Information exposure reported

UNIVERSITY PARK, Pa. -- An application hosted on a server on Penn State’s University Park campus that contained 1,406 Social Security numbers, all of which belong to students who were enrolled at Penn State Altoona before 2005, was found to have been compromised using a technique known as SQL injection.

As soon as the University became aware of the issue, the server was immediately taken offline. Although there is no evidence that the information has been used by unauthorized individuals, the University's policy is to take a cautionary stance and notify individuals who may have been affected. This response is in line with the Pennsylvania Breach of Personal Information Notification Act, which went into effect in 2006 and mandates that the University notify anyone whose personally identifiable information is potentially disclosed when a computer is lost or compromised.

"We have no reason to believe that this information has been used by unauthorized individuals, but those affected should remain alert in the event that an individual attempts to use their identity," said Sarah Morrow, chief privacy officer for the University. "Whenever identity theft is a possibility, we alert anyone who may have been affected and arm them with information and steps to take to mitigate their risk."

Penn State is notifying those involved via letters that will include contact information should recipients have further questions. Letters are being sent today (Dec. 28) to owners of Social Security numbers that may have been compromised. The mailing also includes a brochure detailing how to prevent identity theft. The information was compiled primarily from the FTC (Federal Trade Commission) and the Pennsylvania Attorney General's websites.

For more information, contact the Penn State Call Center toll-free at 855-842-8351.

To learn more about Penn State's efforts to minimize computer security risks, visit the Take Control Web site at http://its.psu.edu/takecontrol/ online. For more detailed information about identity theft risks and prevention, visit http://www.consumer.ftc.gov/features/feature-0014-identity-theft online.

Contacts: 
Last Updated January 10, 2013