On Oct. 31, Drexel University’s neighboring university, the University of Pennsylvania, was subject to a data breach affecting 1.2 million records, according to the hackers who claimed responsibility. UPenn noted that due to the ongoing investigation, they are unable to confirm this number.
Dr. Pablo Molina, Drexel’s interim chief information officer, acknowledged to The Triangle that “Drexel has the same probability of being attacked.” Drexel and UPenn take similar measures to protect against cybersecurity threats. However, Molina noted that the main difference is that UPenn is larger and more decentralized, which can make security coordination more difficult.
UPenn students received an email appearing to be from the Graduate School of Education, which read“The University of Pennsylvania is a dogs*** elitist institution full of woke r******. We have terrible security practices and are completely unmeritocratic. We hire and admit morons because we love legacies, donors, and unqualified affirmative action admits. We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court rulings like SFFA. Please stop giving us your money.”
The hackers told The Verge, via Signal, “Once that was already exfiltrated, we sent that email out just as a fun rant since our session was still valid in the Salesforce marketing cloud.”
“It wasn’t our end goal,” they said in a Signal message. Their motivation was financial, and they accrued those funds by securing the data of ultra-high-net-worth individuals, such as donors.
The claimed hacker told The Verge that they have data from individuals “very far back.” A screenshot provided of the compromised database revealed birthdates in the 1920s, with some people in the system listed as deceased. Among the potentially compromised individuals was former President Joe Biden.
Assuming this hacker is reporting the actual reasoning for targeting UPenn, Drexel might be at lower risk. Drexel’s endowment, which includes funds for both the university and the Academy of Natural Sciences, was valued at over $1 billion in early 2025. In contrast, Penn’s 2025 endowment was valued at $25 billion, the result of institutional reputation and strong networking opportunities.
However, money is not the only force driving hackers toward university files. In June 2025, hackers with an allegedly political agenda stole 1.8 million Social Security numbers from Columbia University affiliates. The motivation there was to prove that Columbia was still implementing DEI practices into its application process.
In March 2025, Drexel’s internal URLs, usernames, and passwords were discovered by a voluntary ethical hacker and reported through a bug bounty program. Ethical hacking is a form of cybersecurity that involves simulating cyberattacks to improve an organization’s defenses proactively.
According to Drexel’s information technology department, there have been close calls at Drexel, with the predominant cases involving students receiving fraudulent job offers. Regarding multi-factor authentication and other security measures, Dr. Molina said campus politics can be a hindrance.
“Security measures inconvenience a lot of people,” he said. “It is about trying to find a balance.”
UPenn’s data breach was a result of social engineering, a sophisticated identity impersonation that utilized a PennKey. However, the hackers note that they targeted UPenn because of its poor cybersecurity measures. Josep Riera, Drexel’s acting chief information security officer, told The Triangle, “There are probably things Penn could have done differently, but we won’t know for weeks or maybe months. We will be taking notes, so we have appropriate controls at Drexel.”
Riera notes that the key to mitigating social engineering attacks is common sense. He advises the Drexel community: “Whenever you have unsolicited messages, texts, or emails, use your critical thinking.”
The information technology department strongly encourages students, faculty, and staff to complete DUST. Completers receive a free official SANS security training certificate that can be added to their resume.