A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students.
According to a FAQ page issued on Saturday, the threat actors breached Princeton's systems by targeting a University employee in a phishing attack.
This allowed them to gain access to "biographical information pertaining to University fundraising and alumni engagement activities," including names, email addresses, telephone numbers, and home and business addresses stored in the compromised database.
However, Princeton officials noted that the database didn't contain financial info, credentials, or records protected by privacy regulations.
"The database that was compromised does not generally contain Social Security numbers, passwords, or financial information such as credit card or bank account numbers," said Daren Hubbard, Vice President for Information Technology and Chief Information Officer, and Kevin Heaney, Vice President for Advancement.
"The database does not contain detailed student records covered by federal privacy laws or data about staff employees unless they are donors."
Based on the contents of the compromised database, the university believes that the following groups likely had their data exposed in the data breach:
All University alumni (including anyone ever enrolled as a student at Princeton, even if they did not graduate)
Alumni spouses and partners
Widows and widowers of alumni
... continue reading