It seems that the University of North Carolina has had yet another data breach. And although the breach was discovered in May, it took about 7 months for those affected to be notified. Jane Stancill reports:
Some 3,500 people had their personal information exposed when hackers hit two servers of the UNC Lineberger Comprehensive Cancer Center.
The attack was discovered by UNC-Chapel Hill’s information technology employees in May, yet potential victims were not informed until last week when they received letters from center director Dr. Shelley Earp.
Earp apologized for the breach, which compromised personal data, including Social Security numbers and passport numbers, for employees, contractors and visiting lecturers at the center.
Patient files were not stored on the two hacked servers, but there were “a small number of files that contained data from fewer than 15 people who were subjects in research studies.”
Read more on The Chapel Hill News.
UNC has had a number of breaches over the years:
- In 2007, a UNC-Charlotte student employee was accused of stealing files containing the personal financial aid information of 148 students;
- In 2008, UNC School of the Arts revealed that in 2006, a student e-mail server was compromised and a file with 2,700 students’ names and Social Security numbers wound up on a machine connected to a P2P network;
- Also in 2008, UNC-Greensboro disclosed that a virus exposed 275 names, Social Security numbers, and bank account information;
- In 2009, UNC-Chapel Hill disclosed that 180,000 research participants in a mammography study had their on a server accessed by a hacker. The university demoted the researcher, Bonnie Yankaskas, who successfully appealed the demotion;
- In 2010, UNC-Greensboro disclosed that 240 records of clients at its Psychology Clinic were on a spreadsheet exposed via malware;
- Also in 2010, UNC-Greensboro disclosed that 2,300 records of clients at its Speech and Hearing Clinic were exposed by malware;
- In 2011, UNC-Chapell Hill disclosed that 31 confidential student records were stolen from the student judicial system office. This was the only reported breach involving paper records;
- In 2012, UNC-Charlotte reported that a configuration error exposed 350,000 SSN and financial data on the Internet; and
- In 2012, UNC-Charlotte reported that files containing PII had been stored in a manner that left them open to the Internet; unauthorized users could have accessed the files in question during the period of 1997 to February 2012.