Particle.news
Download on the App Store
4 ARTICLES
·
10h ago

Penn Calls FBI Over Data Breach After Offensive Mass Emails as Hacker Claims 1.2 Million Records

Officials report compromises in select systems, leaving the extent of any data theft unresolved.

The entrance to the Biology laboratories building on the campus of the University of Pennsylvania in Philadelphia, Pennsylvania, U.S., September 25, 2017. REUTERS/Charles Mostoller
Image
Image
Image

Overview

  • The University of Pennsylvania said it has referred the incident to the FBI and is working with law enforcement and external technical experts.
  • School officials described the messages as fraudulent and highly offensive, and BleepingComputer traced their origin to Penn’s connect.upenn.edu on Salesforce Marketing Cloud.
  • An anonymous actor told BleepingComputer they used a compromised PennKey SSO to access VPN, Salesforce, Qlik, SAP, and SharePoint, and claimed they stole data on about 1.2 million people, a claim not independently verified.
  • The actor said they sent the mass email to roughly 700,000 recipients through Salesforce Marketing Cloud after other access was cut off.
  • The hacker published a 1.7‑GB archive allegedly taken from SharePoint and Box, while the FBI’s Philadelphia office declined public comment during the government shutdown.