Princeton University is investigating a security incident involving an Advancement database that was accessed by unauthorized actors on November 10. The system includes information about alumni, donors, some faculty, students, parents, and other members of the University community. This page is being updated with the latest details about the response and answers to frequently asked questions.
On November 15, 2025, Princeton sent the following message to individuals who may have been affected:
A Princeton University Advancement database was accessed by outside actors for a period of less than one day on November 10. The database includes information about alumni, donors, some faculty, students, parents, and other members of the University community, and it is possible that your information was viewed during this time.
The University’s cybersecurity and IT teams are working continuously with outside specialists and law enforcement to understand exactly what happened and what it means for your personal information.
Because the investigation is still ongoing, the university is encouraging you to stay alert for any unusual communications that appear to come from Princeton. The University will never contact you by phone, text, or email to request sensitive information such as Social Security numbers, passwords, or bank details. If you receive a message that raises any concern, please confirm its legitimacy with a known Princeton contact before clicking on any links or downloading any files.
Based on findings so far:
• The affected database does not typically store Social Security numbers, passwords, or financial account information.
• It does not include detailed student records protected under federal privacy rules, nor does it include staff employee data unless the staff member is also a donor.
• It does contain personal details such as names, email addresses, phone numbers, and home and business addresses, along with information related to University fundraising and donation history.
Princeton detected the intrusion quickly and removed the attackers from the system within 24 hours. The university says there is no indication that any other University technology system was affected. It is not yet known which specific records were viewed or accessed, and the University will share additional updates as soon as more information becomes available.
