Subj : UPenn hackers say they've To : All From : Mike Powell Date : Mon Nov 03 2025 09:22:27 "We have terrible security practices" - University of Pennsylvania hackers say they've stolen over a million records in major cyberattack Date: Mon, 03 Nov 2025 13:25:00 +0000 Description: The hackers also insulted the University and confirmed they were targeting donors. FULL STORY Cybercriminals have claimed responsibility for the recent cyberattack on the University of Pennsylvania, claiming they stole data on approximately 1.2 million students, alumni, and donors. An unnamed threat actor told BleepingComputer they gained full access to a University employees PennKey SSO account, which gave them access to Penns VPN , Salesforce data, Qlik analytics platform, SAP business intelligence system, and SharePoint files. The information stolen allegedly includes peoples names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, and similar). Offensive emails The confirmation came in response to the Universitys claims which somewhat downplayed the severity of the hit. Data exfiltration seems to have taken place around October 30 and 31, after which the University spotted the intrusion and ousted the attacker. The move seems to have angered them, as they then used access to Salesforce Marketing Cloud (which they kept), to send an offensive email to roughly 700,000 recipients. "The University of Pennsylvania is a dog**** elitist institution full of woke ret*rds. We have terrible security practices and are completely unmeritocratic," the email said. "We hire and admit morons because we love legacies, donors, and unqualified affirmative action admits. We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court rulings like SFFA." The University of Pennsylvania described the emails as obviously fake and fraudulent. The attackers then confirmed they will not ask the University for a ransom payment, since they dont think the victims would pay, anyway. "The main goal was their vast, wonderfully wealthy donor database, they said. It would seem they will try to target the donors now. Via BleepingComputer ====================================================================== Link to news story: https://www.techradar.com/pro/security/we-have-terrible-security-practices-uni versity-of-pennsylvania-hackers-say-theyve-stolen-over-a-million-records-in-ma jor-cyberattack $$ --- SBBSecho 3.28-Linux * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105) .