Cedar Crest College is investigating a significant cybersecurity incident that disrupted campus applications and file-sharing systems as officials work to restore services.
The college in Allentown, Pennsylvania, said it identified the incident at about 7:45 a.m. July 13 and immediately activated emergency response protocols to contain the activity and protect institutional data. The disruption affected campus applications, network drives and cloud-based file-sharing systems, including OneDrive.
Cedar Crest said it is working with outside cybersecurity experts and law enforcement to investigate the incident, strengthen security measures and restore services through what it described as a careful and controlled process.

The college directed people experiencing technology problems to its help desk and established a separate email address for questions about the cybersecurity incident. It also urged students, faculty and staff to watch for phishing attempts, use unique passwords and enable multifactor authentication.
Cybersecurity monitoring site ransomware.live reported that the NightSpire ransomware group claimed responsibility for the Cedar Crest incident. The site said it discovered the claim July 14 and that the listing identified July 13 as the attack date, the same day the college said it detected the incident. The listing did not describe any allegedly stolen data.
DysruptionHub could not independently verify the claim because NightSpire’s leak site was offline when checked. Cedar Crest has not attributed the incident to the group.
NightSpire is a ransomware operation first observed in early 2025. Researchers link it to double-extortion attacks involving data theft, system encryption and threats to publish stolen information.
Cedar Crest is a private liberal arts college serving undergraduate and graduate students in Allentown.
The incident follows disruptive cyberattacks and ransomware claims involving other small private colleges.
The Medusa ransomware group claimed responsibility for a March 2026 attack on Belhaven University in Jackson, Mississippi. The INC Ransom group claimed an August 2025 attack on the University of St. Thomas in Houston.
Neither university publicly confirmed the groups’ involvement. St. Thomas later said an unauthorized actor accessed or acquired files from its systems.
Cedar Crest has not confirmed the attack method, ransomware involvement, NightSpire’s role, data theft, encryption or a ransom demand. Officials have said only that some information may have been accessed or compromised. They have not identified the affected information or individuals or provided a timetable for restoring every affected service.
Cedar Crest said it will directly notify people if the investigation determines their information was compromised and notification is appropriate or required.
The college had not responded by publication time to a DysruptionHub request for comment about the NightSpire claim, the scope of the disruption and the status of recovery.