// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / University of Pennsylvania
Breach Record

University of Pennsylvania

DISCLOSED 2025-10-30 · STOLEN CREDS · 623,750 RECORDS EXPOSED

In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor...

The record

What we know

Disclosed
2025-10-30
Attack vector
Stolen Creds
Records exposed
623,750
Domain
upenn.edu
Data classes exposed
Charitable donationsDates of birthEmail addressesGendersIncome levelsJob titlesNamesPhysical addressesReligionsSalutationsSpouses names
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the University of Pennsylvania disclosure. It updates if new public reporting emerges. All tracked breaches →

University of Pennsylvania just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →