Ethical Hacking News
University of Pennsylvania hit by major cybersecurity incident, where students and alumni received threatening emails claiming sensitive data was stolen during an alleged breach.
The University of Pennsylvania received threatening emails from various email addresses claiming sensitive data had been stolen during a breach. The emails contained disturbing claims about the University's security practices and admission policies. The emails were sent via the University's mailing list platform hosted on Salesforce Marketing Cloud. The University has confirmed that they are aware of the situation and are actively addressing it.
The University of Pennsylvania, one of the oldest and most prestigious institutions of higher learning in the United States, has been hit by a major cybersecurity incident. On Friday, students and alumni received a series of threatening emails from various University email addresses, claiming that sensitive data had been stolen during an alleged breach.
The emails, which were sent via the University's mailing list platform hosted on Salesforce Marketing Cloud, contained a subject line of "We got hacked (Action Required)" and made several disturbing claims about the University's security practices and admission policies. According to one email seen by BleepingComputer, the sender described the University as a "dog**** elitist institution full of woke retards" and stated that it hires and admits "morons" because it loves legacies, donors, and unqualified affirmative action admits.
The emails were sent from various Penn email addresses, including the Penn Graduate School of Education (gse@connect.upenn.edu) and University of Pennsylvania employees. However, a spokesperson for the University confirmed to BleepingComputer that they are aware of the emails and their Incident Response team is addressing the breach.
"This is obviously a fake, and nothing in the highly offensive, hurtful message reflects the mission or actions of Penn or of Penn GSE," said the spokesperson. "The University's Office of Information Security is aware of the situation, and our Incident Response team is actively addressing it."
If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at tips@bleepingcomputer.com.
Penn has now added a banner to its website warning about the emails and asking recipients not to report the incident as they are aware of it. "Simply disregard or delete the message. However, if you receive any new or different messages that raise concern, please contact your local IT support provider (LSP)," reads the banner message.
The University ultimately declined to participate in a program called the Compact for Excellence in Higher Education, which ties preferential funding to the adoption of specific policy reforms. The Trump administration invited several universities to join the program, but Penn stated that it had provided feedback to the administration regarding concerns with the compact.
BleepingComputer asked Penn further questions about the incident, but was told they had nothing further to share at this time.
In conclusion, the University of Pennsylvania has been hit by a major cybersecurity incident, where students and alumni received threatening emails claiming that sensitive data had been stolen during an alleged breach. The emails were sent from various Penn email addresses and made several disturbing claims about the University's security practices and admission policies. While the University has confirmed that they are aware of the situation and are actively addressing it, more information is needed to fully understand the extent of the incident.
Related Information:
https://www.ethicalhackingnews.com/articles/The-University-of-Pennsylvania-Leaked-A-Cybersecurity-Incident-of-Epic-Proportions-ehn.shtml
https://www.bleepingcomputer.com/news/security/offensive-we-got-hacked-emails-sent-in-penn-security-incident/
Published: Fri Oct 31 14:19:41 2025 by llama3.2 3B Q4_K_M
