Recent cybersecurity incident information and FAQ
On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access.
We continue to work with law enforcement and third-party cybersecurity experts to investigate this incident. This website will be updated.
Last updated: December 19, 2025
Frequently asked questions (FAQ)
An unauthorized party accessed information systems used by Alumni Affairs and Development as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access.
We are continuing to closely monitor and have no evidence of further unauthorized access.
We continue to work with law enforcement and third-party cybersecurity experts to investigate this incident.
Though the information systems that were accessed do not generally contain Social Security numbers, passwords, payment card information, or financial account numbers, they do include personal information such as email addresses, telephone numbers, home and business addresses, event attendance, details of donations to the University, and other biographical information pertaining to University fundraising and alumni engagement activities. This also includes information about fundraising matters, donors, and communications between alumni and donors and the University.
The systems used by Alumni Affairs and Development contain information about individuals and groups associated with the University. These include:
- Alumni
- Alumni spouses, partners, and widows/widowers of alumni
- Donors to Harvard University
- Parents of current and former students
- Some current students
- Some faculty and staff
As our investigation continues, we will assess if specific notifications are needed.
We encourage you to be on alert for any unusual or suspicious communications either referencing this incident or your data, or purporting to come from the University (e.g. from an IT help desk):
- Exercise caution. Be especially cautious with unexpected calls, text messages, or emails requesting sensitive information or asking you to reset your password, even if they appear to come from colleagues or trusted partners.
- Pause before you engage. If a message appears to be suspicious, do not respond to the message, do not click any links or download any attachments, and do not follow any instructions provided before you are able to verify if the message is legitimate.
- Verify unusual requests. If you are unsure about the legitimacy of a message purporting to come from the University, contact the HUIT Service Desk to confirm.
Please email cyberincident@harvard.edu or call 1-833-556-4315.
Please contact media@harvard.edu.
November 22 email message
The following message was shared on November 22, 2025, with those whose information may have been accessed and who had an email address available for contact in these information systems
Subject: Recent cybersecurity incident
On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access.
We are writing to make you aware that information about you may have been accessed and so you can be alert for any unusual communications that purport to come from the University. Though the information systems that were accessed do not generally contain Social Security numbers, passwords, or financial account numbers, they do include personal information such as email addresses, telephone numbers, home and business addresses, event attendance, and details of donations to the University.
We take the privacy and security of your data very seriously. At this time, we do not know precisely what information was accessed. We are working with third-party cybersecurity experts and law enforcement to investigate this incident, and any additional information and relevant updates will be available on this website.
Sincerely,
Klara Jelinkova
Vice President and University Chief Information Officer
Jim Husson
Vice President for Alumni Affairs and Development