ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

University of Pennsylvania Data Breach

upenn.edu
Limited exposure
Verified breach
Accounts exposed 623,750
Breach date 30 Oct 2025
Added to tracker 16 Feb 2026
Data classes 11

What happened

In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.

Exposed data

Charitable donations Dates of birth Email addresses Genders Income levels Job titles Names Physical addresses Religions Salutations Spouses names

Recommended actions

  • Watch for targeted phishing emails referencing University of Pennsylvania โ€” attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP