Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A well-known hacking group has claimed responsibility for last year’s hacking of Harvard University and the University of Pennsylvania (UPenn) and spreading what it claims to have stolen from the two schools.
Wednesday, a group known as ShinyHunters they published what they say are more than 1 million documents from every university on the group’s leaky website, which the group uses to extort victims.
In November, UPenn confirmed the data breach of “a select group of information systems related to Penn’s development and alumni activities.” At the time, the hackers also sent alumni emails announcing the hack from university addresses.
The university said it was a violation of law social statusan attack that usually relies on hackers impersonating someone else and tricking them into doing something they wouldn’t do. In his own website for whistleblowingthat was taken off the Internet, UPenn did not say exactly what kind of data the hackers stole, saying only that the cybercriminals obtained “systems related to Penn’s development and alumni services.”
contact us
Do you have information about this breach, or similar attacks? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email.
TechCrunch verified part of the dataset by verifying with alumni and public records, such as matching the data with student ID numbers.
Later in November, Harvard University confirmed the breach of its alumni policy, and filed a lawsuit against the court. fraud attack, meaning an attack where hackers trick the target audience into clicking a link or opening a connection with a voice call.
Harvard he said that the stolen data included email addresses, phone numbers, home and business addresses, conference attendance, university donation details, and other information related to the university’s fundraising activities and alumni activities.
Techcrunch event
Boston, MA
| |
June 23, 2026
The data published by ShinyHunters, which TechCrunch has seen, appears to match the type of information that both universities said was stolen last year.
The hackers said they released the stolen data because the universities refused to pay a ransom to prevent them from doing so. Cybercriminals like ShinyHunters often try to extort their victims by asking them to pay to keep their stolen information from being published, and if the victims refuse to pay, they release the data online.
In the UPenn breach, the hackers appeared to have political motives, and in particular they expressed dissatisfaction with the authentication policy. “We hire and accept sororities because we love the legacy, the donors, and the unsolicited acceptance,” the thieves wrote in an email sent to alumni.
ShinyHunters is not known to have any political agenda. The hackers did not respond to a question asking why they included the language in the email.
Penn spokesman Ron Ozio told TechCrunch that the university is “reviewing the records and will notify everyone if they need to comply with privacy laws.”
Harvard did not respond to a request for comment.
