Princeton University data breach hits students, alumni - here's what we know

News
By published

Names, email addresses, and postal addresses were taken in Princeton breach

Cyber-security
(Image credit: Getty Images)
  • Hackers accessed Princeton’s Advancement database, exposing alumni, donor, and member contact details
  • No Social Security numbers, passwords, or financial data were compromised in the breach
  • Princeton warns of phishing risks and confirms attackers’ access was contained to one system

Princeton University has confirmed recently suffering a cyberattack which saw it lose sensitive data on some of its members.

In a data breach notification letter sent to an undisclosed number of people, the University said threat actors accessed an Advancement database belonging to the Ivy League institution, where they were able to access information about alumni, donors, some faculty, students, parents, and other members of the organization.

The compromised database contained personally identifiable information such as names, email addresses, phone numbers, and home and business addresses. The database also contained information about fundraising activities and donations made to the university.

Princeton warns of phishing attacks

Princeton also stressed that Social Security numbers, passwords, or financial information, such as credit card and bank account numbers, were not disclosed.

Detailed student records covered by federal privacy laws, or data about staff employees, were also not disclosed.

However, even with just the “basic” data exposed, cybercriminals will have enough to launch destructive attacks.

By knowing people’s full names, addresses, and their connections to the university, they can create convincing phishing emails, tricking the victims into sharing login credentials, or even making fraudulent payments. That is why Princeton urged all members to be alert for unusual messages claiming to come from the university.

“No one from Princeton University should ever call, text, or email you asking for sensitive information such as Social Security numbers, passwords, or bank information,” the letter reads.

“If you have any doubts about whether a communication you receive from Princeton University is legitimate, please verify its legitimacy with a known University person before clicking on any links or downloading any attachment.”

The university’s IT team has since removed the attackers’ access to the database, and believe the miscreants were not able to access any other systems on the network before being kicked out.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.