This paper presents a detailed analysis of the Harvard University data breach (2025–2026), focusing on identity-centric attack vectors such as vishing, adversary-in-the-middle (AiTM), and MFA bypass techniques. We introduce the Identity Exploitation Model (IEM), a structured four-layer framework for analyzing identity-based cyberattacks across human, authentication, interception, and privilege layers. The attack is further analyzed using MITRE ATT&CK and STRIDE frameworks, highlighting systemic vulnerabilities in modern authentication systems. The findings emphasize the limitations of traditional multi-factor authentication (MFA) and the need for phishing-resistant mechanisms such as FIDO2 and Zero Trust architectures.