Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
University of Pennsylvania, Graduate Division of the School of Arts & Sciences

University of Pennsylvania, Graduate Division of the School of Arts & Sciences Vendor Cyber Rating & Cyber Score

upenn.edu

The Graduate Division is home to more than 30 graduate groups, spanning the humanities and social and natural sciences, offering master's degrees and PhDs. Our graduate groups offer a rigorous education, guiding students as they pursue advanced research and begin to make their own original contributions at the frontiers of knowledge.


UPGDSAS A.I CyberSecurity Scoring

UPGDSAS
Company Information
Website:https://www.sas.upenn.edu/graduate-division
Employees number:22
Number of followers:161
NAICS:6113
Industry Type:Higher Education
Homepage:upenn.edu
UPGDSAS Risk Score (AI oriented)
Between 650 and 699
logo
UPGDSASHigher Education
Updated:
30/03/2026
672/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
UPGDSAS Global Score (TPRM)
xxxx
logo
UPGDSASHigher Education
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

UPGDSAS
UPGDSASWeak
Current Score
672B (WEAK)
01000
1 incidents
-106 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
678Before Incident
JUNE 2026
677Before Incident
MAY 2026
674Before Incident
APRIL 2026
674Before Incident
MARCH 2026
673Before Incident
FEBRUARY 2026
671Before Incident
JANUARY 2026
669Before Incident
DECEMBER 2025
668Before Incident
NOVEMBER 2025
771Before Incident
Breach
04 Nov 2025UPGDSAS
University of Pennsylvania (Penn)

University of Pennsylvania Data Breach and Leak of Internal Documents

665After Incident
CRITICAL-106
UNI3862038110425
The University of Pennsylvania suffered a major cyber breach where hackers gained unauthorized access to an employee’s PennKey account, exfiltrating sensitive internal data. The attackers released thousands of documents on LeakForum, including donor records (bank transactions, personal identifying information, demographic data), internal memos (e.g., talking points on controversies like Liz Magill’s congressional testimony, Joe Biden’s affiliation, and campus antisemitism), and confidential communications from the Graduate School of Education (GSE). The breach exposed 1.2 million records of students, alumni, and donors, with threats to sell or publicly leak the data within 1–2 months. The hackers exploited Penn’s ‘weak authentication system’, sending mass spam emails from compromised University accounts to criticize institutional policies. The attack targeted ultra-high-net-worth individuals, raising concerns over financial fraud, reputational damage, and operational disruptions. Penn reported the incident to the FBI and is investigating alongside law enforcement, but the breach underscores systemic vulnerabilities in higher education cybersecurity.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized AccessData LeakPhishing/Spam Emails
MOTIVATION
Financial Gain (planned sale of data)Ideological (criticism of Penn’s admission practices, legacy/donor preferences, and DEI policies)Exposure of Institutional Biases
IMPACT
Internal memosDonor records (including family ties to applicants)Bank transaction receipts (wire/ACH)Personal Identifying Information (PII)Confidential talking points (e.g., responses to controversies)Student/alumni/donor data (1.2 million records)Joe Biden and family data (claimed)PennKey authentication systemSharePointBoxEmail systems (used for spam)University databasesDisruption from spam emailsInvestigation and containment effortsReputation damageOffensive spam emails reported by GSE communityHigh (public leak of sensitive documents, criticism of institutional practices)Media scrutiny over security failuresLoss of trust among donors/alumniPotential lawsuits from affected individualsRegulatory scrutiny (e.g., FTC, state data protection laws)High (PII and financial data exposed)High (bank transaction records leaked)
DATA BREACH
PIIFinancial recordsInternal communicationsDonor databasesConfidential memosNumber Of Records Exposed: 1,200,000 (claimed)Sensitivity Of Data: High (includes PII, financial transactions, and sensitive institutional documents)Data Exfiltration: Yes (data dumped on LeakForum; more planned for release)Spreadsheets (donation records)PDFs/memosEmailsDatabase exportsNamesAddressesPhone numbersDemographic dataBank transaction detailsSocial Security numbers (implied but not confirmed)
OCTOBER 2025
771Before Incident
SEPTEMBER 2025
771Before Incident
AUGUST 2025
771Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for UPGDSAS ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in June 2026 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in May 2026 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in April 2026 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in March 2026 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in February 2026 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in January 2026 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in December 2025 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in November 2025 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in October 2025 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in September 2025 ?
?
What was UPGDSAS's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on UPGDSAS's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with UPGDSAS ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view UPGDSAS's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?