News Summary
A notorious cybercrime group has leaked additional confidential files from the University of Pennsylvania’s Graduate School of Education hack. The leaked data includes sensitive donor records and protocols addressing antisemitism, revealing how the university tracked donor activity. Although initial reports suggested over a million records were compromised, recent filings indicate fewer than 10 individuals were affected. The university has engaged cybersecurity experts and notified the impacted individuals, following immediate containment measures after the breach was detected.
Philadelphia, PA – Cybercrime Group Leaks Additional Internal Files from Penn Email Hack
The notorious cybercrime group ShinyHunters has claimed responsibility for the October 2025 data breach at the University of Pennsylvania’s Graduate School of Education (GSE), releasing additional confidential internal files in the past 48 hours. This recent leak includes sensitive donor records and appears to detail how the university tracked donor activity as recently as 2025. The new files also reportedly contain information on protocols for combating antisemitism.
The latest data release by ShinyHunters follows their initial claim of responsibility for the breach. The group’s actions come months after the initial cybersecurity incident, which saw unauthorized access to select information systems related to the university’s development and alumni activities.
Details of the Breach and Leaked Information
The cyberattack on Penn’s Graduate School of Education initially occurred around October 30-31, 2025. It reportedly involved a social engineering attack, possibly a form of voice phishing (vishing), which led to unauthorized access to a University employee’s PennKey account and exploitation of the university’s Salesforce Marketing Cloud platform.
Early reports suggested that data from over 1.2 million students, alumni, and donors might have been compromised. The information allegedly included donation history, estimated donor net worth, and demographic details such as names and race. Additionally, it was reported that confidential internal memos, wire and ACH transaction records, contributors’ addresses, and phone numbers were part of the stolen data.
However, recent legal filings on February 2, 2026, revealed a significant update, stating that the October 2025 GSE data breach ultimately impacted fewer than 10 individuals. Furthermore, none of the individuals affected were plaintiffs in the ongoing class-action lawsuits against the university, leading to the withdrawal of seven of 18 original filings. The university had previously indicated that the reported number of affected records was “mischaracterized.”
The most recent files leaked by ShinyHunters, reviewed on February 4, 2026, reportedly contain never-before-seen donor records. These documents purportedly illustrate the university’s methods for tracking donor activity up to 2025. Some individuals whose information appeared in these leaks had publicly announced intentions to stop donations to Penn due to the administration’s handling of campus antisemitism allegations in 2023.
Among the leaked records was a 2023 file titled “Antisemitism Action Plan Dashboard,” detailing initiatives and strategies to address antisemitism across the university, covering safety, engagement, and education.
University’s Response and Ongoing Investigation
Upon detecting unauthorized access on October 31, 2025, the University of Pennsylvania promptly initiated containment measures, including securing affected accounts and locking down compromised systems. The university also engaged a leading cybersecurity firm for forensic analysis and reported the breach to the Federal Bureau of Investigation (FBI) on November 3, 2025.
The university’s comprehensive review of the downloaded files to determine whose information was involved concluded in January 2026. Penn has since notified the limited number of individuals whose personal information was impacted, in accordance with applicable notification laws.
About ShinyHunters and Cybercrime in Higher Education
ShinyHunters is recognized as a black-hat criminal hacker and extortion group, believed to have originated in 2019. The group is known for orchestrating numerous data breaches and often resorts to leaking stolen information on the dark web if ransom demands are not met. They are considered part of a broader cybercrime network.
Higher education institutions, like the University of Pennsylvania, are frequent targets for cyberattacks. They possess vast amounts of valuable personal data, including student identities, financial aid records, and donor information, making them attractive targets for cybercriminals. Open Wi-Fi networks and “Bring Your Own Device” (BYOD) policies often increase the number of potential access points for attackers.
Universities are advised to implement robust cybersecurity measures, including mandatory cybersecurity training for all users, regular security audits, and detailed incident response plans. Managing third-party security risks is also crucial, as breaches within vendors can compromise the university’s network.
Frequently Asked Questions
What cybercrime group claimed responsibility for the Penn email hack?
The cybercrime group ShinyHunters has claimed responsibility for the October 2025 data breach at the University of Pennsylvania’s Graduate School of Education (GSE).
When did ShinyHunters leak additional internal files from the Penn email hack?
The latest leak of additional internal files by ShinyHunters occurred in the past 48 hours, with further files showing donor activity as recently as 2025 leaked 8 hours ago.
What kind of information was included in the recently leaked files?
The recently leaked confidential University files reportedly contain never-before-seen donor records and protocols for combating antisemitism, seemingly showing how Penn tracked donor activity as recently as 2025.
When did the initial data breach at Penn’s Graduate School of Education occur?
The data breach at Penn’s Graduate School of Education initially occurred around October 30-31, 2025.
How many individuals were ultimately affected by the October 2025 GSE data breach?
A recent court filing on February 2, 2026, revealed that the October 2025 GSE data breach ultimately impacted fewer than 10 individuals.
What was the University of Pennsylvania’s initial response to the breach?
Upon detecting unauthorized access on October 31, 2025, the University of Pennsylvania initiated containment measures, secured affected accounts, locked down compromised systems, and reported the breach to the Federal Bureau of Investigation (FBI) on November 3, 2025.
Key Features of the Penn GSE Data Breach
| Feature | Detail | Scope |
|---|---|---|
| Cybercrime Group | ShinyHunters | Nationwide |
| Target Institution | University of Pennsylvania Graduate School of Education (GSE) | State-level |
| Initial Breach Date | October 30-31, 2025 | State-level |
| Date of Latest Leak | Within the last 48 hours (February 4-5, 2026) | State-level |
| Reported Number of Affected Individuals | Fewer than 10 (as per latest court filing for GSE breach) | State-level |
| Types of Data Leaked (Latest) | Donor records, protocols for combating antisemitism, donor activity tracking | State-level |
| Method of Attack | Social engineering (possibly vishing), exploitation of Salesforce Marketing Cloud | Nationwide |
| University Response | Reported to FBI, engaged cybersecurity firm, notified affected individuals | State-level |
Deeper Dive: News & Info About This Topic
HERE Resources
University of Pennsylvania Faces Lawsuit Over Data Breach
University of Pennsylvania Investigates Offensive Email Incident
Cyberattacks Target Ivy League Universities
University of Pennsylvania Faces Antisemitism Power Struggle
Author: STAFF HERE PHILADELPHIA WRITER
The PHILADELPHIA STAFF WRITER represents the experienced team at HEREPhiladelphia.com, your go-to source for actionable local news and information in Philadelphia, Philadelphia County, and beyond. Specializing in "news you can use," we cover essential topics like product reviews for personal and business needs, local business directories, politics, real estate trends, neighborhood insights, and state news affecting the area—with deep expertise drawn from years of dedicated reporting and strong community input, including local press releases and business updates. We deliver top reporting on high-value events such as Mummers Parade, Philadelphia Flower Show, and Thanksgiving Day Parade. Our coverage extends to key organizations like the Greater Philadelphia Chamber of Commerce and United Way of Greater Philadelphia, plus leading businesses in telecommunications, food services, and healthcare that power the local economy such as Comcast, Aramark, and Children's Hospital of Philadelphia. As part of the broader HERE network, we provide comprehensive, credible insights into Pennsylvania's dynamic landscape.
