Investigation finds hackers had access to driver’s licenses in Penn State Altoona database

A database containing more than 5,900 driver license numbers belonging to Penn State Altoona students was hacked as part of a cyberattack last year, the university reported Friday.

Officials at Penn State said last month that a database containing 1,406 Social Security numbers of former students may have been compromised when was a server was hacked on Sept. 10.

Penn State said Friday that the investigation into the computer attack revealed more information.

Officials said the attack may have compromised the database that had driver license numbers of 5,904 current and former students at the branch campus in Altoona.

Penn State said it began notifying those students on Friday.

The notification is in line with a requirement by the Pennsylvania Breach of Personal Information Notification Act.

The university collected the license numbers for campus parking records but no longer does so, officials said Friday.

In a statement, Penn State’s chief privacy officer said officials do not think the driver license numbers or Social Security numbers have been used by the hackers.

“Those affected should remain alert in the event that an individual attempts to use their identity,” said the officer, Sarah Morrow.

Penn State said the hack was done using a technique called an SQL injection, which gives the attacker unauthorized, database-level access to vulnerable programs.

Penn State said the server that was hacked was taken offline the same day the attack was discovered.

The university said last month it started notifying those whose Social Security numbers may have been compromised.

For more information, people can call the university’s call center toll-free at 855-842-8351.