Penn hacker claims to have stolen 12 million donor records in data breach

pDangerous runC flaws could allow hackers to escape Docker containersppLost iPhone Dont fall for phishing texts saying it was foundppMicrosoft testing faster Quick Machine Recovery in Windows 11ppHow to use the new Windows 11 Start menu now rolling outppWebinar Modern Patch Management Strategies to patch faster with less riskppGet a refurbished MacBook Air with a fast M2 chip for 40 offppAPT37 hackers abuse Google Find Hub in Android datawiping attacksppMozilla Firefox gets new antifingerprinting defensesppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppA hacker has taken responsibility for last weeks University of Pennsylvania We got hacked email incident saying it was a far more extensive breach that exposed data on 12 million donors and internal documentsppOn Friday University of Pennsylvania alumni and students began receiving multiple offensive emails from Pennedu addresses claiming the university had been hacked and data stolenppThe University of Pennsylvania is a dog elitist institution full of woke retards We have terrible security practices and are completely unmeritocratic reads the email sent to Penn alumni and studentsppWe hire and admit morons because we love legacies donors and unqualified affirmative action admits We love breaking federal laws like FERPA all your data will be leaked and Supreme Court rulings like SFFAppBleepingComputer confirmed the emails originated from connectupennedu a Penn mailing list platform hosted on Salesforce Marketing Cloud The university downplayed the incident describing the messages as fraudulent emails that were obviously fakeppHowever the threat actor behind the attack contacted BleepingComputer claiming the intrusion was far broader and that they had gained access to multiple university systemsppThe hacker said their group gained full access to an employees PennKey SSO account allowing access to Penns VPN Salesforce data Qlik analytics platform SAP business intelligence system and SharePoint filesppThey said they exfiltrated data for roughly 12 million students alumni and donors including names dates of birth addresses phone numbers estimated net worth donation history and demographic details such as religion race and sexual orientationppThe threat actors shared screenshots and data samples with BleepingComputer and posted them online to prove that they had indeed accessed these systems and stolen data from PennppThe attackers told BleepingComputer they breached Penns systems on October 30th and completed data downloads by October 31st when the compromised employee account was locked and access lostppAfter discovering their access had been revoked the hacker said they still had access to Salesforce Marketing Cloud and used it to send the offensive mass email to roughly 700000 recipientsppWhen asked whether the credentials were stolen via an infostealer or phishing the hacker declined to elaborate saying the intrusion was simple and caused by Penns security lapsesppThe hacker has since published a 17GB archive containing spreadsheets donation materials and other files allegedly taken from Penns SharePoint and Box systemsppThe attacker told BleepingComputer they were not extorting the university saying We dont think theyd pay and we can extract plenty of value out of the data ourselvesppWhen asked about their motivation the hackers said the attack was not political but aimed at obtaining Penns donor databaseppWhile were not really politically motivated we have no love for these nepobabyserving institutions the hackers told BleepingComputerppThe main goal was their vast wonderfully wealthy donor databaseppThe donor database has not yet been leaked though the threat actors claim they may release it in a month or twoppWhen contacted with these claims the University of Pennsylvania told BleepingComputer We are continuing to investigateppAfter publishing this story The Daily Pennsylvanian reported that Penn has referred the security incident to the FBIppWe understand and share our communitys concerns and have reported this to the FBI We are working with law enforcement as well as other thirdparty technical resources to address this as rapidly as possible stated a Penn spokespersonppWith a large amount of donor data now exposed Penn donors should stay vigilant against targeted phishing or social engineering attemptsppAttackers could use the stolen information to impersonate the university solicit fraudulent donations or gain access to donor credentials to breach their online accountsppRecipients should treat unexpected messages about donations with suspicion and verify their legitimacy directly with Penn before respondingppIts budget season Over 300 CISOs and security leaders have shared how theyre planning spending and prioritizing for the year ahead This report compiles their insights allowing readers to benchmark strategies identify emerging trends and compare their priorities as they head into 2026ppLearn how top leaders are turning investment into measurable impactppUniversity of Pennsylvania confirms data stolen in cyberattackppWe got hacked emails threaten to leak University of Pennsylvania datappAdvertising giant Dentsu reports data breach at subsidiary MerkleppFinWise data breach shows why encryption is your last defenseppF5 says hackers stole undisclosed BIGIP flaws source codeppNot a member yet Register NowppOpenAI plans to release GPT51 GPT51 Reasoning and GPT51 ProppStill on Windows 10 Enroll in free ESU before next weeks Patch TuesdayppHow to use the new Windows 11 Start menu now rolling outppEmpowering IT teams with intelligencedriven cyber threat researchppNew webinar Hear from experts why detection and response is moving into the browser Register now ppWhy Modern Browsers Security Isnt Enough Watch the webinarppHow to tell if your organizations credentials have been exposedppUpgrade your backup with NAKIVO v111 New DR features and MSP toolslearn moreppLearn how automated attack simulation makes purple teaming continuousppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp