Harvard University Data Breach: Personal Information of Alumni and Donors Exposed

[johny899]

Have you heard about the most recent data breach at Harvard? I was surprised too. So let’s take a minute to break down the situation in simple terms with no technical jargon. We’ll have a friendly chat about what actually happened.

What Happened?​

According to Harvard, an individual hacked into their Alumni Affairs and Development (AAD) computer system. The hacker did not gain entrance to the server with an illegal tool; rather, the hacker utilized vishing to convince someone over the phone to provide them access into the AAD system.

Once Harvard learned of the hacking incident, they acted promptly and terminated the hacker’s access to the AAD system. They immediately sought the help of cybersecurity experts and local law enforcement to conduct an investigation of the incident.

What Information Was Exposed?​

As difficult as it may be to accept, some of the exposed personal information may have included:

• Email Addresses
• Telephone Numbers
• Home or Work Addresses
• Past Attendance Records for Events
• Donation Information
• Basic Biographical Information

That said, the positive news is that Social Security numbers, banking details, or passwords were not part of the affected data set. The most confidential financial information is still secure.

Who Has Been Impacted by the Data Breach?​

This incident affected more than just one individual. A large number of individuals with connections to Harvard were affected, such as:

• Former students or individuals who obtained degrees
• People who provide monetary support to Harvard
• The significant other or spouse of the alumni
• The parents of the current students attending Harvard
• Some of the current students who are attending Harvard and some of the professors and their immediate staff

So if you count all of the above, there is a large list of impacted individuals.

How Did Harvard Respond to the Incident?​

On November 22, Harvard sent an email to everyone notifying them about the incident. Harvard also created an FAQ section on their website for people with questions about the incident.

Harvard warned all individuals to be cautious of phone calls, emails, or text messages that may be from individuals impersonating Harvard representatives asking for personal information from the individuals.

Harvard made it very clear to all individuals that they would never request their password or financial information from them via either phone calls or emails. Harvard will be working with experts to determine how the incident occurred.

Why is This a Significant Incident?​

I know that data breaches occur all over the world, but this incident appears to be a serious incident. Harvard has an extensive network of alumni and supporters, and as a result, they have an extensive amount of sensitive personal information in their systems.

Many other large universities have reported to have been affected by this same type of breach in just the past few months. All of this raises the question if hackers could be systematically attacking colleges one by one. Do colleges have an increased vulnerability now and are they more easily targeted by hackers?

How Do You Approach the Call from Harvard?​

Few Simple Steps to Take If You Receive a Call from Harvard:

• Be aware of any unusual emails, phone calls, or text messages you receive.
• If you get any type of message that looks suspicious, don't click on any links.
• Only provide personal information if you are certain the request was made by someone legitimate.
• Report anything that seems suspicious about the call back to Harvard promptly.

Conclusion​

In conclusion, this incident is an example of the potential impact that can result from one phone call. Even Harvard University is vulnerable to scams and con artists. Personally, I would monitor my email account for suspicious activity as a former student of Harvard.