- ShinyHunters has leaked over a million documents stolen from Harvard and UPenn on their dark website.
- The data includes personal details, donation history and demographic information about students, staff, alumni and donors.
- Violations related to SSO compromise and vishing; files released after ransom negotiations failed, without any encryptors used
Hacking group ShinyHunters released all the files it stole from Harvard University and the University of Pennsylvania (UPenn) in late 2025.
The files are now apparently on the hackers’ dark website, which other cybercriminals can download and exploit.
The group claims to have leaked more than a million records. Both organizations confirmed they had been breached, while TechCrunch managed to verify part of the dataset.
Negotiations failed, ShinyHunters leaked files
In early November, hackers revealed that they had gained “full access” to a UPenn employee’s SSO account, giving them access to the university’s VPN, Salesforce data, the Qlik analytics platform, the SAP business intelligence system and SharePoint files.
The stolen information reportedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, etc.).
They also used this access to send offensive emails to some 700,000 recipients. At first, UPenn described the emails as “blatantly false” and “fraudulent” but later backtracked and confirmed they had been hit.
About three weeks later, Harvard also confirmed the system compromise and said personal data of past and present students, staff and donors had been exposed. In a data breach notification letter, the prestigious Ivy League University said a voice phishing attack allowed hackers to access its business and alumni development systems.
This led to the breach of information about alumni, donors, certain faculty and staff and certain current students, with spouses, partners and parents of alumni as well as current and former students also being affected.
ShinyHunters says they decided to release the files now since negotiations broke down. Usually, hackers steal files and then demand payment in cryptocurrency, in exchange for their deletion. When the victim decides not to pay, the data is published, as was the case here. No encryptors were deployed in these attacks.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
