A sign-up interface created by Penn State researchers for Facebook apps could help members prevent personal information -- and their friends' information -- from leaking out through third-party games and apps to hackers and identity thieves. (more)
Publicly available cell-phone applications from application markets are releasing consumers' private information to online advertisers, according to a joint study by Intel Labs, Penn State and Duke University. Researchers at the participating institutions have developed a realtime monitoring service called TaintDroid that precisely analyzes how private information is obtained and released by applications "downloaded" to consumer phones. TaintDroid is an extension to the Android mobile-phone platform that tracks the flow of sensitive data through third-party applications. (more)
Identity theft continues to be a serious problem nationwide, and according to the nonprofit Identity Theft Resource Center, (ITRC) the economic recession may be a cause in the rise in scams, thievery and hacking. Breaches have hit virtually everywhere, including the federal government, major credit card companies, businesses and higher education institutions. Penn State has experienced computer breaches due to malware. The most recent breach occurred in the Student Aid Office in January, when malware exposed 5,600 records containing Social Security Numbers of current and former students. "The scary part is, you don't have to do anything wrong anymore to infect your computer," said Kathy Kimball, senior director in Penn State's Security Operations and Services Office. "The threat has changed such that you do not need to click on anything, just visit a compromised page." (more)
Although most offices are winding down for the holidays, Penn State's privacy office remains active. The University currently is working to notify nearly 30,000 individuals about privacy breaches that may have exposed their personally identifying information. Malware infections to University computers caused all of the breaches, which occurred in the Eberly College of Science (7,758 records), the College of Health and Human Development (6,827 records) and one of Penn State's campuses outside of University Park (roughly 15,000 records). (more)
A computer in the Dickinson School of Law that contained 261 Social Security numbers from an archived class list was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. As soon as the University became aware of the malicious software on this computer, it immediately was taken off line. Although it cannot be determined with certainty that any data was pulled from the computer by the infectious software, the University's policy is to take a cautionary stance and notify individuals who may have been affected. (more)
Several computers were among items stolen during a recent break-in at a building on the Penn State Hazleton campus, and a subsequent investigation determined that the archives of one of the computers contained personally identifying information. A total of 348 Social Security Numbers were included in a historical document buried in the computer's archives. Because a number of items were taken in the break-in, it appears that the thieves were targeting the computers, not any information that may have been on them. "We have no reason to believe that this information was accessed by anyone, but those affected should be alert in the event that an individual attempts to use their identity," said Gary Lawler, chancellor at Penn State Hazleton. "We have sent letters to everyone who may have been affected, to arm them with information and steps to take to lessen their risk of identity theft -- even if that theft is only a remote possibility." (more)
Recent news reports indicate a computer containing confidential information about the helicopter that transports President Barack Obama was breached by a computer in Iran. In January, Heartland Payment Systems, a company that provides credit and debit card, payroll and related processing services to more than 250,000 business locations nationwide, announced it had a data breach that potentially exposed credit card numbers, expiration dates and other data. The Heartland breach includes about 700 Penn State purchasing cards, which are in the process of being replaced. As the nationwide problem of identity theft continues to evolve and grow, Penn State is not immune. Malicious software, downloaded by unsuspecting employees who click on messages containing links to fake greeting cards or other seemingly harmless sites, has compromised computer networks at University Park and other campuses. "We cannot stress enough the importance of not clicking on links in e-mail if you do not know for sure who sent the e-mail to you," said Kathy Kimball, senior director of ITS Security Operations and Services. "The most common of these e-mails state that a friend sent you an e-card, and you need to click on the link to view it. When you click on the link, you're redirected to a Web site that downloads malicious software onto your computer without your knowledge, opening up security breaches that can affect every computer on the network to which your computer is connected." (more)
When the Family Educational Rights and Privacy Act (FERPA) was signed into law by President Gerald R. Ford in 1974, it changed the way higher education institutions handled student record privacy. The intent of the federal law was to protect the privacy of student education records, and it applied to all schools that receive funds under an applicable program of the U.S. Department of Education. Because compliance with the details of the law was directly tied to federal funding, higher education institutions including Penn State over the years have chosen to err on the side of caution when dealing with student records. "The provisions of FERPA are complex and here at Penn State we tended, as many other institutions have done, to follow a conservative, narrow interpretation of the law to ensure full compliance," said Karen Schultz, University registrar and FERPA compliance officer for Penn State. "In the wake of the tragedy at Virginia Tech, we are re-visiting our approach." (more)
