Harvard University suffered a vishing breach targeting its Alumni Affairs and Development systems, exposing sensitive contact and biographical data of alumni, donors, faculty, staff, and associated individuals. The compromised information includes email addresses, phone numbers, home/business addresses, event attendance records, and donation details, though no Social Security numbers, passwords, or financial data were accessed. The breach occurred via a phone-based phishing (vishing) attack, prompting Harvard to revoke unauthorized access and launch an investigation with external cybersecurity experts. Affected individuals were notified on November 22, 2025, with warnings to remain vigilant against follow-up scams. While the incident was contained, it follows a separate Cl0p ransomware-related breach in mid-October, where attackers exploited a patched Oracle E-Business Suite vulnerability, though Harvard downplayed its broader impact.
Harvard Alumni Association cybersecurity rating report: https://www.rankiteo.com/company/harvard-alumni-assoc
"id": "HAR3314333112525",
"linkid": "harvard-alumni-assoc",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['Alumni',
'Spouses/partners/widows/widowers '
'of alumni',
'University donors',
'Parents of current/former '
'students',
'Current students',
'Faculty',
'Staff'],
'industry': 'Higher Education',
'location': 'Cambridge, Massachusetts, USA',
'name': 'Harvard University',
'size': 'Large (students, faculty, staff, alumni, '
'donors)',
'type': 'Educational Institution'}],
'attack_vector': ['Vishing (phone-based phishing)',
'Exploitation of patched vulnerability in Oracle E-Business '
'Suite'],
'customer_advisories': ['Warned about phishing/social engineering risks',
'Encouraged caution with unexpected communications',
'Advised to verify requests independently'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (no SSNs, passwords, or '
'financial data, but personally '
'identifiable and donation-related '
'information)',
'type_of_data_compromised': ['Personal contact information '
'(emails, phone numbers, '
'addresses)',
'Donation details',
'Biographical information',
'Event attendance details']},
'date_detected': '2025-11-18',
'date_publicly_disclosed': '2025-11-24',
'description': 'Harvard University revealed that its Alumni Affairs and '
'Development systems suffered a vishing breach, exposing '
'emails, phone numbers, addresses, donation data, and '
'biographical information of alumni, donors, faculty, staff, '
'and students. The breach did not expose Social Security '
'numbers, passwords, payment card data, or financial '
'information. The university launched an investigation with '
'external cybersecurity experts and notified law enforcement. '
'Affected individuals were advised to stay vigilant for '
'suspicious communications. Additionally, Harvard was '
'previously targeted in the Oracle E-Business Suite campaign '
'by the Cl0p ransomware group, which claimed to have leaked '
'1.3 TB of data.',
'impact': {'brand_reputation_impact': 'High (prestigious institution, '
'multiple breaches disclosed)',
'data_compromised': ['Emails',
'Phone numbers',
'Home/business addresses',
'Event attendance details',
'Donation details',
'Biographical information'],
'identity_theft_risk': 'Moderate (contact and biographical data '
'exposed, but no SSNs or financial data)',
'payment_information_risk': 'None (no payment card or financial '
'account data exposed)',
'systems_affected': ['Alumni Affairs and Development systems',
'Small administrative unit (Oracle EBS '
'campaign)']},
'initial_access_broker': {'data_sold_on_dark_web': '1.3 TB (claimed by Cl0p '
'on their leak site)',
'entry_point': ['Vishing (phone-based phishing)',
'Oracle E-Business Suite '
'vulnerability (for Cl0p incident)'],
'high_value_targets': ['Alumni Affairs and '
'Development systems',
'Administrative unit (Oracle '
'EBS)']},
'investigation_status': 'Ongoing (with external cybersecurity experts)',
'motivation': ['Data Theft', 'Potential Financial Gain (ransomware)'],
'ransomware': {'data_exfiltration': '1.3 TB (claimed by Cl0p group)',
'ransomware_strain': 'Cl0p'},
'recommendations': ['Stay vigilant for suspicious communications (calls, '
'texts, emails)',
'Pause before engaging with unexpected requests for '
'personal data',
'Verify unusual requests via trusted, independent sources',
'Treat password reset requests with caution, even from '
'trusted contacts'],
'references': [{'date_accessed': '2025-11-24', 'source': 'SecurityAffairs'},
{'date_accessed': '2025-11-22',
'source': 'Harvard University Data Breach Notification'},
{'source': 'Google TIG and Mandiant Reports (Oracle EBS '
'Campaign)'}],
'response': {'communication_strategy': ['Data breach notifications sent to '
'affected individuals (2025-11-22)',
'Advisories to stay vigilant for '
'suspicious communications',
'Guidance to verify unusual requests '
'via trusted sources'],
'containment_measures': ['Removed attacker’s access',
'Prevented further unauthorized access'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['External cybersecurity experts']},
'stakeholder_advisories': 'Notifications sent to affected individuals '
'(2025-11-22)',
'threat_actor': ['Unknown (vishing attack)', 'Cl0p Ransomware Group'],
'title': 'Harvard reports vishing breach exposing alumni and donor contact '
'data',
'type': ['Data Breach', 'Vishing Attack', 'Ransomware (Cl0p)'],
'vulnerability_exploited': 'Recently patched vulnerability in Oracle '
'E-Business Suite (for Cl0p ransomware incident)'}