Princeton University hit by major cyberattack; student, donor and alumni data stolen

Princeton University has confirmed that a database containing information on alumni, donors, and students was “compromised by outside actors for less than 24 hours.” The incident, which occurred this week, affected a system within the Ivy League school’s advancement office. The database contained personal information, including names, contact details, and specifics regarding “fundraising activities and donations” made to the university, according to an email sent to alumni and posted on Princeton’s website. In a blog post, the university officials wrote: “We discovered the incident and removed the attacker(s) from our systems within 24 hours and believe that no other Princeton technology system was compromised.”The intruder gained access to the university’s data through a phone phishing incident targeting a Princeton employee who had access to the advancement database. In phishing attacks hackers impersonate trusted sources through emails, calls, or messages to deceive people into sharing sensitive information. It exploits human trust to gain access to data like passwords and financial details. While the University of Pennsylvania experienced a separate cybersecurity incident in October, Princeton officials have stated they have no “factual information” suggesting a connection between the two events.

Read Princeton University’s full statement here

In a blog post, Princeton University wrote: “The following message was sent Nov. 15, 2025 to people potentially affected by this incident.On November 10, a Princeton University Advancement database containing information about alumni, donors, some faculty, students, parents, and other members of the University community was compromised by outside actors for less than 24 hours. Information about you may have been accessed.Our teams are working around the clock with outside experts and law enforcement to understand precisely what happened here and how it may affect your personal information.While our investigation is ongoing, we are reaching out to you now to urge you to be alert for unusual messages that purport to come from the University. No one from Princeton University should ever call, text, or email you asking for sensitive information such as Social Security numbers, passwords, or bank information. If you have any doubts about whether a communication you receive from Princeton University is legitimate, please verify its legitimacy with a known University person before clicking on any links or downloading any attachment.Based on our investigation to date, we believe that:The database that was compromised does not generally contain Social Security numbers, passwords, or financial information such as credit card or bank account numbers.The database does not contain detailed student records covered by federal privacy laws or data about staff employees unless they are donors.The database does contain personal information such as names, email addresses, telephone numbers, and home and business addresses. It also contains information about fundraising activities and donations made to the University.We discovered the incident and removed the attacker(s) from our systems within 24 hours and believe that no other Princeton technology system was compromised. At this point, we don’t know what information in the database was viewed or accessed. We will be in touch when we know more. In the meantime, we have begun to compile information at https://oit.princeton.edu/incident which will be updated regularly. If you have immediate questions, please respond to this message or email [email protected].Sincerely,Daren Hubbard, Vice President for Information Technology and Chief Information OfficerKevin Heaney, Vice President for Advancement”