Harvard University’s Alumni Affairs and Development Office suffered a phone-based phishing attack earlier this week, granting an unauthorized party access to sensitive systems. The breach exposed donation records, event attendance logs, email addresses, phone numbers, and home addresses of alumni, donors, faculty, and families of current students. While Social Security numbers, passwords, and financial details were reportedly *not* compromised, the full scope of accessed data remains unclear as investigations continue with third-party cybersecurity experts and law enforcement. The attack mirrors recent incidents at Princeton and the University of Pennsylvania, where similar phishing schemes targeted donor and alumni records. At Penn, hackers leaked internal documents (including donor memos and bank transactions) and sent profane emails to affiliates. Harvard has not yet confirmed whether affected individuals will receive direct notifications. The breach underscores vulnerabilities in higher education institutions’ defenses against social engineering attacks, particularly those exploiting phone-based phishing to harvest personal and institutional data.
Source: https://www.thecrimson.com/article/2025/11/22/alumni-affairs-data-breach/
Harvard Alumni Association cybersecurity rating report: https://www.rankiteo.com/company/harvard-alumni-assoc
"id": "HAR3692736112225",
"linkid": "harvard-alumni-assoc",
"type": "Breach",
"date": "11/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': ['alumni',
'donors',
'families of alumni/donors',
'parents of current students',
'some current students',
'some faculty'],
'industry': 'higher education',
'location': 'Cambridge, Massachusetts, USA',
'name': 'Harvard University',
'size': 'Large (20,000+ students, 2,400+ faculty, '
'400,000+ alumni)',
'type': 'educational institution'}],
'attack_vector': 'phone-based phishing',
'customer_advisories': 'Potential future notifications to affected '
'individuals (not yet decided)',
'data_breach': {'data_exfiltration': 'Unknown (investigation ongoing)',
'personally_identifiable_information': ['names',
'email addresses',
'telephone numbers',
'home addresses'],
'sensitivity_of_data': 'Moderate (PII but no SSNs/financial '
'data)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'donation records',
'event attendance records']},
'date_detected': '2025-11-19',
'date_publicly_disclosed': '2025-11-22',
'description': 'An unauthorized party accessed information systems used by '
'Harvard’s Alumni Affairs and Development Office via a '
'phone-based phishing attack. The breach exposed donation '
'details, event attendance records, email addresses, telephone '
'numbers, and home addresses of alumni, donors, families, and '
'some faculty/students. Social Security numbers, passwords, '
'and financial account numbers were not compromised. Harvard '
'acted immediately to remove the attacker’s access and is '
'investigating with third-party cybersecurity experts and law '
'enforcement.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'breach of sensitive alumni/donor data',
'data_compromised': ['donation records',
'event attendance records',
'email addresses',
'telephone numbers',
'home addresses'],
'identity_theft_risk': 'Low (no SSNs, passwords, or financial data '
'exposed)',
'operational_impact': 'Investigation ongoing; potential '
'notifications to affected individuals '
'pending',
'payment_information_risk': 'None (financial account numbers not '
'compromised)',
'systems_affected': ['Alumni Affairs and Development Office '
'information systems']},
'initial_access_broker': {'entry_point': 'phone-based phishing',
'high_value_targets': ['alumni/donor databases',
'event attendance records']},
'investigation_status': 'Ongoing (with third-party cybersecurity experts and '
'law enforcement)',
'references': [{'date_accessed': '2025-11-22',
'source': 'The Harvard Crimson'},
{'date_accessed': '2025-11-22',
'source': 'Harvard University Breach Update Webpage'}],
'response': {'communication_strategy': ['email to University affiliates',
'public webpage with FAQs'],
'containment_measures': ['removed attacker’s access',
'prevented further unauthorized access'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['launched dedicated breach update webpage'],
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': ['Email to University affiliates',
'Public webpage with FAQs'],
'title': 'Harvard University Alumni Affairs and Development Office Data '
'Breach via Phone-Based Phishing Attack',
'type': ['data breach', 'phishing attack'],
'vulnerability_exploited': 'human error (successful phishing)'}