Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The University of Pennsylvania confirmed Tuesday that a hacker had stolen university data Last week’s data breachAt times alumni and other associates have received suspicious emails from official university email addresses.
“We’ve been hacked,” the hackers’ message read. “We love breaking federal laws like FERPA (All Your Data Will Be Leaked),” the message added. “Please stop paying us.”
While Penn initially told TechCrunch that the email was “fraudulent,” the university has now confirmed the hacker’s claim that the information was taken during the breach.
“On October 31, Penn discovered that a select group of Penn development and alumni activity information systems had been compromised,” the university wrote in a statement, which was emailed to alumni and Shared online. “Penn staff quickly locked down the systems and prevented further unauthorized access; however, not before an offensive and deceptive email was sent to our community and information was taken by the attacker.”
(Disclosure: As a former student and former university employee, the hackers sent the message to my personal email three times, each from a different official @upenn.edu (including the email address of a senior member of the Penn staff.)
It has been said by the university, a Social engineering attack, a hacking technique in which individuals are tricked into handing over sensitive information such as log-in credentials, possibly through phishing or phone calls.
A Penn employee, whose name we’re not releasing because they’re not authorized to speak to the press, told TechCrunch that the university’s students, staff and alumni have to use Multi-factor authentication (MFA) in their accounts as a security measure; However, the employee said some high-ranking officials are exempt from the MFA requirement.
TechCrunch asked Penn about this alleged MFA exception and whether the university could provide a percentage of MFA acceptance among employees. Penn spokesman Ron Ozio declined to comment to TechCrunch outside of Penn Official information event page.
As required by law, Penn said it will contact individuals whose personal information was accessed by the hackers. The university did not say when these notifications would occur, how many people would be affected or what information was accessed.
Daily Pennsylvanian Reports said the alleged Penn hacker claimed to have obtained documents related to university donors, bank transaction receipts and personally identifiable information. The hacker said they were financially motivated,
Earlier this year, hackers breached Columbia University, accessing sensitive information about the neighborhood 870,000 students and applicantsincluding their social security number and citizenship status.
Both the Penn and Columbia hacks appear to have been motivated by dissatisfaction with affirmative action policies. In the email that Penn Hacker sent to the university community, Hacker wrote, “We hire and admit idiots because we recognize legacies, donors and undeserved affirmative action.” Meanwhile, the Colombian hacker told Bloomberg That they wanted to access data to investigate the university’s affirmative action practices.
If you have more information about the pen hack, you can safely contact Amanda Silberling on Signal at @amanda.100, or via email from a non-work device.
