The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university's development and alumni activities and stole data in a cyberattack.
In a new statement, Penn confirmed BleepingComputer's reporting that the hackers breached its systems using compromised credentials, stating they were stolen in a social engineering attack.
"On October 31, Penn discovered that a select group of information systems related to Penn's development and alumni activities had been compromised," reads a new Penn statement.
"Penn employs a robust information security program; however, access to these systems occurred due to a sophisticated identity impersonation commonly known as social engineering."
"Penn's staff rapidly locked down the systems and prevented further unauthorized access; however, not before an offensive and fraudulent email was sent to our community and information was taken by the attacker. Penn is still investigating the nature of the information that was obtained during this time."
The University of Pennsylvania says it has notified the FBI of the breach and is working with CrowdStrike to investigate the security incident.
As first reported by BleepingComputer, the threat actor breached Penn's systems on October 30 using an employee's PennKey SSO account that provided access to the university's Salesforce instance, Qlik analytics platform, SAP business intelligence system, and SharePoint files.
Using this access, the threat actors stole 1.71 GB of internal documents from the university's SharePoint and Box storage platforms, including spreadsheets, documents, financial information, and alumni marketing materials.
The hackers also told BleepingComputer that they stole Penn's Salesforce donor marketing database, containing 1.2 million records with a wide variety of donor information.
A sample of this data includes 158 distinct fields, which contain the following sensitive information:
... continue reading