Back to news
Cybersecurity Alert
July 6, 2026 by EmailMeNow IT Consulting

Was Monmouth University Breached? We Scanned Their Domain Security

Monmouth University reported a February 2026 breach to the California AG on June 30. The PEAR ransomware group claimed 16 TB of exfiltrated data. Audits score monmouth.edu at 87% — strong email identity, but ransomware still penetrated campus systems.

Source: California Attorney General · UpGuard

NewsData BreachRansomwarePEARCaliforniaEducationCybersecurity
Monmouth University ransomware breach attributed to PEAR extortion group

Yes — Monmouth University (monmouth.edu) was breached. This incident is part of our California AG June 30, 2026 breach roundup. The New Jersey private university filed with the California Attorney General on June 30, 2026, listing unauthorized access between February 5 and February 13, 2026.

President Patrick Leahy confirmed unauthorized access to university systems in March 2026 communications. Investigators and law enforcement continue reviewing what categories of student, faculty, and vendor data were compromised.

We scanned monmouth.edu to assess email and domain security posture — and whether strong public-domain controls offset ransomware risk on campus networks.

What Happened

According to UpGuard, ClassAction.org, and the California AG listing:

  • February 5 – February 13, 2026 — Unauthorized access to Monmouth University systems (CA AG breach dates).
  • March 13, 2026 — President Leahy informed the campus community that response protocols were activated after suspicious activity was discovered.
  • March 26, 2026 — PEAR ransomware group claimed the attack and cited 16 TB of stolen data.
  • June 30, 2026 — Monmouth filed with the California Attorney General.

Researchers note the claimed 16 TB haul is far above typical university ransomware exfiltration volumes — raising concern about research data, HR files, and student records if the claim is validated.

Illustration: PEAR ransomware extortion claim against university with large-scale data exfiltration threat

Breach Impact at a Glance

FieldDetail
OrganizationMonmouth University (monmouth.edu)
SectorHigher education (New Jersey)
Breach window (CA AG)Feb 5 – Feb 13, 2026
CA AG reportedJune 30, 2026
Threat actorPEAR ransomware (claimed)
Data claimed stolen16 TB (unverified)
Campus noticeMarch 13, 2026

Data at Risk

Reported evidence and PEAR’s public claims suggest compromised material may include:

  • Student records — grades, personal information, minors’ data
  • HR and payroll files for faculty and staff
  • Financial records and vendor/partner data
  • Health records and confidential correspondence
  • Cloud file storage (OneDrive, Dropbox references in reporting)

Affected individuals should watch for targeted phishing, transcript fraud, and identity theft as notification letters reach California residents.

Why Strong Email Scores Didn’t Stop Ransomware

Monmouth’s public domain audit is among the strongest in higher education — but ransomware often enters through VPN credentials, phishing, or unpatched edge devices, not spoofed @monmouth.edu email. Email hardening reduces post-breach impersonation; it does not replace EDR, segmentation, and offline backups.

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit of monmouth.edu on July 6, 2026:

DomainOverallIdentityTransportWebsiteRisk
monmouth.edu87%90%70%92%Good

Key findings:

  • 87% overall (Good) — well above many peers, though still below the 100% ideal for institutions holding SSNs, financial aid data, and health records.
  • 90% Identity & Spoofing — strong DMARC/SPF posture helps block spoofed @monmouth.edu messages during an active notification window.
  • 70% Transport Security — MTA-STS/TLS-RPT partially implemented; room to reach full enforce-mode coverage.
  • 100% Email Infrastructure — mail routes through Microsoft 365 / Exchange.

Illustration: monmouth.edu email security audit showing strong identity scores despite ransomware incident

Even strong email identity controls do not prevent ransomware on their own — but they reduce secondary harm when attackers or phishers target students and staff waiting for official breach notices.

Audit link: monmouth.edu audit

Priority Actions

If you are a Monmouth student, faculty member, or alumnus:

  • Use only official university channels for breach updates — not social-media DMs or unsolicited email links.
  • Monitor credit, financial aid, and health-benefit statements for unfamiliar activity.
  • Report PEAR-themed extortion or fake transcript offers to campus IT and law enforcement.

For colleges and universities:

  • Pair strong DMARC enforcement with phishing-resistant MFA on VPN, email, and student information systems.
  • Complete MTA-STS mode=enforce and TLS-RPT to reach the 100% ideal transport score.
  • Segment research and HR networks; test restore paths against EDR-killing ransomware toolkits.
  • Track incidents on the government & education tracker.

Protect campus email identity and student data.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and incident response planning.


Sources: California AG — Data Breach List · UpGuard — Monmouth University breach · ClassAction.org — Monmouth investigation · EmailMeNow audit — monmouth.edu