UNC data leak exposes more than 1,000 Social Security numbers
The University of North Carolina at Chapel Hill knew there was a problem on Jan. 30, but it took about a month to notify the people impacted.
Posted — UpdatedUNC said 1,025 people had their personal information mailed incorrectly. The university mistakenly sent out IRS Form 1099s with names, addresses, social security numbers, or tax identification number to the wrong people.
"While 3,403 forms were printed correctly, only 2,214 envelopes were mailed. Upon further investigation, the University determined that due to human error and a processing issue, some of the 2,214 mailings included more than one IRS form," said Query.AI Chief Information Security Officer Neal Bridges.
UNC discovered the error five days later, on Jan. 30, but those affected were notified until Feb. 28.
When asked about the delay in reporting, UNC said:
"The University is deeply committed to protecting the privacy, security, and confidentiality of the information they maintain and worked hard to notify those impacted as quickly as possible. When the University learned of the incident, it began an investigation and retained a vendor to assist with issuing the notification letters as well as offering free 12 months of Triple Bureau credit monitoring, CyberScan dark web monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services."
Bridges, a cybersecurity expert with 30 years of experience, discussed the risk of a person's identity being compromised.
"The risk is that personal data can be used to compromise your identity or personal information and ultimately lead to some form of bank, IRS, or any other form of fraud out there," Bridges said.
UNC said it would offer credit monitoring and a year of identity theft protection to those affected by the leak at no cost.
In a statement, the university wrote:
"We deeply regret any concern or inconvenience this incident may have caused. In response to the incident, the University implemented updated processes, technical improvements and employee training to help prevent something like this from happening again."
Experts say that on top of monitoring credit closely, it's a good idea to file a police report to provide proof if you're a victim of a data leak.
"This is a very standard practice for companies, but it's not sufficient in terms of any form of long-term protection,” Bridges said. “It is ultimately the consumer's responsibility to maintain watch of their finances after this period ends."
The university said that as of Friday afternoon, there is no indication that any sensitive information has been misused.
Related Topics
• Credits
Copyright 2024 by Capitol Broadcasting Company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
