"The University of Pennsylvania experienced a cyber incident on Oct. 31, in which a series of mass emails were sent to students, parents, faculty and alumni. These emails were sent from accounts associated with the Graduate School of Education and were addressed to the University's community at large. The content of the mass emails contained condemnations of the University's institutional purpose and security practices."
"While the investigation is still in preliminary stages, the alleged threat actor has contacted BleepingComputer and claimed to have gained complete access to an employee's PennKey SSO account, which permitted them "access to Penn's VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system, and SharePoint files." According to the threat actor's claims, they were able to exfiltrate the data of approximately 1.2 million students, alumni, and donors."
On Oct. 31 a cyber incident resulted in mass emails sent to students, parents, faculty and alumni from accounts tied to the Graduate School of Education. The emails included condemnations of institutional purpose and security practices. A University spokesperson stated the messages do not reflect University or Penn GSE mission and confirmed an active investigation and efforts to stop the emails. The alleged threat actor claimed full access to an employee PennKey SSO account and access to VPN, Salesforce, Qlik, SAP and SharePoint systems. The actor claimed to have exfiltrated data for approximately 1.2 million people and published a 1.7 GB archive.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]