University of Pennsylvania — 624K accounts
Severity: Medium · Kind: Data breach
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand , largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
Breach facts
- Accounts affected
- 623,750
- Verified
- Yes
- Sensitive
- No
- Domain
- upenn.edu
- Data exposed
- Charitable donationsDates of birthEmail addressesGendersIncome levelsJob titlesNamesPhysical addressesReligionsSalutationsSpouses names
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.