Penn State community advised to take action after extensive online data theft

As widely reported in the news, a Russian crime ring has allegedly stolen more than 1.2 billion username and password combinations, leaving the personal information of a large number of Internet users exposed. The stolen records, discovered by a security firm based in Milwaukee, include confidential information taken from roughly 420,000 websites varying in size and scope.

At this time there is no indication Penn State has been affected by this breach. University information technology staff continue to monitor Penn State systems and services for any sign of attack.

The University advises students, faculty and staff who have used their Penn State Access Account password for such non-Penn State services as personal email, financial institutions or online shopping websites, to change their Penn State password immediately to protect the privacy of their confidential information. Users can change their passwords by visiting

Students, faculty and staff are encouraged to change all other passwords to further protect secure information. University guidelines for creating and saving strong, easy-to-remember passwords are available at

Penn State is dedicated to protecting student, faculty and staff information. Two-Factor Authentication (2FA), a security protocol used to verify user identification, is being explored for wider University implementation in the future. This protocol adds an additional step to the traditional login system (username and password only), requiring users to verify their identity with an additional credential. This robust, easy-to-use authentication service will provide an additional effective layer of protection to University information.

If you have questions or need assistance changing your password, contact the IT Service Desk at 814-865-4357.

Media Contacts: 
Last Updated August 08, 2014