Harvard University and the University of Pennsylvania were named as victims and had data leaked by ShinyHunters, the prolific hack-and-leak group responsible for numerous high-profile breaches including the Snowflake UNC5537 campaign. The data was obtained via ShinyHunters’ characteristic vishing social engineering campaign targeting IT helpdesks at cloud service providers holding Harvard and UPenn data. Exposed data reportedly included alumni contact information, donor records, or institutional data. Both universities notified affected individuals. ShinyHunters has previously targeted Santander, Ticketmaster, and dozens of other organizations through similar cloud provider social engineering campaigns.