- The attacker accessed university systems via compromised SSO, stealing the data of 1.2 million people.
- Offensive bulk emails sent after ejection using retained access to Salesforce Marketing Cloud
- Stolen data includes personal information, financial and demographic data; attacker targets wealthy donors, no ransom expected
Cybercriminals have claimed responsibility for the recent cyberattack on the University of Pennsylvania, claiming to have stolen data on approximately 1.2 million students, alumni and donors.
An anonymous threat actor said BeepComputer they gained “full access” to a university employee’s PennKey SSO account, which gave them access to Penn’s VPN, Salesforce data, the Qlik analytics platform, the SAP business intelligence system, and SharePoint files.
The stolen information reportedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, etc.).
Offensive emails
The confirmation came in response to the University’s claims that somewhat downplayed the severity of the blow.
The data exfiltration appears to have occurred around October 30 and 31, after which the University spotted the intrusion and ousted the attacker. This decision appears to have angered them, as they then used access to Salesforce Marketing Cloud (which they retained) to send an offensive email to approximately 700,000 recipients.
“The University of Pennsylvania is an elitist institution full of woke jerks. We have terrible security practices and are completely unmeritocratic,” the email said.
“We hire and admit jerks because we love legacies, donors, and unqualified affirmative action. We love breaking federal laws like FERPA (all your data will be disclosed) and Supreme Court decisions like SFFA.”
The University of Pennsylvania called the emails “patently false” and “fraudulent.”
The attackers later confirmed that they would not demand a ransom from the university, as they did not believe the victims would pay anyway. “The main focus was their large and wonderful donor database,” they said.
It looks like they are now trying to target donors.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
