The University of Pennsylvania experienced a cybersecurity incident where offensive emails were sent to students and alumni from various university email addresses. These emails, with the subject "We got hacked (Action Required)," claimed that data had been stolen in a breach and criticized the university's security practices and admissions policies. The messages included derogatory language, labeling the institution as elitist and unmeritocratic, and suggested violations of federal laws like FERPA. BleepingComputer confirmed that the emails were dispatched from the university's mailing list platform, "connect.upenn.edu," hosted on Salesforce Marketing Cloud. It remains unclear if this platform was compromised. In response, a university spokesperson acknowledged awareness of the incident, labeling the emails as fraudulent and emphasizing that the hurtful content does not reflect the university’s values. The Office of Information Security is currently addressing the situation. The university has since placed a banner on its website advising recipients to disregard the messages and to report any new concerning emails to local IT support. This incident follows broader scrutiny of the university’s policies, particularly after it declined to join a Trump administration initiative aimed at linking funding to specific reforms in higher education.