Saturday, December 20, 2008

"Incidents buried in back-page press"

Article From [ ]

Published: December 20, 2008

Regional Briefs: UNCSA tells its students to monitor credit

Officials at the UNC School of the Arts say they are notifying current and former students that their names and Social Security numbers "may have been accidentally exposed" in a security breach involving a university computer server.

The server in question went online in July 2003. The security breach occurred in May of 2006 and affected about 2,700 students who were enrolled between 2003 and 2006.

Each of these students is being notified. The group includes summer-session students and 256 of the 1,162 students currently enrolled at the school.

"We have no reason to believe that the personal information was stolen, used inappropriately or even accessed," Lisa Smith, the chief information officer at UNCSA, said in a statement. "However, we are notifying the affected parties so that they might take steps to monitor their credit to ensure their identities have not been stolen."

School officials say they became aware of the breach last week. They say they are still trying to determine its cause.

The N.C. Attorney General's Office has been notified.

School officials say they are conducting tests to ensure the future safety of personal data.

Perhaps I just don't get it; and maybe I'm reading far too deep into this alleged "incident"... but if I'm a student at this school I'm furious. There are 2 highlights here that should get you thinking about how seriously loss of personal information is being taken.

Without getting on my soap-box, I'd simply like to comment that if the incident took place in May 2006, and the officials were notified last week - something is desperately wrong here. That's 2 and a half years that has passed since the breach and they're finding out about it now? Even in the most absolutely inefficiently idiotic of administrations this isn't possible. Something smells like rotting fish here.

1 comment:

Anonymous said...

Perhaps sue them for negligence?
Come on, 2 1/2 years after the breach you get notified that you might have suffered cc fraude, I would be itching to get medieval on someones ass