- ShinyHunters leaked over a million records stolen from Harvard and UPenn to their dark web site
- Data includes personal information, donation history and demographic information from students, staff, alumni and donors
- Breach linked to SSO compromise and vishing; files released after failed ransom negotiations without the use of encryption
The hacking group ShinyHunters has released all the files it stole from Harvard University and the University of Pennsylvania (UPenn) in late 2025.
The files now apparently reside on the hackers’ dark web site for other cybercriminals to download and exploit.
The group claims to have leaked more than a million records. Both organizations confirmed to have been breached, while TechCrunch succeeded in verifying part of the dataset.
Negotiations broke down, ShinyHunter’s leaked files
In early November, hackers revealed they had gained “full access” to a UPenn employee SSO account, which gave them access to the university’s VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system and SharePoint files.
The stolen information reportedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, and the like).
They also used the access to send offensive emails to around 700,00 recipients. At first, UPenn described the emails as “obviously fake” and “fraudulent,” but later backtracked and confirmed they were hit.
About three weeks later, Harvard also confirmed the system compromise, saying personal data about former and current students, staff and donors had been exposed. In a data breach notification letter, the prestigious Ivy League University said a voice phishing attack gave hackers access to its Alumni Affairs and Development systems.
This led to information about alumni, donors, some faculty and staff, and some current students being breached, with spouses, partners and parents of alumni as well as current and former students also affected.
ShinyHunters say they decided to leak the files now that negotiations broke down. Usually, hackers would steal files and then demand payment in crypto, in exchange for deleting them. When the victim decides not to pay, data is made public, as was the case here. No encryption was deployed in these attacks.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
