Penn State University

Penn State’s College of Engineering has been disconnected from the Internet so it can recover from two serious computer intrusions that exposed personal information for at least 18,000 people and possibly other sensitive data, officials said Friday.

The group responsible for one of the attacks appears to be based in China, a country many security analysts have said actively hacks and trawls the computer networks of western nations for a wide range of technical data.

University officials said there’s no evidence that the intruders obtained research data, but they didn’t rule the possibility out.

Officials have known of the breach since November 21, when the FBI reported an attack on the engineering college network by an outside entity.

In a letter to students and faculty issued Friday, Penn State President Eric J. Barron wrote:

In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation. Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse.

This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible; minimize the disruption and inconvenience to engineering faculty, staff and students; and to harden Penn State’s networks against this constantly evolving threat.

NO COMMENTS