The University of Pennsylvania is responding to a security breach after hackers gained access to multiple university email accounts, sending mass messages to students, staff, alumni, and community affiliates on Friday morning.

Recipients reported receiving emails that appeared to originate from the university’s Graduate School of Education (GSE) and other official @upenn.edu accounts. The messages included disparaging claims about the university’s internal practices and threatened to leak private data.
“We have terrible security practices and are completely unmeritocratic,” one of the emails stated, adding a reference to federal student privacy regulations. The message also suggested that donor contributions to the university should be halted. Some recipients reported receiving the message repeatedly from different Penn-affiliated email addresses.

A university spokesperson, Ron Ozio, confirmed the incident in a statement, noting that the institution’s incident response team is actively working to contain the breach. “A fraudulent email has been circulated that appears to come from the University of Pennsylvania’s Graduate School of Education. This is obviously a fake, and nothing in the highly offensive, hurtful message reflects the mission or actions of Penn or of Penn GSE,” Ozio said.

The hackers’ messages implied that the motive behind the breach was linked to discouraging alumni donations. The cyberattack follows Penn’s recent decision—alongside several other universities—to decline participation in the White House’s proposed “Compact for Academic Excellence in Higher Education.”

The compact outlined conditions such as eliminating affirmative action in hiring and admissions, disciplining departments that challenge conservative viewpoints, freezing tuition for five years, offering tuition-free pathways in certain science disciplines, capping international undergraduate enrollment at 15%, requiring standardized test scores for admission, and enforcing policies that would negatively affect transgender and gender non-conforming students.

In a letter publicly shared by the university, Penn President J. Larry Jameson rejected the proposal, stating:
“[The compact] preferences and mandates protections for the communication of conservative thought alone. One-sided conditions conflict with the viewpoint diversity and freedom of expression that are central to how universities contribute to democracy and to society.”
As of the time of writing, the university has not confirmed whether any private data has been accessed or leaked. Security teams are continuing their investigation.

Source: Techcrunch