{"id":202008,"date":"2026-04-03T16:13:00","date_gmt":"2026-04-03T20:13:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/03\/harvard-warns-of-active-cyberattack-impersonating-it-staff-and-targeting-affiliates-news\/"},"modified":"2026-04-03T16:30:13","modified_gmt":"2026-04-03T20:30:13","slug":"harvard-warns-of-active-cyberattack-impersonating-it-staff-and-targeting-affiliates-news","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/03\/harvard-warns-of-active-cyberattack-impersonating-it-staff-and-targeting-affiliates-news\/","title":{"rendered":"Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates | News"},"content":{"rendered":"

Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates | News<\/a><\/p>\n

https:\/\/www.thecrimson.com\/article\/2026\/4\/4\/harvard-cybersecurity-threat\/<\/a><\/p>\n

Publish Date: 2026-04-03 16:13:00<\/a><\/p>\n

Source Domain: www.thecrimson.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. Harvard is monitoring an ongoing cybersecurity threat involving individuals impersonating University information technology staff to gain access to accounts and sensitive data, according to a Friday afternoon message to affiliates.The attackers are contacting affiliates directly \u2014 often urging them to join live phone calls or directing them to fraudulent websites designed to mimic official Harvard pages \u2014 in an attempt to steal login credentials, according to the email.Harvard Chief Information Security and Data Privacy Officer Michael Tran Duff wrote that the scam represents \u201can active and specific cybersecurity threat,\u201d urging affiliates to remain on \u201chigh alert.\u201dDuff cautioned recipients not to engage with unsolicited communications claiming to be from \u201cHarvard IT,\u201d and warned against logging into unfamiliar websites, installing software, or executing commands at a caller\u2019s direction. Legitimate Harvard websites, he noted, will always end in \u201c.edu.\u201dThe alert comes amid a broader wave of similar attacks at peer institutions. On Thursday, officials at the University of Pennsylvania\u2019s Annenberg School warned affiliates of nearly identical \u201cadvanced social engineering attacks\u201d involving impersonation and fake university websites.Harvard\u2019s Friday warning follows a series of recent cybersecurity incidents at the University.In September, Clop \u2014 a Russian-speaking cybercrime group known for exploiting software vulnerabilities and extorting organizations by threatening to publish stolen data \u2014 claimed it had breached Harvard through a flaw in Oracle\u2019s E-Business Suite and planned to release the information on its leak site.Two months later, a phone-based phishing attack allowed an unauthorized user to access donor and contact information from Harvard\u2019s Alumni Affairs and Development Office.Duff wrote that affiliates who believe they may have been targeted to report the incident immediately, emphasizing the importance of a rapid response.\u201cMere minutes can make the difference in Harvard\u2019s ability to protect you and the University,\u201d he wrote.A spokesperson for Harvard University Information Technology declined to comment. University spokespeople did not immediately respond to a request for comment.\u2014Staff writer Sebastian B. Connolly can be reached at [email\u00a0protected] or on Signal @sbc.23. Follow him on X @SebastianC4784.\u2014Staff writer Summer E. Rose can be reached at [email\u00a0protected] or on Signal @ser.85. Follow her on X @summerellenrose.
<\/p>\n","protected":false},"excerpt":{"rendered":"

Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates | News https:\/\/www.thecrimson.com\/article\/2026\/4\/4\/harvard-cybersecurity-threat\/ Publish…<\/p>\n","protected":false},"author":1,"featured_media":202009,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/thumbnails.thecrimson.com\/photos\/2022\/04\/11\/214504_1355742.jpg.2000x1333_q95_crop-smart_upscale.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,25],"class_list":["post-202008","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202008"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=202008"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202008\/revisions"}],"predecessor-version":[{"id":202010,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202008\/revisions\/202010"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/202009"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=202008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=202008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=202008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}