The University of Pennsylvania experienced a cybersecurity incident on Friday. During the attack, students and alumni received a series of offensive emails sent from various University email addresses, and the messages claimed that hackers had stolen data in a breach.
The emails carried the subject line “We got hacked (Action Required)” and alleged that data was stolen during an attack. They also criticized the University’s security practices and admission policies, escalating tensions within the Penn community.
“The University of Pennsylvania is a dog**** elitist institution full of woke retards. We have terrible security practices and are completely unmeritocratic,” reads the email seen by BleepingComputer.
“We hire and admit morons because we love legacies, donors, and unqualified affirmative action admits. We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court rulings like SFFA.”
Attackers sent the emails from several Penn accounts, including addresses linked to the Penn Graduate School of Education [email protected] and other University employees.
Email message from sent to students and alumni
Source: BleepingComputer
BleepingComputer reviewed multiple samples of the offensive emails and confirmed that all originated from “connect.upenn.edu,” a Penn mailing list platform hosted on Salesforce Marketing Cloud. However, it remains unclear whether hackers compromised the University’s account on that marketing platform to distribute the messages.
A Penn spokesperson acknowledged the situation to BleepingComputer and said the University’s Incident Response team is investigating the breach.
“A fraudulent email has been circulated that appears to come from the University of Pennsylvania’s Graduate School of Education,” a Penn spokesperson told BleepingComputer.
“This is obviously a fake, and nothing in the highly offensive, hurtful message reflects the mission or actions of Penn or of Penn GSE. The University’s Office of Information Security is aware of the situation, and our Incident Response team is actively addressing it.”
For anyone with information about this incident or any other undisclosed attacks, BleepingComputer encourages confidential contact via Signal at 646-961-3731 or by email at [email protected].
In response, Penn added a banner to its website warning users about the phishing emails and asking recipients not to report the issue, as the University already knows about it.
“Simply disregard or delete the message. However, if you receive any new or different messages that raise concern, please contact your local IT support provider (LSP),” reads the banner message.
After the attack
Recently, Penn also received a letter from the Trump administration inviting the University to join the “Compact for Excellence in Higher Education,” a program that ties preferential funding to the adoption of specific policy reforms.
However, the University declined to participate and stated that it had provided feedback to the administration, expressing concerns about the compact.
When BleepingComputer requested further comment, Penn said it had nothing additional to share at this time.
Source: BleepingComputer, Lawrence Abrams
Read more at Impreza News
