Princeton University reported brief data breach affecting advancement database

Princeton University said that external actors briefly accessed a database containing information about alumni, donors, students, and other community members during a cyber intrusion earlier this month. The breach occurred on November 10 and involved a system managed by the university’s advancement office.

The university stated that the compromised database held personal information, including names, contact details, and records of fundraising activities and donations. Princeton said it detected the unauthorized access and removed the intruders within 24 hours, adding that it found no evidence that any other university technology system had been affected.

Investigators determined that the intrusion began after a phone phishing attempt targeted an employee with access to the advancement database. The university said it had no factual basis to connect the incident to any other recent cyber events.

Princeton continued to review the breach and did not release additional details. The incident followed a similar cybersecurity issue reported by the University of Pennsylvania in October, though Princeton said there was no known link between the cases.

The University of Pennsylvania disclosed that attackers accessed systems tied to alumni and donor records on October 31, potentially exposing the personal data of more than one million individuals. Officials said the university was working with the Federal Bureau of Investigation to determine the source of the attack and assess the extent of the exposure.

Columbia University reported another large-scale breach in May, when unauthorized actors accessed its network and obtained files involving personal and academic information of more than 868,000 people, including current and former students and prospective applicants. University officials said the intrusion appeared to be politically motivated and implemented strengthened cybersecurity measures afterward.