Hackers steal 1.2 million records from University of Pennsylvania
Cybercriminals have claimed responsibility for a major data breach at the University of Pennsylvania (Penn), saying they stole records belonging to approximately 1.2 million students, alumni and donors.
The attack was followed by the sending of a mass, offensive email to hundreds of thousands of recipients using a compromised university system.
The unnamed threat actor told BleepingComputer they gained “full access” to the university’s systems by compromising a single employee’s PennKey Single Sign-On (SSO) account.
This initial breach allegedly granted them access to Penn’s VPN, the Qlik analytics platform, the SAP business intelligence system, SharePoint files and extensive Salesforce data.
The data stolen is reportedly wide-ranging and highly sensitive. It includes standard personally identifiable information (PII) such as names, dates of birth, addresses, and phone numbers.
Crucially, the exfiltrated data also contained financial and demographic information, including estimated net worth, donation history, race, religion, and sexual orientation. The hackers specifically stated that their main target was the university’s “vast, wonderfully wealthy donor database.”
The intrusion and data exfiltration allegedly took place between October 30 and 31. After the university detected the breach and locked the compromised account, the attackers used their retained access to the Salesforce Marketing Cloud to send a profane and politically charged email to roughly 700,000 recipients.
The email, which Penn initially described as “obviously fake” and “fraudulent”, insulted the university’s security practices and meritocracy.
The hackers stated they will not ask for a ransom but confirmed their intent to leverage the stolen donor data for financial gain.
They have already posted a 1.7-GB archive of files online as proof of the breach. In response to the latest claims, the University of Pennsylvania stated only that they are “continuing to investigate” the incident.
Discover more from Tech Digest
Subscribe to get the latest posts sent to your email.
