Long after the initial disclosures, a well-known hacking group has now stepped forward to claim responsibility for last year’s data breaches at Harvard University and the University of Pennsylvania.
The hacking group ShinyHunters has said it carried out the cyberattacks and has published what it claims are more than 1,000,000 records from each university on its leak site. In November, UPenn had confirmed a breach involving “a select group of information systems related to Penn’s development and alumni activities.”
UPenn had earlier stated that the breach occurred due to social engineering, a method in which attackers impersonate trusted individuals to trick victims into giving access. While the university did not specify the exact data taken, it said hackers accessed systems linked to development and alumni activities.
Harvard University had also confirmed a breach in November. The institution said its alumni systems were compromised following a voice phishing attack.
According to Harvard, the stolen information included email addresses, phone numbers, home and business addresses, event attendance records, donation details, and other biographical data connected to fundraising and alumni engagement. The data released by ShinyHunters appears to match the type of information both universities said was taken during the breaches.
The hackers claimed they published the data after the universities refused to pay a ransom in exchange for keeping the information private.
During the UPenn breach, the attackers had suggested political motives, citing dissatisfaction with affirmative action policies. However, ShinyHunters is not known to be politically motivated in its past operations.
A UPenn spokesperson said the university is “analyzing the data and will notify any individuals if required by applicable privacy regulations.” Harvard did not respond to a request for comment on the latest claims.
The disclosures have once again highlighted the growing risks faced by academic institutions, especially those holding large volumes of alumni and donor data, and the increasing pressure from cybercriminal groups targeting such systems.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
