Penn State's College of Engineering has been disconnected from the Internet so it can recover from two serious computer intrusions that exposed personal information for at least 18,000 people and possibly other sensitive data, officials said Friday.

The group responsible for one of the attacks appears to be based in China, a country many security analysts have said actively hacks and trawls the computer networks of western nations for a wide range of technical data. University officials said there's no evidence that the intruders obtained research data, but they didn't rule the possibility out. Officials have known of the breach since November 21, when the FBI reported an attack on the engineering college network by an outside entity. In a letter to students and faculty issued Friday, Penn State President Eric J. Barron wrote:

In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation. Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse. This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible; minimize the disruption and inconvenience to engineering faculty, staff and students; and to harden Penn State’s networks against this constantly evolving threat.

Barron said he expected Internet connectivity for the engineering school network to be restored in several days. While the intrusions affected only a small set of people, all College of Engineering faculty and staff at the University Park campus, as well as students at all Penn State campuses who recently have taken at least one engineering course, will be required to choose new passwords for their Penn State access accounts. Faculty and staff who want to access college resources remotely over a virtual private network connection will be required to use two-factor authentication.

"In addition, and in light of these new and ongoing threats against large organizations around the world, we are launching a comprehensive review of all related IT security practices and procedures at Penn State," Barron wrote. "As this review takes place, we will keep in mind our intrinsic need as a university to maintain an open environment for learning and collaboration, while at the same time acknowledging the need to further strengthen our security posture to marginalize cybercrime."