University of Pennsylvania Data Stolen in Cyberattack
▼ Summary
– Hackers breached University of Pennsylvania systems using stolen credentials from a social engineering attack targeting development and alumni systems.
– The attackers stole 1.71 GB of internal documents and a Salesforce donor database containing 1.2 million records with personal, financial, and employment information.
– After being locked out, hackers used Penn’s Salesforce Marketing Cloud to send an offensive mass email to 700,000 recipients.
– The university has notified the FBI, is working with CrowdStrike on the investigation, and will notify affected individuals after the investigation concludes.
– Penn is implementing enhanced security measures including employee training on social engineering and warning the community about potential phishing attempts.
The University of Pennsylvania has confirmed a significant cybersecurity breach in which hackers infiltrated systems tied to development and alumni operations, making off with sensitive data. According to a new statement from the university, the attackers gained entry using stolen credentials obtained through a social engineering scheme. Penn staff detected the compromise on October 31 and moved quickly to lock down the affected systems, though not before the intruders sent a fraudulent email to the community and exfiltrated information.
University officials emphasized that while Penn maintains a strong information security program, this incident resulted from a sophisticated identity impersonation tactic. The breach has been reported to the FBI, and the university is collaborating with cybersecurity firm CrowdStrike as the investigation continues.
As initially detailed by BleepingComputer, the threat actors accessed Penn’s network on October 30 using a staff member’s PennKey single sign-on account. This account provided entry into several key platforms, including the university’s Salesforce environment, Qlik analytics, SAP business intelligence tools, and SharePoint. From SharePoint and Box storage, the hackers stole approximately 1.71 GB of internal documents, among them spreadsheets, financial records, and alumni marketing materials.
The attackers also claim to have taken Penn’s Salesforce donor marketing database, which reportedly contains 1.2 million records. A sample of the stolen donor information reveals 158 distinct data fields, covering a wide range of sensitive details. These include personally identifiable information such as full names, birthdates, gender, home and mailing addresses, phone numbers, and email addresses. Financial and donor data, such as gift histories, wealth ratings, and lifetime giving amounts, were also exposed, along with employment details like job titles and academic affiliations.
Even after Penn revoked the initial system access, the hackers stated they retained control of the university’s Salesforce Marketing Cloud account. They used this to distribute an offensive mass email to roughly 700,000 recipients. In a post on a hacking forum, the group indicated they are not currently leaking the stolen records but may release them publicly in one to two months.
Although the attackers described their motives as financially driven, citing Penn’s “vast, wonderfully wealthy donor database”, their messages also included pointed critiques of the university’s diversity, equity, and inclusion practices, admissions policies, and alleged favoritism. Penn is now implementing additional security enhancements, including expanded employee training to recognize and resist social engineering attempts, along with improved system monitoring. Once the investigation concludes, the university will notify individuals impacted by the breach. Students and alumni are advised to remain vigilant against suspicious calls or emails that may be phishing or social engineering attempts.
(Source: Bleeping Computer)
