RSS Alerts
Penn State's "Old Main" administration building

Share

More services

Related Stories

  • A Breach too Far
    How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates
  • Heartland settles with MasterCard over data breach
    Heartland Payment Systems, the fifth-largest payment card processor in the US, has made a third settlement deal in what was one of the largest data breach incidents in history. This time, MasterCard has agreed to take a 41.4m payout for its card issuers.
  • Securing Electronic Health Records
    Electronic health records are supposed to improve the efficiency and accuracy of healthcare delivery. However, with electronic records come security headaches, and the potential for data breaches. John Sterlicchi examines what the industry is doing thus far to facilitate a secure transition toward electronic health records
  • Infosecurity Europe 2010: Survey says US boasts highest data breach costs
    A newly released global survey by the Ponemon Institute shows that, among five of the largest industrialized nations, data breaches affecting US organizations are the costliest both in terms of cost per compromised record and the overall price tag per incident.
  • Florida university notifies students and faculty of possible data exposure
    Students and faculty at Florida International University are being sent notification letters regarding the potential compromise of personal data stored in a university database.

Top 5 Stories

News

Penn State data may have been exposed

03 June 2010

This week the Pennsylvania State University sent data breach notification letters to 15 806 individuals who at one time had their personal information, including Social Security numbers, stored in a university database.

Penn State issued a press release statement on Wednesday informing the university community that a computer in its Outreach Market Research and Data office was found to be actively communicating with a botnet CNC.

According to the statement, the database used by the office had previously contained Social Security numbers on individuals. The university, which discontinued use of SSNs for identification purposes in 2005, nevertheless found that an archived copy of the information went undetected in the computer’s cache.

Geoff Rushton, a spokesperson for the university, told Infosecurity that “[we] have a very active program to try to scan for and eliminate personally identifiable information from computers where it is no longer needed for business purposes. Our goal is to scan every machine throughout the University, but of course given our size, that will take some time to complete.”

This was the second time in two weeks that Penn State, one of the nation’s largest research institutions, was compelled to send out letters to people whose personal details may have been compromised via university computers. The Pennsylvania Breach of Personal Information Notification Act required Penn State to notify affected individuals, who will receive letters with brochures on how to prevent identity theft.

In its statement, Penn State said it has no evidence of unauthorized access to information in the database. “Even when theft is only a remote possibility, we alert anyone who may have been affected”, said Sarah Morrow, chief privacy officer at the university.

Penn State’s Rushton also outlined the steps the university is taking to limit future incidents. “We have, of course, standard defenses: site-licensed antivirus, unit firewalls, patching, vulnerability scanning, web application scanning, intrusion detection and blocking of confirmed hostile sites or frequently probed ports”, he said. “When a machine is compromised, it must be re-installed from known ‘good’ media before it's allowed back on the network, since it's not possible to truly clean a machine that's been fully compromised”.

This article is featured in:
Data Loss  • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012