UNC investigates data breach affecting 6,000 people [The Herald-Sun, Durham, N.C.]
(Herald-Sun (Durham, NC) Via Acquire Media NewsEdge) Dec. 14--CHAPEL HILL -- UNC-Chapel Hill officials are investigating an online data breach of personal information that affects more than 6,000 people, according to the university.
The files that were accidentally made public contained names and Social Security or Employee Tax Identification numbers, and in some instances, addresses and dates of birth. The information belongs to some current and former employees, vendors, and students.
An information technology manager in the UNC Division of Finance and Administration was informed Nov. 11 that some electronic files managed by the Division of Facilities Services inadvertently became accessible on the Internet, according to the UNC announcement.
When university officials learned about the incident, they took steps to block access to the files and began an extensive investigation, which is ongoing. As of Nov. 23, the records are no longer accessible on the Internet.
University officials believe that on July 30, during maintenance of one computer, the safeguards that protected the files against public access were accidentally disabled, according to UNC.
The university also learned that as part of Google's automated processes, these files were copied and made publicly accessible. The university asked Google to take the records down immediately, and Google complied.
UNC worked with a consultant to identify potentially affected individuals as soon as it had been confirmed that their personal information was included in the files. On Dec. 10, the university began notifying these people by mail.
"Other than Google's activities described above, we have not been able to determine whether individual personal information was accessed by others or was misused as a result of this incident," said Kevin Seitz, interim vice chancellor for finance and administration, in the notification letter sent to the affected people's last known addresses.
"Please be assured that we continue to evaluate our computer and administrative systems and to implement appropriate measures to protect the sensitive information in our possession."
According to Chris Kielt, vice chancellor for information technology, the university's prompt, aggressive action underscores its commitment to protect sensitive data. Making sure the files were secured and notifying the affected people as quickly as possible were top priorities, he said in a statement.
To help protect personal information stored on campus servers, Information Technology Services (ITS) has a process in place for regularly scanning servers that have been identified by a unit's system administrator as storing sensitive data.
"Furthermore, as part of a broader initiative to address the risk imposed by the exposure of sensitive data, ITS is working to formalize the process for identifying and safeguarding sensitive data university-wide," he said.
The letter sent to people affected by this data breach included recommendations, based on information from the N.C. Department of Justice and the U.S. Federal Trade Commission, about ways to protect against identity theft and a link to frequently asked questions outlining what happened, what kind of personal information was involved, and steps people can take to monitor any potential fraudulent activity and protect their information (see http://its.unc.edu/incident).
People also can contact the toll-free call center assisting the university at 1-866-458-3184 from 9 a.m. to 6 p.m. weekdays until Feb. 10, 2014. People at the call center are able to assist in English or Spanish, and anyone needing translation assistance in Burmese or Karen can call the Facilities Services human resources office at 919-962-9060 or visit the office in Room 110 of the Giles Horney Building on Airport Drive.
(c)2013 The Herald-Sun (Durham, N.C.)
Visit The Herald-Sun (Durham, N.C.) at www.heraldsun.com
Distributed by MCT Information Services
[ Back To Technology News's Homepage ]