Impact & Downstream Threats
This breach carries high risk due to the nature of exposed data fields and the scale of affected records.
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Breach Intelligence
Executive Summary
In late 2025 and early 2026, the cyber-extortion group ShinyHunters (often operating under the moniker "Scattered Lapsus$ Hunters") targeted Harvard University, specifically compromising the Alumni Affairs and Development (AAD) department. The breach, which was initially disclosed by the university in November 2025 following a sophisticated "vishing" (voice phishing) attack, resulted in the exfiltration of a massive dataset. The leak is particularly notable for its depth, exposing not just high-level contact information but also a "social graph" of some of the world’s most influential individuals, including their "wealth bands" and intimate institutional notes.,
, As of February 4, 2026, the published data contains the following verified records:,
, 1,781,261 Full Names,
, 1,344,390 Dates of Birth,
About Harvard University
Private research university in Massachusetts.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 1.2M records identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Non-clients may request a breach impact review.
Frequently Asked Questions
In November 2025, Harvard University experienced a data breach that exposed approximately 1.2M records containing personal information.
The exposed data includes fields such as date of birth, email address, full name, phone number.
Approximately 1.2M records were affected based on current breach intelligence.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Harvard University
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam