- Harvard says Alumni Affairs and Development systems breached
- A voice phishing attack was to blame, the University says
- Personal data exposed, but no financial info or passwords were affected
Harvard University has confirmed some of its systems were compromised in a recent cyberattack which saw personal data on past and present students, staff, and donors exposed.
In a data breach notification letter, the prestigious Ivy League University said a voice phishing attack allowed hackers access to its Alumni Affairs and Development systems.
This led to information about alumni, donors, some faculty and staff, and some current students being breached, with spouses, partners and parents of alumni as well as current and former students also affected.
Harvard attack
"On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a phone-based phishing attack," the letter said.
"The University acted immediately to remove the attacker's access to our systems and prevent further unauthorized access. We are writing to make you aware that information about you may have been accessed and so you can be alert for any unusual communications that purport to come from the University."
Harvard said the compromised data included email addresses, telephone numbers, home and business addresses, event attendance records, donation details, and "biographical information pertaining to University fundraising and alumni engagement activities."
Fortunately, the affected IT systems didn't contain Social Security numbers, passwords, payment card information, or financial info.
However, even with just the “basic” data exposed, cybercriminals will have enough to launch destructive attacks, the university warned, adding it is working with law enforcement and third-party cybersecurity experts to investigate the incident.
By knowing people’s full names, addresses, and their connections to the university, they can create convincing phishing emails, tricking the victims into sharing login credentials, or even making fraudulent payments.
Harvard has urged potentially affected individuals to be on alert for unusual or suspicious calls, text messages, or emails claiming to be from the university, particularly those requesting password resets or sensitive information.
The news marks the third Ivy League US university to be targeted in the last few weeks, with Princeton University and the University of Pennsylvania also recently disclosing data breaches concerning donor information.
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.