Univ. Breaches Expose 350,000 SSNsTwo Incidents Made Info Accessible on Internet
A University of North Carolina at Charlotte investigation into two breach incidents that were first reported Feb. 15 determined that 350,000 Social Security numbers, plus financial account numbers, were exposed.
A security incident page on the university's website explains that two separate security incidents took place. In the first incident, during an information system upgrade, data stored on a drive were exposed on the Internet and available to unauthorized users from Nov. 9, 2011 to Jan. 31, 2012.
The second incident involved files containing sensitive data, including personally identifiable information, being stored "in a manner that left them open to the Internet." Unauthorized users could have accessed the files anytime from 1997 to February 2012, according to the university.
"The exposure has been remediated, and the university is acting to alert people who may have been affected by this exposure," the university announced in a press release.
In addition to exposing Social Security numbers and financial account numbers, the two breaches also exposed names and addresses.
The university says that it has no evidence of identity theft connected to the two incidents. It says that if affected individuals suspect suspicious activity, they should report it to the university immediately and also contact the Federal Trade Commission at www.ftc.gov/idtheft.
Once learning about the first incident, the university put its incident response plan into effect and worked with a forensics firm to conduct in-depth investigations of both incidents.
The university's announcements about the breaches did not mention whether it would be providing free credit monitoring services to breach victims.