University of Pennsylvania Data Breach Exposed in Hack
▼ Summary
– The University of Pennsylvania experienced a cybersecurity incident where offensive emails were sent to students and alumni from university addresses, claiming a data breach occurred.
– The fraudulent emails criticized Penn’s security practices and admission policies, alleging violations of federal laws and Supreme Court rulings.
– Penn confirmed the emails were fake and stated their Incident Response team is actively addressing the situation.
– The emails were sent through the university’s “connect.upenn.edu” mailing list platform, but it’s unclear if the account was compromised.
– Penn has warned recipients to disregard the emails and added a banner to its website about the incident.
A significant cybersecurity event has impacted the University of Pennsylvania, with students and alumni receiving a wave of unsolicited and offensive emails from official university accounts. These messages falsely claimed that a data breach had occurred and included harsh criticism of the institution’s security protocols and admission practices.
The subject line of the emails read “We got hacked (Action Required).” The content contained vulgar language, attacking the university as elitist and accusing it of poor security measures and unmeritocratic admissions. The messages specifically referenced legacy admissions, donors, and affirmative action, while also threatening to leak data in violation of federal laws like FERPA.
These fraudulent emails originated from various Penn-affiliated addresses, including one belonging to the Penn Graduate School of Education. All messages were distributed using the “connect.upenn.edu” mailing list platform, which is hosted on Salesforce Marketing Cloud. It remains uncertain whether the university’s account on this marketing platform was directly compromised to facilitate the mass mailing.
A spokesperson for the University of Pennsylvania confirmed awareness of the situation. They identified the communication as a fake and stated that the offensive content does not reflect the values or actions of the university. The University’s Office of Information Security is aware of the situation, and our Incident Response team is actively addressing it, the spokesperson noted.
The university has since posted a banner on its official website advising recipients to simply delete the fraudulent emails. The notice asks individuals not to report this specific incident, as it is already under investigation. However, it encourages people to contact their local IT support provider if they receive any new or different messages that cause concern.
This incident follows Penn’s recent decision to decline an invitation to join the Trump administration’s “Compact for Excellence in Higher Education.” The university had provided feedback expressing concerns about the program, which proposed linking preferential funding to the adoption of certain policy reforms.
When BleepingComputer sought additional comments from the university, a representative indicated that there was no further information to share at this time. The investigation into the breach is ongoing.
(Source: Bleeping Computer)
