Overview
- Multiple offensive messages posing as official communications were sent Friday from Penn-affiliated addresses, including accounts tied to the Graduate School of Education.
- Penn confirmed the emails were fake and said its Office of Information Security and Incident Response team are working to contain the incident.
- Early university statements pointed to compromised GSE accounts likely accessed via phishing or stolen credentials, and some affected accounts were suspended.
- Technical analysis reported the emails were delivered through connect.upenn.edu, a Salesforce Marketing Cloud mailing platform, though Penn has not confirmed any platform compromise.
- Penn posted guidance urging recipients to delete the messages and report new suspicious emails, as investigators assess scope, attribution, and whether any data was taken.