33,000 Records, One Drive Full of Forgotten Data, and a Ransomware Gang Called Medusa

Clackamas Community College experienced a Medusa ransomware/data-exfiltration incident in October 2025 that resulted in theft of ~1.2 TB of files and the exposure of 33,381 individuals' sensitive records (SSNs, passport numbers, medical and financial data); the report analyzes the timeline, Medusa's RaaS double-extortion model and techniques (credential compromise, rclone/exfiltration, BYOVD, common RMM and enumeration tools), the institutional factors (legacy systems, weak governance, budget gaps) that enabled the breach, and the legal and remediation consequences including a follow-on class-action suit.