PA: Penn State data may have been exposed

[lyger <lyger () attrition org>]

http://www.infosecurity-us.com/view/9976/penn-state-data-may-have-been-exposed/

This week the Pennsylvania State University sent data breach notification 
letters to 15 806 individuals who at one time had their personal 
information, including Social Security numbers, stored in a university 
database.

Penn State issued a press release statement on Wednesday informing the 
university community that a computer in its Outreach Market Research and 
Data office was found to be actively communicating with a botnet CNC.

According to the statement, the database used by the office had previously 
contained Social Security numbers on individuals. The university, which 
discontinued use of SSNs for identification purposes in 2005, nevertheless 
found that an archived copy of the information went undetected in the 
computer's cache.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php