Penn State University is the latest U.S. institution to be attacked by Chinese government hackers as its school of engineering went offline Friday after falling victim to a malware attack.
The school was alerted to the problem by the FBI and upon auditing its systems found that PCs on the network of its College of Engineering were infected with malware that was harvesting research data and personal information.
The outage is expected to last for several days after the college announced it needed to take the entire network down for days in order to disinfect its computers. Classes are continuing as normal.
“In a coordinated and deliberate response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems is underway,” the school said in a statement.
“Contingency plans are in place to allow engineering faculty, staff and students to continue in as much of their work as possible while significant steps are taken to upgrade affected computer hardware and fortify the network against future attack.”
The shutdown was made following a six-month investigation by both the school and the FBI. The school says that after being notified in November, it began to investigate its networks to find the source of the breach.
After months of research, two persistent malware infections were found within the school of engineering’s network. It was found have been in place as far back as September 2012.
Penn State said that over 10,000 student records, including Social Security numbers, were compromised in the attack. Other research data may have been stolen as well.
“While investigators have found that only a small number of these accounts have been used by the attackers to access the network, as a precaution and beginning immediately, all College of Engineering faculty and staff at University Park, as well as students at all Penn State campuses who recently have taken at least one engineering course, will be required to choose new passwords for their Penn State access accounts,” the school said.