Goodwin University Hit by Qilin Ransomware Attack, Exposing Sensitive Data of Hundreds
Goodwin University, a private nonprofit institution in East Hartford, Connecticut, disclosed a ransomware attack that compromised the personal data of hundreds of individuals. The breach was first detected on December 4, 2025, when the university identified a network disruption. After engaging cybersecurity experts, Goodwin confirmed on January 7, 2026, that unauthorized access had occurred, with a full review concluding on March 20, 2026.
The attack was attributed to the Qilin ransomware group, which claimed responsibility and posted about the incident on the dark web on December 28, 2025. Exposed data included names, addresses, Social Security numbers, driver’s license/state ID numbers, government-issued IDs (e.g., passport numbers), personal health information, and health insurance details.
Goodwin University began notifying affected individuals via U.S. mail on April 16, 2026. The breach impacted at least 531 individuals in Texas and 151 in Maine, though the total number of affected parties remains unclear. Legal firm Shamis & Gentile P.A. is investigating potential compensation claims for those impacted.
Source: https://www.claimdepot.com/investigations/goodwin-university-data-breach-2026
Goodwin University cybersecurity rating report: https://www.rankiteo.com/company/goodwinuniversity
"id": "GOO1778006566",
"linkid": "goodwinuniversity",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 682 individuals (531 '
'in Texas, 151 in Maine)',
'industry': 'Education',
'location': 'East Hartford, Connecticut, USA',
'name': 'Goodwin University',
'type': 'Educational Institution'}],
'customer_advisories': 'Notification via U.S. mail on April 16, 2026',
'data_breach': {'number_of_records_exposed': 'Hundreds (at least 682 '
'identified)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Social Security numbers',
'Driver’s license/state ID '
'numbers',
'Government-issued IDs (e.g., '
'passport numbers)',
'Personal health information',
'Health insurance details']},
'date_detected': '2025-12-04',
'date_publicly_disclosed': '2025-12-28',
'date_resolved': '2026-03-20',
'description': 'Goodwin University, a private nonprofit institution in East '
'Hartford, Connecticut, disclosed a ransomware attack that '
'compromised the personal data of hundreds of individuals. The '
'breach exposed names, addresses, Social Security numbers, '
'driver’s license/state ID numbers, government-issued IDs, '
'personal health information, and health insurance details.',
'impact': {'data_compromised': 'Personal data of hundreds of individuals',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential compensation claims',
'operational_impact': 'Network disruption'},
'investigation_status': 'Concluded',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'Goodwin University Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'(Shamis & Gentile P.A.)'},
'response': {'communication_strategy': 'Notification via U.S. mail on April '
'16, 2026',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'Qilin ransomware group',
'title': 'Goodwin University Hit by Qilin Ransomware Attack, Exposing '
'Sensitive Data of Hundreds',
'type': 'ransomware'}