The Evergreen State College, a public liberal arts institution in Olympia, Washington, experienced a data breach between May 21, 2025, and June 10, 2025, due to unauthorized access to a legacy file share system containing sensitive student records. The breach exposed personally identifiable information (PII) of 7,727 Washington residents, including names, Social Security numbers, full dates of birth, and student ID numbers. The college confirmed the incident on October 1, 2025, and issued notification letters to affected individuals on October 17, 2025, while also reporting the breach to the Washington Attorney General. The compromised data poses significant risks of identity theft, financial fraud, and long-term reputational harm to victims. Evergreen offered 12 months of free credit monitoring (Experian IdentityWorks) to mitigate risks, but the exposure of SSNs and full birth dates heightens vulnerabilities for affected students. Legal firms, including Shamis & Gentile P.A., are investigating potential class-action lawsuits for compensation, citing negligence in securing legacy systems and delayed disclosure. The breach underscores systemic vulnerabilities in educational institutions’ cybersecurity practices, particularly in protecting highly sensitive student data from unauthorized access.
Source: https://www.claimdepot.com/investigations/evergreen-state-college-data-breach-2025
TPRM report: https://www.rankiteo.com/company/mesevergreen
"id": "mes1302813102325",
"linkid": "mesevergreen",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '7,727 (Washington residents); '
'several thousand (total '
'students)',
'industry': 'Education',
'location': 'Olympia, Washington, USA',
'name': 'The Evergreen State College',
'type': 'Public Liberal Arts College'}],
'attack_vector': 'Unauthorized access to legacy file share system',
'customer_advisories': ['Enroll in free credit monitoring (Experian '
'IdentityWorks).',
'Monitor accounts for suspicious activity.',
'Consider fraud alerts and credit freezes.',
'Seek legal assistance if needed.'],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to files)',
'number_of_records_exposed': '7,727 (Washington residents); '
'several thousand (total)',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Full date of birth',
'Student ID number'],
'sensitivity_of_data': 'High (includes SSNs, full dates of '
'birth, student IDs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Student records']},
'date_detected': '2025-06-10',
'date_publicly_disclosed': '2025-10-17',
'description': 'The Evergreen State College experienced a data breach between '
'May 21, 2025, and June 10, 2025, involving unauthorized '
'access to a legacy file share system containing sensitive '
'student information. The breach exposed personally '
'identifiable information (PII) of several thousand students, '
'including names, Social Security numbers, full dates of '
'birth, and student ID numbers. Notification letters were '
'mailed to affected individuals on October 17, 2025, and the '
'incident was disclosed to the Washington Attorney General on '
'the same date, reporting 7,727 Washington residents affected.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive student data',
'data_compromised': ['Name',
'Social Security number',
'Full date of birth',
'Student ID number'],
'identity_theft_risk': 'High (due to exposure of SSNs, full dates '
'of birth, and student IDs)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'systems_affected': ['Legacy file share system']},
'initial_access_broker': {'entry_point': 'Legacy file share system',
'high_value_targets': ['Student PII (SSNs, dates of '
'birth, student IDs)']},
'investigation_status': 'Ongoing (legal investigation by Shamis & Gentile '
'P.A.; college response active)',
'post_incident_analysis': {'corrective_actions': ['Offered credit monitoring '
'to affected individuals; '
'likely reviewing legacy '
'system security'],
'root_causes': ['Unauthorized access to legacy '
'file share system; potential lack '
'of modern security controls']},
'recommendations': ['Enroll in free credit monitoring (Experian '
'IdentityWorks) offered by the college.',
'Monitor financial statements for suspicious activity.',
'Place a fraud alert on credit reports.',
'Request free annual credit reports from major bureaus.',
'Seek legal counsel if affected.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-10-17',
'source': 'The Evergreen State College Notification Letters'},
{'date_accessed': '2025-10-17',
'source': 'Washington Attorney General Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits by affected '
'individuals (investigation '
'ongoing by Shamis & Gentile P.A.)',
'regulatory_notifications': ['Washington Attorney '
'General (disclosed '
'2025-10-17)']},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected individuals (2025-10-17); '
'disclosure to Washington Attorney '
'General (2025-10-17)',
'incident_response_plan_activated': 'Yes (notification letters '
'sent, credit monitoring '
'offered)',
'remediation_measures': ['Offered 12 months of free Experian '
'IdentityWorks credit monitoring and '
'identity protection services']},
'stakeholder_advisories': ['Notification letters to affected individuals; '
'disclosure to Washington Attorney General'],
'title': 'The Evergreen State College Data Breach (2025)',
'type': 'Data Breach'}