Cyber Incident Victim: St. Joseph's College of Maine

On December 15, 2023, St. Joseph’s College of Maine experienced an external system breach involving unauthorized hacking activity. The incident remained undetected for over fourteen months until its discovery on February 20, 2025. The breach compromised personal identifiers—including names—for 126,580 individuals, with 23,203 affected parties identified as Maine residents. The Standish-based educational institution, located at 278 Whites Bridge Road, reported the incident through legal representative Heather Shumaker of McDonald Hopkins LLC. The scale of the breach triggered mandatory notifications to consumer reporting agencies under Maine law due to the number of affected residents exceeding 1,000. No evidence suggested prior breach notifications from the college within the preceding twelve-month period. The delayed discovery timeline indicates prolonged unauthorized access to systems before detection.

In response, St. Joseph’s College initiated written notifications to all affected individuals on March 21, 2025, with sample correspondence filed in Maine’s official breach documentation. The institution contracted with Experian to provide twelve months of credit monitoring and identity theft protection services to impacted parties. The breach disclosure did not specify whether forensic investigations identified specific threat actors or detailed the exact systems compromised beyond confirming external system infiltration. The legal submission confirmed the absence of additional breach mitigation details beyond the notification timeline and protection services. The college’s attorney provided contact information for regulatory inquiries but did not disclose remediation costs, operational disruptions, or technical containment measures undertaken post-discovery.