The Penn State College of Engineering has disconnected its computer network from the Internet after it was the victim of two sophisticated cyberattacks, university officials announced Friday.
One of the attacks was carried out by a "threat actor" based in China using advanced malware to attack systems in the college, according to a statement posted on the university's website.
The college is currently working on a large-scale operation to securely recover all its systems. The outage is expected to last several days.
Penn State President Eric J. Barron sent a message to the university community on Friday, including the following:
While disruptions related to our coordinated recovery will largely be limited to the College of Engineering in the coming days, I feel it is important to reach out to all of you directly. Moving forward, we all will need to take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage.
According to the university's statement, Penn State was first alerted about the breach in late 2014 by the FBI. A third party expert hired by the university, Mandiant, has confirmed that at least one of the attacks came from someone based in China. The university plans to make changes in its IT security over the coming months to battle the threat of cybercrime.
The university said that there is no evidence that research data or personal information, such as Social Security card numbers, have been stolen. However, several College of Engineering-issued usernames and passwords have been compromised. Therefore the university is urging all college faculty, staff and students who have taken at least one engineering course to choose new passwords for their access accounts.