University of Pennsylvania Data Breach Reportedly Affects 1.2 Million People

A recent data breach at the University of Pennsylvania has exposed sensitive information belonging to approximately 1.2 million individuals, including students, alumni and donors. The incident came to light on Oct. 31, 2025, after the university detected unauthorized access to internal systems and a series of offensive emails sent from an official Penn email addresses.

According to reporting by BleepingComputer, the breach began when threat actors gained full access to an employee’s PennKey single sign-on account. This access enabled them to infiltrate multiple university systems, including the VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system and SharePoint files.

The attackers claimed to have exfiltrated data for roughly 1.2 million people, including names, dates of birth, addresses, phone numbers, estimated net worth, donation history and demographic details such as race, religion and sexual orientation.

The attackers also published a 1.7 GB archive of internal files and spreadsheets allegedly taken from Penn’s SharePoint and Box systems. They further used access to the Salesforce Marketing Cloud to send offensive mass emails to about 700,000 recipients, drawing attention to the breach.

The attackers stated their motivation was to obtain the university’s donor database and indicated they were not seeking ransom, instead suggesting they could extract value from the data themselves. The breach was not politically motivated, according to the attackers, but rather targeted at the institution’s wealth and donor information.

The University of Pennsylvania published a cybersecurity incident notice on its website on Nov. 4, 2025. The investigation remains ongoing but Penn has confirmed that the cybercriminals accessed multiple systems, including Penn’s Customer Relationship Management (CRM) system operated through Salesforce, SharePoint and Box file repositories, the Qlikview reporting application and Marketing Cloud.

University of Pennsylvania's response

In response to the breach, the University of Pennsylvania has initiated an internal investigation and notified law enforcement, including the FBI. The university is working with third-party technical experts to assess the scope of the breach and secure affected systems. Penn has confirmed that all impacted systems have been secured and restored.

They have acknowledged the incident publicly and are providing updates to the community as the investigation progresses. The university has stated it once the investigation and review is completed, that impacted individuals will be notified.

Given the nature of the information exposed, individuals associated with Penn, especially donors, alumni and students, should remain vigilant against targeted phishing or social engineering attempts. Attackers may use the stolen information to impersonate the university, solicit fraudulent donations or attempt to access online accounts.

Anyone receiving unexpected messages about donations or account activity should verify the legitimacy of such communications directly with the university before responding. It is also advisable to monitor financial accounts and consider updating passwords for any accounts that may use similar credentials to those associated with Penn.