Penn State Hit Twice by Malware-Related Data Breaches

  • By Dian Schaffhauser
  • 06/11/10

A cached database containing private information is troubling Pennsylvania State University staff, as is an infected computer in its library system. The university made a public announcement recently that it had found a computer in its Outreach Market Research and Data office that was communicating with a bot controller, thereby exposing nearly 16,000 Social Security numbers to possible compromise. A bot is malware that enables its instigator to gain control over the computer running it.

According to Penn State the computer had at one time contained a database for the institution's use. That had been removed when the institution stopped using Social Security numbers in 2005; however, an archived copy remained undetected in the computer's cache.

In compliance with a state law regulating the breach-of-personal information, the university has sent out letters to those included in the database to warn them of the possible breach. But administrators said that they have no evidence the data has been used or even accessed by unauthorized users.

"Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk," said Sarah Morrow, chief privacy officer.

The university also recently reported a similar breach that occurred on a library computer that may have exposed data on 9,766 people. They too received information from the university on preventing data theft. No other details were available.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education.

  • glowing digital brain interacts with an open book, with stacks of books beside it

    Federal Court Rules AI Training with Copyrighted Books Fair Use

    A federal judge ruled this week that artificial intelligence company Anthropic did not violate copyright law when it used copyrighted books to train its Claude chatbot without author consent, but ordered the company to face trial on allegations it used pirated versions of the books.

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.