An individual asserting membership within the group responsible for the recent cyber intrusion at the University of Pennsylvania has claimed that the collective currently retains approximately 1.2 million lines of confidential data. According to this self‑proclaimed hacker, the compromised information will be withheld from public release until the group can identify prospective buyers, implying an explicit profit‑driven agenda. In parallel, they have announced their intent to make certain other documents available to the public at a later stage, perhaps as a demonstration of authenticity or to generate further media interest.
In communications with *The Verge*, the person—who may represent one or several collaborators—emphatically distanced their operation from earlier attacks on other private universities, including Columbia University. Those prior incidents had been characterized as ideologically motivated, allegedly meant to expose how certain institutions had continued their pro‑diversity or affirmative‑action admissions practices even after judicial prohibitions. The University of Pennsylvania hacker, however, insisted that their objectives were purely material and not political or moral. Speaking through the encrypted messaging service Signal, they explained that the principal aim of the breach was to obtain access to Penn’s wealthy donor database. A controversial email discovered during the incident, which contained inflammatory language mocking university admissions based on legacy status, donor influence, and affirmative action, was, they claimed, nothing more than a “humorous outburst” written impulsively while their access session remained open on Salesforce’s marketing platform.
Leaked materials are reported to include internal communications that resemble confidential talking points prepared for then‑university president Liz Magill’s congressional testimony. When reached for comment, Ron Ozio, who heads Penn’s media relations office, did not offer an immediate response. In an official statement released shortly thereafter, the university affirmed that it continues to investigate the breach, has notified federal authorities—including the FBI—and is actively assessing the full scope of the compromised data.
A smaller data sample shared with *The Verge* appears to contain detailed donor records, including personal information such as email addresses, physical mailing locations, telephone numbers, and the dates of donors’ most recent contributions. Additional sensitive details, including individuals’ religious affiliations, were also present. Two subjects contacted by the publication independently confirmed that the information linked to their names was accurate, substantiating the credibility of the leak.
Some of the purloined documents have already surfaced publicly on an online platform known as Leakforum, one of which concerns President Magill. Her resignation from Penn had followed intense public scrutiny after she testified before Congress and responded controversially to a question about whether calls for genocide against Jewish people would contravene the university’s code of conduct. Magill’s assertion that such speech would be “context‑dependent” provoked widespread backlash and ultimately precipitated her departure.
Cybersecurity researchers continue to analyze the breach’s authenticity. Zack Ganot, CEO of the data‑forensics firm DataBreach.com, stated that the samples provided leave “virtually no doubt” regarding their legitimacy. He emphasized that the retrieved documents demonstrate verifiable internal access to Penn’s private digital infrastructure, including recently generated files, thereby confirming the attackers penetrated active operational systems rather than merely obtaining historical archives or spoofed material.
The alleged hacker further claimed possession of historical datasets extending back nearly a century. To substantiate this, they provided a screenshot of database entries containing birth dates from the 1920s, noting that some entries reference individuals now deceased. Their focus, they explained, was on acquiring information about “UHNWIs,” or ultra‑high‑net‑worth individuals—terms commonly used in finance to denote those possessing exceptional wealth. Because such benefactors often maintain strong philanthropic relationships with elite universities, the attackers viewed Penn, with its immense endowment and perceived weak authentication framework, as an accessible and attractive target.
Among the high‑profile names reported to appear in the compromised donor lists is that of former U.S. President Joe Biden, as well as several members of his family. This revelation, if verified, underscores the breach’s potential to expose politically and socially sensitive data.
The perpetrator reiterated that they have no affiliation with the earlier wave of university infiltrations attributed to a separate hacker known for extreme ideological rhetoric. That individual, who described themselves as “violently racist,” had claimed responsibility for compromising the networks of Columbia University, New York University, the University of Minnesota, the University of Mississippi, and Miami University of Ohio, asserting that those intrusions aimed to prove the institutions’ ongoing use of race‑based admissions criteria after the Supreme Court invalidated such policies. However, subsequent analyses of that person’s behavior and posts on social media platform X have cast significant doubt on those stated motives. This same hacker has also been publicly acknowledged by Curtis Yarvin, a self‑identified neo‑monarchist intellectual and acquaintance of Vice President JD Vance, which further complicated assessments of their credibility.
In contrast, the group behind the Penn incident portrays itself as pragmatically motivated by profit rather than ideology. They clarified in a Signal message that once they had successfully extracted the donor information they sought, the inflammatory email they circulated was simply a momentary act of mischief undertaken while they still had valid credentials on the university’s marketing system. They emphasized that, contrary to several media narratives describing their operation as anti‑DEI (diversity, equity, and inclusion) activism, their grievance was not political. Although they conceded that Penn’s favoring of wealthy donors and legacy applicants was, in their view, comparable in moral dubiousness to affirmative‑action practices, they maintained that neither issue directly inspired their attack. Their true motivation, they insisted, was the potential financial return derived from monetizing valuable donor records.
Ultimately, this case highlights a substantial evolution in the motives underlying large‑scale cyber intrusions within academia. Whereas past breaches were often justified under ideological or social pretexts, the Penn incident—if the attacker’s statements are to be believed—marks a pivot toward profit‑oriented digital exploitation. It serves as a stark reminder that even prestigious institutions with considerable resources remain vulnerable when their cybersecurity infrastructures fail to match the sophistication of modern cybercriminal networks.
Sourse: https://www.theverge.com/policy/812700/university-pennsylvania-hack-data-sale-dei
