Techcrunch
The hacking group ShinyHunters has claimed responsibility for recent data breaches at Harvard University and the University of Pennsylvania, publishing over a million records from each institution on their leak site. UPenn had previously confirmed a breach affecting development and alumni systems, attributing it to social engineering tactics.
AI 生成摘要
駭客組織 ShinyHunters 聲稱對近期哈佛大學及賓州大學的資料外洩事件負責,並在其洩密網站上公布了從兩所大學竊取的超過百萬筆資料。賓州大學先前已證實其發展及校友系統遭受入侵,並歸因於社交工程手法。
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Staff
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
A notorious hacking group has claimed responsibility for last year’s data breaches at Harvard University and the University of Pennsylvania (UPenn) and published the data that they claim to have stolen from the two schools.
On Wednesday, the group known as ShinyHunters published what it claims are more than one million records from each university on the group’s dedicated leak site, which the gang uses to extort its victims.
In November, UPenn confirmed a data breach of “a select group of information systems related to Penn’s development and alumni activities.” At the time, the hackers also sent alumni emails announcing the hack from official university addresses.
The university blamed the breach on social engineering, an attack that often relies on hackers impersonating someone and tricking them into doing something they would not normally do. In its official breach disclosure web page, which has since been taken offline, UPenn did not say exactly what type of data the hackers stole, simply saying the cybercriminals accessed “systems related to Penn’s development and alumni activities.”
TechCrunch verified a portion of the data set by confirming with alumni and public records, such as matching the data against student ID numbers.
Later in November, Harvard University also confirmed a breach on its alumni systems, blaming it on a voice phishing attack, meaning an attack where hackers tricked the targets into clicking on a link or opening an attachment with a voice call.
Harvard said that the stolen data included email addresses, phone numbers, home and business addresses, event attendance, details of donations to the university, and other biographical information relating to the university’s fundraising and alumni engagement activities.
The data published by ShinyHunters, which TechCrunch has seen, appears to match the type of information that both universities said was stolen last year.
The hackers said they published the stolen data because the universities refused to pay a ransom to stop them from doing so. Cybercriminals like ShinyHunters often try to extort their victims asking for payment in exchange for not publishing the data they stole, and if the victims refuse payment, they then release the data online.
During the UPenn breach, the hackers made it seem like they had political motives, in particular they expressed discontent with affirmative action policies. “We hire and admit morons because we love legacies, donors, and unqualified affirmative action admits,” the hackers wrote in the email sent to alumni.
ShinyHunters is not known to have political motives. The hackers did not respond to a question asking why they included that language in the email.
Penn spokesperson Ron Ozio told TechCrunch that the university is “analyzing the data and will notify any individuals if required by applicable privacy regulations.”
Harvard did not respond to a request for comment.
Topics
Senior Reporter, Cybersecurity
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
Tickets are live at the lowest rates of the year. Save up to $680 on your pass now.Meet investors. Discover your next portfolio company. Hear from 250+ tech leaders, dive into 200+ sessions, and explore 300+ startups building what’s next. Don’t miss these one-time savings.
Fintech CEO and Forbes 30 Under 30 alum has been charged for alleged fraud
Notepad++ says Chinese government hackers hijacked its software updates for months
Meet the new European unicorns of 2026
Nvidia CEO pushes back against report that his company’s $100B OpenAI investment has stalled
OpenClaw’s AI assistants are now building their own social network
Elon Musk’s SpaceX, Tesla, and xAI in talks to merge, according to reports
Waymo robotaxi hits a child near an elementary school in Santa Monica
© 2025 TechCrunch Media LLC.