A ransomware group called PEAR today took credit for a cyber attack earlier this month on Monmouth University.
University president Patrick Leahy emailed students last week about a cybersecurity incident, according to the school’s newspaper, The Outlook.
PEAR says it stole 16 TB of data from Monmouth. To prove its claim, PEAR posted sample images of what it says are documents stolen from the university.
Monmouth University has not acknowledged PEAR’s claim and Comparitech cannot independently verify it. We do not know what data was compromised, how attackers breached Monmouth’s network, if the university paid a ransom, or how much PEAR demanded. Comparitech contacted Monmouth University for comment and will update this article if it replies.
The incident “resulted in unauthorized access to certain information on our network,” Leahy said,
“Monmouth University recently discovered a cybersecurity incident that occurred on our systems which resulted in the unauthorized access to some information on our network. Upon learning of this incident, we immediately initiated our response protocols, engaged cybersecurity experts, and notified the FBI and the Department of Education. We believe the incident has been contained. Importantly, there has been no operational disruption, and University systems and programs continue to operate as normal,” the University told Comparitech.
“As a part of our investigation and response, we are working to identify the specific information that was involved so we can notify any individuals that had their personal information included. We are committed to transparency and keeping our community informed, and appreciate their patience and understanding as we conduct our investigation. As we move forward, we are working with our cybersecurity experts to further enhance the security of our systems to prevent a similar incident from re-occurring in the future.”
The president said a review of the incident could take weeks, according to The Outlook.
Who is PEAR?
PEAR, or Pure Extraction and Ransom, is a cybercriminal gang that steals and ransoms data. It started claiming responsibility for ransomware attacks on its data leak webite in August 2025. Unlike many other ransomware strains, it does not encrypt data. Instead, it focuses solely on data theft and extortion.
The group has taken credit for 64 ransomware attacks in total. Of those, 13 were confirmed by the targeted entities. They include:
- Motility Software Solutions notified 766,670 people of an August 2025 data breach
- Tri-Century Eye Care notified 200,000 people of a September 2025 data breach
- Brevard Skin and Cancer Center notified 55,000 people of a September 2025 data breach
PEAR says it stole 4.3 TB, 3.3 TB, and 1.8 TB of data in those attacks, respectively.
Ransomware attacks on US education
Comparitech researchers have logged six confirmed ransomware attacks on US schools, universities, and other educational institutions in 2026 to date. 14 more claims made by ransomware gangs have yet to be confirmed.
In addition to Monmouth, ransomware attacks in 2026 hit the following schools:
- Denmark School District, WI (Inc)
- Wagon Mound Public Schools, NM (Interlock)
- Community College of Beaver County, PA (unknown)
- Alcorn School District, MS (LockBit)
- Lehigh Carbon Community College, PA (Medusa)
Ransomware attacks on schools can lock down computer systems and steal data. In PEAR’s case, it’s probably jus the latter. If a school refuses to pay, PEAR threatens to sell or release the stolen data. Schools that refuse to pay ransoms can face extended downtime, permanent data loss, and put students and staff at increased risk of fraud.
About Monmouth University
Monmouth University is a private college in New Jersey. It enrolls more than 6,000 students per semester and employs about 300 full-time faculty.
