The following message was shared on November 22, 2025, with those whose information may have been accessed and who had an email address available for contact in these information systems
Subject: Recent cybersecurity incident
On Tuesday, November 18, 2025, Harvard University discovered that information systems used by Alumni Affairs and Development were accessed by an unauthorized party as a result of a phone-based phishing attack. The University acted immediately to remove the attacker’s access to our systems and prevent further unauthorized access.
We are writing to make you aware that information about you may have been accessed and so you can be alert for any unusual communications that purport to come from the University. Though the information systems that were accessed do not generally contain Social Security numbers, passwords, or financial account numbers, they do include personal information such as email addresses, telephone numbers, home and business addresses, event attendance, and details of donations to the University.
We take the privacy and security of your data very seriously. At this time, we do not know precisely what information was accessed. We are working with third-party cybersecurity experts and law enforcement to investigate this incident, and any additional information and relevant updates will be available on this website.
Sincerely,
Klara Jelinkova
Vice President and University Chief Information Officer
Jim Husson
Vice President for Alumni Affairs and Development
