- ShinyHunters Leaked Over a Million Stolen Harvard and UPenn Records on Its Dark Website
- The data includes personal details, donation history and demographic information of students, staff, alumni and donors.
- SSO compromise and vishing violations; files released after failed ransom negotiations, without using encryptors
The ShinyHunters hacking group has released all the files it stole from Harvard University and the University of Pennsylvania (UPenn) by the end of 2025.
Apparently, the files are now located on the hackers’ dark website, available for other cybercriminals to download and exploit.
The group claims to have leaked more than a million records. Both organizations confirmed having been breached, while TechCrunch managed to verify a part of the data set.
Negotiations failed, ShinyHunters leaked files
In early November, hackers revealed that they had gained “full access” to a UPenn employee’s SSO account, granting them access to the university’s VPN, Salesforce data, the Qlik analytics platform, SAP’s business intelligence system, and SharePoint files.
The stolen information allegedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, and the like).
They also used the access to send offensive emails to around 700,000 recipients. UPenn initially described the emails as “obviously fake” and “fraudulent,” but then backtracked and confirmed they had been attacked.
About three weeks later, Harvard also confirmed the system compromise and said the personal data of past and present students, staff, and donors was exposed. In a data breach notification letter, the prestigious Ivy League University said a voice phishing attack allowed hackers to access its Development and Alumni Affairs systems.
This led to information about alumni, donors, some faculty and staff, and some current students being breached, and spouses, partners, and parents of alumni, as well as current and former students, were also affected.
ShinyHunters says they decided to leak the files now that negotiations have failed. Typically, hackers steal files and then demand payment in cryptocurrency in exchange for deleting them. When the victim decides not to pay, the data is published, as was the case here. No ciphers were deployed in these attacks.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
