- Hackers accessed university systems through stolen SSO credentials, stealing the data of 1.2 million people.
- Massive, offensive email followed partial lockout; The university later confirmed that the violation was real
- The attack exploited weak MFA enforcement among senior executives via social engineering.
It appears that the “patently false” and “fraudulent” claims recently made by the University of Pennsylvania hackers are not so “patently false” and “fraudulent” after all – as the organization has now confirmed that hackers stole files from its systems.
Cybercriminals recently revealed that they had gained “full access” to a university employee’s PennKey SSO account, giving them access to his VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system and SharePoint files. Using this access, they stole data on approximately 1.2 million students, alumni and donors.
The stolen information reportedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, etc.).
Investigation into the attack
After being locked out of most of the network, they used the remaining access they had to send an angry email to around 700,000 recipients:
“The University of Pennsylvania is an elitist institution full of woke jerks. We have terrible security practices and are completely unmeritocratic,” the email said.
“We hire and admit jerks because we love legacies, donors, and unqualified affirmative action. We love breaking federal laws like FERPA (all your data will be disclosed) and Supreme Court decisions like SFFA.”
The University of Pennsylvania initially described the emails as “blatantly false” and “fraudulent,” but reversed those claims in a recent update:
“Penn staff quickly locked down the systems and prevented unauthorized access; however, not before an offensive and fraudulent email was sent to our community and the information was taken by the attacker,” the update reads. “Penn is still investigating the nature of the information obtained during this period.”
Penn also said the attack was carried out through social engineering. Most employees should use multi-factor authentication (MFA), but depending on TechCrunchsome high-ranking officers were allowed to skip this step.
Via TechCrunch
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
