UNC Chapel Hill data breach affects more than 6,000

Share this article:

More than 6,000 current and former employees, vendors and students of The University of North Carolina Chapel Hill are being notified that their personal information may have been compromised in a data breach.

How many victims? More than 6,000. 

What type of personal information? Names, addresses, dates of birth, Social Security numbers and tax identification numbers are among the compromised data.

What happened? An information technology manager in the Division of Finance and Administration discovered that some Division of Facilities Services files containing the personal data were inadvertently posted publicly on the internet.

What was the response? The University denied internet access to the files and conducted an in-depth forensic investigation. A consultant was hired to identify affected individuals. The files were removed from Google, where copies were being hosted. Affected individuals began receiving notification letters on Dec. 10. The University is taking steps to improve information security, including formalizing the process for identifying and safeguarding sensitive data.

Details: The University believes that safeguards preventing the files from becoming publicly accessible were inadvertently disabled on a computer during maintenance on July 30. University officials learned of the incident on Nov. 11 and believe the information was publicly available between July 30 and Nov. 23. It is not believed that another party copied the files and criminal conduct is not suspected at this time. An investigation is ongoing.

Quote: “Please be assured that we continue to evaluate our computer and administrative systems and to implement appropriate measures to protect the sensitive information in our possession,” Kevin Seitz, interim vice chancellor for finance and administration, said.

Source: its.unc.edu, “University investigates data breach, notifies affected people,” December, 2013

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Backup hard drive stolen from law firm contained personal info

Social security numbers were among the information on a backup hard drive that was stolen from an employee of Imhoff and Associates, PC.

POS malware infections at two OTTO pizzeria locations in Maine

About 900 customers at two OTTO pizzeria locations in Portland, Maine, had payment card data compromised after POS malware was discovered on terminals.

Los Angeles-based health system breached; more than 500 patients affected

Personal information on more than 500 Cedars-Sinai Health System patients was compromised after a laptop was stolen from an employee's home.