Penn State University has announced that a computer at Penn State Great Valley containing student data was recently found to be infected with malware that enabled it to communicate with a computer outside the university network (h/t Seculert).
The computer contained 707 Social Security numbers in documents related to graduation intention lists from 2001-02.
While it's not clear whether the malware successfully extracted any data, the university has taken the computer offline and is sending letters to all those who may have been affected. The mailings also include a brochure offering advice on how to prevent identity theft.
"Penn State runs one of the larger efforts in the nation to scan for personally identifiable information and remove instances from systems that should not have such data, and provides anti-virus software for students, faculty members and staff," the university said in a statement. "If a university computer is compromised, the university's Information Technology Services group investigates the problem and determines whether personally identifiable information is present. A compromised machine must be erased, and clean software installed, before the machine is reattached to the network."