An apparent mass data breach disrupted the University of Pennsylvania this week, prompting an ongoing FBI investigation and outside cyberforensics support. Penn acknowledged a social‑engineering attack that gave intruders access to development and alumni systems and enabled a wave of offensive, politically charged emails to be sent to the community, university CIO Joshua Beeman told campus stakeholders. An anonymous leak post claimed the theft of 1.2 million records — including dates of birth, addresses, demographic data and estimated net worth for students, alumni and donors — and provided sample internal documents. Penn said it is still determining the scope of the access, has restored systems and has retained CrowdStrike and law enforcement to lead the forensic review. The incident has already produced legal fallout: at least one lawsuit has been filed and the leak has intensified sectorwide scrutiny of higher‑education cybersecurity after similar breaches this year at Columbia and NYU. University officials warned alumni and donors to be vigilant for phishing and fraudulent solicitations while forensic work continues.