Penn email system gets hacked, message calls university ‘elitist institution’ with ‘terrible security practices’

Hackers sent an inflammatory message Friday morning through one of the University of Pennsylvania’s graduate email systems. 

The message, which appeared to go out across alumni, students and faculty, accused the school of having “terrible security practices” and being a “dogshit elitist institution,” and included a nonspecific promise to leak “all your data.”

Several members of the Penn community received the hackers’ message multiple times, according to screenshots viewed by Technical.ly and widespread reports across social media.

The university put out a statement that called the message “highly offensive” and “hurtful,” adding that the email was “obviously a fake.”

The email accused the university of breaking the Family Educational Rights and Privacy Act, also known as FERPA, which is a law protecting the privacy of student records. It also referenced the Supreme Court case that ended affirmative action. 

After that ruling in 2023, Penn released a statement declaring the importance of diversity. 

“This decision will require changes in our admissions practices,” wrote former president Liz Magill and provost John L. Jackson, Jr. “But our values and beliefs will not change. Bringing together individuals who have wide-ranging experiences that inform their approach to their time at Penn is fundamental to excellent teaching, learning, and research.”

Earlier this year, Penn removed diversity initiatives to comply with Trump administration orders.  

One day before this hack, Gov. Josh Shapiro announced a new collaboration with the university to “serve as a thought collaborator and advisor” providing “expert guidance” related to AI policy and implementation in the state. 

It’s unclear how the hackers gained access to the email system from which they sent the message, which was topped with a logo from the Penn Graduate School of Education.

The university’s statement did not directly address how the breach occurred or detail what the school planned to do to ensure something like this wouldn’t happen again. 

“A fraudulent email has been circulated that appears to come from the University of Pennsylvania’s Graduate School of Education,” a spokesperson told Technical.ly. “This is obviously a fake, and nothing in the highly offensive, hurtful message reflects the mission or actions of Penn or of Penn GSE. The University’s Office of Information Security is aware of the situation, and our Incident Response team is actively addressing it.”

Many who reported they’d gotten the email said they found it ridiculous, but some said online they saw truth in the sentiment. 

“If they just left the woke part out and affirmative action dig, it’s mostly a true letter,” Reddit user Richard-Gere-Museum wrote. “I mean, clearly they do have terrible security practices in place [if] some dipshit red hat was able to do this.”