Cyber Incident Victim: Pennsylvania State University
Date:
Nov 2014
Location:
United States of America
Summary
Pennsylvania State University's College of Engineering disconnected its network following two severe cyber intrusions, one suspected to originate from China, which compromised personal information of at least 18,000 individuals and potentially exposed sensitive research data. The university, alerted by the FBI, delayed public disclosure to prevent escalating attacker activity during its investigation. Remediation required isolating the engineering network, mandating password resets for all affected engineering students and staff, and implementing two-factor authentication for remote faculty and staff accessing college resources via VPN.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2015, Pennsylvania State University disclosed a significant cybersecurity incident affecting its College of Engineering network, which had been under investigation since the FBI alerted the university to an external attack on November 21, 2014. The intrusion involved two separate breaches, with one attributed to a group suspected to be operating from China. University officials severed the engineering school’s internet connectivity to contain the threat and initiate remediation, a measure described by Penn State President Eric J. Barron as critical to preventing further malicious activity during the investigation. The attackers compromised personal information of at least 18,000 individuals, though the university found no conclusive evidence that research data was exfiltrated. Barron emphasized the deliberate delay in public disclosure to avoid alerting the attackers, stating that premature action could have escalated the intrusion. The university mobilized extensive resources to restore network functionality, anticipating reconnection within several days while prioritizing minimal disruption to academic operations.
The incident necessitated mandatory password resets for all College of Engineering faculty and staff at the University Park campus, as well as students across all Penn State campuses who had recently enrolled in engineering courses. Remote access to college resources via virtual private networks (VPN) required the implementation of two-factor authentication as an additional security layer. While the breach directly impacted a limited subset of individuals, the university treated it as a systemic threat due to the sensitivity of engineering research and infrastructure. No specific technical details about the attackers’ methods or the duration of unauthorized access were disclosed. The response focused on network hardening, user accountability measures, and maintaining operational continuity for affected students and faculty during the remediation period.