- The attacker gained access to the university’s systems via compromised SSO and stole data on 1.2 million individuals
- Offensive mass email sent after broadcast using retained access to Salesforce Marketing Cloud
- Stolen data includes PII, financials and demographics; the attacker targets rich donors, no ransom is planned
Cybercriminals have claimed responsibility for the latest cyberattack on the University of Pennsylvania, claiming they stole data on approximately 1.2 million students, alumni and donors.
This was told by an unnamed threat actor Bleeping Computer they gained “full access” to a university employee’s PennKey SSO account, which gave them access to Penn’s VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system and SharePoint files.
The stolen information reportedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, and the like).
Offensive emails
The confirmation came in response to the university’s claims, which somewhat downplayed the severity of the blow.
Data exfiltration appears to have occurred around October 30 and 31, after which the university discovered the intrusion and removed the attacker. The move appears to have angered them, as they then used access to the Salesforce Marketing Cloud (which they retained) to send an offensive email to around 700,000 recipients.
“The University of Pennsylvania is a dog**** elitist institution full of woke ret*rds. We have terrible security practices and are completely unmeritocratic,” the email said.
“We hire and admit morons because we love legacies, donors, and unqualified affirmative action. We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court decisions like SFFA.”
The University of Pennsylvania described the emails as “obviously fake” and “fraudulent”.
The attackers then confirmed that they will not ask the university for a ransom, as they do not believe the victims would pay anyway. “The main target was their large, wonderfully wealthy donor database,” they said.
Looks like they will try to target the donors now.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
