University of Pennsylvania confirms hacker stole data during cyberattack

The University of Pennsylvania has confirmed a significant data breach, revealing that sensitive information was stolen by a hacker last week. This incident coincided with a series of alarming emails sent to alumni and affiliates from what appeared to be official university accounts. The hacker's message bluntly stated, "We got hacked," and threatened to leak sensitive data, including a warning about violating federal laws like FERPA. Initially, the university dismissed these emails as fraudulent, but it has since acknowledged that data was indeed compromised during the attack. According to a statement released by Penn, the breach was identified on October 31, when officials discovered that certain information systems linked to development and alumni activities had been infiltrated. The university acted swiftly to secure its systems, preventing any further unauthorized access, although not before the hacker disseminated offensive emails and extracted information. The breach was attributed to social engineering tactics, a method where individuals are manipulated into revealing confidential details such as login credentials. It has come to light that while the university mandates multi-factor authentication (MFA) for students and employees, some high-ranking officials were reportedly exempt from this critical security measure. Despite inquiries about the prevalence of MFA among university staff, a spokesperson for Penn, Ron Ozio, refrained from providing specific details, directing all questions to the official data incident response page. In compliance with legal requirements, the university has pledged to inform those whose personal information was compromised, although it has not disclosed when these notifications will occur or how many individuals are affected. Reports indicate that the hacker claimed to have obtained documents related to university donors, bank transaction records, and personal identification details, motivated by financial gain. This incident follows a similar breach at Columbia University earlier this year, where sensitive data of approximately 870,000 students and applicants was accessed. Both breaches appear to be fueled by discontent regarding affirmative action policies, with the Penn hacker explicitly critiquing the university's admissions practices in their communications. For those with further information on the Penn data breach, Amanda Silberling invites secure tips via Signal or email from personal devices.