Security Experts:

Attackers Breached Server at UNC Cancer Center

Attackers breached two servers at a University of North Carolina cancer facility last year, potentially exposing Social Security numbers of over 3,000 individuals.

The latest data breach involved up to 3,500 employees, contractors, and other visitors at the University of North Carolina-Chapel Hill Lineberger Comprehensive Cancer Center, the News Observer reported. After a routine monitoring scan identified the breach in May, the servers were immediately blocked to protect data.

Compromised personal data included Social Security numbers, but some files contained names, passport numbers, and dates of birth, according to the report. The affected systems were administrative servers storing contracts and administrative forms such as grant applications, expense reimbursement forms, information about research studies and other personnel and administrative documents. Health records and other patient data were not stored on the machine and were not compromised.

“Despite our investigation, however, we are unable to say for sure whether your personal information was accessed by an unauthorized person as a result of this incident,” Shelley Earp, director of the cancer center, wrote in a letter to victims dated Dec. 26. “Even if your personal information was accessed, we have no way to know whether it has been or will be misused.”

No one has reported identity theft as a result of the breach, but victims are advised to sign up for credit monitoring services or placing a freeze on their credit reports.

Even though the breach was discovered in May, the center waited until investigators had determined the extent of the compromise before notifying victims in late December. The two servers contained 1.6 million files, but investigators were able to narrow the search down to 3,300 files which had been accessed during the time of the attack. Investigators manually examined each file to determine whether personal information had been compromised.

“It was very intensive and very time-consuming to sift through all of the information,” Ellen de Graffenreid, director of communications and marketing at Lineberger, told News Observer. “We are very concerned with accuracy,” she added.

UNC did not disclose details of the breach, although the Herald Sun reported the attack occurred sometime between Feb. 12 and May 18. It's not known whether the servers were infected with malware, if attackers hacked into the machines, or even if it was a spear phishing attack. In several recent breaches, the files were improperly stored on publicly accessible servers.

Fahmida Y. Rashid is a contributing writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.