This story is developing and will continue to be updated.
Penn appears to have experienced a cybersecurity breach on Friday after a series of mass emails were sent to students, faculty, alumni, and parents from accounts linked to the Graduate School of Education.
The messages — sent from multiple University-affiliated email addresses — were addressed to the Penn community and contained criticisms of the University’s security practices and institutional purpose, according to copies of the messages reviewed by The Daily Pennsylvanian. Penn’s Information Systems & Computing office wrote in a statement that it is “working with our campus partners to resolve the issue.”
“We hire and admit morons because we love legacies, donors, and unqualified affirmative action admits,” the email — which contains profane language and a slur — read in part.
In an email to the Penn GSE community, a spokesperson for the school described the emails as “highly offensive,” adding that they “are in no way reflective of Penn or Penn GSE’s mission or actions.”
“Please know that we are actively and quickly investigating and taking immediate steps to stop these emails from being sent,” the spokesperson wrote. “Our IT team at Penn GSE and the University’s IT team and Crisis Response Teams are working as quickly as they can.”
A University spokesperson wrote that the emails were “obviously a fake” in a statement to the DP. The spokesperson reiterated that the University’s Office of Information Security is “actively addressing” the situation.
“All of the emails are incredibly offensive and in no way reflective of Penn or Penn GSE’s mission or values. We sincerely apologize for the harm this has caused and is causing,” a message to the Penn community read. “Over and above the inconvenience of getting your inboxes spammed, these emails are hurtful and upsetting.”
In an message sent to members of Penn’s Annenberg School for Communication, Elizabeth Cooper, the school’s IT help desk manager, addressed the “offensive emails” and emphasized that “ASC has not been hacked.”
“These emails are being received by individuals outside of UPenn as well,” Cooper wrote. “It appears that some email list, which is beyond our control, was accessed by malicious individuals who then sent out these messages.”
She added that “At this time, there is nothing for us to do, but we wanted to keep you informed.”
A message from Penn Medicine Academic Computing Services also acknowledged the emails, writing that the University and Penn Med are “taking steps to resolve the issue and block further emails.”
“If you receive an email, please mark it as phishing/spam and avoid clicking on any links or attachments,” the email added.
The School of Nursing’s IT services similarly acknowledged the emails in an Oct. 31 message, adding that “the security team is actively working to block and prevent any further messages from being sent.”
