Back to news
Cybersecurity Alert
July 13, 2026 by EmailMeNow IT Consulting

Was Nelson University Breached? We Scanned Their Domain Security

Nelson University (Waxahachie; formerly SAGU) reported 21,905 Texans on the Texas OAG list June 18, 2026 after a March–April 2025 intrusion claimed by Qilin. Audits score nelson.edu at 44% — well below the 100% ideal.

Source: Texas OAG · ClassAction.org · ClaimDepot

NewsData BreachTexasHigher EducationRansomwareCybersecurity
Nelson University Waxahachie ransomware data breach cybersecurity illustration

Yes — Nelson University (Waxahachie, Texas; formerly Southwestern Assemblies of God University) appears on the Texas OAG breach list published June 18, 2026, affecting 21,905 Texans. Covered in our June 18 Texas OAG roundup.

University and counsel notices state suspicious activity around April 6, 2025, with unauthorized access from about March 21 to April 6, 2025. The Qilin ransomware group claimed Nelson data on dark-web channels in April 2025. File review completed May 26, 2026; consumer mail began about June 15, 2026.

We audited nelson.edu on July 13, 2026 against the 100% ideal.

Breach Impact

FieldDetail
EntityNelson University (Waxahachie, TX)
SectorPrivate Christian university
Intrusion windowMar 21 – Apr 6, 2025
Texans (OAG)21,905
Data typesNames; SSN; DL/gov ID; financial; medical
NoticeU.S. Mail
Claimed actorQilin (public reporting)

Illustration: regional private university hit by ransomware with student SSN and financial records at risk

Independent Cybersecurity Audit

DomainOverallIdentityTransportWebsitevs 100% ideal
nelson.edu44%25%15%45%Below Average

Key findings: Nelson sits with Rice/SMU at 44% overall — far from 100%. 25% identity and 15% transport mean spoofed @nelson.edu monitoring enrollment and tuition phishing remain high-risk after SSN/medical exposure.

Illustration: nelson.edu audit showing 44% overall with weak identity after Qilin claim

Audit: nelson.edu

Priority Actions

Students, alumni, staff: Follow only the letter’s monitoring instructions; freeze credit if advised.

Campus IT: Escalate DMARC to reject; enable MTA-STS enforce; harden help-desk callback procedures — Qilin-style intrusions often start with credential theft, then abuse trusted domains.


audit.emailmenow.com · Contact

Sources: Texas OAG · ClassAction.org — Nelson · EmailMeNow audit