Penn Probes Fraudulent GSE Emails Routed Through Mailing List

On Friday thousands of students, alumni, faculty and other University of Pennsylvania affiliates received inflammatory fraudulent emails purporting to come from the Graduate School of Education with the subject line “We got hacked (Action Required).” The messages used GSE letterhead and offensive language attacking Penn’s admissions and hiring practices, urged recipients to “stop giving us money,” and threatened to leak data while invoking FERPA. They were sent from various Penn-associated addresses—sometimes arriving multiple times—and security reporting found they were routed through connect.upenn.edu, a Penn mailing-list platform hosted on Salesforce Marketing Cloud, though it remains unclear whether an account was compromised or how the messages were sent. Penn called the emails fake and said the content does not reflect the university or Penn GSE, and the Office of Information Security and Incident Response is actively investigating while asking recipients to disregard or delete the messages. The investigation is ongoing and the university has not confirmed any data disclosure or a system-wide compromise.