on the same day. The college is offering affected individuals one year of free credit monitoring and identity theft protection through IDX.
Medusa, a ransomware-as-a-service (RaaS) operation active since 2019, has been linked to 154 attacks in 2025 alone, with 32 publicly acknowledged by victims. The group’s average ransom demand is $529,000, and it has targeted multiple U.S. schools this year, including Laurens County School District 56 (SC), Fall River Public Schools (MA), and Franklin Pierce Schools (WA).
Clackamas’ previous breach in January 2024, which exposed 8,797 individuals, was attributed to the LockBit ransomware group. Across the U.S., 49 confirmed ransomware attacks on educational institutions in 2025 have compromised over 3.8 million records, disrupting operations such as attendance tracking, grading, communications, and payroll. Some schools, including Oakland Community School District 5 (IL) and Pell City School System (AL), have refused to pay ransoms, risking prolonged downtime and data loss.
Clackamas Community College serves approximately 20,000 students across its three Oregon campuses.
Clackamas Community College TPRM report: https://www.rankiteo.com/company/clackamas-community-college
Fall River Public Schools TPRM report: https://www.rankiteo.com/company/klamath-falls-city-schools
Pell City School System TPRM report: https://www.rankiteo.com/company/pellissippi-state-community-college
"id": "claklapel1767980336",
"linkid": "clackamas-community-college, klamath-falls-city-schools, pellissippi-state-community-college",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33,381',
'industry': 'Education',
'location': 'Oregon, USA',
'name': 'Clackamas Community College',
'size': '20,000 students',
'type': 'Educational Institution'}],
'attack_vector': 'Suspicious activity tied to a user account',
'customer_advisories': 'Offering one year of free credit monitoring and '
'identity theft protection through IDX',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes (1.2 terabytes claimed by Medusa)',
'number_of_records_exposed': '33,381',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, financial, medical, and '
'government IDs)',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Student records',
'Government ID numbers',
'Tax ID numbers',
'Medical info',
'Passport numbers',
'Financial account info']},
'date_detected': '2025-09-10',
'date_publicly_disclosed': '2025-10-29',
'description': 'Clackamas Community College confirmed a data breach in '
'October 2025 that compromised personal information of 33,381 '
'individuals. The ransomware group Medusa claimed '
'responsibility, demanding a $300,000 ransom for 1.2 terabytes '
"of stolen data. This marks the college's second ransomware "
'attack in two years.',
'impact': {'data_compromised': '33,381 records',
'identity_theft_risk': 'High (due to exposure of SSNs, passport '
'numbers, financial account info, etc.)',
'operational_impact': 'Containment efforts to prevent widespread '
'operational impact',
'payment_information_risk': 'High (financial account info '
'compromised)',
'systems_affected': 'Small number of systems'},
'initial_access_broker': {'entry_point': 'User account compromise'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Unauthorized access via '
'compromised user account'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': '$300,000',
'ransomware_strain': 'Medusa'},
'references': [{'source': 'Comparitech'}],
'response': {'communication_strategy': 'Victim notification, public '
'disclosure',
'containment_measures': 'Network containment, account reset',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'Medusa',
'title': 'Clackamas Community College Ransomware Attack and Data Breach',
'type': 'Ransomware'}