The University of Pennsylvania suffered a major cyber breach where hackers gained unauthorized access to an employee’s PennKey account, exfiltrating sensitive internal data. The attackers released thousands of documents on LeakForum, including donor records (bank transactions, personal identifying information, demographic data), internal memos (e.g., talking points on controversies like Liz Magill’s congressional testimony, Joe Biden’s affiliation, and campus antisemitism), and confidential communications from the Graduate School of Education (GSE). The breach exposed 1.2 million records of students, alumni, and donors, with threats to sell or publicly leak the data within 1–2 months. The hackers exploited Penn’s ‘weak authentication system’, sending mass spam emails from compromised University accounts to criticize institutional policies. The attack targeted ultra-high-net-worth individuals, raising concerns over financial fraud, reputational damage, and operational disruptions. Penn reported the incident to the FBI and is investigating alongside law enforcement, but the breach underscores systemic vulnerabilities in higher education cybersecurity.
Source: https://www.thedp.com/article/2025/11/penn-hack-documents-released-gse-emails-data
TPRM report: https://www.rankiteo.com/company/university-of-pennsylvania-graduate-division-of-the-school-of-arts-sciences
"id": "uni3862038110425",
"linkid": "university-of-pennsylvania-graduate-division-of-the-school-of-arts-sciences",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '1,200,000 (students, alumni, '
'donors)',
'industry': 'Higher Education',
'location': 'Philadelphia, Pennsylvania, USA',
'name': 'University of Pennsylvania (Penn)',
'size': 'Large (1.2 million students, alumni, and '
'donors affected)',
'type': 'Educational Institution'},
{'industry': 'Education',
'location': 'Philadelphia, Pennsylvania, USA',
'name': 'Graduate School of Education (GSE) at Penn',
'type': 'Academic Department'}],
'attack_vector': ['Compromised Credentials (PennKey account)',
'Phishing/Spam Emails',
'Exploitation of Weak Authentication'],
'customer_advisories': ['GSE community warned about offensive emails and data '
'leak risks'],
'data_breach': {'data_exfiltration': 'Yes (data dumped on LeakForum; more '
'planned for release)',
'file_types_exposed': ['Spreadsheets (donation records)',
'PDFs/memos',
'Emails',
'Database exports'],
'number_of_records_exposed': '1,200,000 (claimed)',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Demographic data',
'Bank transaction '
'details',
'Social Security '
'numbers (implied but '
'not confirmed)'],
'sensitivity_of_data': 'High (includes PII, financial '
'transactions, and sensitive '
'institutional documents)',
'type_of_data_compromised': ['PII',
'Financial records',
'Internal communications',
'Donor databases',
'Confidential memos']},
'date_detected': '2023-10-31',
'date_publicly_disclosed': '2023-11-01',
'description': 'Following a series of mass emails alleging Penn had been '
'hacked, individuals claiming responsibility for the security '
'breach released thousands of pages of internal University '
'files on Nov. 1. The documents—released on LeakForum—include '
'internal University talking points, memos about donors and '
'their families, receipts of bank transactions, and personal '
'identifying information. The hackers claimed to have gained '
"'full access' to a University employee’s PennKey account and "
"exported data on '1.2 million University of Pennsylvania "
"students, alumni, and donors' from University databases. The "
'group stated the data would be kept private temporarily but '
'released publicly within 1-2 months after their use. The '
'hackers cited weak authentication systems and institutional '
'biases as motivations.',
'impact': {'brand_reputation_impact': ['High (public leak of sensitive '
'documents, criticism of institutional '
'practices)',
'Media scrutiny over security failures',
'Loss of trust among donors/alumni'],
'customer_complaints': ['Offensive spam emails reported by GSE '
'community'],
'data_compromised': ['Internal memos',
'Donor records (including family ties to '
'applicants)',
'Bank transaction receipts (wire/ACH)',
'Personal Identifying Information (PII)',
'Confidential talking points (e.g., responses '
'to controversies)',
'Student/alumni/donor data (1.2 million '
'records)',
'Joe Biden and family data (claimed)'],
'identity_theft_risk': ['High (PII and financial data exposed)'],
'legal_liabilities': ['Potential lawsuits from affected '
'individuals',
'Regulatory scrutiny (e.g., FTC, state data '
'protection laws)'],
'operational_impact': ['Disruption from spam emails',
'Investigation and containment efforts',
'Reputation damage'],
'payment_information_risk': ['High (bank transaction records '
'leaked)'],
'systems_affected': ['PennKey authentication system',
'SharePoint',
'Box',
'Email systems (used for spam)',
'University databases']},
'initial_access_broker': {'data_sold_on_dark_web': ['Planned (some data to be '
'sold before public '
'release)'],
'entry_point': 'Compromised PennKey account '
'(employee credentials)',
'high_value_targets': ['Donor databases',
'SharePoint/Box repositories',
'Email systems']},
'investigation_status': 'Ongoing (FBI and Penn’s IT teams investigating)',
'motivation': ['Financial Gain (planned sale of data)',
'Ideological (criticism of Penn’s admission practices, '
'legacy/donor preferences, and DEI policies)',
'Exposure of Institutional Biases'],
'post_incident_analysis': {'root_causes': ['Weak authentication (lack of MFA)',
'Inadequate monitoring of '
'privileged accounts',
'Vulnerable SharePoint/Box '
'configurations']},
'ransomware': {'data_exfiltration': 'Yes (but not ransomware-related)'},
'references': [{'date_accessed': '2023-11-01',
'source': 'The Daily Pennsylvanian',
'url': 'https://www.thedp.com/'},
{'date_accessed': '2023-11-01',
'source': 'The Verge',
'url': 'https://www.theverge.com/'},
{'date_accessed': '2023-11-01',
'source': 'LeakForum (hacker’s data dump)'}],
'regulatory_compliance': {'regulations_violated': ['Potentially FERPA '
'(student records)',
'State data breach '
'notification laws (e.g., '
'Pennsylvania’s)',
'GDPR (if EU citizens '
'affected)'],
'regulatory_notifications': ['FBI notified; other '
'regulators likely '
'informed']},
'response': {'communication_strategy': ['Email to GSE community '
'(acknowledging offensive emails)',
'Public announcement about FBI '
'involvement'],
'containment_measures': ['Stopping spam emails',
'Investigating breached systems'],
'incident_response_plan_activated': 'Yes (Penn’s IT and Crisis '
'Response Teams involved)',
'law_enforcement_notified': ['FBI (reported on 2023-11-04)',
'Other law enforcement agencies']},
'stakeholder_advisories': ['GSE community email (2023-11-01)',
'Public statement about FBI involvement '
'(2023-11-04)'],
'threat_actor': ['Unknown hacker group (self-described as targeting '
'ultra-high-net-worth individuals)',
'Initial Access Broker (likely)'],
'title': 'University of Pennsylvania Data Breach and Leak of Internal '
'Documents',
'type': ['Data Breach',
'Unauthorized Access',
'Data Leak',
'Phishing/Spam Emails'],
'vulnerability_exploited': ['Weak Authentication System',
'Lack of Multi-Factor Authentication (MFA)']}