UNC Charlotte Posts Personal Data on 350000 People

System misconfiguration and incorrect access settings are to blame for exposed data discovered by staff at the University of North Carolina at Charlotte. In two separate incidents, financial account numbers and about 350,000 Social Security numbers were posted inadvertently to the Internet, where it was publicly available. One of the exposures affected general university systems over a period of three months. The other pertained specifically to the university's College of Engineering systems over a period longer than a decade.

Both involved data for students, staff, and faculty and included names, addresses, Social Security numbers, and in some cases financial account data pertaining to university transactions. The university said in a statement that it has no reason to believe that any information from either event was inappropriately accessed or that information was used for identity theft or any other crime.

The breach was first announced February 15, 2012. Subsequently, the institution called in state and federal regulatory and law enforcement agencies to direct next-steps and launched a forensics investigation to understand the extent of the potential damage and the causes. Since then the exposures have been remediated.

In the briefer incident, the university reported in an online FAQ, data stored on a university drive was exposed to the Internet during a system upgrade "because of misconfiguration and incorrect access settings." That exposure lasted from November 9, 2011 to January 31, 2012. When the misconfiguration came to light, the university corrected it and put in place additional safeguards and data controls.

In the longer incident, the university said, files containing sensitive data were stored in a manner that left them open to the Internet. "Unauthorized users could have accessed the files in question during the period of 1997 to February 2012." Again, when the exposure was discovered, U North Carolina Charlotte corrected the problem and put additional safeguards and controls in place.

The university said it continues to monitor the situation carefully and has increased its internal review procedures--which are considerable--to watch for any unusual activity. It's also scrambling to alert those whose personal information was part of the public exposure. The advice it's offering to those affected: Place a free fraud alert on credit files with the three major credit reporting agencies.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • illustration of people collaborating around large interlocking gears and data charts

    Why ERP and AI Initiatives Stall at the Execution Layer: A CIO Perspective

    Higher education institutions are investing heavily in ERP modernization, analytics, and AI-driven capabilities. Yet even with these investments, many are running into the same issue: turning insight into coordinated, timely action.

  • Neon blue security locks with a single red highlight

    AI Shifts Cybersecurity Focus from Finding Flaws to Fixing Them

    For decades, one of cybersecurity's most difficult challenges has been finding vulnerabilities before attackers do. A growing number of security professionals now say artificial intelligence is changing that equation, shifting the focus from discovering flaws to fixing them quickly enough to prevent exploitation.

  • Educational path and career development growth with neon icons for study, idea, graduation, and success

    How to Embrace Lifelong Learning as a Non-negotiable for Career Growth

    In a world shaped by rapid technological change and shifting economic forces, staying curious and committed to learning is the most powerful way to stay prepared.

  • circuit patterns

    Anthropic Launches Lower-Cost Claude Sonnet 5

    Anthropic has released Claude Sonnet 5, positioning the model as its most autonomous mid-tier offering to date and a lower-cost alternative to its flagship Opus 4.8 system. The company said the model can plan multi-step tasks, operate tools such as browsers and terminals, and complete agentic work at a level that previously required larger and more expensive models.