- Harvard claims alumni business and development systems were breached
- Voice phishing attack was to blame, university says
- Personal data exposed, but no financial information or passwords affected
Harvard University has confirmed that some of its systems were compromised in a recent cyberattack that exposed the personal data of past and present students, staff and donors.
In a data breach notification letter, the prestigious Ivy League University said a voice phishing attack allowed hackers to access its business and alumni development systems.
This led to the breach of information about alumni, donors, certain faculty and staff and certain current students, with spouses, partners and parents of alumni as well as current and former students also being affected.
Harvard attack
“On Tuesday, November 18, 2025, Harvard University discovered that an unauthorized party had access to information systems used by Alumni Affairs and Development following a telephone phishing attack,” the letter states.
“The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access. We are writing to inform you that information about you may have been accessed and so that you can be alert to any unusual communications purporting to come from the University.”
Harvard said the compromised data included email addresses, phone numbers, home and work addresses, event attendance records, donation details and “biographical information relating to the University’s fundraising and alumni engagement activities.”
Fortunately, the affected computer systems did not contain Social Security numbers, passwords, payment card information, or financial information.
However, even by exposing only “basic” data, cybercriminals will have enough to launch destructive attacks, the university warned, adding that it was working with law enforcement and third-party cybersecurity experts to investigate the incident.
By knowing full names, addresses, and their connections to the university, they can create convincing phishing emails, tricking victims into sharing their login credentials or even making fraudulent payments.
Harvard urged potentially affected individuals to be on alert for unusual or suspicious calls, text messages or emails purporting to be from the university, especially those requesting password resets or sensitive information.
It is the third U.S. Ivy League university to be targeted in recent weeks, with Princeton University and the University of Pennsylvania also recently disclosing data breaches involving donor information.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
