Attackers Breached Systems Serving 8 Harvard Colleges and Offices

About half a month after discovering the intrusion, school officials are warning computer users that their university passwords might have been compromised.

The attack struck systems at Harvard’s Faculty of Arts and Sciences and Central Administration, subsequently affecting eight different schools and administrative organizations at the university.

Officials on July 1, 2015 announced that “it is possible that Harvard login credentials (computer and email passwords, including Office 365) stored on the compromised FAS and Central Administration networks have been exposed.”

There are no current indications research data or personal data like Social Security Numbers managed by Harvard systems have been exposed. Also, there is no indication that PIN credentials, used to access University systems and web resources, have been compromised. Officials currently do not believe Harvard email has been exposed.

The university has posted a FAQ page about the breach that, as of now, does not go into details about the penetration itself or what techniques were used.

Officials contend they spoke up about the incident “as soon as we were confident that notification would not jeopardize our efforts to secure systems and limit damage from the intrusion, potentially making the situation much more difficult to resolve.”

The eight organizations affected are as follows: Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study, Central Administration, Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, and Harvard T.H. Chan School of Public Health.