Hackers publish personal information stolen during Harvard, UPenn data breaches

A well-known hacking group has taken responsibility for significant data breaches at Harvard University and the University of Pennsylvania (UPenn), releasing what they assert are over one million records from each institution on their leak site. The group, identified as ShinyHunters, made the startling announcement on Wednesday, following UPenn's confirmation last November of a data breach involving a select group of information systems tied to the university’s development and alumni activities. During this incident, the hackers had sent emails to alumni from official university accounts, indicating they had successfully infiltrated the system. UPenn attributed the breach to social engineering tactics, where hackers trick individuals into divulging sensitive information. Although the university did not disclose the specific data compromised, it indicated that the cybercriminals accessed systems related to alumni and fundraising activities. TechCrunch verified parts of the leaked data by cross-referencing it with alumni records and student ID numbers. Similarly, Harvard University reported a breach later in November, which they attributed to a voice phishing attack, where victims were deceived into clicking malicious links or attachments after receiving phone calls. The stolen information reportedly includes email addresses, phone numbers, home and work addresses, event attendance details, and biographical data related to alumni engagement and donations. The data released by ShinyHunters aligns with the descriptions given by both universities regarding the stolen information. The hackers claimed they chose to publish the data after the universities refused to comply with their ransom demands, a common strategy among cybercriminals seeking to extort their victims. Previously, during the UPenn breach, the hackers hinted at political motivations, criticizing affirmative action policies in a message to alumni. However, ShinyHunters is generally not known for having political agendas, and they did not clarify their intentions regarding the inclusion of such language in their communications. In response to the breach, UPenn spokesperson Ron Ozio stated that the university is reviewing the data and will inform individuals as required by privacy regulations. Harvard University has yet to comment on the ongoing situation.