Industry — Data Breach
Executive Summary
Data breach reported by HIBP — University of Pennsylvania - 623,750 breached accounts: In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand , largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 ...
What Happened
The University of Pennsylvania experienced a data breach in October 2025 that primarily affected its donor database, followed by a ransom demand from the attackers. The attackers sent inflammatory emails to some victims after the initial breach. The stolen data was published online in February 2026 and included 624,000 unique email addresses along with names and physical addresses for all records, with some donor records also containing gender, date of birth, religion, spouse name, estimated income, and donation history.
Who Is Affected
Approximately 623,750 individuals with accounts in the University of Pennsylvania's donor database were affected by this breach. All victims had their email addresses, names, and physical addresses exposed. A subset of affected donors also had more sensitive personal information compromised, including gender, date of birth, religion, spouse name, estimated income, and donation history.
Why It Matters
This breach exposed detailed personal and financial information about university donors, including sensitive data such as religious affiliation and estimated income for some individuals. The publication of this data online after a failed ransom attempt, combined with attackers sending inflammatory emails to victims, demonstrates the multiple ways breach victims can be harmed beyond the initial data exposure.
What You Should Do
If you are a University of Pennsylvania donor, monitor your email accounts for phishing attempts or inflammatory messages related to this breach. Be vigilant for identity theft or fraud attempts using your exposed personal information, particularly if you provided detailed donor information that may have included income estimates or other sensitive data. Consider placing fraud alerts on your credit reports if you believe your date of birth and other identifying information were included in the breach.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.