Moody Bible Institute Data Breach–What You Need to Know & What to Do Next
Overview
Moody Bible Institute reported a cybersecurity incident after the ShinyHunters threat actor group claimed responsibility for an attack in mid-June 2026. The incident potentially exposed comprehensive educational, financial, donor, and employee data belonging to students, donors, faculty, and staff.
Moody Bible Institute, located in Chicago, Illinois, is a prominent Christian institution dedicated to biblical education and ministry training. Founded in 1886 by evangelist Dwight L. Moody, the institute has grown into a respected center for theological studies. The institution offers undergraduate and graduate programs with emphasis on Bible exposition, theology, and missions, preparing students for ministry roles in churches, missions, and Christian organizations. Moody also operates Moody Radio and Moody Publishers, extending its educational mission beyond campus.
According to ransomware threat intelligence, ShinyHunters posted Moody Bible Institute to its data leak site on June 15, 2026, claiming to have exfiltrated over 23 gigabytes of data spanning enrollment, donor relations, payroll, and communications systems. The threat actors claim the data includes 1,300+ files and tens of millions of individual records.
ShinyHunters is a financially motivated data theft and extortion group formed in 2019, specializing in targeting SaaS platforms and educational institutions. The group does not employ ransomware encryption but instead focuses on data exfiltration and extortion tactics.
What Information Was Exposed In the Moody Bible Institute Data Breach?
According to the threat actors’ claims, the compromised data includes extensive sensitive information across multiple categories. The breach allegedly includes 46 million communication records, 2.2 million enrollment lead records, and 108,000 biodemographic master files containing addresses and birthdates.
The attackers claim to have stolen 3.3 gigabytes of donor gift data and student housing assignment records. Employee payroll XML files reportedly include home addresses and earnings information. Additionally, 1,100+ admissions outreach files were allegedly exfiltrated.
The affected systems include MBI systems, EDC/Salesforce leads, PeopleSoft PS_COMMUNICATION, Horizon SIS, WHPD donor database, and Cadence admissions systems.
How Moody Bible Institute Responded to the Breach?
As of this writing, Moody Bible Institute has not issued a public statement regarding the alleged cyberattack. The institution has not confirmed the incident or provided details about its investigation or notification plans.
Educational institutions that experience breaches involving protected education records are required to notify affected individuals under the Family Educational Rights and Privacy Act (FERPA) and various state data breach notification laws. Institutions with donor information may also face notification obligations under state laws.
How to Check If Your Personal Info Is Exposed
If you are a current or former student of Moody Bible Institute, a donor, or an employee or staff member, your personal and educational information may have been exposed in this breach. This includes alumni and individuals who may have submitted enrollment or donor information.
Monitoring your accounts, reviewing credit reports, and watching for notification letters from Moody Bible Institute are crucial steps in assessing your potential exposure.
What You Can Do If Your Information Was Exposed
If your personal information may have been part of the Moody Bible Institute breach, review your financial accounts and credit reports for any unfamiliar activity. Update account passwords, particularly for student or donor portals where you may have reused passwords.
Consider placing a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, and TransUnion). Be vigilant for signs of identity theft, including unexpected credit inquiries or account openings.
Be cautious of phishing attempts following this breach. ShinyHunters has documented patterns of using stolen educational data to conduct targeted phishing campaigns against students, parents, and staff. Scammers may impersonate school administrators, IT support, or financial aid offices. Acting now can limit the long-term consequences and protect your personal and financial information.
Understanding Your Legal Rights: Data Breach Lawyer Near Me
Victims of data breaches may be entitled to legal remedies if an educational institution did not adequately safeguard their personal information. Educational institutions have duties under federal and state laws to protect student records, donor information, and employee data.
Almeida Law Group is actively reviewing the Moody Bible Institute incident to determine what legal options may be available for those affected.
If you are a student, donor, or employee of Moody Bible Institute and believe your personal information may have been exposed, you can contact Almeida Law Group for a free consultation.