Hackers Publish Personal Information Stolen During Harvard, Upenn Data Breaches

A notorious hacking group has claimed work for past year’s information breaches astatine Harvard University and nan University of Pennsylvania (UPenn) and published nan information that they declare to person stolen from nan 2 schools. 

On Wednesday, nan group known arsenic ShinyHunters published what it claims are much than 1 cardinal records from each assemblage connected nan group’s dedicated leak site, which nan pack uses to extort its victims.

In November, UPenn confirmed a information breach of “a prime group of accusation systems related to Penn’s improvement and alumni activities.” At nan time, nan hackers besides sent alumni emails announcing nan hack from official assemblage addresses. 

The assemblage blamed nan breach connected social engineering, an onslaught that often relies connected hackers impersonating personification and tricking them into doing thing they would not usually do. In its official breach disclosure web page, which has since been taken offline, UPenn did not opportunity precisely what type of information nan hackers stole, simply saying nan cybercriminals accessed “systems related to Penn’s improvement and alumni activities.”

TechCrunch verified a information of nan information group by confirming pinch alumni and nationalist records, specified arsenic matching nan information against student ID numbers.

Later successful November, Harvard University besides confirmed a breach connected its alumni systems, blaming it connected a sound phishing attack, meaning an onslaught wherever hackers tricked nan targets into clicking connected a nexus aliases opening an attachment pinch a sound call. 

Harvard said that nan stolen information included email addresses, telephone numbers, location and business addresses, arena attendance, specifications of donations to nan university, and different biographical accusation relating to nan university’s fundraising and alumni engagement activities.

The information published by ShinyHunters, which TechCrunch has seen, appears to lucifer nan type of accusation that some universities said was stolen past year. 

The hackers said they published nan stolen information because nan universities refused to salary a ransom to extremity them from doing so. Cybercriminals for illustration ShinyHunters often effort to extort their victims asking for costs successful speech for not publishing nan information they stole, and if nan victims garbage payment, they past merchandise nan information online. 

During nan UPenn breach, nan hackers made it look for illustration they had governmental motives, successful peculiar they expressed discontent pinch affirmative action policies. “We prosecute and admit morons because we emotion legacies, donors, and unqualified affirmative action admits,” nan hackers wrote successful nan email sent to alumni. 

ShinyHunters is not known to person governmental motives. The hackers did not respond to a mobility asking why they included that connection successful nan email. 

Penn spokesperson Ron Ozio told TechCrunch that nan assemblage is “analyzing nan information and will notify immoderate individuals if required by applicable privateness regulations.”

Harvard did not respond to a petition for comment.