June 26--Following two cyberattacks on Penn State's College of Liberal Arts, the university is resetting passwords on its college-issued accounts, but school officials said they believe no personal identifiable information, such as Social Security numbers, or research data had been compromised.
"Penn State takes very seriously the security of the sensitive data in its care and we are continuing to investigate the circumstances that ultimately allowed attackers to access the network in the College of Liberal Arts," said Penn State provost and executive vice president Nicholas Jones in a news release.
The attacks by an unknown individual or individuals were discovered May 4. School officials, citing the ongoing investigation, waited until Friday to announce them.
"We prefer not to talk about an investigation that is in progress lest it compromise our ability to a full and complete analysis," said Mr. Jones during a telephone conference call Friday.The FBI -- which alerted Penn State to a cyberattack on its College of Engineering in 2014 -- has also been notified of the attacks.
Officials with Mandiant, a cybersecurity firm hired by Penn State, could not say if the hackers were the same, nor could they say what the motive for the attacks might have been. The College of Engineering was also attacked twice, and its college-issued user names and passwords were also compromised.
Asked why user names and passwords may have been targeted, Mandiant senior consultant Nick Pelletier said: "I'm not going to speculate about what the attackers' motive might have been. We just know what we were able to identify."
The attacks on the College of Liberal Arts spanned two years. One happened in 2014 and lasted 24 hours and the second occurred between March and May of this year. About 2,000 to 3,000 faculty and staff members and graduate students' passwords were compromised. Undergraduates were not affected.
School officials do not believe any other colleges or departments at Penn State have been attacked.
"We're constantly monitoring a variety of different threats at the institution and at this time they have no evidence of other attacks going on," said Kevin Morooney, Penn State's vice provost for information technology.
School administrators said they have also accelerated their plans to implement two-factor authentication, which asks users to provide two forms of identification as opposed to one.
Madasyn Czebiniak: [email protected]
Copyright 2015 - Pittsburgh Post-Gazette