Overview
- Alumni, students, staff and other affiliates reported receiving multiple copies from accounts appearing to belong to Penn’s Graduate School of Education and other official senders.
- Several messages carried the subject line “We got hacked (Action Required)” and were shared widely online, including screenshots on Reddit.
- The emails used crude language, criticized Penn’s security and hiring practices, threatened to leak data and referenced FERPA, and ended with “Please stop giving us money.”
- A Penn spokesperson said the Office of Information Security and the university’s Incident Response team are actively addressing the incident and emphasized the message does not reflect Penn or Penn GSE.
- Investigators have not confirmed whether accounts were compromised or spoofed, who sent the emails, how many people were affected, or whether any data was accessed or leaked; TechCrunch noted the timing followed Penn’s rejection of a White House compact.