Penn State Latest University Plagued by Data Breaches


Penn State University gave its students an unwelcome gift over the holiday break, notifying some 30,000-plus students that a series of malware-induced data breaches at computers hosted at three different campus locations had exposed their personal information for an unknown period of time.

According to the university's office of privacy, the malware attacks struck computers in the Eberly College of Science, the College of Health and Human Development and at a third building off the school's main campus in University Park, Penn.

University officials started sending out letters to affected students last week and have initiated an investigation into exactly when and how the data breaches occurred.

At this point, it's unclear how many times the data was accessed.

"Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk," Sarah Morrow, Penn State's chief privacy officer, said in a statement. She added that the university was enclosing a brochure detailing how to prevent identity theft with the notification letters.

Pennsylvania is one of 45 states that require companies, universities and organizations to notify people when their personal or financial information is accidentally or deliberately compromised.

Colleges and universities have been particularly hard hit by hackers in the past year.

Just last week, a North Carolina community college system warned thousands of students, faculty and local residents that a hacker had somehow infiltrated the server hosting data collected from the system's 25 libraries.

In April, University of California at Berkeley officials said hackers infiltrated a health-care database containing the personal information of more than 160,000 students dating back to 1999.

In September, the University of North Carolina's radiology department discovered that hackers may have compromised a server containing the personal data of more than 163,000 women participating in a mammography research project.

Similar attacks were reported this year at Montana State University, the University of Michigan, Eastern Illinois University and the University of Alabama.

IT security experts say colleges and universities are particularly attractive to hackers because research computers have Internet access, abundant processing power and, obviously, tons of data because they're constantly conducting large-scale research projects.