Penn State University is dealing with yet another data breach situation this week after school officials discovered that a university computer was essentially commandeered by a botnet and was revealing the names, social security numbers and other personal information of 15,800 students.
PSU officials said a PC in the campus’s Outreach Market Research and Data office was communicating with a botnet’s command-and-control center. The machine held a cached copy of social security numbers that were at one time housed in a database that was removed from the computer in 2005 when the university discontinued the use of SSNs as student identifiers.
It was not immediately known how long the university computer and student data had been compromised.
Students and faculty members at Penn State suffered through a similar data security problem in December when the school was forced to notify more than 30,000 students that a series of malware-induced data breaches at computers hosted at three different campus locations had exposed their personal information for an unknown period of time.
In that incident, the malware attacks struck computers in the Eberly College of Science, the College of Health and Human Development and at a third building off the school’s main campus in University Park, PA.
Accidental and deliberate data breaches have proliferated in record numbers at U.S. colleges and universities in the past few years as hackers continue to seek out large pools of data that are often less secure than information housed on corporate or government PCs and servers.
For now, Penn State officials say all of the 15,800 will be receiving notification letters in the near future, and that the school intends to revisit its data protection and security policies to ensure future botnet attacks are either defused or identified much earlier.