On February 20, 2025, St. Joseph’s College of Maine discovered a significant data breach that exposed sensitive personal information of approximately 126,580 individuals in the United States.
The breach occurred earlier, on December 15, 2023, and involved unauthorized access to the college's computer systems, resulting in the exposure of personal data belonging to students, alumni, and potentially other individuals connected to the institution.
The breach was severe in terms of scale, affecting tens of thousands of individuals nationwide, including 23,203 residents of Maine alone in addition to 2,260 Texans. Although the college has not yet publicly disclosed the exact method used by the attackers or who was responsible, the large number of affected individuals indicates a significant cybersecurity event.
St. Joseph’s College of Maine promptly reported the breach to relevant authorities. The college notified the California Attorney General’s Office on March 22, 2025, and the Maine Attorney General’s Office on March 23, 2025. You can view the official disclosures on the Attorneys Generals' offices of California, Maine, Texas, and Vermont.
Following the discovery of the breach, St. Joseph’s College of Maine began an immediate investigation into the incident. The college notified affected individuals directly through written communications on March 21, 2025, providing details about the breach and steps individuals can take to protect themselves.
Given the nature of the information exposed—primarily full names—affected individuals should remain vigilant for potential phishing attempts or scams. Cybercriminals often use stolen names to craft convincing fraudulent emails or messages. Individuals affected by this breach should: