Probe of UNCG security breach finds fewer people put at risk
GREENSBORO - A computer breach discovered at UNCG in December didn't effect as many students and employees as once thought, officials said Wednesday.
An investigation of the breach, which was caused by a computer virus, revealed that a possible 275 people may have been impacted from the data loss.
The breach was traced to a computer in the university's
Accounting Services office that contained payroll data, according to an e-mail sent to students, faculty and staff.
That figure has been dropped from the original 2,500 employees and students thought impacted in December, officials said.
Those still at risk face may have had their names and Social Security numbers stolen and will be notified over the next week, said Steve Gilliam, a UNCG spokesman.
Bank account numbers, which were first thought to be accessible, were not exposed officials said.
"While we are concerned about any possibility of loss of restricted data, we are relieved the extent and likelihood of data loss is smaller than originally believed," said Reade Taylor, vice chancellor of business affairs and Jim Clotfelter, vice chancellor for information technology in the joint e-mail.
The 275 people whose information may still be at risk are comprised of 225 employees and 50 students.
UNCG notified the three major credit reporting agencies - TransUnion, Experian, and Equifax - and the state attorney general's consumer protection division about the security breach.
A web site has been set up to answer questions about the breach here.
Contact Ryan Seals at 373-7077 or ryan.seals@news-record.com
E-mail sent to UNCG community
To: UNCG faculty, staff, and student employees
From: Reade Taylor and Jim Clotfelter
re: Update on 12/15/08 Security Breach Notification
On December 15, 2008, UNCG announced a security breach that involved potential loss of restricted data. Given the scale of possible risk, UNCG publicly announced the breach immediately following the initial discovery. Following extensive work by our staffs, we write to inform you of what is currently known about the situation.
A computer in Accounting Services was initially identified. We now know there was no virus-delivered software on that computer that would allow remote access, nor was there loss of restricted data such as social security numbers or bank account information from that computer. The linked incident report http://fsv.uncg.edu/incident/ describes other security concerns that were discovered as part of our follow-up investigation, and that have been or are being addressed.
While we are concerned about any possibility of loss of restricted data, we are relieved the extent and likelihood of data loss is smaller than originally believed. We now believe approximately 275 people were potentially affected; notification will be sent to them in the next week.
We regret the inconvenience and alarm this caused some current and previous employees but, at the time of the initial notification, the University acted with the best interests of its employees in mind.
If you have further questions about this matter, please call 6-TECH (6-8324).
Related Links
Search News-Record.com
closeSearch News & Record Article Archives
Not all of the newspaper's content appears online.
*There is a fee for downloading some older articles.
