Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Herald-Sun reports that files containing the personal information of more than 6,000 vendors, students and current and former employees at the University of North Carolina at Chapel Hill (UNC-Chapel Hill) were mistakenly made available online from late July 2013 until November 2013.
On November 11, 2013, an IT manager in the university's Division of Finance and Administration was informed that some files managed by the Division of Facilities Services were accessible on the Internet.
The files contained names, Social Security numbers or Tax Identification numbers, and in some cases, addresses and birthdates. "At the time the affected files were created, the University utilized Social Security numbers to track employee, student, and vendor records," UNC-Chapel Hill noted in a FAQ. "This practice has been severely restricted by the University since 2006."
According to the university, during maintenance of a computer on July 30, 2013, "the safeguards that protected the files against public access were accidentally disabled." They were then indexed by Google and were viewable via its search results. As of November 23, 2013, Google had removed the files, and they were no longer accessible online.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
All those affected were notified by mail on December 10, 2013, though no free credit monitoring services are being offered. Employees, vendors and students with questions are advised to contact (866) 458-3184.