In a significant cybersecurity event, a well-known hacking group has taken credit for the data breaches that occurred last year at Harvard University and the University of Pennsylvania (UPenn). They have publicly released what they allege to be personal data obtained from both institutions.
On Wednesday, the group, identified as ShinyHunters, shared information claiming to consist of over one million records from each university on their leak site, which they utilize for extortion purposes.
In November, UPenn acknowledged a breach affecting "a select group of information systems related to Penn's development and alumni activities." During this incident, the hackers reportedly sent emails to alumni from official university addresses to announce the breach.
The university attributed the breach to social engineering, a tactic where attackers impersonate trusted individuals to manipulate others into divulging sensitive information. Although UPenn did not specify the exact nature of the stolen data, they indicated that cybercriminals accessed systems tied to alumni and development activities.
TechCrunch confirmed some of the leaked data by cross-referencing it with public records and alumni information.
Harvard University also reported a breach in November, which they linked to a phishing attack. This type of attack typically involves deceiving victims into clicking malicious links or opening harmful attachments. Harvard indicated that the compromised data included email addresses, phone numbers, home and business addresses, and details related to fundraising and alumni engagement.
The information released by ShinyHunters aligns with the data both universities reported as stolen. The hackers claimed the release was prompted by the institutions' refusal to pay a ransom to prevent the data from being exposed.
In a message sent to alumni, the hackers suggested they had political motives, expressing dissatisfaction with affirmative action policies. However, ShinyHunters is not typically associated with political agendas, and they did not clarify their intentions regarding the political statements made in their communications.
UPenn's spokesperson mentioned that the university is currently reviewing the data and will inform affected individuals as required by privacy regulations. Harvard has yet to respond to inquiries regarding the breach.
