Harvard Announces Data Security Breach


Harvard University has announced that it experienced a data breach in June of this year in the IT systems of its Faculty of Arts and Sciences and Central Administration, which has so far affected 8 schools and administrative organizations at the school.

A memo was sent out late Wednesday night to students and faculty announcing the breach written by Anne Margulies, Harvard’s Vice President and Chief Information Officer.  Margulies stated that while it was not clear exactly what hackers gained, at the very least users’ school logins and email information was taken.  The school does not believe that any research data, personal data, or student PIN credentials were accessed.

“At this time, we have no indication that research data or personal data managed by Harvard systems (e.g. social security numbers) have been exposed. There is no indication that PIN credentials, used to access University systems and web resources, have been exposed,” the note reads.

The university has set up a “Cyber Alert” site in response to the attack, letting students at all 8 affected schools to change their email passwords while the situation is under investigation.  Those students enrolled at the Faculty of Arts and Sciences, Divinity School, Radcliffe Institute for Advanced Study, and Central Administration have been asked to change both email passwords and passwords associated with Harvard logins.

The university added that students enrolled in other schools do not need to change their passwords, but it would not hurt to do so anyway.

While Margulies did not have any information with regards to how the breach happened, or who was responsible for it, she did say that the school would be monitoring the situation from now on.

This is not the first time a US university or college has been the target of such a breach.  The University of Tampa suffered a breach in 2012 which affected 30,000 students and faculty members.  More recently, a breach at the University of Maryland affected 300,000 student records and a similar situation occurred at the University of South Carolina affecting 34,000.

Ingrid Lunden for TechCrunch reports that IT security across the US is facing a sensitive time, particularly pertaining to high-profile government and institutional systems.  A breach was recently suffered by the U.S. Office of Personnel Management, which is in charge of the civil service of the federal government and other areas such as security clearance, possibly affecting over 4 million records in addition to the possible theft of up to 18 million social security numbers.  The US maintains the China is currently the lead suspect in the attack.