University of Pennsylvania Data Breach Investigation

During the week of October 27, 2025, an unauthorized character allegedly gained full access to a University of Pennsylvania (“Penn”) employee’s PennKey SSO account. The access provided the hacker with entry to Penn’s VPN, Salesforce data, SharePoint files and other platforms resulting in the exposure of 1.2 million students’, alumni’s, and donors’ personally identifiable information (“PII”). The PII included the individuals’ names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details such as religion, race, and sexual orientation. Reportedly, a multitude of victims have already received multiple offensive emails from the hackers using Penn.edu addresses claiming Penn was hacked and data was stolen. If you or someone you know received an email or otherwise suspects personal information may have been compromised, you can contact Goldenberg Schneider, LPA by calling 513-982-1569, sending an email to [email protected] or completing the “Contact Us” form to the right.