Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The University of Pennsylvania confirmed on Tuesday that a hacker stole university data as part of… Data breach last weekwhere alumni and other affiliates received suspicious emails from official university email addresses.
“We have been hacked,” the hackers’ message read. “We love violating federal laws like FERPA (all your data will be leaked),” the message added. “Please stop giving us money.”
While Penn initially told TechCrunch that the email was “scamming,” the university has now confirmed the hacker’s claim that data was taken during the hack.
“On October 31, Penn discovered that a selection of information systems related to Penn development and alumni activities had been compromised,” the university wrote in a statement emailed to alumni. Online subscriber. “Penn employees quickly locked down the systems and prevented further unauthorized access; but not before an abusive and fraudulent email was sent to our community and the attacker took control of the information.”
(Disclosure: As an alumna and former university employee, the hackers sent the message to my personal email three times, each coming from a different administrator @upenn.edu Email addresses, including one from a senior Pennsylvania employee.)
The university said the hack occurred because of A Social engineering Attack, a hacking technique in which individuals are tricked into handing over sensitive information such as login credentials, perhaps through phishing or a phone call.
A University of Pennsylvania employee, who we are not naming because he is not authorized to speak to the press, told TechCrunch that the university requires students, staff and alumni to use… Multi-factor authentication (MFA) on their accounts as a security measure; However, the employee said some high-ranking officials were granted exemptions from State Department requirements.
TechCrunch asked Ben about the so-called MFA exemptions, and whether the university could offer a percentage of MFA adoption among employees. Penn spokesman Ron Osio declined to comment to TechCrunch beyond Penn’s comment Official data incidents page.
As required by law, Penn said it will contact individuals whose personal information the hackers gained access to. The university did not say when these notifications would occur, how many people were affected, or what information was accessed.
Daily Pennsylvania Reports indicate that the alleged Pennsylvania hacker claimed to have obtained documents related to university donors, bank transaction receipts, and personally identifiable information. The hackers said they had financial motives.
Earlier this year, hackers penetrated Columbia University and were able to access sensitive information about it 870,000 students and applicantsincluding Social Security numbers and citizenship status.
The breakthroughs in Pennsylvania and Columbia appear to be motivated by dissatisfaction with affirmative action policies. In the University of Pennsylvania hacker’s email to the university community, the hacker wrote: “We hire and admit fools because we love legacies and donors and recognize unqualified affirmative action.” Meanwhile, pirate Colombia He told Bloomberg They sought access to data from the university to investigate affirmative action practices.
If you have more information about the Penn hack, you can contact Amanda Silberling securely on Signal at @amanda.100, or via email, from a non-work device.