An “unauthorized party” this week gained access to databases used by Harvard’s Alumni Affairs and Development division through a “phone-based phishing attack,” a university spokesperson confirmed to the Globe Saturday.
Harvard said little else about who breached the systems and how they did so. The breach is among the latest cyberattacks against some of the nation’s most prominent universities in recent months.
“The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access,” Tim Bailey, a Harvard spokesperson, said in a statement. “We are working with third-party cybersecurity experts and law enforcement to investigate this incident.”
The hacked databases contained information about alumni, their family members, Harvard donors, the parents of current and former students, and some current students and faculty, according to the university.
Harvard noted that the accessed systems “do not generally contain Social Security numbers, passwords, payment card information, or financial account numbers.”
The databases were, however, replete with information about “email addresses, telephone numbers, home and business addresses, event attendance, details of donations to the University, and other biographical information pertaining to University fundraising and alumni engagement activities.”
“At this time,” the university told the Globe, “we do not know precisely what information was accessed.”
Harvard also said that it has informed potential victims that their data may have been accessed, adding that the school has “no evidence” of break-ins in other university systems.
Princeton suffered a similar hack earlier this month. So too did the University of Pennsylvania. Hackers exposed the personal information of applicants and students at Columbia University and New York University earlier this year.
Jaime Moore-Carrillo can be reached at jaime.moore-carrillo@globe.com.