Hackers publish personal information stolen during Harvard, UPenn data breaches

The cybercrime group ShinyHunters claimed responsibility for hacking Harvard University and the University of Pennsylvania (UPenn) in November 2023, publishing over one million records from each institution on their extortion website. On Wednesday, the group released the stolen data, which included sensitive information from alumni and development systems. Both universities had previously confirmed breaches, with UPenn attributing the attack to social engineering and Harvard to a voice phishing scam. The hackers initially sent emails to alumni from official university addresses, claiming political motives related to affirmative action policies, though ShinyHunters is not known for political activism. The published data matches the types of information both universities reported as stolen, including email addresses, phone numbers, and donation details. The hackers stated they released the data because the universities refused to pay a ransom. UPenn spokesperson Ron Ozio confirmed the university is analyzing the data and will notify affected individuals if required by privacy regulations. Harvard did not respond to requests for comment. TechCrunch verified portions of the data by cross-referencing it with alumni records and public documents.