The University of Pennsylvania has experienced a data breach, leaving student, alumni and financial information exposed. The data uncovered could go back decades, and according to the hackers, about 1.2 million data lines were breached. The hackers appear to have been politically motivated, as they sent out schoolwide messages criticizing Penn’s DEI policies and favoritism of legacies. However, some believe that they are more focused on selling the data than furthering any political agenda. The hackers also claim that Penn’s security systems are not effective. One Penn alum, Christopher Kelly, has filed a class-action lawsuit against the University, arguing that such a wealthy and well-regarded school should invest in the systems to keep their affiliates’ information adequately secured, instead of leaving databases and email accounts unprotected.
The hackers were able to get ahold of documents surrounding the congressional hearing of former University President Liz Magill, who resigned after being accused of not properly combatting antisemitism on campus. They also found information on President Joe Biden, who established the Penn Biden Center for Diplomacy and Global Engagement and whose son and granddaughter attended Penn.
The hackers secured access to internal memos between members of the Penn community. Some of these messages were related to festival Palestine Writes and the University’s endowment tax. One alleged hacker has claimed that they are planning on selling some of the information, but they are also reportedly planning on releasing the information to the public. The hackers appear to be highly concerned with Penn’s prioritization of legacies, donors and wealthy or powerful families.
Improving cybersecurity systems at elite institutions has become increasingly important, and many schools have already been victimized by similar data leaks. Over the summer, Columbia University experienced problems with their IT system, and later confirmed there had been a cyberattack. The hackers gained access to about 870,000 students’ and applicants’ data. Some information stolen by the hackers includes social security numbers, financial information, contact information, academic records and demographic information. The hackers claim to have found applicant data going back decades. They sent Bloomberg 1.6 gigabytes of data, and stated that they were trying to prove that Columbia was still using affirmative action policies after the 2023 supreme court ruling that prohibited the practice.
Due to these claims, and an image of Donald Trump being displayed on Columbia’s computers after the hack, officials have considered the attack as being politically motivated. New York University was affected by a similar data breach last spring. To prevent further damage to applicants, students, alumni, and internal staff, universities are beginning to invest in technology that will effectively safeguard their data.