An anonymous person who claims to be behind the fraudulent emails sent from the University of Pennsylvania’s Graduate School of Education last week claims to have gotten their hands on much more information than a few email lists.
The alleged hacker reached out to the cybersecurity site BleepingComputer on Sunday. Among the person’s claims:
- They sent the offensive email Friday to more than 700,000 recipients.
- They breached several university computer systems and downloaded information on 1.2 million students, alumni and donors.
- The breach was not an extortion attempt, as they were skeptical the university would pay. Instead, “we can extract plenty of value out of the data ourselves.” The cybersecurity site said that alumni and donors should be wary of unexpected fundraising requests in the near future.
On Monday, the Inquirer reported that Penn had reported the breach to the FBI while continuing its own investigation.
The email at the end of last week disparaged the university, its hiring and admission practices, and accused Penn of breaking federal laws.
“All of the emails are incredibly offensive and in no way reflective of Penn or Penn GSE’s mission or values,” a message from Penn’s university notification system read. “We sincerely apologize for the harm this has caused and is causing. Over and above the inconvenience of getting your inboxes spammed, these emails are hurtful and upsetting.”
Messages from the IT services with Penn’s Annenberg School for Communication, Penn Medicine Academic Computing Services and the School of Nursing also acknowledged the security breach, the Daily Pennsylvanian has reported.
The post Purported hacker behind Penn’s fraudulent email claims to have grabbed donor data in attack appeared first on Billy Penn at WHYY.
Want more insights? Join Working Title - our career elevating newsletter and get the future of work delivered weekly.
