University data breach exposes 163,000 women to identity theft

By SearchSecurity.com Staff 29 Sep 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

University of North Carolina at Chapel Hill has disclosed a data breach of one of its servers that exposed the identities of 163,000 women.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The women were participating in a mammography study conducted by the UNC School of Medicine. The breach could date as far back as 2007, and has exposed Social Security numbers, dates of birth and other sensitive information on the study participants, according to a report in the Charlotte, NC-based The News & Observer.

Matthew Mauro, chairman of the UNC-CH Department of Radiology said computer forensics experts detected the breach in July. The exposed information was on one of two servers that housed data on more than 662,000 women. The data was being collected as part of the Carolina Mammography Registry, a project that compiles and analyzes mammography results submitted by radiologists in North Carolina.

UNC officials are sending out breach notification letters to all 236,000 study participants. The university began phasing out Social Security numbers as patient identification codes several years ago, according to the report. The university said it has also "tightened" its reporting system for the project.

Mauro told the News & Observer that the hacked server has been taken down while investigators examine server security across the medical school. The medical school has 580 servers housing research and clinical data. UNC Hospital patient data is maintained separately.

SearchSecurity radio:

Universities have been increasingly targeted by hackers taking advantage of open networks to find holes leading to back-end servers and ultimately sensitive data. Last year, a hacker used a vulnerability scanning tool to compromise a server at the University of Florida's College of Dentistry. In April, a data breach at the University of California, Berkeley, exposed the information of more than 160,000 current and former UC Berkeley students and 3,400 Mills College students.

Tags: Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection TJX thrives following breach, bucks sour economy Security expert's PCI analysis misguided, says PCI Council GM

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary