Cyber Attack cyber

University of Pennsylvania (Penn)

May 1, 2025 1 min read
University of Pennsylvania (Penn)

The University of Pennsylvania (Penn) experienced a data breach where hackers gained unauthorized access to its systems using stolen credentials, specifically targeting systems related to development and alumni activities. The breach resulted in inflammatory emails being sent to students, alumni, and faculty, raising concerns about the exposure of personal information. While the full extent of the compromised data remains under investigation, the incident has already led to a class-action lawsuit filed by a Penn graduate, alleging the university’s failure to adequately safeguard sensitive information. The breach has caused reputational damage and potential financial risks, as affected individuals may face fraud or identity theft. The university is actively working to assess the impact and mitigate further harm.

Source: https://6abc.com/post/class-action-lawsuit-filed-university-pennsylvania-recent-hack-sent-suspicious-emails/18120427/

TPRM report: https://www.rankiteo.com/company/penn-admissions

"id": "pen2992729110625",
"linkid": "penn-admissions",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': ['students', 'alumni', 'faculty'],
                        'industry': 'higher education',
                        'location': 'Philadelphia, Pennsylvania, USA',
                        'name': 'University of Pennsylvania',
                        'type': 'educational institution'}],
 'attack_vector': ['stolen credentials', 'email compromise'],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'type_of_data_compromised': ['personal information']},
 'description': 'Students, alumni, and faculty at the University of '
                'Pennsylvania received inflammatory emails from an apparent '
                'hacker. The breach involved stolen credentials used to access '
                "systems related to Penn's development and alumni activities. "
                'A class-action lawsuit has been filed, alleging the '
                'university failed to protect personal information.',
 'impact': {'brand_reputation_impact': True,
            'customer_complaints': True,
            'data_compromised': True,
            'identity_theft_risk': True,
            'legal_liabilities': ['class-action lawsuit filed'],
            'systems_affected': ['development systems',
                                 'alumni activity systems']},
 'initial_access_broker': {'entry_point': ['stolen credentials'],
                           'high_value_targets': ['development and alumni '
                                                  'activity systems']},
 'investigation_status': 'ongoing (school is still determining what '
                         'information was taken)',
 'references': [{'source': 'WPVI (6abc Action News)'}],
 'regulatory_compliance': {'legal_actions': ['class-action lawsuit filed']},
 'title': 'University of Pennsylvania Data Breach and Suspicious Emails '
          'Incident',
 'type': ['data breach', 'unauthorized access', 'phishing/suspicious emails']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.