A hacking group, known as ShinyHunters, has released what it claims are over 1 million records stolen from both Harvard University and the University of Pennsylvania (UPenn). This data leak, made public on their dedicated site, follows confirmed breaches at both institutions last year, where cybercriminals exploited vulnerabilities through social engineering techniques.
In November, UPenn acknowledged that its alumni and development systems had been compromised, although the specific types of data accessed were not detailed in their initial communication. The university attributed the breach to social engineering tactics, which involve tricking individuals into revealing sensitive information. Similarly, Harvard disclosed a breach in its alumni systems, citing a voice phishing attack as the method used to infiltrate its data.
The stolen information from both universities reportedly includes sensitive details such as email addresses, phone numbers, home and business addresses, and records related to donations and event attendance. TechCrunch has verified parts of the leaked dataset, confirming its authenticity by cross-referencing it with public records and alumni information. According to the hackers, the data was published after the universities declined to meet their ransom demands.