DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of North Carolina servers hacked; 3,500 employees’ data accessed

Posted on January 7, 2013 by Dissent

It seems that the University of North Carolina has had yet another data breach. And although the breach was discovered in May, it took about 7 months for those affected to be notified. Jane Stancill reports:

Some 3,500 people had their personal information exposed when hackers hit two servers of the UNC Lineberger Comprehensive Cancer Center.

The attack was discovered by UNC-Chapel Hill’s information technology employees in May, yet potential victims were not informed until last week when they received letters from center director Dr. Shelley Earp.

Earp apologized for the breach, which compromised personal data, including Social Security numbers and passport numbers, for employees, contractors and visiting lecturers at the center.

Patient files were not stored on the two hacked servers, but there were “a small number of files that contained data from fewer than 15 people who were subjects in research studies.”

Read more on The Chapel Hill News.

UNC has had a number of breaches over the years:

  • In 2007, a UNC-Charlotte student employee was accused of stealing files containing the personal financial aid information of 148 students;
  • In 2008, UNC School of the Arts revealed that in 2006, a student e-mail server was compromised and a file with 2,700 students’ names and Social Security numbers wound up on a machine connected to a P2P network;
  • Also in 2008, UNC-Greensboro disclosed that a virus exposed 275 names, Social Security numbers, and bank account information;
  • In 2009, UNC-Chapel Hill disclosed that 180,000 research participants in a mammography study had their on a server accessed by a hacker. The university demoted the researcher, Bonnie Yankaskas, who successfully appealed the demotion;
  • In 2010, UNC-Greensboro disclosed that 240 records of clients at its Psychology Clinic were on a spreadsheet exposed via malware;
  • Also in 2010, UNC-Greensboro disclosed that 2,300 records of clients at its Speech and Hearing Clinic were exposed by malware;
  • In 2011, UNC-Chapell Hill disclosed that 31 confidential student records were stolen from the student judicial system office. This was the only reported breach involving paper records;
  • In 2012, UNC-Charlotte reported that a configuration error exposed 350,000 SSN and financial data on the Internet; and
  • In 2012, UNC-Charlotte reported that files containing PII had been stored in a manner that left them open to the Internet; unauthorized users could have accessed the files in question during the period of 1997 to February 2012.

Related posts:

  • Forbes Breach Email Statistics
  • NC: University of North Carolina at Chapel Hill School of Medicine and University of North Carolina Hospitals notifying some patients of breach
Category: Breach IncidentsEducation Sector

Post navigation

← It's 10 pm. Do you know where your patients' data are?
Saint Raphael Healthcare System sued because employee took – and circulated – pictures of young gunshot victim's corpse →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.