Harvard revealed its Alumni Affairs systems suffered a vishing breach, exposing emails, phone numbers, addresses, donation data and biographical info.
Harvard revealed that threat actors breached its Alumni Affairs and Development systems through a vishing attack, exposing contact, donation, and biographical data of students, staff, alumni.
Harvard says the breached systems held no Social Security numbers, passwords, payment card data, or financial information.
Harvard officials believe the breach exposed information belonging to alumni; spouses, partners, and widows or widowers of alumni; university donors; parents of current and former students; and some current students, faculty, and staff.
The university launched an investigation into the security breach with the help external cybersecurity experts and notified law enforcement. On November 22nd, the university sent data breach notifications to the affected individuals.
“On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access.” reads the data breach notification. “Though the information systems that were accessed do not generally contain Social Security numbers, passwords, or financial account numbers, they do include personal information such as email addresses, telephone numbers, home and business addresses, event attendance, and details of donations to the University.”
Harvard advised affected individuals to stay vigilant for suspicious communications that appear to come from the University, especially those requesting sensitive information. They encouraged recipients to pause before engaging, treating unexpected calls, texts, or emails, particularly those asking for personal data or password resets, with caution, even if they seem to come from trusted contacts.
The University also urged individuals to verify any unusual requests using a trusted, independent source rather than responding to the contact details provided in a suspicious message.
In mid-October, Harvard University confirmed it was targeted in the Oracle E-Business Suite campaign after the Cl0p ransomware group listed it on its leak site. The cybercrime group claimed to have leaked 1.3 TB of data allegedly stolen from Harvard University. The institute attempted to downplay the incident, explaining that the security breach appears to be limited to a small administrative unit.
The Clop Ransomware group announced the hack of the prestigious Harvard University. The cybercrime group created a page for the university on its Tor data leak site and announced the leak of the stolen data soon.
Harvard University revealed it was targeted in the Oracle EBS campaign; attackers exploited a recently patched vulnerability. The university states that there is no evidence of other systems compromised. Google TIG group and Mandiant report dozens of organizations were targeted, with stolen data including financial, HR, customer, supplier, and inventory information, varying in sensitivity by victim.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Harvard)
