University of Pennsylvania hit by major cyberattack; donor and alumni data stolen
The University of Pennsylvania has confirmed that hackers gained access to several of its internal systems linked to development and alumni activities, stealing confidential data in the process, reports BleepingComputer. The breach, discovered on October 31, occurred after attackers obtained employee credentials through a social engineering scam.
"Penn employs a robust information security program; however, access to these systems occurred due to a sophisticated identity impersonation commonly known as social engineering," the university said in a statement.
The university said its staff quickly locked down the affected systems to stop further intrusions but not before an “offensive and fraudulent email” was sent to members of the Penn community.
The university further revealed that it has alerted the FBI and is working with cybersecurity firm CrowdStrike to investigate the incident.
University of Pennsylvania cyber attack: Data worth million exposed
According to BleepingComputer’s report, the attackers accessed Penn’s Salesforce donor database, SharePoint files, and other platforms, stealing around 1.71 GB of data. This includes sensitive personal and financial information of alumni and donors such as names, addresses, phone numbers, email IDs, and donation histories.
The hackers claimed to have obtained records of roughly 1.2 million donors, including details like “gift histories, wealth ratings, and lifetime commitment amounts.” They also said they sent a mass email to nearly 700,000 people after discovering their access was revoked.
The attackers told BleepingComputer that the breach wasn’t politically motivated but aimed at Penn’s “vast, wonderfully wealthy donor database.” However, their communications also included sharp criticism of the university’s diversity, equity, and inclusion policies.
The university says it is now strengthening its security systems, conducting staff training on social engineering, and enhancing monitoring tools.
Once the probe concludes, Penn plans to notify affected individuals. The university has also urged students, alumni, and donors to stay alert for suspicious emails or phone calls that could be phishing attempts.
"Penn employs a robust information security program; however, access to these systems occurred due to a sophisticated identity impersonation commonly known as social engineering," the university said in a statement.
The university said its staff quickly locked down the affected systems to stop further intrusions but not before an “offensive and fraudulent email” was sent to members of the Penn community.
The university further revealed that it has alerted the FBI and is working with cybersecurity firm CrowdStrike to investigate the incident.
University of Pennsylvania cyber attack: Data worth million exposed
According to BleepingComputer’s report, the attackers accessed Penn’s Salesforce donor database, SharePoint files, and other platforms, stealing around 1.71 GB of data. This includes sensitive personal and financial information of alumni and donors such as names, addresses, phone numbers, email IDs, and donation histories.
The hackers claimed to have obtained records of roughly 1.2 million donors, including details like “gift histories, wealth ratings, and lifetime commitment amounts.” They also said they sent a mass email to nearly 700,000 people after discovering their access was revoked.
The attackers told BleepingComputer that the breach wasn’t politically motivated but aimed at Penn’s “vast, wonderfully wealthy donor database.” However, their communications also included sharp criticism of the university’s diversity, equity, and inclusion policies.
The university says it is now strengthening its security systems, conducting staff training on social engineering, and enhancing monitoring tools.
Once the probe concludes, Penn plans to notify affected individuals. The university has also urged students, alumni, and donors to stay alert for suspicious emails or phone calls that could be phishing attempts.
Next Story