ShinyHunters Leaks Donor and Alumni Data Stolen from Harvard and UPenn
ShinyHunters published datasets it claims were stolen during prior breaches at Harvard University and the University of Pennsylvania (UPenn), posting what it says are over one million records from each university to its leak site used for extortion. Reporting indicates the exposed information relates to the schools’ development/alumni functions; TechCrunch said it verified portions of the data by corroborating details with alumni and public records (including matching against student ID numbers).
Both universities attributed the intrusions to social engineering targeting staff supporting alumni and fundraising operations. UPenn previously confirmed unauthorized access to “a select group” of systems tied to development and alumni activities and said attackers also used official university email addresses to message alumni about the incident. Harvard reported its Alumni Affairs and Development environment was accessed following a phone/voice-phishing attack, and its incident FAQ described impacted data as including contact details (email, phone, home/business addresses), event attendance, donation details, and other biographical and fundraising-related information; public reporting noted uncertainty about whether affected individuals would receive individual notifications under applicable state requirements.
Sources
Related Stories
Figure Data Breach Linked to Employee Social Engineering and ShinyHunters Leak
**Figure Technology Solutions**, a blockchain-based lending/fintech firm, confirmed a **data breach** after an employee was **socially engineered**, enabling attackers to access and exfiltrate a **limited number of files**. The company said it is communicating with partners and impacted individuals, has begun sending notifications, and is offering **free credit monitoring** to recipients of breach notices; it has not publicly disclosed the total number of affected individuals or when the incident was detected. The cybercrime group **ShinyHunters** claimed responsibility and alleged Figure refused to pay a ransom, publishing about **2.5GB** of purportedly stolen data on its leak site. Journalists who reviewed samples reported the exposed data included **names, home addresses, dates of birth, and phone numbers**, increasing risk of identity fraud and follow-on phishing. ShinyHunters also told reporters the intrusion was part of a broader campaign affecting organizations including **Harvard University** and **UPenn**, and referenced victims that rely on **Okta** for single sign-on.
1 months agoUniversity of Pennsylvania Email System Breach and Data Leak
A hacker gained unauthorized access to the University of Pennsylvania's Salesforce Marketing Cloud mailing system, using it to send a mass email to approximately 700,000 recipients and mock the university's security and admissions practices. The attacker claimed to have exfiltrated sensitive data on 1.2 million donors, alumni, and students, including names, birthdates, addresses, contact information, estimated net worth, donation history, and demographic details such as religion, race, and sexual orientation. The university confirmed the breach originated from its connect.upenn.edu platform, which is hosted by Salesforce, and that the attacker was able to distribute the message widely before losing access on October 31. Despite losing initial access, the attacker asserted continued control over the Salesforce Marketing Cloud system and subsequently published a 1.7-gigabyte archive allegedly containing the stolen data. The incident highlights significant risks associated with third-party cloud-based communication platforms and the potential for large-scale exposure of sensitive personal and financial information. The breach has raised concerns about the security of university systems and the protection of donor and student data, with the attacker openly ridiculing the institution's cybersecurity posture in the process.
4 months agoPrinceton University Advancement Database Breach Exposes Donor and Alumni Information
Princeton University disclosed that its Advancement database, containing personal information of alumni, donors, some faculty, students, parents, and other community members, was compromised by unauthorized actors on November 10. The breach lasted less than 24 hours, and while the investigation is ongoing, the university stated that the database generally does not contain Social Security numbers, passwords, or financial data such as credit card or bank account numbers. The exposed data includes names, email addresses, phone numbers, and home and business addresses, as well as donation information. University officials have communicated with affected individuals, urging vigilance against potential phishing attempts and confirming that no other systems were accessed during the incident. The university is working with external experts and law enforcement to determine the full scope of the breach and its impact. Princeton emphasized that student records protected by federal privacy laws and most staff data were not included in the compromised database. This incident follows a series of recent data breaches at other Ivy League institutions, highlighting ongoing threats to higher education data security. The university has provided a dedicated FAQ and incident information page to keep the community informed as the investigation progresses.
3 months ago