Hackers may have accessed the Social Security numbers of 15,800 PSU students, most of them former, I take it. From centredaily.com:
Penn State is sending out letters to about 15,800 people whose Social Security numbers may have been discovered by hackers, the university said in a statement Wednesday.
Officials found that a computer in the Outreach Market Research and Data office was communicating with a bot controller, a type of malicious software that allows someone to gain complete control of the affected computer.
At one time, the computer contained a database of Social Security numbers. In 2005, Penn State officials removed the database when they stopped using Social Security numbers. However, an archived copy remained undetected on the computer’s cache. [ my empahsis]
This is one of the reasons why when encrypting a machine, disk encryption is recommended over something like file encryption. You just don’t know what you’re going to miss. Of course, neither would have helped in this case, since the breach point was the installation of malware.
