Princeton University Advancement Database Breach Exposes Donor and Alumni Information
Princeton University disclosed that its Advancement database, containing personal information of alumni, donors, some faculty, students, parents, and other community members, was compromised by unauthorized actors on November 10. The breach lasted less than 24 hours, and while the investigation is ongoing, the university stated that the database generally does not contain Social Security numbers, passwords, or financial data such as credit card or bank account numbers. The exposed data includes names, email addresses, phone numbers, and home and business addresses, as well as donation information. University officials have communicated with affected individuals, urging vigilance against potential phishing attempts and confirming that no other systems were accessed during the incident.
The university is working with external experts and law enforcement to determine the full scope of the breach and its impact. Princeton emphasized that student records protected by federal privacy laws and most staff data were not included in the compromised database. This incident follows a series of recent data breaches at other Ivy League institutions, highlighting ongoing threats to higher education data security. The university has provided a dedicated FAQ and incident information page to keep the community informed as the investigation progresses.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Reporting expands scope of affected individuals beyond donors and alumni
Subsequent coverage indicated the breach affected not only donors and alumni but also students and employees. This represented an escalation in the understood scope of the incident.
Princeton publicly posts incident notice and FAQ
The university published a cybersecurity incident information page and FAQ describing the breach and its impact. This marked Princeton's official public response to the incident.
Princeton identifies unauthorized access to donor and alumni database
Princeton University disclosed that a database containing donor and alumni information was compromised in a cybersecurity incident. The incident involved unauthorized access to university-held personal data.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Princeton University Data Breach Impacts Alumni, Students, Employees
databreaches.net
Open sourceData breach compromises Princeton University
scworld.com
Open sourcePrinceton University says database containing donor, alumni info breached
therecord.media
Open sourcePrinceton University discloses data breach affecting donors, alumni
bleepingcomputer.com
Open sourceCybersecurity incident information and FAQ
oit.princeton.edu
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Vishing Attack Leads to Harvard University Data Breach
Harvard University confirmed a significant data breach after threat actors used a voice phishing (vishing) attack to compromise its Alumni Affairs and Development systems. The attackers gained access to a wide range of personal information, including phone numbers, email addresses, home and business addresses, event attendance records, donation details, and other biographical data related to alumni, donors, parents, some current students, faculty, and staff. University officials emphasized that no Social Security numbers, passwords, payment card information, or financial data were stored in the affected systems. Immediate steps were taken to expel the attackers and secure the compromised systems. The university is collaborating with law enforcement and third-party cybersecurity experts to investigate the incident and has notified affected individuals. Harvard urged those impacted to be vigilant for suspicious communications, as the exposed data could be used in further social engineering attacks. This breach follows similar incidents at other Ivy League institutions, highlighting the ongoing threat of vishing and targeted phishing campaigns against higher education organizations.
Mar 21, 2026
ShinyHunters Leaks Donor and Alumni Data Stolen from Harvard and UPenn
**ShinyHunters** published datasets it claims were stolen during prior breaches at **Harvard University** and the **University of Pennsylvania (UPenn)**, posting what it says are **over one million records from each university** to its leak site used for extortion. Reporting indicates the exposed information relates to the schools’ development/alumni functions; TechCrunch said it verified portions of the data by corroborating details with alumni and public records (including matching against student ID numbers). Both universities attributed the intrusions to **social engineering** targeting staff supporting alumni and fundraising operations. UPenn previously confirmed unauthorized access to “a select group” of systems tied to development and alumni activities and said attackers also used official university email addresses to message alumni about the incident. Harvard reported its Alumni Affairs and Development environment was accessed following a **phone/voice-phishing** attack, and its incident FAQ described impacted data as including contact details (email, phone, home/business addresses), event attendance, donation details, and other biographical and fundraising-related information; public reporting noted uncertainty about whether affected individuals would receive individual notifications under applicable state requirements.
Mar 21, 2026
University of Pennsylvania Email System Breach and Data Leak
A hacker gained unauthorized access to the University of Pennsylvania's Salesforce Marketing Cloud mailing system, using it to send a mass email to approximately 700,000 recipients and mock the university's security and admissions practices. The attacker claimed to have exfiltrated sensitive data on 1.2 million donors, alumni, and students, including names, birthdates, addresses, contact information, estimated net worth, donation history, and demographic details such as religion, race, and sexual orientation. The university confirmed the breach originated from its connect.upenn.edu platform, which is hosted by Salesforce, and that the attacker was able to distribute the message widely before losing access on October 31. Despite losing initial access, the attacker asserted continued control over the Salesforce Marketing Cloud system and subsequently published a 1.7-gigabyte archive allegedly containing the stolen data. The incident highlights significant risks associated with third-party cloud-based communication platforms and the potential for large-scale exposure of sensitive personal and financial information. The breach has raised concerns about the security of university systems and the protection of donor and student data, with the attacker openly ridiculing the institution's cybersecurity posture in the process.
Mar 21, 2026