A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students.
According to a FAQ page issued on Saturday, the threat actors breached Princeton’s systems by targeting a University employee in a phishing attack.
This allowed them to gain access to “biographical information pertaining to University fundraising and alumni engagement activities,” including names, email addresses, telephone numbers, and home and business addresses stored in the compromised database.
However, Princeton officials noted that the database didn’t contain financial info, credentials, or records protected by privacy regulations.
“The database that was compromised does not generally contain Social Security numbers, passwords, or financial information such as credit card or bank account numbers,” said Daren Hubbard, Vice President for Information Technology and Chief Information Officer, and Kevin Heaney, Vice President for Advancement.
“The database does not contain detailed student records covered by federal privacy laws or data about staff employees unless they are donors.”
Based on the contents of the compromised database, the university believes that the following groups likely had their data exposed in the data breach:
- All University alumni (including anyone ever enrolled as a student at Princeton, even if they did not graduate)
- Alumni spouses and partners
- Widows and widowers of alumni
- Any donor to the University
- Parents of students (current and past)
- Current students
- Faculty and staff (current and past)
The private Ivy League research university has since blocked the attackers’ access to the database and believes they were unable to access other systems on its network before being evicted.
Potentially affected individuals are advised to be cautious of any messages claiming to be from the university that request they share sensitive data, such as passwords, Social Security numbers, or bank information.
“If you have any doubts about whether a communication you receive from Princeton University is legitimate, please verify its legitimacy with a known University person before clicking on any links or downloading any attachment,” the officials added.
A spokesperson for Princeton University redirected us to the FAQ page when asked about the number of individuals affected by the data breach and whether the attackers had made a ransom demand.
If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at [email protected].
UPenn data breach
In early November, the University of Pennsylvania, another private Ivy League research university, confirmed that data stolen in an October cyberattack had been exfiltrated from internal network systems related to Penn’s development and alumni activities.
As BleepingComputer first reported, the threat actors breached UPenn’s systems using a stolen employee PennKey SSO account, which gave them access to the university’s Salesforce instance, SAP business intelligence system, SharePoint files, and Qlik analytics platform.
They then stole 1.71 GB of internal documents from the university’s SharePoint and Box storage platforms, as well as the Salesforce donor marketing database, which contained 1.2 million records.
While the two incidents are similar, Princeton officials said over the weekend that they currently have no “factual information indicating that this attack is connected or related to any other incident.”
Update November 17, 14:53 EST: Added Princeton statement.
Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.