Clackamas Community College in Oregon yesterday confirmed it notified 33,381 people of an October 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Student records
- Government ID numbers
- Tax ID numbers
- Medical info
- Passport numbers
- Financial account info
The breach marks Clackamas Community College’s second ransomware attack in two years. The school previously notified 8,797 people of a January 2024 data breach that also leaked Social Security numbers, among other personal info.
A ransomware group called Medusa took credit for the most recent attack on October 29, 2025 and demanded a $300,000 ransom for 1.2 terabytes of data. To prove its claim, the cybercriminal gang posted sample images of what it says are documents stolen from Clackamas.
Clackamas has not verified Medusa’s claim. We do not know if Clackamas paid a ransom or how attackers breached the school’s network. Comparitech contacted Clackamas Community College for comment and will update this article if it replies.
“On September 10, 2025, we identified suspicious activity tied to one of our user accounts and quickly reset the account. On October 24, 2025, additional suspicious activity was identified, and we worked to contain our network and prevent a widespread operational impact to our systems,” says Clackamas’ notice to victims.
“The forensic investigation determined that an unauthorized third party accessed a small number of systems, and acquired files from those systems on October 24, 2025.”
Clackamas is offering eligible victims one year of free credit monitoring and identity theft protection through IDX.
Who is Medusa?
Medusa is a ransomware gang that first appeared in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa both locks down computer systems and steals data, forcing infected organizations to pay a ransom to restore systems and to not publish stolen data. The gang operates a ransomware-as-a-service scheme in which customers pay to use Medusa’s malware and infrastructure to launch attacks and collect ransoms.
In 2025, Medusa claimed responsibility for 154 ransomware attacks. 32 of those were publicly acknowledged by the targeted entities. Those attacks compromised more than 1.7 million records. Medusa’s average ransom demand is $529,000.
Clackamas wasn’t the only school hit by Medusa in 2025. It also attacked Laurens County School District 56 in South Carolina, Fall River Public Schools in Massachusetts, and Franklin Pierce Schools in Washington.
The January 2024 breach at Clackamas was claimed by a different ransomware group called LockBit.
Ransomware attacks on US schools
Comparitech researchers logged 49 confirmed ransomware attacks on US schools, colleges, and other educational institutions in 2025, compromising more than 3.8 million records in total.
Other such attacks were recently confirmed by these schools:
- Minersville Area School District (PA)
- Oakland Community School District 5 (IL)
- Pell City School System (AL)
Oakland and Pell City have both announced that they refused to pay ransoms.
Ransomware attacks on schools can both steal data and disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Schools that refuse to pay can face extended downtime, permanent data loss, and putting students and faculty at increased risk of fraud.
About Clackamas Community College
Clackamas Community College is a public community college with three campuses in Oregon City, Clackamas, and Wilsonville, Oregon. It enrolls about 20,000 students, according to its website.
