Skip to content

Cedar Crest College cyber incident disrupts campus systems in Pennsylvania

The private college said applications and file-sharing services were affected as investigators determine whether information was accessed or compromised.

Brick entrance sign displaying “Cedar Crest College” on the college’s campus in Allentown, Pennsylvania.
The entrance sign for Cedar Crest College in Allentown, Pennsylvania. The college is investigating a cybersecurity incident that disrupted several campus technology systems. (Cedar Crest College)

Cedar Crest College is investigating a significant cybersecurity incident that disrupted campus applications and file-sharing systems as officials work to restore services.

The college in Allentown, Pennsylvania, said it identified the incident at about 7:45 a.m. July 13 and immediately activated emergency response protocols to contain the activity and protect institutional data. The disruption affected campus applications, network drives and cloud-based file-sharing systems, including OneDrive.

Cedar Crest said it is working with outside cybersecurity experts and law enforcement to investigate the incident, strengthen security measures and restore services through what it described as a careful and controlled process.

Screenshot of a Cedar Crest College Facebook graphic announcing a July 16, 2026, cybersecurity incident, stating the college is working to restore services, determine whether information was affected, and directing users to the help desk and a dedicated incident-response email.
A notice posted on Cedar Crest College’s Facebook page on July 16, 2026, says the school is investigating a cybersecurity incident affecting portions of its technology environment and directs users to official updates and support resources. (Cedar Crest College/Facebook)

The college directed people experiencing technology problems to its help desk and established a separate email address for questions about the cybersecurity incident. It also urged students, faculty and staff to watch for phishing attempts, use unique passwords and enable multifactor authentication.

Cybersecurity monitoring site ransomware.live reported that the NightSpire ransomware group claimed responsibility for the Cedar Crest incident. The site said it discovered the claim July 14 and that the listing identified July 13 as the attack date, the same day the college said it detected the incident. The listing did not describe any allegedly stolen data.

DysruptionHub could not independently verify the claim because NightSpire’s leak site was offline when checked. Cedar Crest has not attributed the incident to the group.

NightSpire is a ransomware operation first observed in early 2025. Researchers link it to double-extortion attacks involving data theft, system encryption and threats to publish stolen information.

Cedar Crest is a private liberal arts college serving undergraduate and graduate students in Allentown.

Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.

Tip us

Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.

Become a Supporter

The incident follows disruptive cyberattacks and ransomware claims involving other small private colleges.

The Medusa ransomware group claimed responsibility for a March 2026 attack on Belhaven University in Jackson, Mississippi. The INC Ransom group claimed an August 2025 attack on the University of St. Thomas in Houston.

Neither university publicly confirmed the groups’ involvement. St. Thomas later said an unauthorized actor accessed or acquired files from its systems.

Cedar Crest has not confirmed the attack method, ransomware involvement, NightSpire’s role, data theft, encryption or a ransom demand. Officials have said only that some information may have been accessed or compromised. They have not identified the affected information or individuals or provided a timetable for restoring every affected service.

Cedar Crest said it will directly notify people if the investigation determines their information was compromised and notification is appropriate or required.

The college had not responded by publication time to a DysruptionHub request for comment about the NightSpire claim, the scope of the disruption and the status of recovery.

Attribution note: DysruptionHub credits upstream reporting and primary sources—see citations above. If this report informed your coverage, please cite DysruptionHub with a link.
DysruptionHub Staff

DysruptionHub Staff

A collaborative project to bring you the latest cyberattacks impacting the availability of services and goods in the United States.

All articles

More in Education

See all

More from DysruptionHub Staff

See all