The Daily Tar Heel
Printing news. Raising hell. Since 1893.
Thursday, March 28, 2024 Newsletters Latest print issue

We keep you informed.

Help us keep going. Donate Today.
The Daily Tar Heel

Officials clean up UNC data breach

An online security breach of a UNC server gave the public access to private files of approximately 6,500 employees, former employees and students according to a letter released by the University on Dec. 10.

The files contained personal information which included names, Social Security numbers or Employee Tax Identification numbers and, in some cases, addresses and dates of birth.

According to the UNC Information and Technology Services website, the breach is believed to have occurred on Jul. 30 during scheduled maintenance of a University computer. An official in the Division of Finance and Administration was notified of the breach on Nov. 11 and, as of Nov. 23, the files were no longer accessible to the public.

In response to the breach, UNC is offering a free year-long subscription to a credit monitoring service to the nearly 6,500 affected.

“Non-state funds will be used for the one-year subscription to a credit-monitoring service,” said Patty Courtright, director of internal communications. “This will have no effect on student fees.”

According to a University press release, the safeguards on the computer that normally prevent unauthorized viewing of the files were accidentally disabled. The files were then copied and displayed by an automated Google process.

UNC officials said there is still more to uncover as they continue to investigate.

Chris Kielt, vice chancellor for information technology, said the person responsible has not yet been identified and disciplinary action against the individual is still possible. He also said the server in question was within UNC’s Finance and Administration department.

Kielt said there was a gap between when officials were notified of the breach and when the information was no longer available to the public was because the information was cached in Google.

“We had to work with Google to have all of the cache cleared, and it was verified that this was completely taken care of on the 23rd,” Kielt said. “It was a server that had been from the physical device to a virtual device, and in the process some of the permissions were changed. Things that had been private subsequently became open and public.”

Courtright said no one has contacted the school about identity theft or fraud issues due to the breach.

Sophomore Kevin Jang said he thinks student information is not protected well enough at UNC, and the breach should call attention to the transparency with which the school holds private student information.

“I understand how the directory can be used to find emails, but the ability to find any students’ personal living information is almost scary,” Jang said.

“With that said, I’m sure UNC has a lot of regulations and red tape that governs the security so it might be hard to change anything.”

But freshman Edward Diaz said that though the incident is disheartening, he still trusts the University with his information.

“I feel like the University is using its resources adequately to fix its mistake,” Diaz said.

university@dailytarheel.com

To get the day's news and headlines in your inbox each morning, sign up for our email newsletters.

Special Print Edition
The Daily Tar Heel's Collaborative Mental Health Edition