Harvard College disclosed over the weekend that its Alumni Affairs and Growth techniques had been compromised in a voice phishing assault, exposing the non-public data of scholars, alumni, donors, workers, and school members.
The uncovered information contains electronic mail addresses, phone numbers, residence and enterprise addresses, occasion attendance data, donation particulars, and “biographical data pertaining to College fundraising and alumni engagement actions.”
Nevertheless, in keeping with Klara Jelinkova, Harvard’s Vice President and College Chief Data Officer, and Jim Husson, the college’s Vice President for Alumni Affairs and Growth, the compromised IT techniques did not comprise Social Safety numbers, passwords, cost card data, or monetary information.
Harvard officers consider that the next teams and people had their information uncovered within the data breach:
- Alumni
- Alumni spouses, companions, and widows/widowers of alumni
- Donors to Harvard College
- Mother and father of present and former college students
- Some present college students
- Some school and workers
The personal Ivy League analysis college is working with legislation enforcement and third-party cybersecurity consultants to analyze the incident, and it has despatched data breach notifications on November twenty second to people whose data might have been accessed within the assault.
“On Tuesday, November 18, 2025, Harvard College found that data techniques utilized by Alumni Affairs and Growth had been accessed by an unauthorized get together because of a phone-based phishing assault,” the letters warn.
“The College acted instantly to take away the attacker’s entry to our techniques and stop additional unauthorized entry. We’re writing to make you conscious that details about you could have been accessed and so that you may be alert for any uncommon communications that purport to come back from the College.”
The college additionally urged doubtlessly affected people to be suspicious of calls, textual content messages, or emails claiming to be from the college, notably these requesting password resets or delicate data (e.g., passwords, Social Safety numbers, or financial institution data).
A Harvard spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier at present.
In mid-October, Harvard College additionally advised BleepingComputer that it was investigating one other data breach after the Clop ransomware gang added it to its data-leak extortion web site, claiming it had breached the college’s techniques utilizing a zero-day vulnerability in Oracle’s E-Enterprise Suite servers.
Two different Ivy League faculties, Princeton College and the College of Pennsylvania, disclosed data breaches earlier this month, each confirming that attackers gained entry to donors’ data.
It is finances season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, establish rising developments, and examine their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable affect.
