The Daily Tar Heel
Printing news. Raising hell. Since 1893.
Friday, March 29, 2024 Newsletters Latest print issue

We keep you informed.

Help us keep going. Donate Today.
The Daily Tar Heel

Data breach concerns persist at UNC

Though it happened more than a month ago, UNC employees are still unsatisfied with the University’s response to December’s data breach.

A petition, which criticizes the way the incident was handled, has garnered almost 100 signatures in a little more than a week. And at a Board of Trustees meeting last week, members apologized for the University’s response to the breach.

The incident resulted in the accidental release of sensitive information, such as Social Security numbers in some instances, of approximately 6,500 employees, former employees and students.

David Brannigan, who works in Grounds Services, created the petition, which he handed out at the UNC Employee Forum community meeting two weeks ago. Many employees felt the situation was not being treated seriously, he said.

“The solution that the administration first suggested was inadequate,” Brannigan said.

Charles Streeter, chairman of the Employee Forum, said many employees have expressed frustration because they were first notified of the breach by a letter sent on Dec. 11 or 12.

Streeter said at first he did not think the letter was important and tossed it aside, as did many others. He also said he did not know about the breach until Dec. 16, when an employee brought it to his attention.

“There could have been another form of communication, in addition to the mailing,” he said.

Patty Courtright, a spokeswoman for the University, said UNC’s Information Security Office is always developing stronger approaches to data security.

“The University has an incident management policy as well as supporting plans and procedures,” she said in an email.

Brannigan said he believes the petition had an impact and is making views heard.

“Not many employees speak out,” he said. “It is important for the people to have direct input into this.”

Brannigan said employees are concerned about what happens at the end of the free year of credit monitoring offered by the University to those affected by the breach. However, he said he feels UNC’s response to employee concerns is improving.

“There is a difference between how the University started handling the situation and how it has progressed,” he said. “It was an improvement.”

Streeter said there is a feeling of uneasiness and a fear of the unknown among employees and the Employee Forum is still figuring out a response.

“We’re still having discussions on what we can do to deal with this situation in a positive way,” Streeter said.

Margaret Umphrey, director of Information Technology Security at East Carolina University, said if a similar breach had occurred at ECU she feels officials would have been likely to contact those affected via email. The last big data breach at ECU took place seven years ago, said Umphrey, and affected 30,000 people.

“We would probably use email— because most people have email access — with a follow-up with postal mail because that’s the protocol we follow,” Umphrey said.

Though frustrated by the situation, Streeter said he does not want to belittle the work the University has done with this issue.

“Even though there are issues, I think UNC has taken great steps to deal with it.”

university@dailytarheel.com

To get the day's news and headlines in your inbox each morning, sign up for our email newsletters.

Special Print Edition
The Daily Tar Heel's Collaborative Mental Health Edition