02 Jun 2010

Penn State scrambles to offset potential data breach

A computer at Pennsylvania State University's Outreach Market Research and Data office may have exposed the social security numbers of nearly 16,000 people. A PSU IT worker discovered a botnet on a computer in the office, which also contained a file listing personal information for former and current students and staff.

Until 2005, the university used social security numbers as identification for students and faculty. Even though the practice has since stopped, the infected computer stored the file in its cache folder unknown to its operators. The school does not know how the internet security breach occurred, but has moved forward with its protocol to inform those possibly affected.

"Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk," Sarah Morrow, chief privacy officer at PSU, said.

Botnet activity in the first half of 2010 has resulted in massive attacks on both enterprise and consumer computers. The Kneber botnet, which security professionals reported in February, infected more than 70,000 computers in 2,000 companies worldwide before its discovery. ADNFCR-3079-ID-19814800-ADNFCR