ShellCodeX Breach Report
University of Pennsylvania Data Breach
upenn.edu
Verified breach
Accounts exposed
623,750
Breach date
30 Oct 2025
Added to tracker
16 Feb 2026
Data classes
11
What happened
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
Exposed data
Charitable donations
Dates of birth
Email addresses
Genders
Income levels
Job titles
Names
Physical addresses
Religions
Salutations
Spouses names
Recommended actions
- Watch for targeted phishing emails referencing University of Pennsylvania โ attackers weaponise breach data quickly.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP