University of Pennsylvania Email System Breach and Data Leak
A hacker gained unauthorized access to the University of Pennsylvania's Salesforce Marketing Cloud mailing system, using it to send a mass email to approximately 700,000 recipients and mock the university's security and admissions practices. The attacker claimed to have exfiltrated sensitive data on 1.2 million donors, alumni, and students, including names, birthdates, addresses, contact information, estimated net worth, donation history, and demographic details such as religion, race, and sexual orientation. The university confirmed the breach originated from its connect.upenn.edu platform, which is hosted by Salesforce, and that the attacker was able to distribute the message widely before losing access on October 31.
Despite losing initial access, the attacker asserted continued control over the Salesforce Marketing Cloud system and subsequently published a 1.7-gigabyte archive allegedly containing the stolen data. The incident highlights significant risks associated with third-party cloud-based communication platforms and the potential for large-scale exposure of sensitive personal and financial information. The breach has raised concerns about the security of university systems and the protection of donor and student data, with the attacker openly ridiculing the institution's cybersecurity posture in the process.
Sources
Related Stories
University of Pennsylvania Graduate School of Education Email Compromise and Data Leak Threats
The University of Pennsylvania experienced a cybersecurity incident in which offensive emails were sent to thousands of students and alumni from addresses associated with the Graduate School of Education. The emails, distributed via the university's mailing list platform hosted on Salesforce Marketing Cloud, contained inflammatory language, criticized the university's security and admissions practices, and threatened to leak stolen data. University officials confirmed the emails were fraudulent and stated that their Office of Information Security and Incident Response team were actively investigating the breach. The emails referenced alleged violations of federal laws and Supreme Court rulings, echoing tactics seen in recent cyberattacks on other universities following the Supreme Court's decision on affirmative action. While the university has not confirmed whether any data was actually stolen, recipients were advised to disregard the messages and report any further suspicious communications. The incident highlights ongoing threats targeting higher education institutions, particularly those related to contentious policy issues and data security vulnerabilities.
4 months ago
ShinyHunters Leaks Donor and Alumni Data Stolen from Harvard and UPenn
**ShinyHunters** published datasets it claims were stolen during prior breaches at **Harvard University** and the **University of Pennsylvania (UPenn)**, posting what it says are **over one million records from each university** to its leak site used for extortion. Reporting indicates the exposed information relates to the schools’ development/alumni functions; TechCrunch said it verified portions of the data by corroborating details with alumni and public records (including matching against student ID numbers). Both universities attributed the intrusions to **social engineering** targeting staff supporting alumni and fundraising operations. UPenn previously confirmed unauthorized access to “a select group” of systems tied to development and alumni activities and said attackers also used official university email addresses to message alumni about the incident. Harvard reported its Alumni Affairs and Development environment was accessed following a **phone/voice-phishing** attack, and its incident FAQ described impacted data as including contact details (email, phone, home/business addresses), event attendance, donation details, and other biographical and fundraising-related information; public reporting noted uncertainty about whether affected individuals would receive individual notifications under applicable state requirements.
1 months agoPrinceton University Advancement Database Breach Exposes Donor and Alumni Information
Princeton University disclosed that its Advancement database, containing personal information of alumni, donors, some faculty, students, parents, and other community members, was compromised by unauthorized actors on November 10. The breach lasted less than 24 hours, and while the investigation is ongoing, the university stated that the database generally does not contain Social Security numbers, passwords, or financial data such as credit card or bank account numbers. The exposed data includes names, email addresses, phone numbers, and home and business addresses, as well as donation information. University officials have communicated with affected individuals, urging vigilance against potential phishing attempts and confirming that no other systems were accessed during the incident. The university is working with external experts and law enforcement to determine the full scope of the breach and its impact. Princeton emphasized that student records protected by federal privacy laws and most staff data were not included in the compromised database. This incident follows a series of recent data breaches at other Ivy League institutions, highlighting ongoing threats to higher education data security. The university has provided a dedicated FAQ and incident information page to keep the community informed as the investigation progresses.
3 months ago