News Article

Dec. 19, 2008/FOR IMMEDIATE RELEASE Contact: Marla Carpenter, 336-770-3337, carpem@uncsa.edu UNCSA NOTIFYING STUDENTS OF POTENTIAL DATA EXPOSURE
WINSTON-SALEM - The University of North Carolina School of the Arts (UNCSA) is notifying some current and former students that their names and Social Security numbers may have been accidentally exposed in a security breach involving a university computer server. Approximately 2,700 individuals who were enrolled at UNCSA from 2003 to 2006, including summer session students, are being notified. "We have no reason to believe that the personal information was stolen, used inappropriately or even accessed," said Lisa Smith, chief information officer at UNCSA. "However, we are notifying the affected parties so they might take steps to monitor their credit to ensure their identities have not been stolen." Information Technologies believes the student email server was compromised in the spring of 2006 and a file with sensitive student data (names and Social Security numbers) was inadvertently copied to a machine on a peer-to-peer network. "We are continuing to attempt to discover how the file was compromised," said CIO Smith. "There is no indication it was a targeted, malicious act." As soon as the security breach was discovered, UNCSA launched an investigation - assisted by its own internal auditor, police department, and the State Bureau of Investigation - of the affected computer and system. IT staff have closely examined the server and verified that no malware currently exists on the system. Tests are being conducted to be certain that this kind of information cannot be accessed in the future. During the summer of 2006, UNCSA discontinued use of Social Security numbers for student identification and replaced them with 8-digit identification numbers to enhance the security of personal data. "We deeply regret this breach occurred and take our responsibilities for safeguarding student data very seriously," Smith added. "We are using best practices to ensure that the data is no longer accessible, and to enhance our security protocols." UNCSA officials are also working with the Consumer Protection Division of N.C. Attorney General's Office and University of North Carolina General Administration to ensure that all appropriate steps are taken to respond to the incident. The school has also notified the three major credit reporting agencies. In addition, UNCSA has established a website, www.uncsa.edu/incident, and a telephone hotline to answer questions about the incident. The hotline number is 1-877-471-6250, and will be answered from 9 a.m. to 5 p.m. weekdays. Please note, that the school will be closed for the holiday break Dec. 24-Jan. 1; however, the hotline will be staffed during this period with the exception of Dec. 24, 25, and Jan. 1. ###

WINSTON-SALEM - The University of North Carolina School of the Arts (UNCSA) is notifying some current and former students that their names and Social Security numbers may have been accidentally exposed in a security breach involving a university computer server.

Approximately 2,700 individuals who were enrolled at UNCSA from 2003 to 2006, including summer session students, are being notified.

"We have no reason to believe that the personal information was stolen, used inappropriately or even accessed," said Lisa Smith, chief information officer at UNCSA. "However, we are notifying the affected parties so they might take steps to monitor their credit to ensure their identities have not been stolen."

Information Technologies believes the student email server was compromised in the spring of 2006 and a file with sensitive student data (names and Social Security numbers) was inadvertently copied to a machine on a peer-to-peer network.

"We are continuing to attempt to discover how the file was compromised," said CIO Smith. "There is no indication it was a targeted, malicious act."

As soon as the security breach was discovered, UNCSA launched an investigation - assisted by its own internal auditor, police department, and the State Bureau of Investigation - of the affected computer and system. IT staff have closely examined the server and verified that no malware currently exists on the system. Tests are being conducted to be certain that this kind of information cannot be accessed in the future.

During the summer of 2006, UNCSA discontinued use of Social Security numbers for student identification and replaced them with 8-digit identification numbers to enhance the security of personal data.

"We deeply regret this breach occurred and take our responsibilities for safeguarding student data very seriously," Smith added. "We are using best practices to ensure that the data is no longer accessible, and to enhance our security protocols."

UNCSA officials are also working with the Consumer Protection Division of N.C. Attorney General's Office and University of North Carolina General Administration to ensure that all appropriate steps are taken to respond to the incident. The school has also notified the three major credit reporting agencies.

In addition, UNCSA has established a website, www.uncsa.edu/incident, and a telephone hotline to answer questions about the incident. The hotline number is 1-877-471-6250, and will be answered from 9 a.m. to 5 p.m. weekdays. Please note, that the school will be closed for the holiday break Dec. 24-Jan. 1; however, the hotline will be staffed during this period with the exception of Dec. 24, 25, and Jan. 1.

###