Your cart is currently empty!
Penn Confirms Cyber Breach Linked To Offensive Emails; FBI Investigating
The University of Pennsylvania has confirmed that a “sophisticated social-engineering attack” was responsible for last week’s breach of information systems tied to its development and alumni operations — the same intrusion that enabled hackers to send a wave of vulgar, politically charged emails across the Penn community on October 31.
In a November 4 message to students, faculty, and alumni, Joshua Beeman, Penn’s interim vice president for information technology and interim chief information officer, said that the attack compromised “a select group of information systems related to Penn’s development and alumni activities.”
“Penn employs a robust information security program; however, access to these systems occurred due to a sophisticated identity impersonation commonly known as social engineering,” Beeman wrote.
SYSTEMS RESTORED; FBI AND CROWDSTRIKE CALLED IN
According to Beeman, Penn’s information-security staff “rapidly locked down the systems and prevented further unauthorized access,” though not before “an offensive and fraudulent email was sent to our community and information was taken by the attacker.” The university said it is still determining what data was accessed.
“All systems have been restored and are fully operational,” Beeman added, emphasizing that the university has notified the FBI and is working with CrowdStrike, a leading cybersecurity firm, and other law-enforcement partners.
The university later elaborated on the nature of the attack on its data-incident webpage, explaining that even advanced systems can be undermined when people are deceived into giving up credentials.
“Unfortunately, even the most sophisticated security systems are vulnerable to social engineering attacks — when bad actors deceive individuals into giving up confidential information which compromises security and can be used to access private systems and information,” the university stated. “That is what happened in this instance. As soon as Penn was made aware of the unauthorized access to its systems, it was able to lock down its systems.”
The university said its investigation remains ongoing and that it will update the site as new information becomes available.
GUIDANCE & SECURITY RESOURCES
Penn urged members of its community to stay alert for phishing attempts, especially emails that may solicit fraudulent donations or request login credentials. Beeman directed students, faculty, and alumni to review Penn’s Information Systems & Computing security guidance, which stresses vigilance against deceptive emails, the use of strong passwords, and multi-factor authentication.
The breach follows the mass-email incident that shook the Penn community Thursday, when thousands of recipients — including Wharton students and alumni — received messages filled with obscenities, political rhetoric, and anti-institutional slurs.
While Penn now confirms the emails stemmed from a real systems breach, it maintains that no core academic or administrative databases were affected and that access was limited to development and alumni systems.
DON’T MISS HACKERS TARGET PENN, SEND PROFANE EMAILS TO WHARTON STUDENTS & ALUMNI
The post Penn Confirms Cyber Breach Linked To Offensive Emails; FBI Investigating appeared first on Poets&Quants.