UPenn Confirms Unauthorized Email Activity
The University of Pennsylvania has launched an investigation into a significant security incident that occurred in early May 2024. The breach involved an IT service account belonging to the School of Arts and Sciences, which was used to send unauthorized and malicious emails to members of the university community. The university’s Information Security Office, in conjunction with law enforcement, is actively investigating the scope and nature of the incident. In an official statement, a university spokesperson confirmed the unauthorized access and the subsequent investigation into the claims made by the perpetrators.
The emails, sent from the compromised account, carried the subject line “we got hacked” and contained offensive and racist language. The body of the message made serious threats, claiming that sensitive personal data had been stolen from the university’s systems. The unauthorized senders asserted they were in possession of a wide range of information, including names, addresses, social security numbers, and student grades. The message concluded with a threat to publicly leak the allegedly stolen data if a ransom was not paid.
Official Response and User Guidance
In response to the alarming emails, the University of Pennsylvania’s administration sent a legitimate notification to the community, acknowledging the incident. The official communication confirmed that the threatening emails originated from a compromised IT service account. The university advised all recipients to delete the malicious email immediately. They were also instructed not to reply to the message, click on any links, or open any attachments it might have contained. The university’s IT security teams are continuing their forensic investigation to determine the full extent of the breach and to verify the claims regarding data exfiltration made in the threatening emails.
Concise Cyber 