Penn State falls victim to cyber attack

June 29, 2015
School officials say no personal identifiable information compromised

June 26--Following two cyberattacks on Penn State's College of Liberal Arts, the university is resetting passwords on its college-issued accounts, but school officials said they believe no personal identifiable information, such as Social Security numbers, or research data had been compromised.

"Penn State takes very seriously the security of the sensitive data in its care and we are continuing to investigate the circumstances that ultimately allowed attackers to access the network in the College of Liberal Arts," said Penn State provost and executive vice president Nicholas Jones in a news release.

The attacks by an unknown individual or individuals were discovered May 4. School officials, citing the ongoing investigation, waited until Friday to announce them.

"We prefer not to talk about an investigation that is in progress lest it compromise our ability to a full and complete analysis," said Mr. Jones during a telephone conference call Friday.%{[ data-embed-type="image" data-embed-id="5c0ad2e17c18d227841aa4ba" data-embed-element="span" data-embed-size="640w" data-embed-alt="Officials at Penn State revealed last week that school has fallen victim to yet another cyber attack." data-embed-src="" data-embed-caption="Officials at Penn State revealed last week that school has fallen victim to yet another cyber attack. <br>" data-embed-credit="(Photo courtesy Wikimedia Commons/Deeptrivia )" ]}%

The FBI -- which alerted Penn State to a cyberattack on its College of Engineering in 2014 -- has also been notified of the attacks.

Officials with Mandiant, a cybersecurity firm hired by Penn State, could not say if the hackers were the same, nor could they say what the motive for the attacks might have been. The College of Engineering was also attacked twice, and its college-issued user names and passwords were also compromised.

Asked why user names and passwords may have been targeted, Mandiant senior consultant Nick Pelletier said: "I'm not going to speculate about what the attackers' motive might have been. We just know what we were able to identify."

The attacks on the College of Liberal Arts spanned two years. One happened in 2014 and lasted 24 hours and the second occurred between March and May of this year. About 2,000 to 3,000 faculty and staff members and graduate students' passwords were compromised. Undergraduates were not affected.

School officials do not believe any other colleges or departments at Penn State have been attacked.

"We're constantly monitoring a variety of different threats at the institution and at this time they have no evidence of other attacks going on," said Kevin Morooney, Penn State's vice provost for information technology.

School administrators said they have also accelerated their plans to implement two-factor authentication, which asks users to provide two forms of identification as opposed to one.

Madasyn Czebiniak:

Copyright 2015 - Pittsburgh Post-Gazette

Sponsored Recommendations

Half of organizations with cyber insurance implemented security measures to qualify, reduce cost

According to the survey, 44% of organizations are insured and 15% plan to purchase a policy within the next 12 months. Before being offered a policy, organizations typically need...

Arcserve study reveals retailers underprepared for holiday cyber attacks

The results reveal a lack of preparedness and confidence in data backup and recovery strategies, raising concerns about the industry's readiness to protect sensitive customer ...

Expedient announces partnership with Kyndryl to deliver disaster recovery as a service

By joining forces with Kyndryl, Expedient is extending the reach of its state-of-the-art data center colocation and cloud infrastructure known for its reliability, scalability...

Post-Quantum Cryptography Coalition launches

The PQC Coalition will apply its collective technical expertise and influence to facilitate global adoption of PQC in commercial and open-source technologies.