UPC
Company Details
Linkedin ID:
university-of-pennsylvania-coursera
Website:
Employees number:
2
Number of followers:
991
NAICS:
None
Industry Type:
Homepage:
coursera.org
IP Addresses:
0
Company ID:
UNI_4885543
Scan Status:
In-progress
University of Pennsylvania - Coursera Company CyberSecurity Posture
coursera.org
University of Pennsylvania Online Courses | Coursera The University of Pennsylvania (commonly referred to as Penn) is a private university, located in Philadelphia, Pennsylvania, United States. A member of the Ivy League, Penn is the fourth-oldest institution of higher education in the United States, and considers itself to be the first university in the United States with both undergraduate and graduate studies.
University of Pennsylvania - Coursera A.I CyberSecurity Scoring
UPC Risk Score (AI oriented)Between 650 and 699
UPC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UPC Global Score (TPRM)XXXX
UPC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UPC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
University of Pennsylvania
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of Pennsylvania is probing a security incident where a threat actor allegedly compromised a university email account to send offensive messages to students and alumni. The attacker has also claimed unauthorized access to **1.2 million donor records** and **internal files**, raising concerns about the exposure of sensitive personal and financial data. While the full scope of the breach is under investigation, the potential leak of donor information—including names, contact details, and possibly financial contributions—poses significant reputational and operational risks. The incident highlights vulnerabilities in the university’s email security and data protection measures, with potential long-term consequences for trust among donors, alumni, and the broader academic community. The breach may also trigger regulatory scrutiny and legal liabilities if personal data was mishandled.
UPC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UPC
Incidents vs E-learning Industry Average (This Year)
University of Pennsylvania - Coursera has 0.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
University of Pennsylvania - Coursera has 53.85% more incidents than the average of all companies with at least one recorded incident.
Incident Types UPC vs E-learning Industry Avg (This Year)
University of Pennsylvania - Coursera reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — UPC (X = Date, Y = Severity)
UPC cyber incidents detection timeline including parent company and subsidiaries
UPC Company Subsidiaries
University of Pennsylvania Online Courses | Coursera The University of Pennsylvania (commonly referred to as Penn) is a private university, located in Philadelphia, Pennsylvania, United States. A member of the Ivy League, Penn is the fourth-oldest institution of higher education in the United States, and considers itself to be the first university in the United States with both undergraduate and graduate studies.
Loading...
UPC Similar Companies
Squla is an online educational learning platform that helps kids to learn in a fun way. Squla offers an amazingly fun and educational learning program and features thousands of interactive games, quizzes and activities with multiple subjects! The Squla crew is a dynamic team that is enthusiastic ab
Cambridge Flexible Learning
Cambridge Flexible Learning [CFL] is a trading name of Anderson Associates [L & D]. CFL operates at individual, team and organisation levels, specialising in an holistic approach to Human Resource Development, which is fundamental to building the capacity to minimise decline and maximise effective
Aurora Training Advantage
Empowering Your Professional Journey At Aurora Training Advantage, we’re dedicated to supporting your professional growth. We understand that in today’s dynamic business environment, staying ahead requires continuous learning and development. That’s why we offer comprehensive training solutions for
RePubIT Interactive Technologies
RePubIT stands for success. We wish you all the success in the world for your business and for your career. We believe that knowledge should be shared, quickly, easily, at the exact moment of need. Explain to your workforce not just "How" but "Why" as well. In our experience, well informed work
San Diego Global Knowledge University
San Diego Global Knowledge University prepares students with an education that meets the demands of a rapidly changing world influenced by emerging technology and globalization. At our university, we provide a learning environment that promotes the development of these critical skills, enabling our
Educational Bootcamp
At Educational Bootcamp, we offer educational games and teacher resources that are fun to play and develop core mathematics & science skills. Our products are an effective intervention for classrooms, small groups, Saturday school, summer school, and everything in between. Our classroom resources
.png)
UPC CyberSecurity News
October 24, 2025 07:00 AM
25 Free Online Courses With Certificates to Grow Your Career
Earning one of these certificates could give you an edge over other job candidates.
July 13, 2025 07:00 AM
MTN Ghana champions youth mentorship drive at UG with focus on digital skills
MTN Ghana, through its foundation, partnered with the 2025 National Youth Mentorship Summit and Awards to champion youth empowerment under...
April 17, 2025 07:00 AM
10 Online Digital Transformation Certifications and Courses
Learn about digital transformation certification programs providing business and IT pros at every level with the necessary skills for career...
April 03, 2025 07:00 AM
Top technology courses for engineering students to excel in AI, cloud computing, and more
This article explores the top trending technology courses, including Artificial Intelligence, Cloud Computing, Generative AI, Data Science, and Cybersecurity.
November 15, 2024 08:00 AM
10 Free Coursera Certificates To Boost Your Skills And Paycheck In 2024
Looking to boost your resume? Make a career change? Land a promotion? Start a side hustle? Learn new skills for free with Coursera's courses...
October 28, 2024 07:00 AM
5 Free AI Certifications And Courses That Pay $100,000+ In 2024
AI is a powerful tool for your career, leading to six-figure salaries, pay rises, and more opportunities. Here are five free AI courses to...
September 05, 2024 07:00 AM
Here are 7 free AI classes you can take online from top tech firms, universities
Harvard, IBM, and Intel are just some of the places you can learn AI skills for free online.(Photographer: Marlena Sloss—Bloomberg/Getty Images).
June 24, 2024 07:00 AM
10 Free Online Courses With Certificates In 2024
There are many ways to have a successful career without taking the expensive four-year degree route. Here are 10 free online courses with...
February 06, 2024 02:54 PM
1. Google Cybersecurity Certificate
Cost: $49 per month with a Coursera membership after a 7-day free trial (financial aid options are available). Length: 8 courses/171 hours.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UPC CyberSecurity History Information
Official Website of University of Pennsylvania - Coursera
The official website of University of Pennsylvania - Coursera is https://www.coursera.org/penn.
University of Pennsylvania - Coursera’s AI-Generated Cybersecurity Score
According to Rankiteo, University of Pennsylvania - Coursera’s AI-generated cybersecurity score is 665, reflecting their Weak security posture.
How many security badges does University of Pennsylvania - Coursera’ have ?
According to Rankiteo, University of Pennsylvania - Coursera currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does University of Pennsylvania - Coursera have SOC 2 Type 1 certification ?
According to Rankiteo, University of Pennsylvania - Coursera is not certified under SOC 2 Type 1.
Does University of Pennsylvania - Coursera have SOC 2 Type 2 certification ?
According to Rankiteo, University of Pennsylvania - Coursera does not hold a SOC 2 Type 2 certification.
Does University of Pennsylvania - Coursera comply with GDPR ?
According to Rankiteo, University of Pennsylvania - Coursera is not listed as GDPR compliant.
Does University of Pennsylvania - Coursera have PCI DSS certification ?
According to Rankiteo, University of Pennsylvania - Coursera does not currently maintain PCI DSS compliance.
Does University of Pennsylvania - Coursera comply with HIPAA ?
According to Rankiteo, University of Pennsylvania - Coursera is not compliant with HIPAA regulations.
Does University of Pennsylvania - Coursera have ISO 27001 certification ?
According to Rankiteo,University of Pennsylvania - Coursera is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of University of Pennsylvania - Coursera
University of Pennsylvania - Coursera operates primarily in the E-learning industry.
Number of Employees at University of Pennsylvania - Coursera
University of Pennsylvania - Coursera employs approximately 2 people worldwide.
Subsidiaries Owned by University of Pennsylvania - Coursera
University of Pennsylvania - Coursera presently has no subsidiaries across any sectors.
University of Pennsylvania - Coursera’s LinkedIn Followers
University of Pennsylvania - Coursera’s official LinkedIn profile has approximately 991 followers.
NAICS Classification of University of Pennsylvania - Coursera
University of Pennsylvania - Coursera is classified under the NAICS code None, which corresponds to Others.
University of Pennsylvania - Coursera’s Presence on Crunchbase
No, University of Pennsylvania - Coursera does not have a profile on Crunchbase.
University of Pennsylvania - Coursera’s Presence on LinkedIn
Yes, University of Pennsylvania - Coursera maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/university-of-pennsylvania-coursera.
Cybersecurity Incidents Involving University of Pennsylvania - Coursera
As of December 06, 2025, Rankiteo reports that University of Pennsylvania - Coursera has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
University of Pennsylvania - Coursera has an estimated 699 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at University of Pennsylvania - Coursera ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does University of Pennsylvania - Coursera detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with under investigation..
Incident Details
Can you provide details on each incident ?
Title: University of Pennsylvania Investigates Alleged Data Breach Affecting 1.2 Million Records
Description: The University of Pennsylvania is investigating reports that a threat actor used a university email account to send offensive messages to students and alumni and has claimed access to 1.2 million donor records and internal files.
Type: data breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through compromised email account.
Impact of the Incidents
What was the impact of each incident ?
Incident : data breach UNI1033710110425
Data Compromised: Donor records, Internal files
Systems Affected: email account
Brand Reputation Impact: potential (due to offensive messages and data breach claims)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Donor Records, Internal Files and .
Which entities were affected by each incident ?
Incident : data breach UNI1033710110425
Entity Name: University of Pennsylvania
Entity Type: educational institution
Industry: higher education
Location: Philadelphia, Pennsylvania, USA
Customers Affected: students, alumni, donors (1.2 million records)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data breach UNI1033710110425
Incident Response Plan Activated: under investigation
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as under investigation.
Data Breach Information
What type of data was compromised in each breach ?
Incident : data breach UNI1033710110425
Type of Data Compromised: Donor records, Internal files
Number of Records Exposed: 1.2 million
Data Exfiltration: claimed (unverified)
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach UNI1033710110425
Investigation Status: ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : data breach UNI1033710110425
Entry Point: compromised email account
High Value Targets: Donor Records, Internal Files,
Data Sold on Dark Web: Donor Records, Internal Files,
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were donor records, internal files and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was email account.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were internal files and donor records.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.2M.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an compromised email account.
.png)
Latest Global CVEs (Not Company-Specific)
Description
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Description
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
Risk Information
cvss4
Base: 9.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).
Risk Information
cvss2
Base: 5.8
Severity: LOW
AV:N/AC:L/Au:M/C:P/I:P/A:P
cvss3
Base: 4.7
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."
Risk Information
cvss2
Base: 5.1
Severity: HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
cvss3
Base: 5.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
cvss4
Base: 2.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=university-of-pennsylvania-coursera' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
