PSU: Social Security Numbers Compromised due to Malware
By Reidar Jensen and Lisa Powers, Penn State
UNIVERSITY PARK – A server hosted at Penn State’s University Park campus that contained 1,406 Social Security numbers, all of which belong to students who were enrolled at Penn State Altoona before 2005, was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. “Malware” is short for malicious software and refers to any software designed to cause damage to a single computer, server, or computer network, whether it’s a virus, spyware, worm or other destructive program.
As soon as the University became aware of the malicious software on this server, it immediately was taken off line. Although it cannot be determined with certainty that any data were pulled from the computer by the infectious software, the University’s policy is to take a cautionary stance and notify individuals who may have been affected. This response is in line with the Pennsylvania Breach of Personal Information Notification Act, which went into effect in 2006 and mandates that the University notify anyone whose personally identifiable information is potentially disclosed when a computer is lost or compromised.
“We have no reason to believe that this information was accessed by unauthorized individuals, but those affected should remain alert in the event that an individual attempts to use their identity,” said Sarah Morrow, chief privacy officer for the University. “Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk.”
Penn State is notifying those involved via letters that will include contact information should recipients have further questions. Letters are being sent to owners of Social Security numbers that may have been compromised. The mailing also includes a brochure detailing how to prevent identity theft. The information was compiled primarily from the FTC (Federal Trade Commission) and the Pennsylvania Attorney General’s Web sites.
For more information, contact the Penn State Call Center toll-free at 855-842-8351.