Yes — Monmouth University (monmouth.edu) was breached. This incident is part of our California AG June 30, 2026 breach roundup. The New Jersey private university filed with the California Attorney General on June 30, 2026, listing unauthorized access between February 5 and February 13, 2026.
President Patrick Leahy confirmed unauthorized access to university systems in March 2026 communications. Investigators and law enforcement continue reviewing what categories of student, faculty, and vendor data were compromised.
We scanned monmouth.edu to assess email and domain security posture — and whether strong public-domain controls offset ransomware risk on campus networks.
What Happened
According to UpGuard, ClassAction.org, and the California AG listing:
- February 5 – February 13, 2026 — Unauthorized access to Monmouth University systems (CA AG breach dates).
- March 13, 2026 — President Leahy informed the campus community that response protocols were activated after suspicious activity was discovered.
- March 26, 2026 — PEAR ransomware group claimed the attack and cited 16 TB of stolen data.
- June 30, 2026 — Monmouth filed with the California Attorney General.
Researchers note the claimed 16 TB haul is far above typical university ransomware exfiltration volumes — raising concern about research data, HR files, and student records if the claim is validated.

Breach Impact at a Glance
| Field | Detail |
|---|---|
| Organization | Monmouth University (monmouth.edu) |
| Sector | Higher education (New Jersey) |
| Breach window (CA AG) | Feb 5 – Feb 13, 2026 |
| CA AG reported | June 30, 2026 |
| Threat actor | PEAR ransomware (claimed) |
| Data claimed stolen | 16 TB (unverified) |
| Campus notice | March 13, 2026 |
Data at Risk
Reported evidence and PEAR’s public claims suggest compromised material may include:
- Student records — grades, personal information, minors’ data
- HR and payroll files for faculty and staff
- Financial records and vendor/partner data
- Health records and confidential correspondence
- Cloud file storage (OneDrive, Dropbox references in reporting)
Affected individuals should watch for targeted phishing, transcript fraud, and identity theft as notification letters reach California residents.
Why Strong Email Scores Didn’t Stop Ransomware
Monmouth’s public domain audit is among the strongest in higher education — but ransomware often enters through VPN credentials, phishing, or unpatched edge devices, not spoofed @monmouth.edu email. Email hardening reduces post-breach impersonation; it does not replace EDR, segmentation, and offline backups.
Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit of monmouth.edu on July 6, 2026:
| Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|
| monmouth.edu | 87% | 90% | 70% | 92% | Good |
Key findings:
- 87% overall (Good) — well above many peers, though still below the 100% ideal for institutions holding SSNs, financial aid data, and health records.
- 90% Identity & Spoofing — strong DMARC/SPF posture helps block spoofed
@monmouth.edumessages during an active notification window. - 70% Transport Security — MTA-STS/TLS-RPT partially implemented; room to reach full enforce-mode coverage.
- 100% Email Infrastructure — mail routes through Microsoft 365 / Exchange.

Even strong email identity controls do not prevent ransomware on their own — but they reduce secondary harm when attackers or phishers target students and staff waiting for official breach notices.
Audit link: monmouth.edu audit
Priority Actions
If you are a Monmouth student, faculty member, or alumnus:
- Use only official university channels for breach updates — not social-media DMs or unsolicited email links.
- Monitor credit, financial aid, and health-benefit statements for unfamiliar activity.
- Report PEAR-themed extortion or fake transcript offers to campus IT and law enforcement.
For colleges and universities:
- Pair strong DMARC enforcement with phishing-resistant MFA on VPN, email, and student information systems.
- Complete MTA-STS
mode=enforceand TLS-RPT to reach the 100% ideal transport score. - Segment research and HR networks; test restore paths against EDR-killing ransomware toolkits.
- Track incidents on the government & education tracker.
Related Trackers
- California AG June 30 roundup
- California AG breach tracker
- Government & education breaches
- Ransomware threat landscape
- All state AG trackers
Protect campus email identity and student data.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and incident response planning.
Sources: California AG — Data Breach List · UpGuard — Monmouth University breach · ClassAction.org — Monmouth investigation · EmailMeNow audit — monmouth.edu