University of Pennsylvania Data Breach

29/10/2025 · 623,750 records · moderate risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (11 categories) and the volume of affected records (623,750).

The University of Pennsylvania experienced a breach focused on its donor database and followed by ransom demands. Some impacted individuals also received inflammatory emails connected to the incident.

The data was later published online and included 624,000 unique email addresses along with names, salutations, and physical addresses. Some donor records contained additional details such as gender, date of birth, job titles, income levels, spouse name, donation history, and for a smaller subset, religion.

Exposed data

Charitable donations Dates of birth Email addresses Genders Income levels Job titles Names Physical addresses Religions Salutations Spouses names

What to do based on this breach

Be cautious with emails that reference specific donations, amounts, or dates and ask for confirmation, additional payments, or more data

Increase the privacy of your home address in public listings where possible, since physical addresses were exposed and may lead to mail or in person approaches

If you received threatening or abusive messages that cite your donations, keep evidence and report them to your email provider and relevant authorities

Use your GDPR rights to request access to your donor data, understand the purpose of processing, and ask for rectification or erasure where applicable

What can we learn from this breach?

When a breach includes donation history, estimated income, and religion, the risk goes beyond fraud into sensitive personal exposure and potential harm. Organizations should practice data minimization, isolate sensitive attributes behind stricter access, and use incident response communications that protect donors instead of repeating private details.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Canadian Tire

01/10/2025 38,306,562 records high risk

5 data types in common

Медицинская лаборатория Гемотест (Gemotest)

21/04/2022 6,341,495 records moderate risk

5 data types in common

← All breaches