# Recent cybersecurity incident information and FAQ November 22, 2025 On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access. We continue to work with law enforcement and third-party cybersecurity experts to investigate this incident. This website will be updated. *Last updated: December 19, 2025* ## Frequently asked questions (FAQ) Open all sections Close all sections ### What systems were accessed and are they now secure? expand\_more An unauthorized party accessed information systems used by Alumni Affairs and Development as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access. We are continuing to closely monitor and have no evidence of further unauthorized access. ### What type of information was accessed? expand\_more We continue to work with law enforcement and third-party cybersecurity experts to investigate this incident. Though the information systems that were accessed **do not** generally contain Social Security numbers, passwords, payment card information, or financial account numbers, they **do** include personal information such as email addresses, telephone numbers, home and business addresses, event attendance, details of donations to the University, and other biographical information pertaining to University fundraising and alumni engagement activities. This also includes information about fundraising matters, donors, and communications between alumni and donors and the University. ### Whose information may have been accessed? expand\_more The systems used by Alumni Affairs and Development contain information about individuals and groups associated with the University. These include: - Alumni - Alumni spouses, partners, and widows/widowers of alumni - Donors to Harvard University - Parents of current and former students - Some current students - Some faculty and staff ### Will I receive specific notifications about my own information? expand\_more As our investigation continues, we will assess if specific notifications are needed. ### Do I need to take any action to protect myself / my data? expand\_more We encourage you to be on alert for any unusual or suspicious communications either referencing this incident or your data, or purporting to come from the University (e.g. from an IT help desk): - **Exercise caution.** Be especially cautious with unexpected calls, text messages, or emails requesting sensitive information or asking you to reset your password, even if they appear to come from colleagues or trusted partners. - **Pause before you engage.** If a message appears to be suspicious, do not respond to the message, do not click any links or download any attachments, and do not follow any instructions provided before you are able to verify if the message is legitimate. - **Verify unusual requests.** If you are unsure about the legitimacy of a message purporting to come from the University, [contact the HUIT Service Desk](https://www.huit.harvard.edu/get-help) to confirm. ### Whom can I contact if I have more questions? expand\_more Please email or call 1-833-556-4315. ### I am a member of the media. Whom should I contact? expand\_more Please contact . ## November 22 email message *The following message was shared on November 22, 2025, with those whose information may have been accessed and who had an email address available for contact in these information systems* Subject: Recent cybersecurity incident On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access. We are writing to make you aware that information about you may have been accessed and so you can be alert for any unusual communications that purport to come from the University. Though the information systems that were accessed do not generally contain Social Security numbers, passwords, or financial account numbers, they do include personal information such as email addresses, telephone numbers, home and business addresses, event attendance, and details of donations to the University. We take the privacy and security of your data very seriously. At this time, we do not know precisely what information was accessed. We are working with third-party cybersecurity experts and law enforcement to investigate this incident, and any additional information and relevant updates will be available [on this website](https://www.huit.harvard.edu/cyberincident). Sincerely, Klara Jelinkova Vice President and University Chief Information Officer Jim Husson Vice President for Alumni Affairs and Development