Data Breach at Princeton University: Personal Information of Donors and Alumni Compromised
A recent cyberattack on Princeton University's systems has exposed the personal information of alumni, donors, faculty, and students. The attack, which occurred on November 10, was carried out by threat actors who targeted a University employee through a phishing attack. This breach allowed them to access sensitive data, including names, email addresses, phone numbers, and home and business addresses, stored in a compromised database.
Despite the breach, Princeton officials assured the public that the database did not contain financial information, credentials, or records protected by privacy regulations. The affected database primarily held biographical data related to fundraising and alumni engagement activities.
The university identified several groups whose data was likely exposed, including:
- All University alumni (enrolled students, even if they didn't graduate)
- Alumni spouses and partners
- Widows and widowers of alumni
- Donors to the University
- Parents of students (current and past)
- Current students
- Faculty and staff (current and past)
Princeton has taken immediate action by blocking the attackers' access to the database and believes they couldn't access other systems before being evicted. The university is urging potentially affected individuals to be cautious of phishing attempts and not share sensitive data with unauthorized sources.
For those with doubts about the legitimacy of communications from Princeton, the university advises verifying with a known University contact before clicking on links or downloading attachments. The university is also encouraging individuals with information about the incident or other undisclosed attacks to contact them confidentially via Signal or email.
This data breach comes on the heels of a similar incident at the University of Pennsylvania (UPenn), another private Ivy League research university, where a cyberattack in October led to the exfiltration of donor data. While the incidents are similar, Princeton officials have stated that they have no evidence of a connection between the two attacks.
For more information on cybersecurity budget benchmarks and strategies, readers can refer to the 2026 CISO Budget Benchmark report, which provides insights from over 300 CISOs and security leaders.
