In a significant breach, the cybercrime group ShinyHunters has compromised the University of Pennsylvania's internal data, releasing sensitive files on February 4. This incident followed a $1 million ransom demand made to the University, which went unmet. The group, known for targeting major corporations like Google and AT&T Wireless, claimed that their decision to expedite the release was triggered by Penn's assertion that fewer than ten individuals were affected by the breach, a statement they described as “100%” inaccurate.
ShinyHunters has been active since 2019, gaining a reputation for executing large-scale cyberattacks. The recent data leak included confidential records, donor contact details, and other sensitive information from the University. A spokesperson from the group indicated that they can swiftly execute attacks with minimal preparation. The group noted that their online forum details the criteria for organizations to mitigate data release, emphasizing that lack of response to ransom attempts is a key factor in their decision to publish stolen information.
Requests for comment from Penn have not yet been answered, leaving the University to address the fallout from the breach.