CHARLOTTE, NC (WBTV) - University officials at UNC Charlotte say they now know exactly what was exposed during an Internet breach earlier this year.
School officials alerted students and staff in mid-February that online security breach hit the Charlotte-based college campus. They discovered the breach in January but told WBTV they waited to inform students until they knew more.
An investigation into the incident shows that financial account numbers and approximately 350,000 social security numbers were included among the exposed data.
The exposure has been remediated, officials say, and the University is acting to alert people who may have been affected by this exposure. University staff discovered the exposure.
"I think that's really scary. It makes me feel unsafe to think my information could be out there and that somebody could take my credit and do what they want to with my social security," said student Jennifer Affinito.
Due to a system misconfiguration and incorrect access settings, a large amount of electronic data hosted by the University was accessible from the Internet.
There were two exposure issues, one affecting general university systems over a period of approximately three months, and another affecting the University's College of Engineering systems over a period exceeding a decade.
The University has no reason to believe that any information from either of these incidents was inappropriately accessed or that information was used for identity theft or other crime.
The exposed data involved people connected to the University, and included names, addresses, social security numbers, and/or financial account information provided in association with transactions with the University.
"We're still investigating as to how it came to be," said Stephen Ward, a spokesman with UNCC.
The University involved state and federal regulatory and law enforcement agencies to assist in determining how to proceed, and acted upon their advice. The University continues to monitor the situation carefully and has increased its internal review procedures to watch for any unusual activity.
The University consistently utilizes industry standard information protections, uses leading data management vendors, and has dramatically increased its information protection capacity since the discovery of the exposures. Nonetheless, the University continues to review all aspects of its information security.
Any person currently connected with the University, or who has been associated with the College of Engineering, who notices either suspicious activity with regards to accounts associated with the University or improper use of his or her social security number, should report such activity or use immediately to the University at 1-855-205-6937, and to any financial institution involved.
Additionally, the affected person should contact the Federal Trade Commission at www.ftc.gov/idtheft at 1-877-ID-THEFT (438-4338) or at 600 Pennsylvania Avenue, NW, Washington, DC 20580. Affected persons may also call the local sheriff's office and file a police report of identity theft, keeping a copy of the police report.
In addition, you may contact the Consumer Protection Division of the North Carolina Attorney General's Office at 9001 Mail Service Center, Raleigh, NC 27699, by phone at 1-919-716-6000 or toll free in North Carolina at 1-877-566-7226.
If you reside outside of North Carolina, the contact information for the Attorney General of your state can be found on the website for the National Association of Attorneys General available at http://www.naag.org/current-attorneys-general.php
If affected persons wish to protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files. A fraud alert notifies creditors to contact individuals before opening new accounts in their name.
Contact any one of the three major credit reporting agencies at the numbers/addresses below to place a fraud alert with all three agencies, and receive letters from all of these agencies, with instructions on how to receive a free copy of a credit report from each agency.