Campus Security | News

Penn State Hit Twice by Malware-Related Data Breaches

• By Dian Schaffhauser
• 06/11/10

A cached database containing private information is troubling Pennsylvania State University staff, as is an infected computer in its library system. The university made a public announcement recently that it had found a computer in its Outreach Market Research and Data office that was communicating with a bot controller, thereby exposing nearly 16,000 Social Security numbers to possible compromise. A bot is malware that enables its instigator to gain control over the computer running it.

According to Penn State the computer had at one time contained a database for the institution's use. That had been removed when the institution stopped using Social Security numbers in 2005; however, an archived copy remained undetected in the computer's cache.

In compliance with a state law regulating the breach-of-personal information, the university has sent out letters to those included in the database to warn them of the possible breach. But administrators said that they have no evidence the data has been used or even accessed by unauthorized users.

"Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk," said Sarah Morrow, chief privacy officer.

The university also recently reported a similar breach that occurred on a library computer that may have exposed data on 9,766 people. They too received information from the university on preventing data theft. No other details were available.