"Since discovering this intrusion, Harvard has been working with external information security experts and federal law enforcement to investigate the incident, protect the information stored on our systems, and strengthen IT environments across the University," university provost Alan Garber and executive vice president Katie Lapp said in a statement.
"At this time, we have no indication that personal data, research data, or PIN System credentials have been exposed," Garber and Lapp added. "It is possible that Harvard login credentials (username and password) used to access individual computers and University email accounts have been exposed."
Anyone who's part of the Faculty of Arts and Sciences, the Harvard Divinity School, the Radcliffe Institute for Advanced Study, or the Central Administration is advised to change the password associated with their Harvard account.
Anyone who's part of the Harvard Graduate School of Design, the Harvard Graduate School of Education, the Harvard John A. Paulson School of Engineering and Applied Sciences, or the Harvard T.H. Chan School of Public Health is advised to change their email password.
"Password changes will be required again at a later time as the University takes further steps to enhance security," Garber and Lapp noted.
Members of both groups are advised to update all devices synced to their Harvard account with their new password.
The university stated in a FAQ that the notification was issued as soon as possible. "We notified the community as soon as we were confident that notification would not jeopardize our efforts to secure systems and limit damage from the intrusion, potentially making the situation much more difficult to resolve," it stated.
"Higher education is one of the most targeted industries for cyber attacks, and Harvard frequently detects and repels threats," the FAQ noted. "As attacks become more sophisticated, information security teams must quickly adapt and respond to stay one step ahead."
Photo courtesy of Shutterstock.