The University of North Carolina at Chapel Hill (UNC) is investigating a recently discovered data breach, which could potentially affect more than 6,000 people.
On November 11, an information technology manager in the Division of Finance and Administration at the University discovered some of the Division’s files had inadvertently become accessible on the Internet.
These files contained the names and Social Security number or Employee Tax Identification numbers, and in some case, addresses and dates of birth, of some current and former University employees, vendors, and students. At the time the affected files were created, the University utilized Social Security numbers to track employee, student, and vendor records. This practice has been severely restricted by the University since 2006.
Based upon its ongoing investigation, the University believes that during maintenance involving one computer, the safeguards that protected the files against public access were accidentally disabled.The University believes that these files were accessible to the public from July 30, 2013, until November 23, 2013.
The University later learned that as part of Google’s automated processes, these files were copied and made publicly accessible. The University has subsequently asked Google to take these records down immediately. Google complied with the University’s request and as of November 23, 2013, the records are no longer accessible on the Internet.
The University is continuing to investigate the situation.
For more information on the UNC security incident click here.