UNC data breach exposes 163,000 SSNs
School of Medicine at Chapel Hill hacked
Computerworld - The University of North Carolina at Chapel Hill on Friday began notifying about 163,000 women about the potential compromise of their Social Security numbers and other personal information after a hacker breached a system containing the data.
The breached server belonged to the UNC School of Medicine and contained information that was collected as part of a federally funded mammography research project. The system contained records on a total of 236,000 women, of which about 163,000 included Social Security numbers.
Matt Mauro, chairman of the university's Department of Radiology said the breach was first discovered in July when a researcher reported problems accessing the system. A subsequent investigation by the school's information systems staff revealed that the system had been hacked.
Though the breach was discovered in July, there are indications that the actual intrusion may have taken place as long as two years ago, Mauro said. "We think we found some viruses that date back to 2007," he said.
The breached server received information from 31 different sites across the state, Mauro said. When the breach was discovered, the system was taken offline immediately and has remained that way since July, Mauro said.
The sites that were sending the information to UNC have stopped doing so for the moment, while stronger precautions are implemented to prevent a similar breach in future, he said.
The reason that notifications have only just started going out is because UNC technology officials and an external forensic team have required time to piece together the extent of the compromise and to figure out exactly who may have been affected by it, Mauro said.
So far, investigations have revealed nothing to suggest that the persons responsible for the break-in have downloaded or modified the data in any way. "But you just don't know for sure. You have to be suspicious and you have to notify," he said.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts