The University of Pennsylvania (Penn) suffered a mass cybersecurity breach on **October 30–31, 2023**, where hackers compromised **select information systems**, including an employee account and **Salesforce Marketing Cloud**. The attackers exfiltrated data belonging to **1.2 million individuals**, including students, alumni, and donors. Stolen information comprised **donation histories, estimated net worth, names, race, and other demographic details**. The breach led to **mass scam emails** sent to ~700,000 recipients, containing offensive content and threats to leak all stolen data. The hacker claimed full access to user data and criticized Penn’s security practices. The university reported the incident to the **FBI** and engaged third-party technical resources for mitigation. While no ransomware was confirmed, the breach exposed **highly sensitive personal and financial records**, posing severe reputational, financial, and operational risks. Penn’s IT and crisis response teams are actively investigating and containing the fallout.
Source: https://www.thedp.com/article/2025/11/penn-gse-hack-report-fbi
Penn Arts & Sciences, University of Pennsylvania cybersecurity rating report: https://www.rankiteo.com/company/pennsas
"id": "PEN5203252111925",
"linkid": "pennsas",
"type": "Breach",
"date": "10/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,200,000',
'industry': 'higher education',
'location': 'Philadelphia, Pennsylvania, USA',
'name': 'University of Pennsylvania (Penn)',
'size': 'large (1.2 million affected individuals: '
'students, alumni, donors)',
'type': 'educational institution'},
{'industry': 'education',
'location': 'Philadelphia, Pennsylvania, USA',
'name': 'Penn Graduate School of Education (Penn GSE)',
'type': 'school within university'}],
'attack_vector': ['compromised employee account',
'exploitation of Salesforce Marketing Cloud'],
'customer_advisories': ['warning about scam emails',
'assurance of ongoing investigation'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '1,200,000',
'personally_identifiable_information': ['names',
'race',
'email addresses',
'donation history',
'estimated net worth'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data (donation '
'history, net worth)',
'demographic data']},
'date_detected': '2023-10-30',
'date_publicly_disclosed': '2023-11-03',
'description': 'Penn reported a cybersecurity breach to the FBI after hackers '
'compromised data for millions of individuals, including '
'students, alumni, and donors. The breach involved mass scam '
'emails sent from University-affiliated accounts, threats to '
'leak data, and the theft of sensitive information such as '
'donation histories, estimated net worth, and demographic '
'details. The attacker claimed to have accessed data from 1.2 '
'million individuals and sent emails to roughly 700,000 '
'recipients via Salesforce Marketing Cloud.',
'impact': {'brand_reputation_impact': ['negative publicity',
'criticism of institutional security '
'practices'],
'customer_complaints': ['reports of offensive emails',
'community concerns over security '
'practices'],
'data_compromised': ['donation history',
'estimated donor net worth',
'demographic details (names, race)',
'email addresses'],
'identity_theft_risk': ['high (due to exposed PII and financial '
'data)'],
'legal_liabilities': ['potential regulatory scrutiny',
'FBI investigation'],
'operational_impact': ['disruption due to mass scam emails',
'investigation and containment efforts'],
'systems_affected': ['Salesforce Marketing Cloud',
'select University information systems']},
'initial_access_broker': {'entry_point': 'compromised employee account',
'high_value_targets': ['Salesforce Marketing Cloud',
'donor and alumni '
'databases']},
'investigation_status': 'ongoing (Penn IT and Crisis Response Teams, FBI '
'involved)',
'motivation': ['data theft',
'extortion (threatened data leak)',
'disruption (mass scam emails)'],
'ransomware': {'data_exfiltration': True},
'references': [{'date_accessed': '2023-11-03',
'source': 'The Daily Pennsylvanian'},
{'date_accessed': '2023-11-03', 'source': 'BleepingComputer'}],
'regulatory_compliance': {'legal_actions': ['FBI investigation ongoing'],
'regulatory_notifications': ['reported to FBI']},
'response': {'communication_strategy': ['statements to media (The Daily '
'Pennsylvanian)',
'email to Penn GSE community',
'acknowledgment of FBI involvement'],
'containment_measures': ['stopping mass emails',
'securing compromised accounts'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['investigation into breach scope',
'securing Salesforce Marketing Cloud'],
'third_party_assistance': ['technical resources (unspecified)',
'FBI']},
'stakeholder_advisories': ['email to Penn GSE community',
'statements to media'],
'title': 'University of Pennsylvania (Penn) Mass Cybersecurity Breach and '
'Data Leak',
'type': ['data breach', 'unauthorized access', 'phishing/scam emails']}