The University of North Carolina at Charlotte recently stated [PDF file] that the Social Security numbers of of approximately 350,000 people connected to the university were exposed for as long as 15 years due to misconfigured settings.
“There were two exposure issues, one affecting general university systems of a period of approximately three months, and the other affecting UNC Charlotte’s The William States Lee College of Engineering systems over a period exceeding a decade,” the statement reads. “The University has no reason to believe that any information from either of these incidents was inappropriately accessed or that information was used for identity theft or other crime. The exposed data involved people connected to the University, and included names, addresses, social security numbers, and/or financial account information provided in association with transactions with the University.”
“The university said it learned of the first incident on January 31, 2012, and implemented its security incident response plan. The data exposures have been ‘remediated,’ it said,” Infosecurity reports. “UNC Charlotte informed state and federal regulatory and law enforcement agencies, which assisted with the investigation and remediation.”
“Despite the extent of the exposure, school officials don’t believe any of the information was accessed improperly and have not seen evidence of identity theft,” writes Threatpost’s Anne Saita. “They have notified the victims and outlined standard steps they should take to protect themselves, such as monitoring accounts for suspicious activity and notifying the main credit bureaus and state’s Consumer Protection Division.”