Penn State University has been forced to disconnect one of its college networks from the internet after discovering a major cyber-attack on its systems coming from China.
In a lengthy statement posted on Friday, the university claimed it had been alerted about an attack on its College of Engineering by the FBI back in November.
It then enlisted the help of FireEye-owned Mandiant to carry out an “intensive” forensic investigation on its systems, while its own IT department took steps to preserve sensitive data.
“In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation,” said Nicholas Jones, executive vice president and provost at Penn State.
“Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse.”
The investigation revealed the presence of not one but two “threat actors” on the university’s network, one of which was based in China.
The earliest date of intrusion was apparently September 2012.
Investigators don’t believe that any personal data like Social Security or credit card numbers has been stolen, but they’re notifying the 18,000 individuals whose information was sitting in files on servers which were exposed to attackers.
They do know, however, that usernames and passwords were definitely accessed and as a result all staff from the College are now being asked to choose new credentials.
Penn State said that on an average day last year it deflected a staggering 22 million “overtly hostile cyber-attacks from around the world.”
The university was praised for acting swiftly to investigate the attack, and is now launching a full review of its IT security practices.
The College of Engineering’s network will apparently be down for several days while key hardware is upgraded and systems are fortified against future attacks.
“In several days, our College of Engineering will emerge from this unprecedented attack with a stouter security posture, and engineering faculty, staff and students will need to learn to work under new and stricter computer security protocols,” said Penn State President Eric Barron, in an open letter.
“In the coming months, significant changes in IT security policy will be rolled out across the University, and all of us as Penn Staters will need to change the way we operate in the face of these new and significant challenges. This new threat must be faced head-on, not just by Penn State but by every large university, business and government the world over. This is a new era in the digital age, one that will require even greater vigilance from everyone.”