The University is offering people affected by a recent data breach a one-year subscription to a credit monitoring service that checks activity at all three credit bureaus, at the University’s expense.
People who were affected by the breach are being notified directly by the University by mail in early January 2014 about how they can pursue credit monitoring in addition to the free measures available to safeguard their credit, including fraud alerts and security freezes.
The incident, discovered last month, risked unauthorized online access to personal information concerning approximately 6,500 current and former employees, vendors and students.
The University began notifying people who were affected by this incident by letter on Dec. 10, explaining what happened, which pieces of their personal information were disclosed, what steps the University has taken to delete the source files and make sure they are no longer publicly accessible, and what people can do to protect against identity theft.
The University has not been able to determine whether individual personal information was misused as a result of this incident or accessed by others – other than Google, which copied the files as part of its automated processes and since has removed them at the University’s request.
There is no evidence that this information was used maliciously, said Chris Kielt, vice chancellor for information technology.
The University takes this situation very seriously, he said, and the prompt, aggressive action to secure the files and notify the affected people underscores Carolina’s commitment to protect sensitive data in its possession. University officials continue to implement appropriate measures campus-wide to protect sensitive information, Kielt said.
“Our goal is to create a technology environment that ensures that all data is handled appropriately and we have the proper safeguards in place to avoid data breaches in the future,” he said.
For answers to frequently asked questions about this incident, please visit http://its.unc.edu/security-incidents/.
Published December 23, 2013.