443/68 Tuesday, November 4, 2025
A cybersecurity student researcher has revealed that the University of Pennsylvania (Penn) was the target of a cyberattack, with the hacker group claiming to have stolen data on more than 1.2 million donors, along with internal university documents. The incident surfaced after numerous alumni and students received emails from the domain “@upenn.edu” containing messages critical of the university on November 1, 2025.
The attackers gained access by compromising the PennKey SSO account of an employee, allowing them to access multiple internal systems, including VPN, Salesforce Marketing Cloud, Qlik data analytics platform, SAP, and files stored in SharePoint and Box. The stolen data reportedly includes personal information of alumni, students, and donors – such as names, birthdates, addresses, phone numbers, estimated wealth, donation history, demographic attributes (religion, race, and sexual orientation).
Even after the compromised account was disabled, the attackers continued using Salesforce access to send mass attack emails to more than 700,000 recipients, and later uploaded a 1.7 GB file online, claiming it contained spreadsheets and donor records from Penn’s systems. They stated they did not demand a ransom because they assumed the university would not pay, and that their goal was to obtain high-value donor databases instead.
The University of Pennsylvania confirmed that an investigation is underway, but has not yet verified the full extent of the data breach.
