A notorious hacking group has claimed responsibility for last year’s data breaches at Harvard University and the University of Pennsylvania (UPenn), releasing data it allegedly stole from both schools.
On Wednesday, a group known as ShinyHunters released what it claims are more than 1 million records from every university on a dedicated leak site used by the gang to blackmail its victims.
In November, UPenn confirmed a data breach of “a select group of information systems related to Penn development and alumni activities.” At the time, hackers also sent emails to alumni announcing the hack from official university addresses.
The university blamed the breach on social engineering, an attack that often relies on hackers impersonating someone and getting them to do something they wouldn’t normally do. On its official website disclosing the breach, which has since been taken offline, UPenn did not say exactly what type of data the hackers stole, saying only that the cybercriminals accessed “systems related to Penn’s development and alumni activities.”
Contact us
Do you have more information about these breaches or similar attacks? From a non-working device, Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email.
TechCrunch verified part of the dataset by confirming with alumni and public records, such as comparing the data to student ID numbers.
Later in November, Harvard University also confirmed a breach of its alumni systems, blaming it on a voice phishing attack, meaning an attack where hackers trick targets into clicking a link or opening an attachment using a voice call.
Harvard said the stolen data included email addresses, phone numbers, home and business addresses, event attendance, details of donations to the university and other biographical information related to the university’s fundraising and alumni engagement activities.
Techcrunch event
Boston, MA
|
June 23, 2026
The data released by ShinyHunters and seen by TechCrunch appears to match the type of information both universities said was stolen last year.
The hackers said they released the stolen data because universities refused to pay ransoms to prevent them from doing so. Cybercriminals like ShinyHunters often try to blackmail their victims, asking for payment in exchange for not releasing the data they stole, and releasing the data online if the victims refuse to pay.
During the UPenn breach, the hackers appeared to be politically motivated, particularly expressing dissatisfaction with the affirmative action policy. “We hire and accept jerks because we love legacies, donors, and admitting unqualified affirmative action,” the hackers wrote in an email sent to alumni.
ShinyHunters are not known to have political motives. The hackers did not respond to a question about why they included this language in the email.
Penn spokesman Ron Ozio told TechCrunch that the university is “analyzing the data and will notify all individuals as required by applicable privacy regulations.
Harvard did not respond to a request for comment.