A recent cybersecurity sweep at Penn State found the Social Security numbers of another 25,000 individuals may have been exposed to a security breach because of infected computers.
But the university said that, as in previous cases, there was no evidence that data had been accessed after the computers were hit by malicious software or so-called "malware." Malware refers to software that can silently install viruses, probe for confidential info or even hijack a computer.
Individuals affected by the privacy breaches were notified, as required by state law, to look out for potential identity theft, Penn State said.
One recent case involved a University Libraries computer breached with malware. The computer contained the Social Security numbers of more than 9,700 people. In another case, the school last week sent letters to more than 15,800 people about a possible breach at an Outreach Market Research and Data computer. The attacks in those cases occurred some time earlier this year, school spokesman Geoff Rushton said Tuesday.
Another 35,000 individuals were notified late last year and earlier this year of potential breaches at the main University Park branch as well as campus sites in Carlisle and Schuylkill Haven.
In each instance, infected computers were taken offline and wiped clean before being reinstalled. "Basically, the computer is starting over," Rushton said.
The university does not know if the 60,000 cases are related, but was working with government agencies on the problem, Rushton said.
Universities across the country are increasingly becoming the targets of stepped-up and more sophisticated malware attacks, Rushton said. And beginning in late 2008, Penn State has been improving its security efforts to root out malware.
While it is safe overall to use university computers, "these things can happen anywhere you are using a computer," Rushton said. "Our computers certainly have a more heightened security on them than the average home computer."