Goodwin University Data Breach Exposes Both PHI and PII

Goodwin University Inc., a private nonprofit university in East Hartford, Connecticut, focused on career-oriented programs for working adult students, disclosed a data breach involving sensitive personal information.

Goodwin University experienced a network disruption on Dec. 4, 2025. Upon discovering the incident, the university secured its network environment and engaged cybersecurity experts to conduct an investigation.

On Dec. 28, 2025, the Qilin ransomware group publicly claimed responsibility for the attack. The group claimed they obtained data belonging to Goodwin University on the dark web's Tor network.

On Jan. 7, 2026, an investigation revealed that certain files may have been acquired without authorization. The university then undertook a comprehensive review of the data potentially impacted in the incident to determine whether personal information was involved, which concluded on March 20, 2026.

The types of information potentially exposed included both personally identifiable information (PII) and protected health information (PHI).

The PII may have included first and last names, addresses, Social Security numbers, driver's license numbers, state identification card numbers and government-issued identification numbers such as passports. The PHI may have included personal health information and health insurance information.

The university began notifying affected consumers by U.S. Mail on April 16, 2026. The breach was reported to the attorneys general offices of Maine and Texas.

At this time, 531 Texas residents, 214 Rhode Island residents, and 151 Maine residents may also have been impacted by this event.

Goodwin University's response to the breach

Goodwin University is offering affected individuals 24 months of free credit monitoring services, including single-bureau credit monitoring, a credit report and a credit score. These services are provided through Cyberscout, a TransUnion company specializing in fraud assistance and remediation.

To enroll in the free credit monitoring services, affected individuals can visit Cyberscout's activation page and enter the unique code provided in their notification letter. Enrollment must be completed within 90 days of the date of the letter.

A dedicated call center has been set up for questions or concerns related to the breach. Representatives who are familiar with the incident can be reached at 855-954-9474, Monday through Friday, 8 a.m. to 8 p.m. ET, excluding holidays.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-916-8800) to help prevent new accounts from being opened using stolen information.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts, inquiries or changes.
• Monitor health insurance statements for claims or services not received, since personal health information and health insurance details were among the types of data potentially exposed.
• Watch for phishing attempts that reference Goodwin University or this data breach by name, as scammers often use real incidents to trick people into sharing more personal information.
• Check for unauthorized use of identification documents by contacting the local Department of Motor Vehicles, since driver's license numbers, state ID numbers and government-issued identification numbers may have been exposed.
• File a police report if any signs of identity theft or fraud are discovered, as a police report may be needed to dispute fraudulent accounts or charges.