Monmouth University Data Breach Exposes Social Security Numbers and Medical Records

Education data breach illustration
Breach Discovery: Not Publicly DisclosedBreach Notification: 30th June 2026

What Happened in the Monmouth University Data Breach?

Monmouth University, a private university based in West Long Branch, New Jersey, has disclosed a data breach involving sensitive personal and medical information. The university learned that a ransomware group calling itself Pear had claimed responsibility for the intrusion. As a result, thousands of people now face potential exposure of highly sensitive records.

According to the disclosure, the Pear ransomware group posted a claim on the Tor network on March 26, 2026. The group stated it had obtained 16 terabytes of data from Monmouth University’s systems. However, the university has not disclosed the specific dates when the unauthorized access actually occurred.

Because these details remain unclear, it is not yet known exactly how long the attackers had access to university systems before the breach was discovered. In response, Monmouth University began the process of notifying affected individuals by U.S. Mail. This step suggests the university has completed at least an initial investigation into which records were compromised.

At this time, the university has not shared additional forensic details publicly. For example, it has not confirmed how the attackers first gained entry or whether any vulnerabilities were patched afterward. As more information becomes available, affected individuals may receive updates through official notification letters.

Who was affected?

The full number of individuals affected across the United States has not been publicly disclosed. However, state-level filings offer a partial picture of the breach’s scope. At least 842 Massachusetts residents, 322 Texas residents, 217 New Hampshire residents and 116 Vermont residents were confirmed as impacted.

Because Monmouth University is an educational institution, the affected population likely includes current students, former students, and possibly employees or applicants. In addition, given that medical and health insurance information was involved, individuals who used university health services may also be affected. This means the breach could touch a broad cross-section of the university community, not just one group.

Since the confirmed state totals span multiple regions, it appears individuals outside New Jersey were also affected. Therefore, the breach’s reach extends beyond the university’s home state. Anyone who has ever provided personal information to Monmouth University should consider themselves potentially at risk until they receive further clarity.

What Information Was Potentially Exposed?

The breach exposed a wide range of sensitive personal, financial and medical data. This combination of information is particularly concerning because it could allow criminals to commit multiple types of fraud using a single victim’s records.

  • Full names
  • Home addresses
  • Dates of birth
  • Social Security numbers
  • Driver’s license numbers
  • State ID card numbers
  • Passport numbers
  • Bank account numbers
  • Credit card numbers
  • Debit card numbers
  • Medical information
  • Health insurance information

Given the presence of Social Security numbers alongside government-issued ID numbers, affected individuals face a heightened risk of identity theft. Criminals could use this data to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. Because passport and driver’s license numbers were also involved, victims may face challenges proving their identity to institutions later on.

In addition, the exposure of medical and health insurance information raises the risk of medical identity theft. This occurs when someone uses stolen health data to obtain treatment, prescriptions or medical equipment under another person’s name. As a result, victims could see inaccurate information appear in their own medical records, which can complicate future care.

What is the company doing?

Monmouth University has begun notifying affected individuals by U.S. Mail. This is a required step under most state data breach notification laws. Because notification letters often include specific guidance, affected individuals should read any letter they receive carefully.

Beyond the notification process, additional details about the university’s broader response have not been publicly disclosed. For instance, it is unclear whether the university has hired outside cybersecurity firms or implemented new security controls. It also remains unknown whether identity protection or credit monitoring services are being offered to those affected.

Individuals who suspect their information was compromised, but who have not yet received a letter, may want to contact Monmouth University directly. This proactive step could help confirm their status and provide access to any resources the university is offering. Meanwhile, affected individuals should not wait for a letter before taking basic protective measures.

What Should Affected Individuals Do?

Monitor Your Credit Reports

Affected individuals should request a copy of their credit report and review it closely for unfamiliar accounts or inquiries. Because Social Security numbers were exposed, this breach carries a real risk of new fraudulent accounts being opened in someone’s name.

You can request a free credit report from each of the three major credit bureaus. Checking reports regularly over the coming months, rather than just once, helps catch fraud early. This is especially important since stolen data can be used months or even years after a breach occurs.

Consider a Fraud Alert or Credit Freeze

Given that Social Security numbers, driver’s license numbers and financial account details were exposed, placing a fraud alert or credit freeze is a strong protective step. A fraud alert requires lenders to verify your identity before opening new credit in your name. A credit freeze goes further by restricting access to your credit file entirely.

To set up either option, contact one of the three major credit bureaus, since a fraud alert placed with one bureau typically notifies the others. Freezing your credit is free and can be lifted temporarily whenever you need to apply for credit yourself. This extra layer of protection is particularly valuable when financial account numbers have also been exposed.

Watch for Medical Identity Theft

Because medical information and health insurance details were part of this breach, affected individuals should watch closely for signs of medical identity theft. This can include unfamiliar charges on insurance statements or unexpected bills for services you never received.

If you notice anything suspicious, contact your health insurance provider immediately to dispute the charges. In addition, request an itemized statement from your insurer periodically to review claims history. Catching medical fraud early can prevent lasting damage to both your finances and your medical records.

Stay Alert for Phishing Attempts

Following a breach like this, scammers often use stolen personal details to craft convincing phishing emails, texts or phone calls. Because attackers may already know your name, address or date of birth, their messages can appear more legitimate than typical scams.

As a result, you should be cautious of unsolicited messages asking for personal or financial information. Avoid clicking links or downloading attachments from unknown senders. If you are ever unsure whether a message is genuine, contact the organization directly using a verified phone number instead of replying.

Consult a Data Breach Attorney

Given the sensitivity of the information exposed, affected individuals may want to speak with a data breach attorney about their legal options. An attorney can help determine whether you qualify for compensation through a claim or class action related to this incident.

Many attorneys offer free consultations to review your specific situation at no upfront cost. This means you can explore your options without financial risk. Taking this step early can also help you stay informed if a broader legal action develops.



More Information

Monmouth University

842 Massachusetts residents

322 Texas residents

217 New Hampshire residents

116 Vermont residents

Related Data Breaches