Cyberattack on Penn State exposes passwords of thousands

Photo of author

By Larry Banks

Pennsylvania State University’s College of Engineering revealed on Friday that it has succumbed to two highly sophisticated cyberattacks during the last two years.

The President of the University, Eric Barron, issued an apology this week and said that usernames and passwords from more than 18,000 people may have been accessed. However, he said that investigators did not find any evidence that social security numbers and credit card information was stolen. Another statement from the school said that a security company it hired to investigate the attacks claimed that at least one of the assaults came from China.

Brazen cyberattacks

“We all will need to take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage”, Barron said in his statement. “Well-funded and highly skilled cyber criminals have become brazen in their attacks on a wide range of businesses and government agencies, likely in search of sensitive information and intellectual property”.

These are just the latest in a series of cyberattacks on US universities. Hacks into databases at the University of California, Los Angeles, the University of Southern California and the University of Maryland have also exposed the personal information of hundreds of thousands of people. Barron says that on average Penn State repels more than 22 million cyberattacks from around the world every day.

“In this particular case we are dealing with the highest level of sophistication”, Barron said. “Unfortunately, we now live in an environment where no computer network can ever be completely, 100 percent secure”.

The FBI had first alerted the university of the cyberattack back in November of 2014. The school then hired security company FireEye and its cybersecurity unit Mandiant to investigate the breach. It was apparently during this investigation that the university discovered that one of the two attacks originated in China.

The university has notified more than 18,000 individuals that some of their personal information may have been breached, such as their college of engineering usernames and passwords. Penn State is also offering those affected one year of free credit monitoring. The school is also to notify around 500 public and private research partners about the breach.

“Advanced cyberattacks like this – sophisticated, difficult to detect and often linked to international threat actors – are the new normal”, said Nick Bennett, Mandiant’s senior manager of professional services. “No company or organization is immune — the world’s leading banks, energy companies, retailers and educational institutions have all been and will be targets”.

In the meantime, while the college of engineering recovers its computer systems, it has disconnected its network from the Internet. Barron says he believes it will be back up in a couple of days.


Images Courtesy of DepositPhotos