Please review this page before initiating contact. The university aims to ensure the most effective exchange of information surrounding this matter and, as such, encourages you to read the below contact information carefully.
Please refrain from calling individual offices or contacts on campus, including ITS, the ITS help desk (TAC), etc., as this will slow down the university’s ability to complete this investigation. All callers will be referred to uncw.edu/datasecurity.
If your question is not addressed here, please email UNCW at: firstname.lastname@example.org
FAQs about Unauthorized Data Access
What was the nature of this incident?
A forged webpage was published on one of UNCW’s web application servers in an attempt to launch a phishing attack. In the course of investigation, UNCW’s Information Technology Security team determined that sensitive data existed on that server. Further examination found that the password to an administrator account was exposed by an intruder.
Was this potential compromise of data in any way related to the “Heartbleed” virus?
What data may have been compromised?
At the time of the incident, files on the server contained names, addresses and social security numbers of individuals who may have shared that information with UNCW. The sensitive information was exposed but we have no confirmation the data was, in fact, accessed.
If I am concerned that my information may have been compromised, what should I do?
Please visit uncw.edu/datasecurity for resources and the latest updates on this investigation. Please refrain from calling individual offices or contacts on campus, including ITS, the ITS help desk, etc., as this will slow down the university’s ability to complete this investigation. All callers will be referred to uncw.edu/datasecurity.
If you believe your information may have been compromised, you
may visit the NC Department of Justice’s Attorney General’s Office page
regarding security breaches.
If you reside outside of North Carolina, the contact information for the Attorney General of your state can be found on the website for the National Association of Attorneys General: http://www.naag.org/current-attorneys-general.php.
How is the university notifying those whose information may have been compromised?
The university is aggressively activating outreach to individuals employed at UNCW as of March 2014, which may include part-time and temporary employees, Graduate Students, and Adjunct Instructors; and individuals who took a foreign language placement test at UNCW between the years 2002 and 2006, via the latest contact information we have on file. This may include “snail mail” notifications when email addresses aren’t available. The university is utilizing a variety of mediums to ensure the most effective and prompt notification process possible.
Could the number of those affected go up?
The investigation is closed as of June 2014. There are no further updates expected.
Is there a police report number associated with this incident? (Those affected may need this number for reporting purposes.)
The police report number is 201400354.
What measures are being taken to prevent this from happening again?
UNCW has taken aggressive steps to:
- Ensure server Operating System is current
- Ensure all vendor applications are current
- Prevent upload access to the web application server
- Increase frequency of scans to identify unauthorized access issues
- Deploy industry software to identify Personal Identifying Information contained in files housed on university servers
- Migrate existing software applications to separate servers with improved security measures