- Hackers accessed Princeton’s Advancement database, exposing contact information for alumni, donors and members.
- No social security numbers, passwords or financial data were compromised in the breach.
- Princeton warns of phishing risks and confirms that attackers’ access was contained in a system
Princeton University has confirmed that it recently suffered a cyberattack in which it lost confidential data of some of its members.
In a data breach notification letter sent to an undisclosed number of people, the University said the threat actors accessed an Advancement database belonging to the Ivy League institution, where they were able to access information about alumni, donors, some faculty, students, parents and other members of the organization.
The compromised database contained personally identifiable information such as names, email addresses, telephone numbers, and residential and business addresses. The database also contained information on fundraising activities and donations made to the university.
Princeton warns of phishing attacks
Princeton also emphasized that Social Security numbers, passwords or financial information, such as credit card and bank account numbers, were not disclosed.
Detailed student records covered by federal privacy laws and employee data were also not disclosed.
However, even with just the “basic” data exposed, cybercriminals will have enough to launch destructive attacks.
By knowing people’s full names, addresses, and university connections, they can create convincing phishing emails, trick victims into sharing their login credentials, or even make fraudulent payments. That’s why Princeton urged all members to be alert for unusual messages claiming to come from the university.
“No one at Princeton University should call, text, or email you asking for confidential information, such as Social Security numbers, passwords, or banking information,” the letter says.
“If you have any doubt about whether a communication you receive from Princeton University is legitimate, please verify its legitimacy with someone you know at the University before clicking on any link or downloading any attachment.”
The university’s IT team has since removed the attackers’ access to the database and believes the bad actors were unable to access any other systems on the network before being kicked out.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
