1. PROSPECTIVE STUDENTS
2. CURRENT STUDENTS
3. FACULTY & STAFF
4. ALUMNI
5. COMMUNITY & FRIENDS

1. CAMPUS LINKS
   1. Inside UNCG
   2. Admissions
   3. Academics
   4. Libraries
   5. Administration
   6. Research & Centers
   7. International Programs
   8. Continuing Education
      & Outreach
   9. Technology
   10. Arts & Entertainment
   11. Employment
   12. Corporate Resources
   13. Giving to UNCG

Incident Report for the Campus
Security Breach Involving Personal Information

January 28, 2009

This is an update to the incident report posted December 15, 2008.

1. How did the university discover this problem?
   
   The situation was detected on Wednesday evening, Dec. 10, 2008, when an Accounting Services employee received a notification of a virus alert while attempting to access data. While investigating the suspected breach the week of December 15th, Information Technology Services employees and Police investigators determined that the program originally thought to be the virus-delivered software on the Accounting Services workstation was authorized and appropriate, and began to investigate an alternate source as the source of the virus.
   
   
2. Now that a month-long, in-depth investigation of the security incident has been completed, what data could have been exposed?
   
   The system contained files with data including names and social security numbers.  We have concluded that bank account numbers, first thought to be accessible, were not exposed.  Furthermore, additional analysis indicates that the number of people whose data was potentially affected was much smaller than initially believed.  (See #4 below.)
   
   
3. Is personal data about me still viewable by unauthorized persons?
   
   The data which were potentially open to unauthorized individuals have been moved to another location and the virus has been removed.  We continue to work to provide appropriate protection for all data in our care.
   
   
4. How many people were affected?
   
   Discoveries subsequent to the original announcement have substantially reduced the number of personal identities thought to be at risk.  We currently believe this number to be approximately 225 employees and 50 students. These individuals will be notified in the next week.
   
   
5. Are crediting monitoring services available?
   
   If you suspect any fraudulent activity on your credit records, we suggest that you place a free “fraud alert” on your personal credit file if you have been victimized or believe you could become a victim of identity theft. A fraud alert tells creditors to either contact you or use reasonable policies and procedures to verify the consumer's identity before they open any new accounts in your name or change your existing accounts. To place a fraud alert on your file, you should call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts.
   
   
6. Should I close my direct deposit account?
   
   We have concluded that bank account and bank routing numbers, first thought to be accessible from the Accounting Services computer, were not exposed from the Accounting Services computer. No bank routing and account information was exposed, as far as we can determine from all of our investigations, so this incident should not affect that decision.
   
   
7. What should I do if I think my personal information has been compromised?
   
   
• Check to verify that no fraud has occurred
• Monitor your banking account
• Review the documents at the North Carolina Attorney General's web page http://noscamnc.gov/yourself.html
• Notify your credit card company
• Call the national credit reporting organizations listed below to place a fraud alert on your account:
• Equifax: 1-877-576-5734 http://www.equifax.com
• Experian (formerly TRW): 1-888-397-3742 http://www.experian.com
• Trans Union:1-800-680-7289 http://www.transunion.com
• AnnualCreditReport.com: 1-877-322-8228 https://www.annualcreditreport.com


8. What steps is UNCG taking to further assure future security?
   
   Specific actions that UNCG will take are:
   
   
   • Upon request, the ITS security office will meet with department management to review current business processes and update them to best maintain the security of University data.
   • Access controls on server file space will have regular audits and a single individual named responsible by the appropriate data steward.
   • Workstations today are registered by a named individual.  We will work to ensure that all workstations handling restricted data will be administered by a named, responsible party and will train them on their responsibility.  The registered administrator of that workstation will, upon full implementation, be accountable for the use of the workstation.
   • All University-wide, ITS-managed server file storage accessible by desktops/laptops now has active antivirus software protecting the file space, under a pilot project, and all non-ITS-managed server file storage and all workstation file storage should have active antivirus software.
   • UNCG will work to eliminate restricted data from workstations.
     • We will train workstation users in their responsibility toward temporary data storage.  The workstation user should purge transient restricted data left by normal use.
     • Continue education of policy and responsibility that restricted data not be maintained on local workstation hard drive.
     • A tool will be provided to help workstation owners identify Social Security numbers and credit card numbers on local workstations.
   • Upon implementation of the Enhanced Security Network, workstations accessing highly restricted data will not be directly accessible from the Internet.
     • UNCG is working to develop an Enhanced Security Network in 2009. The primary goal of the new network service offering is to provide users with an alternative to the public network computing environment that is private and more secure, but that also retains all of the functionality that users need to do their jobs effectively. Benefits include the protection of computing on a private network that is not visible to the public Internet, the protection of a network perimeter web filtering proxy that helps prevent web browser exploitation, and the ability to take advantage of other new protection features that will be deployed on this network.
       
       
   In 2008, we engaged a nationally recognized security firm to deliver on-site security training to staff and faculty. Information security cannot be implemented with technology alone, but requires active involvement by the knowledge workers who handle the University’s data.  Security training will continue to be made available on a continuing basis.
   
   UNCG has implemented a software image lifecycle management process that includes a security review of all proposed image revisions, and includes monthly updates of images to include the latest security patches. Patches deemed critical may be incorporated in advance of the monthly update schedule.
   
   Over the past year, UNCG has implemented improved documentation and training for "best practices" in securing local computer accounts. New technology support staff must complete a certification program prior to having access to the software images. UNCG is working to expand our ability to support more frequent computer image refreshes.

For further questions on the incident report, please call 256-8324.

Page updated: 29-Jan-2009

Accessibility Policy