Quick Facts

• Date: 6/8/2010
• Institution: Penn State University
• Type of Incident: Penetration
• Number Affected: 25,000
• Source: ESI
• Abstract Source: York Daily Record

Abstract
Penn State University officials have announced that a recent security review has uncovered additional risks to personal information. The review discovered that up to 25,000 additional names and Social Security numbers could be at risk from compromised computers. According to PSU, the computer were infected with viruses that would allow an individual to access the information without authorization. As with the other incidents at PSU, there is no evidence that the information has was accessed. However, PSU is working to notify the individuals affected by this incident.

Quick Facts

• Date: 6/2/2010
• Institution: Penn State University
• Type of Incident: Penetration
• Number Affected: 15, 806
• Source: ESI
• Abstract Source: Penn State Live

Abstract
Penn State University will begin notifying individuals after a computer containing a cached copy of personal information was found infected with a bot virus. Staff discovered the virus on a computer, part of the Outreach Market Research and Data office, that contains a cached copy of database with the names and Social Security numbers of 15,806 individuals. The database was originally removed from the computer in 2005, but an investigation into the breach showed an archived copy in the cache. While there is no evidence the information was accessed, in the letter to affected individual Penn State is including information on how to detect and prevent identity theft.

Quick Facts

• Date: 12/18/2009
• Institution: Penn State University
• Type of Incident: Penetration
• Number Affected: 30,000 (Updated)
• Source: DataLossDB
• Abstract Source: Penn State Live
• Update1 Source: Pittsburgh Post-Gazette, DataBreachs.net

Abstract
Penn State University is alerting former students after a computer containing personal information was compromised by malware. The computer, found to be infected with malware and communicating to computers outside of the university, contained an archived class list with 261 Social Security numbers. The university removed the infected computer from the network as soon the problem was discovered. According to PSU's chief privacy officer, Sarah Morrow, there is no reason to believe the student information was accessed but Penn State decided to err on the side of caution. As Morrow stated, "Even when theft is only a remote possibility, we alert anyone who may have been affected, and arm them with information and steps to take to mitigate their risk."

Update1
Pennsylvania State University has begun notifying individuals after a large scale malware outbreak was discovered. The outbreak, affecting multiple computers, involved systems containing the names and Social Security numbers of around 30,000 individuals. The systems affected belonged to the Eberly Colelge of Science (7,758 records), the College of Health and Human Development (6,827 records) and Penn State Schuylkill (15,000 records). According to Penn State spokeswoman Annemarie Mountz the Social Security numbers were contained in archived files on the systems affected by the malware and the university does not have any indication the files were accessed. Instead the letters, containing information on protecting against identity theft, were sent out as a precaution. As a result of this and a previous breach this year at Penn State's Behernd campus, Penn State has started initiatives to safeguard information stored on university-owned computers.

Quick Facts

• Date: 11/30/2009
• Institution: Pennsylvania Sate University
• Type of Incident: Penetration
• Number Affected: 303
• Source: ESI
• Abstract Source: The Daily Collegian

Abstract
Penn State recently notified current and former students after a security incident may have exposed personal information. On August 3, Penn State Security Operations and Services notified university officials that the online grade book a professor used was compromised by a computer virus. The grade book contained the names, grades and Social Security numbers for 303 current and former students. While the information was taken offline when the problem was discovered, the Dean of the College of Earth and Mineral Sciences did not send letters to those affected until November. University spokesperson Annemarie Mountz stated that the university's response was in line with Pennsylvaina's Breach of Personal Information Notification Act. According to Mountz, there is no evidence this information was accessed by any unauthorized individuals. Mike McEvoy, a class of 2006 alumni affected by this incident, said he was thankful the university took immediate action to remove the information but wishes they had notified him in a more timely manner.

Quick Facts

• Date: 4/9/2009
• Institution: Penn State University - Erie, The Behrend College
• Type of Incident: Penetration
• Number Affected: 10,868
• Source: OSF Data Loss Database
• Abstract Source: Penn State Live

Abstract
Penn State University officials are working to notify individuals after a computer containing personal information may have been breached. The server, containing historical information, contained the names and Social Security numbers of 10,868 individuals at Erie, PA Behrend campus. Behrend staff became aware of the potential breach when the college's intrusion detection system alerted them of the problem. Staff investigated the incident and confirmed the that computer contained Social Security numbers. However, staff was not able to confirm that the personal information was affected by the breach. The computer was taken offline and the sensitive data was removed. Behrend will begin sending out notification letters to the affected individuals April 11th.