The College of Engineering announced earlier today that it was the target of two sophisticated cyberattacks. The “advanced persistent threat” actors used malware to hack into Penn State’s system, and the university disconnected the college’s computer network from the internet in what President Barron called in a statement a “coordinated and deliberate response.”

The purpose of Barron’s statement to the Penn State community, on top of providing information about the cyber attack, was to warn that we “need to take additional steps to protect ourselves, our identities, and our information from a new global wave of cybercrime and cyberespionage.”

Penn State was first notified about the attack on Nov. 21, 2014 when the FBI alerted the university of a cyber attack of “unknown origin and scope” on the College of Engineering. Though the attack was first discovered in November, Barron said in his statement that notification to the Penn State community was delayed until now as to not make the situation worse by increasing the size of the target on the college.

Though there is no evidence that research data or personal information such as credit card or Social Security numbers were stolen, College of Engineering-issued usernames and passwords have likely been compromised, and the university is urging University Park faculty and staff, as well as students at any campus who have taken an engineering course, to change the passwords for their access accounts.

With the size and severity of this attack, the university is launching a “comprehensive review of all IT related security practices and procedures at Penn State.” Though the university recognizes it needs to maintain its open learning environment, Barron acknowledges that Penn State will need to strengthen it’s security posture to marginalize cyber crime and attacks such as these.

With the information of this attack, President Barron stated that there will be significant, university-wide changes to the IT protocol. Over time, this will include the implementation of two-factor authentication, stronger password management, and enhancements to system and software administration.

Barron said that Penn State experts expect the network will be back up and running in several days, and the recovery will be primarily limited to the College of Engineering, though there will be unavoidable disruptions to normalcy in that time. College of Engineering faculty, staff, and students can visit this website for updates and information on the attack.