News

Penn State Malware Infections Expose Data on 30,000 People

• By Dian Schaffhauser
• 01/08/10

Pre-Christmas malware infections have led Pennsylvania State University offices to notify nearly 30,000 people by mail about privacy breaches that may have exposed their personal information.

The infections hit university computers in the Eberly College of Science (7,758 records), the College of Health and Human Development (6,827 records), and the Penn State Schuylkill campus (about 15,000 records).

The mailings included a brochure detailing how to prevent identity theft.

In a statement the university said it has no evidence that the information was accessed by unauthorized individuals. "Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk," said Sarah Morrow, chief privacy officer for the university.

According to coverage in the university's student newspaper, The Daily Collegian, computers found to have malware were taken offline. The university hasn't divulged the type of records involved in the data exposure.

During 2009 Penn State had reported several other data breaches. The first happened in February 2009, in which a virus infiltrated an Office of Physical Plant administrative computer that contained about 1,000 Social Security numbers of employees. In November several computers were stolen during a Penn State Hazleton break-in. About 350 Social Security numbers were included in a historical document buried in one of the computers' archives. In March and April the university reported that Penn State Erie, The Behrend College experienced a breach affecting nearly 11,000 people.