Data Breach Alert: University of Pennsylvania Faces Cyber Threats

University of Pennsylvania Cybersecurity Incident: What Happened?

Recently, the University of Pennsylvania faced a cybersecurity breach that led to offensive emails being sent to students and alumni. The emails claimed that a data breach had occurred, sparking concerns among the university community.

The subject line of the emails read “We got hacked (Action Required)”, alleging that sensitive data was stolen during the breach. Furthermore, the emails criticized the university’s security practices and admission policies.

One of the emails contained derogatory language towards the University of Pennsylvania, stating, “The University of Pennsylvania is a dog**** elitist institution full of woke retards. We have terrible security practices and are completely unmeritocratic.”

The emails were sent from various Penn email addresses, including the Penn Graduate School of Education (gse@connect.upenn.edu) and other University of Pennsylvania employee accounts.

Investigations revealed that the emails were sent via “connect.upenn.edu,” a Penn mailing list platform hosted on Salesforce Marketing Cloud. It is uncertain whether the university’s account on the marketing platform was compromised.

A spokesperson from the University of Pennsylvania acknowledged the incident and assured that their Incident Response team was actively working to address the breach.

The spokesperson stated, “A fraudulent email has been circulated that appears to come from the University of Pennsylvania’s Graduate School of Education. This is obviously a fake, and nothing in the highly offensive, hurtful message reflects the mission or actions of Penn or of Penn GSE.”

For any information on this incident or undisclosed attacks, contact us via Signal at 646-961-3731 or tips@bleepingcomputer.com.

The university has taken steps to warn recipients about the emails and advised them not to report the incident as it is already under investigation.

Pennsylvania University was recently invited by the Trump administration to join the “Compact for Excellence in Higher Education” program. However, the university declined to participate, citing concerns with the proposed policy reforms.

Despite further inquiries, the University of Pennsylvania declined to provide additional information regarding the cybersecurity incident at this time.

46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 for insights on prevention, detection, and data exfiltration trends.

Get the Blue Report 2025