A team of hackers protesting the state of modern higher education has released data mined from the servers of Harvard and at least 100 other major universities.
The hacked data was posted online Monday morning under the heading ‘Project WestWind’ by a band of hackers known as Team GhostShell. The release stated that their goal was to “raise awareness towards the changes made in today’s education.”
The data mined from Harvard’s servers appears to be relatively innocuous. Course descriptions—mostly for classes in dance or theatrical technique—make up a large portion of the release, along with identification numbers for student groups and codes for local towns. No passwords, credit card numbers, grades, evaluations, or other confidential information appear to have been compromised.
Other institutions were not so lucky. According to IdentityFinder, a firm specializing in identity theft prevention, 36,623 unique email addresses were released, along with at least one bank account number, a number of username and password combinations, and significant amounts of personal data.
“Based upon a casual sampling of time stamps in the data set, it appears that the hackers spent at least four months aggregating the information prior to release,” said Aaron Titus, Identity’s Finder’s Chief Privacy Officer in a statement.
At the University of Pennsylvania, the Daily Pennsylvanian confirmed that records such as currency card numbers, full names, and email addresses for students, faculty, and staff had been released.
Team GhostShell told The Crimson in an email that its aim was not to inflict harm.“
The point of it all was not to harm the people themselves, but to bring everyone’s attention to the downfall of today’s education and at the same time [to] the fact that their security is a joke,” said a spokesperson for GhostShell.
The source, who due to the criminal nature of his activities declined to provide his name, can only be identified by his online username, DeadMellox.
This is not the first time Team GhostShell has attempted to use hacked data to send a broader message. This summer, the group attacked Italian government servers to protest the supposed presence of ultra-nationalist and racist tones in European foreign policy. Targets of previous operations include stock exchanges, banks, consulting firms, and research labs at MIT.
Multiple members of the Harvard University Information Technology Department refused to comment on the alleged breach.
“Harvard University is vigilant in working to protect all of its information. As a policy, the University does not comment on reports of breaches. If and when a breach occurs, the University corrects the problem immediately, notifies all affected parties as soon as possible, and reviews protocols broadly to prevent similar incidents in the future,” wrote Nicholas L. Connors, a communications officer for HUIT, in an emailed statement after he could not be reached by phone.