Hacker group publishes alleged personal data from Harvard, UPenn breaches
What's the story
A notorious hacking group, ShinyHunters, has claimed responsibility for last year's data breaches at Harvard University and the University of Pennsylvania (UPenn). The group has also published what it claims are over a million records from each institution on its dedicated leak site. In November, UPenn had confirmed a breach of "a select group of information systems related to Penn's development and alumni activities."
Breach details
Type of data stolen by hackers
UPenn had blamed the breach on social engineering, an attack where hackers impersonate someone and trick them into doing something they wouldn't normally do. The university didn't specify what type of data was stolen but said cybercriminals accessed "systems related to Penn's development and alumni activities." In November, Harvard University also confirmed a breach on its alumni systems, blaming it on a voice phishing attack.
Data theft
Data matches what the universities said was stolen
Harvard said the stolen data included email addresses, phone numbers, home and business addresses, event attendance, donation details to the university, and other biographical information related to its fundraising and alumni engagement activities. The data published by ShinyHunters matches the type of information both universities said was stolen last year. The hackers claimed they published the stolen data after the universities refused to pay a ransom to stop them from doing so.
Hacker's statement
Breach blamed on affirmative action policies
During the UPenn breach, the hackers had claimed political motives, particularly expressing discontent with affirmative action policies. However, ShinyHunters is not known to have any political motives. A UPenn spokesperson said the university is "analyzing the data and will notify any individuals if required by applicable privacy regulations." Harvard did not respond to a request for comment on this matter, TechCrunch reports.