Article Details

Princeton University discloses data breach affecting donors, alumni. A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students. According to a press release issued on Saturday, the threat actors breached Princeton's systems by targeting a University employee in a phishing attack. This allowed them to gain access to "biographical information pertaining to University fundraising and alumni engagement activities," including names, email addresses, telephone numbers, and home and business addresses stored in the compromised database. However, Princeton officials noted that the database didn't contain financial info, credentials, or records protected by privacy regulations.  "The database that was compromised does not generally contain Social Security numbers, passwords, or financial information such as credit card or bank account numbers," said Daren Hubbard, Vice President for Information Technology and Chief Information Officer, and Kevin Heaney, Vice President for Advancement. "The database does not contain detailed student records covered by federal privacy laws or data about staff employees unless they are donors." Based on the contents of the compromised database, the university believes that the following groups likely had their data exposed in the data breach: The private Ivy League research university has since blocked the attackers' access to the database and believes they were unable to access other systems on its network before being evicted. Potentially affected individuals are advised to be cautious of any messages claiming to be from the university that request they share sensitive data, such as passwords, Social Security numbers, or bank information. "If you have any doubts about whether a communication you receive from Princeton University is legitimate, please verify its legitimacy with a known University person before clicking on any links or downloading any attachment," the officials added. A spokesperson for Princeton University was not immediately available for comment when contacted by BleepingComputer earlier today. UPenn data breach In early November, the University of Pennsylvania, another private Ivy League research university, confirmed that data stolen in an October cyberattack had been exfiltrated from internal network systems related to Penn's development and alumni activities. As BleepingComputer first reported, the threat actors breached UPenn's systems using a stolen employee PennKey SSO account, which gave them access to the university's Salesforce instance, SAP business intelligence system, SharePoint files, and Qlik analytics platform. They then stole 1.71 GB of internal documents from the university's SharePoint and Box storage platforms, as well as the Salesforce donor marketing database, which contained 1.2 million records. While the two incidents are similar, Princeton officials said over the weekend that they currently have no "factual information indicating that this attack is connected or related to any other incident." 7 Security Best Practices for MCP As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe. This free cheat sheet outlines 7 best practices you can start using today.