top of page
Search

University of Pennsylvania Data Breach: 623,750 Accounts Compromised

  • 3 days ago
  • 2 min read

Key Findings


  • In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database.

  • The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses.

  • For some donor records, additional personal information was exposed, including gender, date of birth, religion, spouse name, estimated income, and donation history.

  • The attackers sent inflammatory emails to some victims after the incident.


Background


The University of Pennsylvania is a private Ivy League research university located in Philadelphia, Pennsylvania. It has a long history dating back to its founding in 1740 by Benjamin Franklin, making it one of the oldest institutions of higher education in the United States.


Breach Details


In October 2025, the University of Pennsylvania was the target of a data breach that largely impacted its donor database. The attackers allegedly demanded a ransom, though the details of their demands are unclear. Following the incident, the stolen data was published online in February 2026.


The published data included 624,750 unique email addresses, along with associated names and physical addresses. For a subset of the records, additional personal information was exposed, including gender, date of birth, religion, spouse name, estimated income, and donation history.


Impact and Aftermath


After the data breach, the attackers sent inflammatory emails to some of the victims, likely as a form of harassment or to further their demands. The university's reputation and donor trust were likely impacted by this incident, though the full extent of the damage is not publicly known.


The University of Pennsylvania has not released details on how the breach occurred or what measures were taken to improve security and prevent similar incidents in the future. The publication of the stolen data has likely led to increased risk of identity theft and other malicious activities for the affected individuals.


Conclusion


The University of Pennsylvania data breach demonstrates the significant risks that institutions with large donor databases face, particularly when it comes to protecting sensitive personal information. The incident highlights the need for robust cybersecurity measures and incident response plans to mitigate the impact of such breaches and maintain the trust of the university's stakeholders.


Sources


  • https://haveibeenpwned.com/Breach/UniversityOfPennsylvania

  • https://x.com/haveibeenpwned/status/2023518708275216750

  • https://www.linkedin.com/posts/troyhunt_have-i-been-pwned-university-of-pennsylvania-activity-7429284513010319360-adMm

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page