CHARLOTTE, N.C. – May 9, 2012 - In an update to its February 15, 2012 statement that certain data relating to students, staff and faculty were exposed to the Internet, the University of North Carolina at Charlotte (the “University”) has announced that an investigation into the incident shows that financial account numbers and approximately 350,000 social security numbers were included among the exposed data. The exposure has been remediated, and the University is acting to alert people who may have been affected by this exposure. University staff discovered the exposure.
As previously announced, because of system misconfiguration and incorrect access settings, a large amount of electronic data hosted by the University was accessible from the Internet. There were two exposure issues, one affecting general university systems over a period of approximately three months, and another affecting the University’s College of Engineering systems over a period exceeding a decade. The University has no reason to believe that any information from either of these incidents was inappropriately accessed or that information was used for identity theft or other crime. The exposed data involved people connected to the University, and included names, addresses, social security numbers, and/or financial account information provided in association with transactions with the University.
The University involved state and federal regulatory and law enforcement agencies to assist in determining how to proceed, and acted upon their advice. The University continues to monitor the situation carefully and has increased its internal review procedures to watch for any unusual activity.
The University consistently utilizes industry standard information protections, uses leading data management vendors, and has dramatically increased its information protection capacity since the discovery of the exposures. Nonetheless, the University continues to review all aspects of its information security.
Any person currently connected with the University, or who has been associated with the College of Engineering, who notices either suspicious activity with regards to accounts associated with the University or improper use of his or her social security number, should report such activity or use immediately to the University at 1-855-205-6937, and to any financial institution involved. Additionally, the affected person should contact the Federal Trade Commission at www.ftc.gov/idtheft at 1-877-ID-THEFT (438-4338) or at 600 Pennsylvania Avenue, NW, Washington, DC 20580. Affected persons may also call the local sheriff’s office and file a police report of identity theft, keeping a copy of the police report. In addition, you may contact the Consumer Protection Division of the North Carolina Attorney General’s Office at 9001 Mail Service Center, Raleigh, NC 27699, by phone at 1-919-716-6000 or toll free in North Carolina at 1-877-566-7226. If you reside outside of North Carolina, the contact information for the Attorney General of your state can be found on the website for the National Association of Attorneys General available at http:www.naag.org/current-attorneys-general.php.
If affected persons wish to protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files. A fraud alert notifies creditors to contact individuals before opening new accounts in their name. Contact any one of the three major credit reporting agencies at the numbers/addresses below to place a fraud alert with all three agencies, and receive letters from all of these agencies, with instructions on how to receive a free copy of a credit report from each agency.
Experian Equifax TransUnion
1-888-397-3742 1-888-766-0008 1-800-680-7289
P.O. Box 9554 P.O. Box 740241 Fraud Victim Assistance Division
Allen, TX 75013 Atlanta, GA 30374 P.O. Box 6790
Fullerton, CA 92834
Media should contact UNC Charlotte’s Office of Public Relations at 704-687-5830 with questions about this incident.