駭客公布竊取自哈佛大學及賓州大學的個資

Topics

Latest

AI

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

More from TechCrunch

Staff

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Hackers publish personal information stolen during Harvard, UPenn data breaches

A notorious hacking group has claimed responsibility for last year’s data breaches at Harvard University and the University of Pennsylvania (UPenn) and published the data that they claim to have stolen from the two schools.

On Wednesday, the group known as ShinyHunters published what it claims are more than one million records from each university on the group’s dedicated leak site, which the gang uses to extort its victims.

In November, UPenn confirmed a data breach of “a select group of information systems related to Penn’s development and alumni activities.” At the time, the hackers also sent alumni emails announcing the hack from official university addresses.

The university blamed the breach on social engineering, an attack that often relies on hackers impersonating someone and tricking them into doing something they would not normally do. In its official breach disclosure web page, which has since been taken offline, UPenn did not say exactly what type of data the hackers stole, simply saying the cybercriminals accessed “systems related to Penn’s development and alumni activities.”

TechCrunch verified a portion of the data set by confirming with alumni and public records, such as matching the data against student ID numbers.

Later in November, Harvard University also confirmed a breach on its alumni systems, blaming it on a voice phishing attack, meaning an attack where hackers tricked the targets into clicking on a link or opening an attachment with a voice call.

Harvard said that the stolen data included email addresses, phone numbers, home and business addresses, event attendance, details of donations to the university, and other biographical information relating to the university’s fundraising and alumni engagement activities.

TechCrunch Founder Summit 2026: Tickets Live

TechCrunch Founder Summit: Tickets Live

The data published by ShinyHunters, which TechCrunch has seen, appears to match the type of information that both universities said was stolen last year.

The hackers said they published the stolen data because the universities refused to pay a ransom to stop them from doing so. Cybercriminals like ShinyHunters often try to extort their victims asking for payment in exchange for not publishing the data they stole, and if the victims refuse payment, they then release the data online.

During the UPenn breach, the hackers made it seem like they had political motives, in particular they expressed discontent with affirmative action policies. “We hire and admit morons because we love legacies, donors, and unqualified affirmative action admits,” the hackers wrote in the email sent to alumni.

ShinyHunters is not known to have political motives. The hackers did not respond to a question asking why they included that language in the email.

Penn spokesperson Ron Ozio told TechCrunch that the university is “analyzing the data and will notify any individuals if required by applicable privacy regulations.”

Harvard did not respond to a request for comment.

Topics

Senior Reporter, Cybersecurity

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.

You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

Tickets are live at the lowest rates of the year. Save up to $680 on your pass now.Meet investors. Discover your next portfolio company. Hear from 250+ tech leaders, dive into 200+ sessions, and explore 300+ startups building what’s next. Don’t miss these one-time savings.