UPenn Data Breach Nightmare Spurs Class Action Lawsuit
Quick Take
- Hackers reportedly accessed personal data for about 1.2 million University of Pennsylvania students, alumni and staff.
- Exposed details allegedly include names, home addresses, dates of birth, demographic details such as race and religion, sexual orientation and estimated net-worth.
- A proposed class action contends the university’s resources should have supported stronger cybersecurity measures.
A recently filed lawsuit alleges that the UPenn failed to properly protect a large amount of private personal information now claimed by hackers. According to the complaint, the breach affects an estimated 1.2 million current and former students, staff and faculty members.
According to a recently filed class action, on October 31, 2025 individuals with @upenn.edu email accounts received emails warning that their data would be leaked. The messages purportedly originated from hackers.
Plaintiffs say the compromised database contains names, home addresses, dates of birth, demographic details such as race and religion, sexual orientation and estimated net-worth figures. They argue that exposure of this information heightens the risk of identity theft, phishing attempts and other fraudulent activity.
The complaint characterises the Ivy League institution as “negligent and reckless,” noting reported annual revenue of roughly $15 billion. With those resources, the suit contends, the university could have implemented stronger encryption, multi-factor authentication and other safeguards.
Some individuals have already reported receiving spam calls and phishing emails they believe stem from the breach, according to the filing. The lawsuit seeks monetary damages and injunctive relief requiring Penn to improve its information-security practices.