Wilkes University, a private nonprofit institution in Pennsylvania, suffered a cyberattack where unauthorized actors gained access to its internal network between January 25–26, 2025, discovered on September 22, 2025. The breach exposed sensitive personally identifiable information (PII) of 27,632 individuals, including names, addresses, dates of birth, Social Security numbers, driver’s license/state ID numbers, financial account details, student IDs, financial aid data, health insurance policy numbers, and medical alert information.The university notified affected parties on October 8, 2025, offering 12 months of free credit monitoring via TransUnion Cyberscout. The incident was disclosed to the Attorney Generals of Maine, Massachusetts, and Texas, where a subset of victims resided. Legal firms are investigating potential compensation claims for harmed individuals, citing risks of identity theft, fraud, and financial loss. The breach underscores significant vulnerabilities in the university’s data security, with long-term reputational and operational repercussions likely.
Source: https://www.claimdepot.com/investigations/wilkes-university-data-breach-2025
TPRM report: https://www.rankiteo.com/company/wilkes-university
"id": "wil4893648100925",
"linkid": "wilkes-university",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '27,632 individuals (including '
'24 in Maine, 159 in '
'Massachusetts, 290 in Texas)',
'industry': 'Higher Education',
'location': 'Wilkes-Barre, Pennsylvania, United States',
'name': 'Wilkes University',
'size': '~4,400 students (2,200 undergraduate + 2,200 '
'graduate)',
'type': 'Educational Institution (Private, Nonprofit '
'University)'}],
'customer_advisories': 'Affected individuals advised to enroll in credit '
'monitoring, monitor financial accounts, place fraud '
'alerts, and seek legal help if needed.',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': '27,632',
'personally_identifiable_information': ['Name',
'Address',
'Date of birth',
'Social Security '
'number',
'Student ID number',
"Driver's license or "
'state ID number'],
'sensitivity_of_data': 'High (includes SSNs, financial '
'account numbers, and health insurance '
'details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information',
'Health-Related Information',
'Educational Records']},
'date_detected': '2025-09-22',
'date_publicly_disclosed': '2025-10-08',
'description': 'Wilkes University discovered it was the victim of a '
'cyberattack involving unauthorized access to its internal '
'network between January 25 and January 26, 2025. The breach '
'affected 27,632 individuals in the United States, exposing '
'sensitive personally identifiable information (PII) such as '
'names, addresses, Social Security numbers, student IDs, '
"driver's license numbers, financial account details, and "
'health-related data. Affected individuals were notified on '
'October 8, 2025, and the incident was disclosed to the '
"Attorney Generals' offices of Maine, Massachusetts, and "
'Texas.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII and legal '
'investigations',
'data_compromised': ['Name',
'Address',
'Date of birth',
'Social Security number',
'Student ID number',
"Driver's license or state ID number",
'Financial account number',
'Financial aid information',
'Health insurance policy number',
'Medical alert information'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial '
'details, and other PII)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'payment_information_risk': 'Moderate (financial account numbers '
'exposed)'},
'investigation_status': 'Ongoing (class action lawsuits being investigated by '
'Shamis & Gentile P.A.)',
'recommendations': ['Enroll in the 12 free months of TransUnion Cyberscout '
'credit monitoring and identity theft protection services '
'offered by Wilkes University.',
'Monitor financial statements regularly for suspicious '
'activity or unauthorized transactions.',
'Place a fraud alert on credit reports to prevent '
'unauthorized account openings.',
'Request free annual credit reports from major credit '
'bureaus.',
'Seek legal assistance to understand rights and pursue '
'compensation if affected.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'source': 'Wilkes University Data Security Incident Notice'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits by affected '
'individuals (class action '
'investigations underway)',
'regulatory_notifications': 'Disclosed to Maine, '
'Massachusetts, and '
'Texas Attorney '
"Generals' offices "
'(Oct. 8, 2025)'},
'response': {'communication_strategy': 'Written notifications to affected '
'individuals (Oct. 8, 2025) and '
'publication of a Data Security '
"Incident Notice on the university's "
'website. Disclosure to Maine, '
'Massachusetts, and Texas Attorney '
"Generals' offices.",
'incident_response_plan_activated': 'Yes (notification to '
'affected individuals and '
'regulatory bodies)',
'remediation_measures': 'Offered 12 months of free credit '
'monitoring and identity theft '
'protection to affected individuals',
'third_party_assistance': 'TransUnion Cyberscout (credit '
'monitoring and identity theft '
'protection services)'},
'stakeholder_advisories': 'Affected individuals notified via written letters '
"and website publication. Attorney Generals' "
'offices in Maine, Massachusetts, and Texas '
'notified.',
'title': 'Wilkes University Data Breach',
'type': 'Data Breach'}