Update: And this, kids, is why we always say entities shouldn’t rush to claim they weren’t hacked. Bleeping Computer was able to validate some of the hackers’ claims. See their report, Penn hacker claims to have stolen 1.2 million donor records in data breach. Original report below the separator.
Frederick Sutton Sinclair of CBS reports:
The University of Pennsylvania is investigating a vulgar email that was sent to members of its campus community.
Penn told CBS News Philadelphia that it was not hacked, but the university is working to find the source of the fraudulent email.
The email’s subject line read “We Got Hacked” and included explicit language while urging recipients to “stop giving money” to the university.
TechCrunch has more on the email itself. Amanda Silberling reports the message was sent from a variety of different Penn-affiliated email accounts, including the Graduate School of Education (GSE), as well as purporting to come from several senior members of staff across the university. She reports:
Other Penn affiliates have received the email multiple times from different senders with official @upenn[.]edu email addresses. (Disclosure: As an alumna and former employee of the university, I have received the message three times thus far to my personal email.)
TechCrunch includes a redacted screenshot of the email (below).
Is the email actually threatening to leak all of the students’ data when they write, ” We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court rulings like SFFA.” ? The university states they were not hacked. Were they wrong? Other universities victimized by similar messages have had their student data dumped. Will the same happen here?
(SEE THE UPDATE)