Hackers send fraudulent mass emails to UPenn students

Published: 1 November 2025
Last updated: 1 November 2025
Upenn

The University of Pennsylvania’s current and former students, as well as faculty, parents, and some external individuals, have received mass emails criticizing the university’s practices in an apparent security breach.

The emails were sent from accounts linked to the University of Pennsylvania's Graduate School of Education (GSE). Malicious actors used them to call UPenn an “elitist institution” with “terrible security practices”.

The email, which contained profane language, also said: “We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court rulings like SFFA.”

ADVERTISEMENT

An email from an account tied to a senior systems administrator explained that no malicious links or malware were included in the fraudulent email’s content, so the only necessary step is to delete it (or mark it as spam) unless the person has replied to or clicked on anything suspicious within the email, according to Billy Penn.

Billy Penn also reports that a spokesperson for the university commented on the issue, saying:

“This is obviously a fake, and nothing in the highly offensive, hurtful message reflects the mission or actions of Penn or of Penn GSE. The University’s Office of Information Security is aware of the situation, and our Incident Response team is actively addressing it.”

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

Additionally, in a message on Penn’s university notification system, the university apologized for the harm the incident has caused and is causing.

Elizabeth Cooper, the school’s IT help desk manager, also addressed the situation in a message to members of Penn’s Annenberg School for Communication, assuring that “ASC has not been hacked,” according to The Daily Pennsylvanian.

“These emails are being received by individuals outside of UPenn as well,” Cooper reportedly wrote. “It appears that some email list, which is beyond our control, was accessed by malicious individuals who then sent out these messages.”

Higher education institutions are routinely targeted by hackers as they possess sensitive personal information and high-value research data, which could be used for phishing, fraud, ransom, or espionage.

ADVERTISEMENT

In August, it was reported that a Columbia University data breach had exposed over 868K individuals, including those who either attempted to enroll at the university or studied there.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT