A prominent cybercrime group has claimed to have made public over two million records associated with alumni systems at Harvard University and the University of Pennsylvania, intensifying the fallout from last year’s cyber incidents following rejected ransom demands.
The hacking group, identified as ShinyHunters, asserts that it has released more than one million records from each institution on its leaked data platform earlier this week. Such platforms are often employed by cybercriminals seeking to coerce organizations into paying ransoms by threatening to expose stolen data.
In November, the University of Pennsylvania acknowledged a data breach, informing its community that certain systems related to development and alumni operations had been compromised. During this incident, emails were dispatched from official university addresses to alumni, notifying them of the breach. The university later attributed the vulnerability to social engineering—a method whereby attackers manipulate individuals into divulging credentials or taking actions that grant unauthorized access.
Although the university initially did not disclose the exact nature of the accessed data, it recognized that systems tied to alumni and fundraising initiatives were affected. Subsequent investigations by journalists and examinations of public records indicated that the compromised information was consistent with typical alumni-related databases.
Alumni Data Targeted Through Social Engineering
Similarly, Harvard University reported a separate breach during the same timeframe, attributing it to a voice phishing, or “vishing,” attack, where attackers use deceptive phone calls to induce targets into clicking malicious links or opening harmful files. Harvard disclosed that the compromised data included alumni contact information, addresses, donation histories, event participation records, and other biographical details pertinent to alumni relations and fundraising efforts. Cybersecurity experts note that such data is often sought for identity theft and ongoing phishing schematics.
The dataset released by ShinyHunters aligns with the types of information that both universities reported as stolen. The group states that it chose to publish the data after the institutions declined its ransom demands. This tactic is frequently employed by extortion-focused cybercriminals to exert pressure on their targets.
In the Penn incident, attackers employed incendiary language in their communications to alumni, hinting at political grievances, although ShinyHunters has not been previously associated with any ideological motivations and did not respond to queries regarding this aspect of the messaging.
A spokesperson for the University of Pennsylvania indicated that the institution is currently reviewing the leaked data and will inform affected individuals as required by privacy legislation. As of now, Harvard has not made any public statements regarding the recent claims.
In evaluating the tactics and techniques likely utilized in these breaches, it is plausible that attackers employed methods categorized under the MITRE ATT&CK framework. These could include initial access techniques such as phishing for credentials, as well as persistence mechanisms that allow attackers to maintain footholds within compromised systems. The exploitation of vulnerabilities through social engineering is particularly relevant, highlighting the importance of robust cybersecurity measures in educational institutions.