Hackers accessed a database that likely contained the personal details of Jeff Bezos, Michelle Obama, Pete Hegseth, and several US Supreme Court Justices.
Princeton University, one of the world’s most prestigious universities, has suffered a major data breach, exposing details of every single person who has ever graduated or enrolled in the Ivy League school.
“On November 10th, a Princeton University Advancement database containing information about alumni, donors, faculty, staff, students, parents, and other members of the University community was compromised by outside actors,” read the university’s notice.
Princeton said that all university alumni, including individuals who enrolled and did not graduate, were exposed to the attack. Since Princeton is one of the richest and established research schools on the planet, it has many famous alumni.
For example, Amazon’s CEO Jeff Bezos graduated from Princeton in 1986, while former first lady Michelle Obama received her diploma in 1986. Eric Schmidt, former CEO of Google, graduated in 1976.
Other notable individuals, who currently serve high up the command chain of the US government, include Pete Hegseth, the US Secretary of Defense and three out of eight US Supreme Court Associate Justices: Samuel Alito, Elena Kagan, and Sonia Sotomayor.
According to Princeton, it was not only alumni who had their details stolen. The list of exposed people also includes alumni spouses, university donors, parents of students, and past and present faculty and staff.
“We do not at this point know precisely what information was viewed or extracted. The database in general contains biographical information pertaining to University fundraising and alumni engagement activities. We believe it does not contain passwords, Social Security numbers, credit card information, or bank account records,” the university explained.
The university revealed that attackers managed to get their hands on the database via a phishing attack. Malicious actors targeted a university employee via phone, a common tactic hackers use to breach institutions that usually utilize sound cybersecurity practices.
The so-called “phone phishing” is a subset of social engineering attacks. In these cases, attackers impersonate legitimate requests to obtain passwords or other credentials that help them access closed networks.
Some hacking groups, such as the infamous Scattered Spider, utilized social engineering to breach major UK retailer Marks & Spencer. The attackers tricked the IT service desk into revealing details that allowed them to access restricted systems. The same type of attacks facilitated the MGM Resorts data breach and Caesars hacking.
Meanwhile, Princeton explained that the incident began midday November 10th, and was blocked in less than 24 hours. The school notified law enforcement and launched an investigation to determine exactly what type of details were exposed in the attack.
Princeton is not the first Ivy League school to have hackers penetrate its systems. In late August, Columbia University experienced a similar attack, which exposed nearly 900,000, also including many of the past alumni.
Prominent higher education institutions are often on cybercriminals’ radar. Earlier this year, a ransomware gang claimed responsibility for an attack on Sorbonne University, one of the most prestigious universities in Europe.
However, according to information from Princeton University, the hack doesn’t appear to be related to any other data breach. At the same time, the university said there doesn’t seem to be a political motive behind the attack.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked