PA: Malware opens door to possible information exposure

[David Shettler <dave () opensecurityfoundation org>]

http://datalossdb.org/incidents/2482

http://live.psu.edu/story/43583

A computer in the Dickinson School of Law that contained 261 Social
Security numbers from an archived class list was found to be infected
with malware that enabled it to communicate with an unauthorized
computer outside the network. "Malware" is short for malicious
software and refers to any software designed to cause damage to a
single computer, server, or computer network, whether it's a virus,
spyware, worm or other destructive program.

As soon as the University became aware of the malicious software on
this computer, it immediately was taken off line. Although it cannot
be determined with certainty that any data was pulled from the
computer by the infectious software, the University's policy is to
take a cautionary stance and notify individuals who may have been
affected. This response is in line with the Pennsylvania Breach of
Personal Information Notification Act, which went into effect in 2006
and mandates that the University notify anyone whose personally
identifiable information is potentially disclosed when a computer is
lost or compromised.

[...[
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php