The University of Virginia, which shut down some online systems this weekend in the wake of a cyberattack, is not the only university to experience a data breach in recent years.
The University of Connecticut’s School of Engineering and Penn State’s College of Engineering and College of the Liberal Arts also announced cyberattacks recently.
The cyberattack on UVa was highly targeted, according to officials, breaching the email accounts of two employees whose work is connected with China.
The attack on UConn and at least one of the attacks on Penn State were from China, according to releases from the universities.
The FBI on Nov. 21 notified Penn State of an attack on the College of Engineering network. The earliest known date of the cyberattack was September 2012. An investigation by an outside cybersecurity company found that there had been two “sophisticated threat actors.”
The College of Engineering disconnected its network from the Internet for a weekend after announcing the attack.
After upping cybersecurity, investigators found that the College of the Liberal Arts also had been attacked twice. The earliest sign of attack on this college was March 4, 2014.
Information technology staff at UConn’s School of Engineering detected an attack on the servers on March 9. The earliest sign of attack was Sept. 24, 2013.
Penn State said no research data or personally identifiable information had been taken, but in some cases, usernames and passwords were compromised. The university required staff, faculty and students in both colleges to change their passwords.
UVa is taking similar actions resulting from this attack.
UConn notified anyone whose personally identifiable information could have been stolen and research partners, as well, although there was no direct evidence that information had been compromised. They recommended that anyone potentially affected reset their passwords.
Large data breaches that included birthdates and Social Security numbers occurred at Ohio State University in 2010 and the University of Maryland in 2014. About 760,000 people were affected in the Ohio State hack and about 300,000 at U-Md.
China has also been suspected in other recent cyber attacks — on the U.S. Office of Personnel Management in April and Anthem Inc. in January.
Groupings of major cyber attacks that have reportedly originated from China seem to be targeted at clusters of companies from the same industries. In 2009, technology companies such as Google, Adobe Systems and Yahoo were attacked. In 2012, after reporting negatively on China or the Chinese government, the New York Times, Washington Post and Wall Street Journal were attacked.
Mandiant, the cyber security company UVa is said to be using, was used by Anthem Inc., Penn State, The New York Times and other companies that have been attacked by China.
Alison Wrabel can be reached at email@example.com or (434) 978-7261.