- Hackers gained access to university systems via stolen SSO credentials and stole data on 1.2 million individuals
- Offensive mass email followed partial lockout; The university later confirmed that the breach was real
- The attack exploited weak MFA enforcement among senior executives through social engineering
It seems the “patently false” and “fraudulent” claims recently made by University of Pennsylvania hackers aren’t so “patently false” and “fraudulent” after all — as the organization has now confirmed that hackers stole files from its systems.
Cybercriminals recently disclosed that they had gained “full access” to a university employee’s PennKey SSO account, which gave them access to its VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system and SharePoint files. Using that access, they stole data on approximately 1.2 million students, alumni and donors.
The stolen information reportedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, and the like).
Investigating the attack
After being kicked out of most of the network, they used the remaining access they had to send an angry email to around 700,000 recipients:
“The University of Pennsylvania is a dog**** elitist institution full of woke ret*rds. We have terrible security practices and are completely unmeritocratic,” the email said.
“We hire and admit idiots because we love legacies, donors, and unqualified affirmative action. We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court decisions like SFFA.”
At first, the University of Pennsylvania described the emails as “obviously fake” and “fraudulent,” but backtracked on those claims in a recent update:
“Penn staff quickly locked down the systems and prevented further unauthorized access; however, not before an offensive and fraudulent email was sent to our community and information was taken by the attacker,” the update reads. “Penn is still investigating the nature of the information obtained during this time.”
Penn also said the attack was carried out through social engineering. Most employees are obliged to use multi-factor authentication (MFA), but according to TechCrunchsome of the top brass were allowed to skip this step.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
