Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Office of the Executive Vice President

Office of the Executive Vice President Vendor Cyber Rating & Cyber Score

upenn.edu

The Office of the Executive Vice President (EVP) leads operational, financial and physical initiatives in support of Penn's academic and programmatic goals. Its nine business divisions head key administrative areas, including: Audit, Compliance & Privacy, Budgeting and Management Analysis, Business Services, Facilities and Real Estate Services, Finance and Treasury, Human Resources, Investments, Information Technology, and Public Safety. Senior Executive Vice President Craig R. Carnaroli serves as Penn's chief financial and administrative officer and collaborates with senior leadership to further develop and implement the school's strategic plans and policies. During his tenure at Penn, Mr. Carnaroli has led a variety of initiatives to


OEVP A.I CyberSecurity Scoring

OEVP
Company Information
Website:http://www.evp.upenn.edu/
Employees number:23
Number of followers:851
NAICS:6113
Industry Type:Higher Education
Homepage:upenn.edu
OEVP Risk Score (AI oriented)
Between 550 and 599
logo
OEVPHigher Education
Updated:
04/04/2026
567/1000
Very Poor
Ca
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
OEVP Global Score (TPRM)
xxxx
logo
OEVPHigher Education
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

OEVP
OEVPVery Poor
Current Score
567Ca (VERY POOR)
01000
2 incidents
-106 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
578Before Incident
JUNE 2026
576Before Incident
MAY 2026
570Before Incident
APRIL 2026
570Before Incident
MARCH 2026
566Before Incident
FEBRUARY 2026
562Before Incident
JANUARY 2026
559Before Incident
DECEMBER 2025
654Before Incident
Breach
01 Dec 2025OEVP
Office of the Executive Vice President: Penn investigating new data breach affecting business software, personal records

Oracle E-Business Suite Cybersecurity Breach at University of Pennsylvania

591After Incident
CRITICAL-63
OFF1764706785
Penn is investigating a cybersecurity breach of its Oracle E-Business Suite servers that compromised the personal information of University-affiliated individuals across multiple states. The breach — identified by the University in November — exploited the business software Penn uses to manage internal operations, according to letters filed with attorneys general in multiple states. Penn is in the process of notifying individuals whose personal information was compromised by the incident, according to a University spokesperson. “The University of Pennsylvania was one of nearly 100-already identified organizations simultaneously impacted by the widely exploited Oracle E-Business Suite incident, involving a previously unknown security vulnerability in Oracle’s system,” the spokesperson wrote in a statement to The Daily Pennsylvanian. Penn has implemented “the patches that Oracle issued to resolve the vulnerability” and “has found no evidence that any of this information has been or is likely to be publicly disclosed or misused for fraudulent purposes,” the statement added. In a Dec. 1 letter notifying impacted individuals, Penn wrote that its investigation — assisted by federal law enforcement and cybersecurity experts — discovered that “some data from Penn’s Oracle EBS had been obtained without authorization.” It remains unclear how many individuals were affected. According to information filed with the Office of the Maine Attorney General, the breach affected 1,488 state
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personal informationSystems Affected: Oracle E-Business Suite serversIdentity Theft Risk: Yes
DATA BREACH
Type Of Data Compromised: Personal informationNumber Of Records Exposed: 1488 (Maine residents only, total unknown)Sensitivity Of Data: High (personally identifiable information)Data Exfiltration: YesPersonally Identifiable Information: Yes
NOVEMBER 2025
654Before Incident
OCTOBER 2025
652Before Incident
SEPTEMBER 2025
650Before Incident
AUGUST 2025
769Before Incident
Ransomware
01 Aug 2025OEVP
Office of the Executive Vice President: University of Pennsylvania Confirms Data Breach Linked to Oracle Hack

University of Pennsylvania Oracle E-Business Suite Data Breach

620After Incident
CRITICAL-149
OFF1764700650
The University of Pennsylvania has revealed a data breach stemming from a cyberattack on its Oracle financial systems. Quick Summary – TLDR: Hackers exploited a zero-day flaw in Oracle E-Business Suite to access Penn’s internal systems. Personal data of at least 1,488 individuals was stolen, with the real number possibly much higher. The Clop ransomware gang is suspected, linking Penn to a wider cyber extortion campaign. Penn joins other Ivy League schools recently hit by phishing and data theft attacks. What Happened? The University of Pennsylvania has confirmed a data breach involving its Oracle E-Business Suite (EBS) after attackers exploited a previously unknown vulnerability to steal sensitive personal information. The incident occurred in August but was officially disclosed in a filing with the Maine Attorney General’s office. The university says the breach is part of a larger cyberattack campaign affecting nearly 100 organizations. Penn’s Oracle Systems Breached In the breach notification sent to affected individuals, the university explained that unauthorized access to Penn’s Oracle EBS platform had occurred. A thorough investigation revealed that personal data was stolen, although the specific types of information remain undisclosed. The university has directly notified the 1,488 confirmed impacted individuals, though it admits the actual number could be far greater. In an official statement, Penn said: “ We discovered that some data from Penn’s Oracle EBS
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Cyber extortion
IMPACT
Data Compromised: Personal data of at least 1,488 individualsSystems Affected: Oracle E-Business Suite (EBS)Identity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Personal dataNumber Of Records Exposed: 1,488 (confirmed, possibly more)Sensitivity Of Data: HighData Exfiltration: YesPersonally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for OEVP ?
?
What was OEVP's A.I Rankiteo Cyber Score in June 2026 ?
?
What was OEVP's A.I Rankiteo Cyber Score in May 2026 ?
?
What was OEVP's A.I Rankiteo Cyber Score in April 2026 ?
?
What was OEVP's A.I Rankiteo Cyber Score in March 2026 ?
?
What was OEVP's A.I Rankiteo Cyber Score in February 2026 ?
?
What was OEVP's A.I Rankiteo Cyber Score in January 2026 ?
?
What was OEVP's A.I Rankiteo Cyber Score in December 2025 ?
?
What was OEVP's A.I Rankiteo Cyber Score in November 2025 ?
?
What was OEVP's A.I Rankiteo Cyber Score in October 2025 ?
?
What was OEVP's A.I Rankiteo Cyber Score in September 2025 ?
?
What was OEVP's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on OEVP's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with OEVP ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view OEVP's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?