Penn State being sued for claims of falsified reports of cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

CENTRE COUNTY, Pa. (WTAJ) — Penn State is being sued for claims that they falsified security reports to the Department of Defense.

Matthew Decker, who was the chief information officer at Penn State’s Applied Research Laboratory filed the lawsuit in October 2022, claiming that Penn State failed to protect sensitive government information by falsifying its compliance with government contracts.

While the lawsuit was filed in October 2022, it wasn’t unsealed until Aug. 28, 2023. The lawsuit stated that contractors like Penn State must provide “adequate security” for covered defense information that is processed, stored, created or transmitted on its internal information system.

It is cited in the lawsuit that this type of information is known as Controlled Unclassified Information (CUI), and is information that is owned or created by the government that is sensitive, but not classified. The lawsuit states that documents like these include technical data, patents or information relating to the manufacture or acquisition of goods and services.

In 2015, Penn State’s campus experienced a significant cyber breach that resulted in a periodic inspection, audit and questioning into compliance, according to the lawsuit. Penn State reported on the breach in which both the Engineering College as well as the Liberal Arts College were targeted.

In June 2022, there was an investigation regarding Penn State’s compliance with their System Security Plans (SSP), according to the lawsuit. It was revealed during this investigation that Penn State was working on its very first SSP, which was alarming to investigators.

As the investigation continued, it became clear that SSPs within Penn State’s research environments did not exist, Decker cited in the lawsuit. According to Decker, this meant the campus could not truthfully attest compliance, nor could the required risk assessment be performed.

In the same month, it was revealed through evaluation that Penn State had been falsely attesting to compliance since Jan. 1, 2018, Decker claimed in the lawsuit.

Get daily updates on local news, weather and sports by signing up for the WTAJ Newsletter

During a second investigation in August 2022, the lawsuit claimed it was discovered that all twenty records that had been submitted to the government had been falsified by Penn State.

The full lawsuit can be found above. 


Click Here For The Original Source.

How can I help you?
National Cyber Security