TZUTC: -0500   
   MSGID: 1662.consprcy@1:2320/105 2d6df721   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   "We have terrible security practices" - University of Pennsylvania hackers    
   say they've stolen over a million records in major cyberattack   
      
   Date:   
   Mon, 03 Nov 2025 13:25:00 +0000   
      
   Description:   
   The hackers also insulted the University and confirmed they were targeting   
   donors.   
      
   FULL STORY   
      
   Cybercriminals have claimed responsibility for the recent cyberattack on the   
   University of Pennsylvania, claiming they stole data on approximately 1.2   
   million students, alumni, and donors.    
      
   An unnamed threat actor told BleepingComputer they gained full access to a   
   University employees PennKey SSO account, which gave them access to Penns VPN   
   , Salesforce data, Qlik analytics platform, SAP business intelligence system,   
   and SharePoint files.    
      
   The information stolen allegedly includes peoples names, dates of birth,   
   addresses, phone numbers, estimated net worth, donation history, and   
   demographic details (race, religion, sexual orientation, and similar).   
   Offensive emails    
      
   The confirmation came in response to the Universitys claims which somewhat   
   downplayed the severity of the hit.    
      
   Data exfiltration seems to have taken place around October 30 and 31, after   
   which the University spotted the intrusion and ousted the attacker. The move   
   seems to have angered them, as they then used access to Salesforce Marketing   
   Cloud (which they kept), to send an offensive email to roughly 700,000   
   recipients.    
      
   "The University of Pennsylvania is a dog**** elitist institution full of woke   
   ret*rds. We have terrible security practices and are completely   
   unmeritocratic," the email said.    
      
   "We hire and admit morons because we love legacies, donors, and unqualified   
   affirmative action admits. We love breaking federal laws like FERPA (all your   
   data will be leaked) and Supreme Court rulings like SFFA."    
      
   The University of Pennsylvania described the emails as obviously fake and   
   fraudulent.    
      
   The attackers then confirmed they will not ask the University for a ransom   
   payment, since they dont think the victims would pay, anyway. "The main goal   
   was their vast, wonderfully wealthy donor database, they said.    
      
   It would seem they will try to target the donors now.    
      
    Via BleepingComputer    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/we-have-terrible-security-practices-uni   
   versity-of-pennsylvania-hackers-say-theyve-stolen-over-a-million-records-in-ma   
   jor-cyberattack   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426