The Social Security numbers of 25,572 alumni were put at risk when malware gained access to two university computers in recent weeks, but a university official said none of the information appears to have been exposed.
In two separate incidents, malicious software, called bot controllers, hacked into a computer in the university libraries as well as a computer in the Outreach Market and Data Office.
Both computers previously had databases with Social Security numbers in them, said Penn State spokesman Geoff Rushton. Though the databases were removed in 2005, an archive copy still exists -- and some files with personal information may still exist as well, because they have not been overwritten, Rushton said.
In recent years, there have been several similar incidents, but Rushton said the university is doing all it can to protect its computers.
Defense measures, like antivirus programs, firewalls, vulnerability scanning and intrusion detection programs are employed to guard computers against unauthorized access, he said. It is university to protocol to reinstall media on a computer that has been accessed before that computer is allowed to reenter the network.
And the university is looking to ensure events such as this won't happen again.
"We have another program to scan and eliminate personal data on computers," Rushton said. "The goal is to remove personal data from any comp throughout the entire university."
