UPenn Says It ‘Wasn’t Hacked’ - But, You Know, It Depends on the Context
Internal “Confidential” files from the University of Pennsylvania’s Graduate School of Education show the university’s denials don’t hold up.
The Email That Started It
On the morning of October 31, 2025, inboxes across the University of Pennsylvania filled with a crude message carrying the subject line “We got hacked (Action Required).” The emails appeared to come from addresses linked to @gse.upenn.edu, the domain for Penn’s Graduate School of Education (GSE), and reached roughly 700,000 recipients via Penn's Salesforce Marketing Cloud instance. Local and tech outlets, including NBC10 and CBS Philadelphia, described the messages’ inflammatory language, which criticized Penn's security, hiring practices, and policies, while urging recipients to stop donations.
Within hours, Penn’s Division of Public Safety (DPS) posted an official notice on publicsafety.upenn.edu:
“A fraudulent email has been circulated that appears to come from the University of Pennsylvania’s Graduate School of Education… The University’s Office of Information Security is aware of the situation, and our Incident Response team is actively addressing it.”
That language emphasized the email didn't reflect Penn's values and apologized for any harm. Security reporters at BleepingComputer documented a key detail: The blast was sent viaconnect.upenn.edu- a Penn mailing-list platform hosted on Salesforce Marketing Cloud-indicating abuse of a legitimate, Penn-controlled channel rather than simple spoofing.
The Attacker’s Story
Two days later, on November 2, BleepingComputer published a follow-up with a self-described attacker who claimed they compromised a Penn employee’s PennKey SSO account-the credential that federates access to Microsoft 365, VPN, Salesforce, Qlik, and other systems. The actor claimed to have exfiltrated data on about 1.2 million students, alumni, and donors. After access to the employee account was cut off, the attacker said they still had access to Salesforce Marketing Cloud and used it to send the “We got hacked” email.Penn told the outlet it was still investigating . These are the attacker’s claims; Penn has not confirmed them.
Recent University Breaches - an Emerging Pattern
If the story feels familiar, it’s because higher education keeps meeting the same playbook: an incident lands; early public communications minimize or compartmentalize; technical breadcrumbs pile up; fuller disclosures follow later.
Breach Comparison Table
| Institution | Date | Affected | Initial Framing | Outcome |
|---|---|---|---|---|
| UMN | 2023 (access 2021) | ~4.2M | "Data incident" (legacy) | $5M settlement, SSN notices |
| NYU | Mar 2025 | >3M | "Website hijacked" | Data exposure on defaced pages, IT review |
| Columbia | Jul 2025 | ~860k-870k | "IT outages" | Confirmed theft, notifications |
| Penn (ongoing) | Oct 2025 | ~1.2M (claimed) | "Fraudulent email" | Investigation; leaks circulating |
The substance and scale differ, but the communications arc is recognizable: initial caution, third-party technical findings, then more complete answers once scope is confirmed.
Penn’s Official Denial
On November 1, Penn told CBS Philadelphia the university “was not hacked” and that it was working to determine the source of the fraudulent email. A day earlier, DPS characterized the messages as “fraudulent” and said OIS/Incident Response was actively addressing the situation. As of November 3, 2025, that remains Penn’s last on-record position.
The Leaked Files
This is where Penn’s “fraudulent email” framing collides with the substance of what’s circulating.
DataBreach.com reviewed the sample posted by the hacker, which includes among many other things, two internal-looking Penn documents marked “Confidential” and dated close to the incident. We are characterizing them based on our direct review, as Penn has not publicly acknowledged these files. These files, pulled from what appears to be SharePoint/OneDrive via the compromised SSO, underscore lateral movement beyond just email-despite Penn's framing:
-
“Some Key Points for Staff to Understand Regarding Liz Magill’s Testimony” - a staff memo labeled “CONFIDENTIAL / NOT APPROVED FOR DISTRIBUTION EXTERNALLY.” It explains why Magill’s widely criticized congressional answers were framed as context-specific, stating that bullying/harassment require directed and repeated/ongoing behavior, quoting the line that conduct must be “directed, severe, and pervasive” to qualify as harassment, and citing a Dec. 6 New York Times passage quoting FIRE on why a single utterance may not meet the legal threshold. The memo also notes Magill’s subsequent video statement clarifying her personal view and a plan to re-examine Penn policies.
-
“2025 Fall BOA Post-Meeting Materials” - a multi-dozen-page packet for the GSE Board of Advisors, marked “Confidential | For Internal Use Only.” It contains board-level planning materials (financial summaries, advancement/enrollment targets, and program notes).
Both documents read like files one would expect in SharePoint/OneDrive tied to leadership and advancement teams. We’re not publishing them in full to avoid unnecessary exposure of sensitive internal material. The existence of such internal-looking files in circulation - alongside the Salesforce Marketing Cloud sending path - challenges the notion that this was a trivial spoof with no access implications.
How It Likely Happened
Based on the reported headers and the attacker’s account, a compromised PennKey SSO (or equivalent credential) is a plausible entry point. In a modern university environment, SSO credentials routinely bridge Microsoft 365, SharePoint/OneDrive, VPN, and Salesforce Marketing Cloud. If an attacker obtains such a token or password - and if conditional access or MFA gaps exist - lateral movement to fetch internal PDFs and send a mass email from a legitimate subdomain is straightforward. This sequence is plausible and consistent with the attacker’s claims, but only Penn can confirm the precise path and blast mechanics. Similar to multi-org breaches via tricked employee access in 2025 Salesforce trends, it highlights common federated auth vulnerabilities.
Regulatory and Privacy Implications
Two frameworks matter here, and both cut a narrower path than social media tends to assume.
- FERPA protects education records - essentially student-identifiable records maintained by educational institutions. If admissions, enrollment, or academic records that are personally identifiable were accessed, FERPA duties and guidance would kick in. Internal memos by themselves, without student-identifiable content, may not qualify as FERPA-protected “education records”-though paired donor data could be.
- The Pennsylvania Breach of Personal Information Notification Act triggers only if specific personal information was accessed by an unauthorized party - typically a name in combination with an SSN, driver’s license number, or financial account credentials. Pure messaging abuse or generic internal documents without covered PII would not, on its own, require consumer notification under that statute.
As of publication, Penn has not confirmed that regulated personal information was accessed. If the attacker’s claims about 1.2 million individuals and donor/student datasets prove true, notification obligations could be triggered; until then, legal duties should be framed as conditional. (Penn’s public stance remains: investigation ongoing.) Affected alumni/donors: Monitor credit (free via AnnualCreditReport.com); watch Penn's site for notices.
Takeaway
Penn’s predicament shows how elite institutions can still stumble on the basics of incident response: timely transparency, technical precision, and scope clarity. When a mass message comes through a Penn-managed Salesforce subdomain and internal-looking files circulate in parallel, the public wants more than “fraudulent email” and “we weren’t hacked.” Even if final forensics conclude that sensitive databases weren’t accessed, the abuse of a legitimate university channel to broadcast to a community of students, alumni, and staff is itself serious - and it shouldn’t take days of parsing for that to be acknowledged.
Penn can fix this quickly: disclose MFA status? Exact Salesforce role abused? Notification timeline if PII confirmed? That would do more to restore trust than any semantic dispute over the word “hack.” As SSO attacks rise in academia, this echoes a need for federated auth overhauls.
Until then, the headline remains the same: Penn says it wasn’t hacked - and the record of what systems sent the message, plus the internal-looking files now in circulation, suggests the story is a lot more complicated than that.
