icc.edu Listed by shinyhunters Ransomware Group
Over 28 gigabytes of Illinois Central College data (122,000+ files) was compromised across PeopleSoft Campus Solutions and Human Resources (ICC, SURS pension reporting, Workday costing, and ICCB curriculum systems), including 9,200+ employee payslip PDFs, 500+ SURS payroll files with Social Security numbers, direct deposit records with bank account and routing numbers, student financial aid and grade roster exports, enrollment CSVs with @icc.edu accounts, and Workday salary allocation data spanning 2021 through June 2026. This is a final warning to reach out by 18 June 2026 before we leak alon
On June 15, 2026, the shinyhunters ransomware group listed Illinois Central College on its leak site, announcing that more than 28 gigabytes of internal files had been exfiltrated from the community college’s systems. The data includes thousands of employee payslips, payroll records containing Social Security numbers, direct deposit banking details, student financial aid information, grade rosters, and enrollment records tied to @icc.edu email accounts. The group gave the college until 18 June 2026 to contact them or face full public release of the material.
Confirmed Details from Reporting
Public reporting indicates the compromised systems include PeopleSoft Campus Solutions, Human Resources modules, SURS pension reporting, Workday costing allocations, and ICCB curriculum databases. Available reporting describes 9,200 employee payslip PDFs, more than 500 SURS payroll files that list Social Security numbers, direct deposit bank account and routing numbers, student financial aid and grade roster exports, and enrollment CSVs. The stolen material spans payroll and academic records from 2021 through June 2026. The number of individuals directly affected remains unknown, but the volume and sensitivity of the files suggest current and former employees, students, and their families could be exposed.
Why This Matters for You and Your Family
If you or anyone in your household attended Illinois Central College, worked there, or received payments through its payroll or pension systems, your personal financial and academic information may now sit on a ransomware leak site. Social Security numbers, bank routing details, salary history, and student records are valuable to identity thieves who can open accounts, file fraudulent tax returns, or sell the information on underground markets. Children listed on family insurance or student accounts can also become targets. Once this type of data leaves institutional control, it can circulate for years, increasing the chance that someone in your family will face account takeovers or fraudulent charges.
The Doxxing and Identity-Chain Risks
Credential leaks like the @icc.edu email addresses in this incident often serve as starting points for larger doxxing chains. Attackers link an institutional email to personal accounts, gaming profiles, or family addresses, then use any exposed passwords or personal details to seize control of those accounts. Public reporting shows that ransomware groups frequently publish samples to pressure victims, after which the full dataset moves to other criminals who automate identity mapping. This creates cascading risks: a stolen college record today can lead to a compromised gaming account tomorrow, especially for households where children use the same email domain or passwords.
Shinyhunters’ Publicly Known Track Record
Public reporting attributes the shinyhunters group with emerging in 2020 and targeting a range of educational institutions, government agencies, and private companies. Notable prior victims have included universities and technology service providers. Their typical playbook involves initial access through compromised credentials or vulnerabilities in web applications, followed by exfiltration of large document repositories, and then extortion via leak sites with countdown deadlines. They often publish sample files and demand direct contact before releasing the full archive, a pattern consistent with the current ICC posting.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity so you can see exactly what chains back to the icc.edu breach.
- Rotate any password you ever used with an @icc.edu account anywhere else it is reused, and switch to 2FA through an authenticator app rather than text messages.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak that touches your family is caught in hours, not months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts that often chain back to the same addresses or emails.
- Let remediation specialists handle takedown requests across data brokers and leak sites for you while you focus on securing your own accounts.
The shinyhunters deadline has now passed, and the full 28-gigabyte archive may already be circulating. Quick, concrete steps today can limit how far the exposed information travels. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects scattered online handles to real identities, and hands-on remediation by specialists who manage takedowns for you and your entire household, including children’s gaming accounts that are frequently swept up in these cascades. Start your DoxxScan trial and close the gaps before the next breach compounds this one.
Related breaches
Richmont Graduate University Listed by AiLock Ransomware Group
Richmont Graduate University is a Christian graduate institution offering master's programs in couns…
Accelirate Listed by qilin Ransomware Group
N/A…
Mount Royal University Listed by cmdorganization Ransomware Group
The university was established in 1910. Mount Royal University is a public university in Calgary, Ca…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →