The University of North Carolina at Charlotte experienced a data breach in May 2012 due to misconfigured access settings, which inadvertently exposed sensitive personal information to the internet. The compromised data included names, addresses, Social Security numbers, and credit card details of affected individuals. While the university reported no evidence of actual misuse or unauthorized access, the exposure posed a significant risk of identity theft, financial fraud, or other malicious exploitation. In response, the institution notified all impacted parties and implemented enhanced monitoring and review protocols to prevent future incidents. The breach highlighted vulnerabilities in the university’s data security infrastructure, particularly in access control mechanisms, raising concerns about the protection of sensitive information in academic institutions.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-23160
TPRM report: https://www.rankiteo.com/company/unc-charlotte-college-of-computing-and-informatics
"id": "unc819082025",
"linkid": "unc-charlotte-college-of-computing-and-informatics",
"type": "Breach",
"date": "2/2012",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Higher Education',
'location': 'Charlotte, North Carolina, USA',
'name': 'University of North Carolina at Charlotte',
'type': 'Educational Institution'}],
'attack_vector': 'Incorrect Access Settings (Misconfigured Internet Access)',
'customer_advisories': 'Affected Individuals Notified',
'data_breach': {'data_exfiltration': 'Potential (No Evidence of Actual '
'Exfiltration)',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_publicly_disclosed': '2012-05-11',
'description': 'The California Office of the Attorney General reported a data '
'breach related to the University of North Carolina at '
'Charlotte on May 11, 2012. The breach involved incorrect '
'access settings allowing electronic data to be accessible '
'from the Internet, potentially exposing personal information '
'including names, addresses, social security numbers, and '
'credit card information. The University has no evidence of '
'misuse but has notified affected individuals and increased '
'monitoring and review procedures.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (No '
'Evidence of Misuse)',
'data_compromised': ['Names',
'Addresses',
'Social Security Numbers',
'Credit Card Information'],
'identity_theft_risk': 'High (PII and Financial Data Exposed)',
'payment_information_risk': 'High (Credit Card Information '
'Exposed)'},
'investigation_status': 'Completed (No Evidence of Misuse Found)',
'post_incident_analysis': {'corrective_actions': 'Increased Monitoring and '
'Review Procedures',
'root_causes': 'Incorrect Access Settings '
'(Misconfigured Internet-Facing '
'Systems)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Affected Individuals Notified',
'containment_measures': 'Access Restrictions Implemented',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes (Notification and '
'Monitoring)',
'remediation_measures': 'Increased Monitoring and Review '
'Procedures'},
'title': 'University of North Carolina at Charlotte Data Breach (2012)',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Access Controls'}