Princeton University confirms data breach affecting students, alumni and donors
Princeton University has disclosed a data breach that exposed personal information belonging to alumni, donors, students and other members of its community, following unauthorised access to one of its internal databases.
In notification letters sent to affected individuals, the Ivy League institution said attackers gained access to an Advancement database that holds contact and engagement details for alumni, donors, some faculty, students, parents and other associates of the university.
The compromised system contained personally identifiable information including names, email addresses, phone numbers, and home and business postal addresses. The database also held records related to fundraising activities and donations made to Princeton.
The university stressed that more sensitive information was not involved in the incident. Social Security numbers, passwords, and financial data such as credit card or bank account numbers were not stored in the affected database and therefore were not exposed. Detailed student records protected by federal privacy laws and data relating to staff employment were also not part of the breach.
Despite the absence of financial or password data, security experts warn that even basic contact information can be highly valuable to cybercriminals. With accurate names, addresses and a confirmed connection to Princeton, attackers can craft convincing phishing emails or text messages that appear to come from the university, in an effort to steal login credentials or prompt fraudulent payments.
Princeton has urged community members to treat unsolicited communications with caution and to be suspicious of any message that requests sensitive details. The university has reminded recipients that legitimate staff will not contact them asking for information such as Social Security numbers, banking details or passwords, and advised anyone in doubt to verify requests directly with a known Princeton contact before clicking links or opening attachments.
According to the university, its IT team has cut off the attackers’ access to the Advancement database and believes the intrusion was contained to that single system. There is currently no evidence that other parts of the university network were accessed before the breach was detected and blocked.
Photo Credit: DepositPhotos.com