Pennsylvania State University said on Friday that two cyberattacks at its College of Engineering, including one in 2012 that originated in China, compromised servers containing information on about 18,000 people.
Penn State, a major developer of technology for the U.S. Navy, said there was no evidence that research or personal data such as social security or credit card numbers had been stolen.
Cybersecurity firm Mandiant has confirmed that at least one of the two attacks was carried out by a “threat actor” based in China, Penn State said.
The source of the other attack is still being investigated.
Penn State was alerted about a breach by the Federal Bureau of Investigation in November, Penn State executive vice president Nicholas Jones said in a statement.
Mandiant, the forensic unit of FireEye Inc, discovered the 2012 breach during the investigation.
Penn State’s Applied Research Laboratory spends more than $100 million a year on research, with most of the funding coming from the U.S. Navy.
The university “fit the bill” as a high-value target, Daniel Ives, who covers cybersecurity for FBR Capital Markets.
Penn State said investigators found that a number of college-issued usernames and passwords had been compromised but only a small number had been used to access its network.
The university said the College of Engineering’s computer network has been disconnected from the Internet and attempts were being made to recover all systems.
The outage is expected to last for several days and mostly affect the engineering college, Penn State said. It is normal to keep systems running while breaches were being investigated.
“Cyberattacks like this – sophisticated, difficult to detect and often linked to international threat actors – are the new normal,” said Nick Bennett, senior manager at Mandiant.
“No company or organization is immune,” he said.