Connect with us

Hi, what are you looking for?


Incident Response

Attackers Breached Server at UNC Cancer Center

Attackers breached two servers at a University of North Carolina cancer facility last year, potentially exposing Social Security numbers of over 3,000 individuals.

Attackers breached two servers at a University of North Carolina cancer facility last year, potentially exposing Social Security numbers of over 3,000 individuals.

The latest data breach involved up to 3,500 employees, contractors, and other visitors at the University of North Carolina-Chapel Hill Lineberger Comprehensive Cancer Center, the News Observer reported. After a routine monitoring scan identified the breach in May, the servers were immediately blocked to protect data.

Compromised personal data included Social Security numbers, but some files contained names, passport numbers, and dates of birth, according to the report. The affected systems were administrative servers storing contracts and administrative forms such as grant applications, expense reimbursement forms, information about research studies and other personnel and administrative documents. Health records and other patient data were not stored on the machine and were not compromised.

“Despite our investigation, however, we are unable to say for sure whether your personal information was accessed by an unauthorized person as a result of this incident,” Shelley Earp, director of the cancer center, wrote in a letter to victims dated Dec. 26. “Even if your personal information was accessed, we have no way to know whether it has been or will be misused.”

No one has reported identity theft as a result of the breach, but victims are advised to sign up for credit monitoring services or placing a freeze on their credit reports.

Even though the breach was discovered in May, the center waited until investigators had determined the extent of the compromise before notifying victims in late December. The two servers contained 1.6 million files, but investigators were able to narrow the search down to 3,300 files which had been accessed during the time of the attack. Investigators manually examined each file to determine whether personal information had been compromised.

“It was very intensive and very time-consuming to sift through all of the information,” Ellen de Graffenreid, director of communications and marketing at Lineberger, told News Observer. “We are very concerned with accuracy,” she added.

Advertisement. Scroll to continue reading.

UNC did not disclose details of the breach, although the Herald Sun reported the attack occurred sometime between Feb. 12 and May 18. It’s not known whether the servers were infected with malware, if attackers hacked into the machines, or even if it was a spear phishing attack. In several recent breaches, the files were improperly stored on publicly accessible servers.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.