University of Pennsylvania Data Breach
Gravity Score
ModerateCalculated based on the types of data exposed (11 categories) and the volume of affected records (623,750).
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
Exposed data
Affected website
upenn.edu
What to do now
What can we learn from this breach?
Breaches like this offer valuable lessons for the entire industry. Some security practices that help protect data at scale include: encrypting sensitive personal data at rest with properly managed encryption keys; segmenting and isolating databases so that a single breach doesn't expose all records; conducting regular security audits and penetration testing; implementing real-time intrusion detection and incident response plans. Information security is an ongoing process, and each incident reinforces the importance of investing in data protection.
Was your data exposed?
Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.
Check my email
