North Carolina School of the Arts with Logo
School of Dance School of Design and Production School of Dance School of Filmmaking School of Music Visual Arts Academic Programs Student Life apply search ncsahome
 
Administration Links
 

UNCSA
Security Breach Involving Data Exposure
Frequently Asked Questions

Question: I received notification that there was a security breach involving my personal information (name and Social Security number). Does that mean someone stole my personal information?

Answer: No. At this time, the school has no reason to believe that the personal information was stolen, used inappropriately or even accessed by anyone. Thus far, there have been no reports of unauthorized use of personal information as a result of this computer security breach.

Question: What personal information was involved?

Answer: Names and Social Security numbers of students who were enrolled at UNCSA from July 2003 to May 2006. The file containing the names and Social Security numbers did not identify UNCSA.

Question: How many people were affected?

Answer: 2,701 students and former students. They include students who were enrolled during regular year terms and summer sessions. 256 are currently enrolled students.

Question: If no misuse of my information has occurred, why did you notify me?

Answer: This is a precautionary measure.  Because the consequences of such unauthorized access are potentially serious, it is our responsibility to provide you with this notification and to advise you to monitor your credit to be sure that your identity has not been stolen.

Question: How did this happen?

Answer: Information Technologies believes the student email server was compromised in the spring of 2006 and a file with sensitive student data was inadvertently copied to a machine on a peer-to-peer network. However, we are continuing to attempt to discover how the file was compromised.

Question: How and when did UNCSA discover the problem?

Answer: UNCSA was notified of the breach only last week during a scan of a peer-to-peer network. The company that discovered the breach does peer-to-peer monitoring for government entities and companies worldwide.

Question: Who looked into this incident, and what did they find?

Answer: UNCSA conducted an investigation, assisted by its own internal auditor, police department, and the State Bureau of Investigation. There is no indication this was a targeted, malicious act. We have closely examined the server and verified that no malware currently exists on the system.

Question: Is this information still at risk of disclosure?

Answer: Not from UNCSA. The computer involved in this incident and the campus network have been secured. However, once personal information has appeared on the Internet, it is almost impossible to remove the data.

Question: Could this happen again?

Answer: UNCSA discontinued the use of student Social Security numbers and replaced them with an 8-digit campus identification number during the summer of 2006 to enhance the security of personal data. Please be assured that UNCSA is taking appropriate steps and using best practices to safeguard your personal information, as well as to review and enhance our security protocols.

Question: What else has UNCSA done to help me?

Answer: In addition to the steps we have taken to protect your information from current and future unauthorized access, we have provided notification to the three major credit reporting agencies - TransUnion, Experian, and Equifax - and to the Consumer Protection Division of the North Carolina Attorney General’s office.

Question: What should I do personally?

Answer: Please do the following:

  1. Check your credit report to ensure no unauthorized activities have occurred;
  2. Verify that no fraud has occurred; and
  3. Monitor your accounts, because stolen data could be used for future fraud.

You are entitled to one free credit check per year per credit reporting agency, and you may access that report by visiting the following web site: https://www.annualcreditreport.com/cra/index.jsp

To be vigilant, we suggest that you place a free “fraud alert” on your personal credit file if you have been victimized or believe you could become a victim of identity theft. A fraud alert tells creditors to either contact you or use reasonable policies and procedures to verify your identity before any new accounts are opened in your name or if there are any changes to your existing accounts. To place a fraud alert on your file, call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts.

Equifax                           Experian                              TransUnion
1-800-525-6285          888-397-3742                     800-680-7289

Even if you do not find any suspicious activity when you conduct your credit report check, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically as a best practice. The Fair and Accurate Credit Transaction Act of 2003 (FACTA) gives all consumers the ability to obtain an annual credit report from each of the three credit bureaus free of charge. If you find any information relating to fraudulent transactions, contact the credit bureau to determine how to have the transaction deleted.

The FTC also provides helpful information about identity theft. For more information, go to www.ftc.gov and click on “Information on Free Credit Reports” or call the FTC hotline at 1-877-IDTHEFT.

If you believe you have been a victim of identity theft, we encourage you to contact the FTC immediately by calling the FTC hotline or at www.ftc.gov/idtheft.  We would also like for you to notify us so that we can continue to assist with this situation.

Question: Will UNCSA contact me to ask for private information because of this incident?

Answer: In similar cases at other institutions, people have reportedly been contacted by individuals claiming to represent the university and who then proceed to ask for personal information, including Social Security numbers and/or credit card information. Please be aware that we will only contact you about this incident if additional information becomes available. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.

Question: Whom should I contact if I have any additional questions concerning this security breach?

Answer: In order to answer any questions that you may have regarding this incident, a special hotline has been established: 1-877-471-6250, and will be answered from 9 a.m. to 5 p.m. weekdays. Please note, the school will be closed for the holiday break Dec. 24-Jan. 1; however, the hotline will be staffed during this period with the exception of Dec. 24, 25, and Jan. 1.

Question: Where can I get more information?

Answer: UNCSA will continue to monitor the situation and will provide any updates at this website, www.uncsa.edu/incident.