From their newsroom:
Although most offices are winding down for the holidays, Penn State’s privacy office remains active. The University currently is working to notify nearly 30,000 individuals about privacy breaches that may have exposed their personally identifying information.
Malware infections to University computers caused all of the breaches, which occurred in the Eberly College of Science ( 7,758 records ), the College of Health and Human Development ( 6,827 records ) and one of Penn State’s campuses outside of University Park ( roughly 15,000 records ). Malware is short for malicious software and refers to any software designed to cause damage to a single computer, server, or computer network, whether it’s a virus, spyware, worm or other destructive program.
Letters are going out today ( Dec. 23 ) to those affected by the breaches in the two colleges. Work still is being done to identify those whose information is involved in the campus breach. Once that work is completed, letters will be sent to those affected in that incident as well. This response is in line with the Pennsylvania Breach of Personal Information Notification Act, which went into effect in 2006 and mandates that the University notify anyone whose personally identifiable information is potentially disclosed when a computer is lost or compromised.
Read more on Media Newswire.