Our investigation is ongoing. At this time, we are aware that systems related to Penn's development and alumni activities were accessed through stolen credentials. We are still conducting our forensic investigation but to date the systems we know were accessed include Penn’s Customer Relationship Management (CRM) system (Salesforce), file repositories (SharePoint and Box), a reporting application (Qlikview), as well as Marketing Cloud.
Cybersecurity incident information and FAQ
To keep our community informed, this webpage will be kept up to date with the latest information pertaining to Penn’s ongoing investigation and will answer the most frequent questions related to this cybersecurity matter.
Last Updated: November 4, 2025, 5 p.m.
On October 31, Penn discovered that a select group of information systems related to Penn’s development and alumni activities had been compromised. Penn employs a robust information security program; however, access to these systems occurred due to a sophisticated identity impersonation commonly known as social engineering.
Penn’s staff rapidly locked down the systems and prevented further unauthorized access; however, not before an offensive and fraudulent email was sent to our community and information was taken by the attacker. Penn is still investigating the nature of the information that was obtained during this time.
It is important to note that all systems have been restored and are fully operational.
We recognize the severity of this incident and are working diligently to address it. Since the incident, Penn’s information security teams have been working around the clock. Penn has notified the FBI and continues to work with law enforcement. We are investigating the incident with the assistance of third-party cybersecurity professionals, including CrowdStrike, an industry leader in cybersecurity.
We encourage our entire community — inside and outside of Penn — to be wary of suspicious calls or emails that could be phishing attempts, particularly those that may be soliciting fraudulent donations, asking for your system credentials, or suggesting you change credentials or passwords. Also be wary of any embedded links in emails that you are not familiar with. For more information about how to keep your system and Penn’s secure, read Penn’s Information Systems & Computing (ISC) tips on protecting your information.
FAQ
Unfortunately, even the most sophisticated security systems are vulnerable to social engineering attacks — when bad actors deceive individuals into giving up confidential information which compromises security and can be used to access private systems and information. That is what happened in this instance. As soon as Penn was made aware of the unauthorized access to its systems, it was able to lock down its systems.
We are confident that this incident has been contained and that we are operating with full system integrity. While no system is 100% impervious to this type of attack, Penn is taking immediate steps to reduce the threat of future social engineering attacks through increased monitoring and additional security measures. Penn will also be instituting additional mandatory trainings. We are continuously working to improve our information security program and systems.
We are aware this number has been reported in the media. However, we are still conducting our forensic investigation to determine the exact nature of the information and therefore cannot currently verify those claims. However, we do know that the stolen credentials were used to access systems related to Penn's development and alumni activities.
Penn is currently analyzing the impacted information to determine the exact nature of what was taken. Once that analysis is complete, Penn intends to notify any individuals with impacted personal information, if and when appropriate and as required by applicable notification laws.
At this time, we have no indication that this incident affected Penn Medicine’s electronic medical records.