Malware infections continue to be problematic for University

Although most offices are winding down for the holidays, Penn State's privacy office remains active. The University currently is working to notify nearly 30,000 individuals about privacy breaches that may have exposed their personally identifying information.

Malware infections to University computers caused all of the breaches, which occurred in the Eberly College of Science (7,758 records), the College of Health and Human Development (6,827 records) and one of Penn State's campuses outside of University Park (roughly 15,000 records). Malware is short for malicious software and refers to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, worm or other destructive program.

Letters are going out today (Dec. 23) to those affected by the breaches in the two colleges. Work still is being done to identify those whose information is involved in the campus breach. Once that work is completed, letters will be sent to those affected in that incident as well. This response is in line with the Pennsylvania Breach of Personal Information Notification Act, which went into effect in 2006 and mandates that the University notify anyone whose personally identifiable information is potentially disclosed when a computer is lost or compromised.

The mailing also includes a brochure detailing how to prevent identity theft. The information was compiled primarily from the FTC (Federal Trade Commission) and the Pennsylvania Attorney General's Web sites.

As with other cases at Penn State, the University has no evidence that the information was accessed by unauthorized individuals, but those affected should be alert in the event that an individual attempts to use their identity. "Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk," said Sarah Morrow, chief privacy officer for the University.

For information about Penn State's efforts to minimize computer security risks, visit the Take Control Web site at http://its.psu.edu/takecontrol/ online. For more detailed information about identity theft risks and prevention, visit http://www.ftc.gov/bcp/edu/microsites/idtheft/ online.

Contacts: 
Last Updated December 23, 2009