This story is developing and will continue to be updated.
Cybercrime group ShinyHunters appears to have taken responsibility for the October 2025 data breach at Penn’s Graduate School of Education — releasing thousands of pages of additional internal University files on Wednesday.
In a Feb. 4 post on the group’s forum, ShinyHunters wrote that it leaked the data because Penn “did not pay a ransom or cooperate and comply.” The post — which comes days after a court filing claimed the Oct. 31, 2025 incident “impacted less than 10 people” — maintained the data breach affected 1.2 million records.
“This is the direct result of advisors advising you against paying a ransom,” the alleged hackers wrote in a document they released. “It has the opposite affect. Do NOT provoke us again and pay the ransom when we contact you.”
“We are analyzing the data and will notify any individuals if required by applicable privacy regulations,” a University spokesperson wrote to The Daily Pennsylvanian.
The files include private documents that were not released in the initial breach, such as University donor records, internal talking points, and a November 2023 progress report from the University Antisemitism Action Plan.
The files also appear to contain personal information of several high-profile individuals — including 1968 Wharton graduate and President Donald Trump and members of his family.
Multiple members of the Trump family were internally labeled by Penn as “Confirmed Ultra High Net Worth” individuals.
A request for comment was left with a White House spokesperson.
“UPenn confirmed that the breach population for the first UPenn data breach—which is the central focus of this particular litigation—impacted less than 10 people,” a Monday court filing read.
A University spokesperson previously told the DP that Penn completed a “comprehensive review” of the cybersecurity incident and notified affected individuals.
The cybercrime group previously wrote that the data would be “kept private for our own use for a short period of time, but it will be released publicly within the next 1-2 months after our group has used it.” The alleged hacker later told The Verge that the group planned to sell the data before releasing it to the public.
Senior reporter Anvi Sehgal leads coverage of the University's administration and can be reached at sehgal@thedp.com. At Penn, she studies philosophy, politics, and economics. Follow her on X @anvi_sehgal.
