Skip the navigation
News

UNC data breach exposes 163,000 SSNs

School of Medicine at Chapel Hill hacked

By Jaikumar Vijayan
September 25, 2009 07:34 PM ET

Computerworld - The University of North Carolina at Chapel Hill on Friday began notifying about 163,000 women about the potential compromise of their Social Security numbers and other personal information after a hacker breached a system containing the data.

The breached server belonged to the UNC School of Medicine and contained information that was collected as part of a federally funded mammography research project. The system contained records on a total of 236,000 women, of which about 163,000 included Social Security numbers.

Matt Mauro, chairman of the university's Department of Radiology said the breach was first discovered in July when a researcher reported problems accessing the system. A subsequent investigation by the school's information systems staff revealed that the system had been hacked.

Though the breach was discovered in July, there are indications that the actual intrusion may have taken place as long as two years ago, Mauro said. "We think we found some viruses that date back to 2007," he said.

The breached server received information from 31 different sites across the state, Mauro said. When the breach was discovered, the system was taken offline immediately and has remained that way since July, Mauro said.

The sites that were sending the information to UNC have stopped doing so for the moment, while stronger precautions are implemented to prevent a similar breach in future, he said.

The reason that notifications have only just started going out is because UNC technology officials and an external forensic team have required time to piece together the extent of the compromise and to figure out exactly who may have been affected by it, Mauro said.

Related Stories

HHS guts health-care breach notification law, groups warn

Breach notification laws: When should companies tell all?

So far, investigations have revealed nothing to suggest that the persons responsible for the break-in have downloaded or modified the data in any way. "But you just don't know for sure. You have to be suspicious and you have to notify," he said.

Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.

Comments ()
Print


Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Forrester Consulting - Optimizing Users and Applications in a Mobile World
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Enter the Security KnowledgeVault
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
Cut Communications Costs Once and for All
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Cybercrime and Hacking White Papers
Streamline Compliance and Increase ROI
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
Protecting Point of Sale Systems from Targeted Attack
If you are responsible for protecting retail systems, download this case study to learn how this retailer eliminated the threat of malware on...
From the Frontline - Preventing APT
Is your company's network secure? Are your endpoints and servers secured? Before you answer, read this case study on a US Military Command...
Stop Hackers Before They Attack
Hacktivism, Identify Theft, Financial Gain, Cyber War - regardless of motivation, stopping today's hackers requires a new proactive approach to protecting endpoints. Learn...
The four rules of complete web protection
As an IT manager you've always known the web is a dangerous place. But with infections growing and the demands on your time...
All Cybercrime and Hacking White Papers
Cybercrime and Hacking Webcasts
WikiLeaks: How am I Affected?
The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
All Cybercrime and Hacking Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all newsletters | Privacy Policy
IT Jobs