Harvard University suffered a phone-based phishing attack that breached databases managed by the Office of Alumni Affairs and Development, discovered on November 18. The unauthorized party gained access to systems containing personal information though not Social Security numbers, passwords, or financial data such as email addresses, phone numbers, home/business addresses, donation histories, event attendance records, and biographical details tied to fundraising and alumni engagement. Affected parties include alumni, their spouses/partners, widows/widowers of alumni, donors, parents of students, some faculty, staff, and current students. The attack mirrors a rising trend of targeted breaches at elite universities, with similar incidents reported at Princeton, UPenn, Columbia, NYU, Stanford, and Georgetown. While financial gain may be a motive, the attackers in some cases (e.g., UPenn) cited political grievances, accusing institutions of being 'elitist' or misusing affirmative action policies. Harvard’s response included terminating the attacker’s access, launching an investigation with third-party cybersecurity experts and law enforcement, and setting up a dedicated website for updates. The full scope of compromised data remains unclear, but the breach exposes sensitive personal records of a broad university-affiliated population.
Source: https://www.harvardmagazine.com/university-news/harvard-data-breach-alumni-affairs-cybersecurity
Harvard Alumni Association cybersecurity rating report: https://www.rankiteo.com/company/harvard-alumni-assoc
"id": "HAR22102022112525",
"linkid": "harvard-alumni-assoc",
"type": "Breach",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': ['alumni',
'alumni spouses/partners',
'widows/widowers of alumni',
'Harvard donors',
'parents of current/former '
'students',
'some current students',
'some faculty and staff '
'members'],
'industry': 'higher education',
'location': 'Cambridge, Massachusetts, USA',
'name': 'Harvard University',
'size': 'large (students, faculty, staff, alumni, '
'donors)',
'type': 'educational institution'}],
'attack_vector': 'phone-based phishing',
'customer_advisories': ['dedicated incident website with FAQs'],
'data_breach': {'data_exfiltration': 'likely (investigation ongoing)',
'personally_identifiable_information': ['names',
'email addresses',
'telephone numbers',
'home/business '
'addresses',
'event attendance',
'donation details'],
'sensitivity_of_data': 'moderate (personally identifiable but '
'non-financial)',
'type_of_data_compromised': ['personal information '
'(non-financial)',
'biographical data',
'donation records',
'contact details']},
'date_detected': '2023-11-18',
'date_publicly_disclosed': '2023-11-25',
'description': 'An unauthorized party using a phone-based phishing attack '
"breached databases used by Harvard University's office of "
'Alumni Affairs and Development. The breach was discovered on '
'November 18, and Harvard acted immediately to remove the '
'attacker’s access. The investigation is ongoing, with '
'third-party cybersecurity experts and law enforcement '
'involved. The compromised databases may include personal '
'information such as email addresses, telephone numbers, '
'home/business addresses, event attendance, donation details, '
'and biographical information related to fundraising and '
'alumni engagement. Social Security numbers, passwords, '
'payment card information, and financial account numbers were '
'reportedly not exposed. Affected parties may include alumni, '
'donors, faculty, staff, students, and their families.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'breach of trust and ideological '
'targeting',
'data_compromised': ['email addresses',
'telephone numbers',
'home addresses',
'business addresses',
'event attendance records',
'donation details',
'biographical information (fundraising/alumni '
'engagement)'],
'identity_theft_risk': 'low (no SSNs, passwords, or financial data '
'exposed)',
'payment_information_risk': 'none (no payment card or financial '
'account numbers compromised)',
'systems_affected': ['databases used by Alumni Affairs and '
'Development']},
'initial_access_broker': {'entry_point': 'phone-based phishing',
'high_value_targets': ['alumni/donor databases']},
'investigation_status': 'ongoing',
'motivation': ['financial gain',
'political (potential ideological targeting of elite '
'universities)'],
'references': [{'source': 'Harvard Magazine'},
{'source': 'Harvard University Incident Website (FAQs)'}],
'response': {'communication_strategy': ['email notifications to University '
'affiliates',
'dedicated incident website with FAQs',
'public statements via Harvard '
'Magazine'],
'containment_measures': ['removed attacker’s access',
'prevented further unauthorized access'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': ['email to University affiliates (2023-11-25)',
'public statements via Harvard IT communications '
'director'],
'title': 'Harvard University Phone-Based Phishing Attack and Data Breach',
'type': ['data breach', 'phishing attack']}