Overview
- The University of Pennsylvania reported the incident to the FBI and hired third‑party responders, describing an ongoing probe into affected information systems.
- An anonymous group claims it exfiltrated roughly 1.2 million donor, alumni, and student records and later posted a 1.7‑GB archive with internal files, though the full scope remains unconfirmed.
- The offensive emails reviewed by outlets originated from connect.upenn.edu via Salesforce Marketing Cloud and were reportedly sent to about 700,000 recipients; Penn called the messages fraudulent.
- The alleged intruders say they used a compromised PennKey SSO to reach the VPN, Salesforce, Qlik, SAP, and SharePoint, with access obtained Oct. 30–31 before being cut off.
- A security firm said the samples reflect genuine access to confidential materials, while the claimant told reporters the primary motive was financial targeting of donor data; the FBI’s Philadelphia office declined comment.