- Harvard says Alumni Affairs and Development systems are broken
- A vote phishing attack was to blame, the university says
- Personal data exposed, but no financial information or passwords were affected
Harvard University has confirmed that some of its systems were compromised in a recent cyber attack that exposed personal data about past and present students, staff and donors.
In a data breach notification letter, the prestigious Ivy League University said a voice phishing attack gave hackers access to its Alumni Affairs and Development systems.
This led to information about alumni, donors, some faculty and staff, and some current students being breached, with spouses, partners and parents of alumni as well as current and former students also affected.
Harvard attack
“On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a telephone-based phishing attack,” the letter states.
“The University took immediate action to remove the attacker’s access to our systems and prevent further unauthorized access. We are writing to alert you that information about you may have been accessed and to alert you to any unusual communications purporting to come from the University.”
Harvard said the compromised data included email addresses, phone numbers, home and business addresses, event attendance records, donation details and “biographical information regarding the university’s fundraising and alumni engagement activities.”
Fortunately, the affected IT systems did not contain social security numbers, passwords, payment card details or financial information.
But even with just the “basic” data exposed, cybercriminals will have enough to launch destructive attacks, the university warned, adding that it is working with law enforcement and third-party cybersecurity experts to investigate the incident.
By knowing people’s full names, addresses and their connections to the university, they can create convincing phishing emails, trick victims into sharing login details or even make fraudulent payments.
Harvard has urged potentially affected individuals to be alert for unusual or suspicious calls, texts or emails claiming to be from the university, especially those requesting password resets or sensitive information.
The news marks the third Ivy League US university to be targeted in the past few weeks, with Princeton University and the University of Pennsylvania also recently disclosing data breaches involving donor information.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
