Overview
- Vulgar, fraudulent messages using Graduate School of Education branding were sent Friday to students, alumni, faculty, and parents.
- Penn’s Information Systems & Computing said the emails did not come from authorized senders and that its incident response is ongoing.
- The Office of Information Security cited suspected phishing or stolen credentials tied to GSE accounts, and officials said affected accounts were suspended.
- BleepingComputer reported the emails were delivered via connect.upenn.edu, a Penn mailing platform hosted on Salesforce Marketing Cloud.
- The messages threatened to leak data and referenced FERPA and SFFA, yet no public data leak has been confirmed, and Penn posted a website banner urging recipients to delete the emails.