Free Case Reviews | No Fee Unless We Recover For You

Facebook-f Youtube
Free Case Review
Call Now (206) 442-9106
Emery Reddy logo

We help workers.®

University of Pennsylvania Data Breach

December 5, 2025

NOTICE: If you received a NOTICE OF DATA BREACH letter from the University of Pennsylvania, contact Emery | Reddy, PC at 916.995.5968 for a Free Case Review.

On or about November 11, 2025, the University of Pennsylvania determined that an unauthorized actor accessed data within its Oracle E-Business Suite (Oracle EBS), a financial application used for supplier payments, reimbursements, and other University business. Oracle had previously disclosed a security vulnerability affecting organizations worldwide. Upon learning of potential unauthorized access, Penn immediately launched an investigation with cybersecurity experts and notified federal law enforcement.

The investigation confirmed that some data from Penn’s Oracle EBS was obtained without authorization. While there is no evidence that the information has been misused or publicly disclosed, Penn applied all Oracle security patches, reinforced its systems, and continues to monitor for suspicious activity. The University is offering 24 months of complimentary Experian IdentityWorks services.

The University of Pennsylvania is an Ivy League university in Philadelphia, founded by Benjamin Franklin. The University of Pennsylvania has a total student population of approximately 23,000–24,000, with the majority of students being graduate students.

If you received a Data Breach notification letter from the University of Pennsylvania, it confirms that your information was potentially impacted.

What information is involved in the University of Pennsylvania Data Breach?

Compromised information may include:

Personally Identifiable Information (PII)

Your Personally Identifiable Information (PII) includes details that can identify you, and organizations are legally obligated to safeguard this data. Failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.

A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is protected under federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.

If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.

Residents of California benefit from enhanced privacy rights under the California Consumer Privacy Act (CCPA) and medical privacy protections under the Confidentiality of Medical Information Act (CMIA). These laws grant additional rights and remedies for breaches involving personal and medical data.

If you received a NOTICE OF DATA BREACH letter from the University of Pennsylvania, your personal and financial information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.

Join the Data Breach Lawsuit

Learn more about your rights to
potential compensation.

Name(Required)
Upload your files here:
Drop files here or
Max. file size: 1 GB.
    Consent

    Prefer to speak with someone now?

    Call us at ⁨(206) 973-5298 for a Free Case Review.

    NOTICE: If you received a NOTICE OF DATA BREACH letter from the University of Pennsylvania, contact Emery | Reddy, PC at 916.995.5968 for a Free Case Review.

    We Are
    Taking a Break!

    We will be closed:

    December 22 – 26

    We will reopen:

    December 29

    Please leave us a voicemail or submit your contact form and an experienced Intake Specialist will return your call when we reopen. Happy holidays!