Penn State cyberattack said to have originated from China

Servers with thousands of people's data was targeted at the university's engineering college.

Old Main building at Penn State (Image: Penn State University)

An attack that led to the shutdown of one Penn State college's network is thought to have originated from China, the university has said.

The Penn State College of Engineering said in a statement Friday that it came under attack in two separate incidents by advanced malware. Servers containing data on about 18,000 individuals was attacked in one instance, but the college said that there was no evidence personal data such as credit card data was stolen.

13 best privacy tools for staying secure

From encrypted instant messengers to secure browsers and operating systems, these privacy-enhancing apps, extensions, and services can protect you both online and offline.

Read More

But the university gave no details on the second attack.

FireEye, a cybersecurity firm hired by the university, said a "threat actor" based in China was to blame for the "advanced persistent threat" against it.

Usernames and passwords were compromised as early as September 2012, the statement said.

Federal officials alerted Penn State to a data breach in November, according to a statement by university president Eric J. Barron.

"As we have seen in the news over the past two years, well-funded and highly skilled cybercriminals have become brazen in their attacks on a wide range of businesses and government agencies, likely in search of sensitive information and intellectual property," said Barron.

Among other things, Penn State develops hundreds of millions of dollars worth of technology for the military and the government each year, according to Reuters.

Following word of the breach, the engineering college disconnected its computers from the internet in order to flush out malware found on its network. Service to the college is expected to be restored in the coming days.