University Of Pennsylvania Confirms Hacker Stole Data During Cyberattack

The University of Pennsylvania confirmed connected Tuesday that a hacker stole assemblage information arsenic portion of last week’s information breach, during which alumni and different affiliates received suspicious emails from charismatic assemblage email addresses.

“We sewage hacked,” nan connection from nan hackers read. “We emotion breaking national laws for illustration FERPA (all your information will beryllium leaked),” nan connection added. “Please extremity giving america money.”

While Penn initially told TechCrunch that nan email was “fraudulent,” nan assemblage has now confirmed nan hacker’s declare that information was taken during nan breach.

“On October 31, Penn discovered that a prime group of accusation systems related to Penn’s improvement and alumni activities had been compromised,” nan assemblage wrote successful a statement, which was emailed to alumni and shared online. “Penn’s unit quickly locked down nan systems and prevented further unauthorized access; however, not earlier an violative and fraudulent email was sent to our organization and accusation was taken by nan attacker.”

(Disclosure: As an alumna and erstwhile worker of nan university, nan hackers sent nan connection to my individual email 3 times, each coming from different official @upenn.edu email addresses, including 1 from a elder Penn unit member.)

A partially redacted email sent by hackers from a assemblage of Pennsylvania email address.Image Credits:TechCrunch (Screenshot)

The assemblage said that nan breach occurred owed to a social engineering attack, a hacking method successful which individuals are tricked into handing complete delicate accusation for illustration log-in credentials, possibly done phishing aliases a telephone call.

A Penn employee, who we are not naming arsenic they were not authorized to speak to nan press, told TechCrunch that nan assemblage requires students, staff, and alumni to usage multi-factor authentication (MFA) connected their accounts arsenic a information measure; however, nan worker said that immoderate high-ranking officials were granted exemptions to MFA requirements.

TechCrunch asked Penn astir these alleged MFA exceptions, and if nan assemblage could supply a percent of MFA take among staff. Penn spokesperson Ron Ozio declined to remark to TechCrunch beyond Penn’s official information incident page.

As required by law, Penn said it will interaction individuals whose individual accusation was accessed by hackers. The assemblage has not said erstwhile these notifications will occur, really galore group are affected, aliases what accusation was accessed.

The Daily Pennsylvanian reports that nan alleged Penn hacker claimed to person taken documents relating to assemblage donors, slope transaction receipts, and personally identifiable information. The hacker said they were financially motivated,

Earlier this year, hackers breached Columbia University, accessing delicate accusation astir about 870,000 students and applicants, including their Social Security numbers and citizenship status.

Both nan Penn and Columbia hacks look motivated by discontent pinch affirmative action policies. In nan email that nan Penn hacker sent to nan assemblage community, nan hacker wrote, “We prosecute and admit morons because we emotion legacies, donors, and unqualified affirmative action admits.” Meanwhile, nan Columbia hacker told Bloomberg that they sought to entree information from nan assemblage to analyse its affirmative action practices.

If you person much accusation astir nan Penn hack, you tin interaction Amanda Silberling securely connected Signal astatine @amanda.100, aliases by email, from a non-work device.