Illinois Central College (icc.edu) in the US was targeted by the ransomware threat actor shinyhunters, with over 28 gigabytes of data (122,000+ files) compromised across PeopleSoft Campus Solutions and Human Resources systems, including 9,200+ employee payslip PDFs, Social Security–number-containing SURS payroll files, direct deposit records (bank account and routing numbers), and sensitive student and enrollment exports spanning 2021 through June 2026. The claim includes a demand for payment before 18 June 2026 to avoid leakage and “digital” disruption. #UnitedStates
Incident Details
- Victim: icc.edu
- Sector: Education
- Country: US
- Actor: shinyhunters
- Source:
- Discovered: 2026-06-15T19:28:42.875643+00:00
- Published: 2026-06-15T19:28:40.530714+00:00
Information
- Over 28 GB of Illinois Central College data, including more than 122,000 files, was compromised across PeopleSoft Campus Solutions, Human Resources, SURS pension reporting, Workday costing, and ICCB curriculum systems.
- The exposed data included over 9,200 employee payslip PDFs, more than 500 SURS payroll files containing Social Security numbers, and direct deposit records with bank account and routing numbers.
- Student financial aid and grade roster exports were also accessed, along with enrollment CSV files containing @icc.edu accounts.
- Workday salary allocation data spanning 2021 through June 2026 was included in the breach.
- The attackers issued a final warning demanding contact by 18 June 2026, threatening to leak the data and cause additional digital disruption if their demand is not met.
Disclaimer: This post is based on public claims made by the ransomware group "shinyhunters". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.