85%
Urgent account verification request
account_verification_urgent
Case Study — Ivy League
ShinyHunters breached
Harvard and UPenn.
Voice phishing compromised Alumni Affairs staff at both universities. 739,000 records leaked, including donor wealth bands. Both universities refused the $1M ransoms. ShinyHunters published the data in February 2026.
The initial compromise was a phone call we cannot intercept. But the follow-up phishing, credential harvesting pages, and lateral movement? That is where suss. stops the chain.
What happened
The attack.
01
Voice phishing compromised staff
ShinyHunters used voice phishing to trick Alumni Affairs staff at Harvard and UPenn into sharing credentials. The attackers impersonated IT support over the phone.
02
739K records exfiltrated
The attackers accessed alumni databases containing names, addresses, donation history, and donor wealth bands. They demanded $1M ransom from each university.
03
Both universities refused the ransom
Harvard and UPenn declined to pay. ShinyHunters leaked the data in February 2026, exposing hundreds of thousands of donors and alumni.
Source: TechCrunch
Detection
What suss.
would have seen.
We ran a reconstructed version of this attack through the production API. Here's what fired.
suss. verdict
60%
HIGH RISK
Credential Harvesting Attack Detected
4 threat indicators fired
80%
Social Security number requested
ssn_request
75%
Fake tech support callback number
tech_support_callback_scam
70%
Credential harvesting via fake login page
credential_harvesting
Recommended actions
- 01Never share credentials over the phone. IT will never ask for your password.
- 02Navigate to university systems directly via bookmarks, not links.
- 03Report this to IT security immediately.
- 04If you shared credentials, reset your password and enable MFA now.
- 05Enable multi-factor authentication on all university systems.
Impact
The cost.
739K
Records leaked
$1M
Ransom demanded, each university
2
Ivy League universities hit simultaneously
Pattern
Why alumni databases are premium targets.
01
High-value donor data
Alumni databases contain wealth bands, donation history, and personal details. Premium data on the dark web.
02
Advancement offices are trusting
Alumni Affairs staff are relationship-builders by nature. Social engineering exploits their helpfulness.
03
Decentralized IT security
Each department manages its own systems. A single compromised account in Alumni Affairs can access databases campus-wide IT may not monitor.
04
Ransom leverage
Leaking donor wealth data threatens fundraising relationships. Enormous pressure to pay, even when universities publicly refuse.
With vs without
Two timelines.
Two outcomes.
Without suss.
- 01Voice phishing call tricks staff into sharing credentials.
- 02Attacker accesses the alumni database undetected.
- 03Follow-up phishing emails sent from the compromised account.
- 04739K records exfiltrated over days.
- 05$1M ransom demand. Both universities refuse.
- 06Data leaked publicly. Donor trust shattered.
With suss.
- 01Voice call still happens. Phone interception is a gap we are closing.
- 02Follow-up credential harvesting emails flagged instantly.
- 03Fake login pages blocked by the page analyzer and form guard.
- 04Compromised account phishing detected and reported.
- 05IT security alerted before lateral movement succeeds.
- 06Attack chain broken. Database access prevented.
Get protected
Don't be the
next case study.
Book a 15-minute pilot conversation. We'll show you the threats targeting your institution right now and walk through deployment.
Free 30-day pilot for qualified institutions. No IT integration required.