Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH
Mandiant

Chinese hackers hit Penn State computer system

Elizabeth Weise
USA TODAY
The logo of Pennsylvania State University, founded in 1855.

Pennsylvania State University disabled the computer network of its college of engineering Friday because of a sophisticated cyber attack from China, the university said.

Penn State is a major contractor for defense technology with the U.S. Navy.

However university officials said in a statement there was no "evidence to suggest that research data or personally identifiable information (such as Social Security or credit card numbers) have been stolen."

Passwords and usernames to the engineering school's network were stolen in the attack, the university said.

The network was used by about 18,000 students, faculty and staff.

The attack was conducted by two groups, at least one of which was based in China, according to Mandiant, a division of computer security company FireEye.

"This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible," said Penn State president Eric Barron in an open letter to the Penn State community.

Universities have increasingly been the target of cyber attacks, experts say.

The attack was severe enough that the Penn State chose to deliberately disconnect the computer network from the Internet so that it could securely recover the system, the university, located in State College, Penn. said in a statement.

Engineering faculty, staff and students will continue as on other networks at the university while the affected hardware and software are upgraded to protect against attacks.

"The outage is expected to last for several days, and the effects of the recovery will largely be limited to the College of Engineering," the university said.

Penn State was first alerted to the attack by the FBI on Nov. 21, 2014.

While the university reached out to computer security professionals from within and without, it did not make information about the attack public.

"In order to protect the college's network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation," said Nicholas Jones, executive vice president and provost at Penn State.

"Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse," he said.

That could be a nod to last year's Sony attack, in which the hackers not only stole massive amounts of data but then destroyed much of Sony Pictures Entertainment's computer network as they backed out of the system.

The earliest intrusion Mandiant's investigation found was from September of 2012.

Featured Weekly Ad