Cyber Incident Victim: University of North Carolina Wilmington

In April 2014, the University of North Carolina Wilmington (UNCW) disclosed unauthorized access to an applications server that potentially exposed personal information of employees, graduate students, and adjunct instructors. The breach impacted individuals employed by UNCW as of March 2014, including part-time and temporary staff, as well as those who took a foreign language placement test between 2002 and 2006. Exposed data included names, addresses, and Social Security numbers. UNCW did not publicly specify the number of affected individuals. The intrusion enabled access to a database containing sensitive information, though the university stated no evidence indicated the perpetrator accessed personal data or committed fraud using the exposed details. The compromised server hosted software applications, and the breach was detected through security monitoring processes not detailed in public notifications.

UNCW responded by removing the targeted file from the server and notifying state regulatory agencies and law enforcement. Remediation efforts included updating operating systems and vendor applications, blocking upload access to the web application server, increasing frequency of unauthorized access scans, auditing files containing personal information on UNCW servers, and migrating software applications to more secure servers. The university issued individual notifications to all impacted parties and published a public statement on its website acknowledging the exposure while emphasizing the absence of evidence supporting data misuse. No additional technical specifics regarding the attack vector or duration of unauthorized access were disclosed. The incident underscored risks associated with storing legacy data, as the breach involved records spanning at least eight years prior to detection.