BreachExchange mailing list archives
PA: Malware opens door to possible information exposure
From: David Shettler <dave () opensecurityfoundation org>
Date: Fri, 18 Dec 2009 12:01:21 -0500
http://datalossdb.org/incidents/2482 http://live.psu.edu/story/43583 A computer in the Dickinson School of Law that contained 261 Social Security numbers from an archived class list was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. "Malware" is short for malicious software and refers to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, worm or other destructive program. As soon as the University became aware of the malicious software on this computer, it immediately was taken off line. Although it cannot be determined with certainty that any data was pulled from the computer by the infectious software, the University's policy is to take a cautionary stance and notify individuals who may have been affected. This response is in line with the Pennsylvania Breach of Personal Information Notification Act, which went into effect in 2006 and mandates that the University notify anyone whose personally identifiable information is potentially disclosed when a computer is lost or compromised. [...[ _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- PA: Malware opens door to possible information exposure David Shettler (Dec 18)