Pacific Union College (PUC) is in Angwin, California; it is a minor campus that hosts over 60 minor programs and just three master’s programs. PUC’s enrollment population was at or below 1,000 heads in 2021. Given their low student population, the recent announcement that they’ve suffered a breach potentially exposing 56,000 people is moderately alarming.
The public information about the attack is sparse; the notice provided to the Maine Attorney General’s office states the bare minimum. Purportedly, they discovered an unauthorized actor in their network, then immediately responded by removing them and engaging with cybersecurity professionals. The only other public detail about the breach is listed on Maine’s website, describing the assault as an “external system breach.”
PUC’s consumer notice is available on Maine’s website; the breach happened around March 5th and may have lasted until March 19th. PUC then launched an investigation that concluded on October 9th, with consumers notified around then.
The Maine data breach filing suggests many impacted individuals; 56,041 people may have had their information stolen or accessed. The cyberattacks on the Universities of Missouri and Michigan from the past weeks might suggest a broad victim spectrum.
It is unclear how many files were accessed by the thieves. The colossal impact number should be a red flag for all those involved with PUC; students, staff members, vendors, providers, staff, lecturers, and alums may have had their information taken.