Princeton University Data Breach Exposes Donor, Alumni Info
▼ Summary
– A Princeton University database was compromised in a November 10 cyberattack, exposing personal information of alumni, donors, faculty, and students.
– The breach occurred through a phishing attack targeting a university employee, allowing access to biographical data like names, emails, and addresses.
– The compromised database did not contain financial information, credentials, Social Security numbers, or records protected by federal privacy laws.
– Princeton has blocked the attackers’ access and advises affected individuals to verify communications before sharing sensitive data.
– University officials stated they have no factual information linking this incident to other attacks, such as the recent UPenn data breach.
A significant data security incident at Princeton University has resulted in the exposure of personal information belonging to alumni, donors, faculty, and students. The breach, which occurred on November 10th, was initiated through a sophisticated phishing attack directed at a university employee. This unauthorized access allowed the attackers to infiltrate a database containing extensive details used for fundraising and alumni relations.
University officials have clarified that the compromised system did not store highly sensitive data. The database that was breached does not generally contain Social Security numbers, passwords, or financial information such as credit card or bank account numbers, according to a joint statement from Daren Hubbard, Vice President for Information Technology and Chief Information Officer, and Kevin Heaney, Vice President for Advancement. They further emphasized that the system lacked detailed student records protected by federal privacy laws and did not include staff employee data unless those individuals were also donors to the university.
Based on a review of the database’s contents, the following group is believed to have had its information exposed:
• All University alumni, including anyone ever enrolled as a student, regardless of graduation status.
The private Ivy League institution has since secured its systems and blocked the attackers’ access. According to university officials, the intrusion was contained to a single database, and there is no evidence that the attackers reached other network systems.
Individuals who may be affected are urged to remain vigilant. They should treat any unexpected communication claiming to be from Princeton with caution, especially if it requests sensitive information.
Officials advised: “If you have any doubts about whether a communication you receive from Princeton University is legitimate, please verify its legitimacy with a known University person before clicking on any links or downloading any attachment.”
When asked about the total number of affected individuals or whether a ransom demand was made, a Princeton spokesperson directed inquiries to the published FAQ page.
This incident comes on the heels of a similar cybersecurity breach at the University of Pennsylvania in early November. In that case, attackers used a stolen employee login to access internal systems, leading to the exfiltration of 1.71 GB of documents and a donor marketing database with 1.2 million records.
Despite the parallels, Princeton officials said over the weekend that they have no “factual information indicating that this attack is connected or related to any other incident.”
(Source: Bleeping Computer)
