Clackamas College Data Breach Affects 33,381 Individuals

On Dec. 18, 2025, Clackamas Community College discovered a data breach that has affected 33,381 individuals across the United States. The breach was the result of unauthorized access to a small number of the college’s systems, with files acquired by an unknown third party on Oct. 24, 2025.

The incident was first detected when suspicious activity was identified on a user account Sept. 10, 2025, prompting an immediate account reset. Later, additional suspicious activity was found, leading the college to engage a forensic security firm to investigate and contain the threat.

The forensic investigation confirmed that an unauthorized party accessed and exfiltrated files containing sensitive personal information. According to the Notice of a Data Incident posted to the college's website, data types exposed include names, dates of birth, Social Security numbers, student record information, government identification numbers, tax identification numbers, medical information, passport numbers and financial account information.

The scope of the breach was reported to state authorities, including the Maine Attorney General, Massachusetts Office of Consumer Affairs and Business Regulation and Vermont Attorney General.

Clackamas Community College’s response

For those affected, the college is offering a complimentary one-year membership of credit monitoring and identity theft protection services through IDX. This service helps individuals detect potential misuse of their personal information and provides resources for identity theft resolution. Impacted individuals are encouraged to enroll in these services and to remain vigilant by reviewing account statements and monitoring credit reports for any suspicious activity.

The college’s notice to consumers, which will be available in PDF format at the bottom of this page, provides detailed instructions on how to enroll in credit monitoring, place fraud alerts or credit freezes and contact the three major credit reporting agencies. It also outlines steps to take if identity theft or fraud is suspected. No evidence has been found that the compromised information has been misused, but individuals are advised to take advantage of the resources provided and to promptly report any suspicious activity to financial institutions and law enforcement.