Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised due to a voice phishing (vishing) attack. The breach exposed the personal information of a large segment of the university community, including students, alumni, donors, staff, and faculty members.
Exposed Data and Affected Community
The compromised data includes email addresses, telephone numbers, home and business addresses, event attendance records, donation details, and biographical information related to University fundraising and alumni engagement activities.
However, Harvard officials confirmed that the compromised IT systems did not contain highly sensitive financial identifiers. Klara Jelinkova, Vice President and CIO, and Jim Husson, Vice President for Alumni Affairs and Development, stated that Social Security numbers, passwords, payment card information, and financial details were not accessed.
The data exposure impacts several groups, including:
- Alumni and their spouses, partners, or widows.
- Donors to Harvard University.
- Parents of current and former students.
- Some current students, faculty, and staff.
Response and Investigation
Harvard discovered the unauthorized access on Tuesday, November 18, 2025, confirming it was the result of a phone based phishing attack. The University stated it immediately acted to remove the attacker's access and prevent further unauthorized activity.
The private Ivy League research university is working with law enforcement and third party cybersecurity experts to investigate the incident. Data breach notifications were sent on November 22 to individuals whose information may have been accessed. The University urged recipients to be suspicious of any calls, text messages, or emails claiming to be from Harvard, particularly those requesting sensitive information like passwords or bank details.
This incident follows a previous investigation into a claim by the Clop ransomware gang in mid October. Other Ivy League schools, including Princeton University and the University of Pennsylvania, also recently disclosed breaches involving donor information.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
