By Steve Gilliam , University Relations
Contact: (336) 334-5371
Posted 12-15-08
GREENSBORO, NC – Employees at The University of North Carolina at Greensboro have been notified about a security breach, with potential data loss from a computer which contained personal information used to process the institution’s payroll.
Notification was sent on Monday to UNCG’s faculty, staff and student employees, including former UNCG employees, who have received payment from UNCG since April of this year. All regular UNCG employees have direct deposit for their paychecks.
“This is a very, very serious matter, and the university is taking all the necessary steps to assure the security of our employees’ personal and business information,” said Vice Chancellor for Business Affairs Reade Taylor. “At this time, we are advising employees to check direct deposit accounts with their banks to ensure that no unauthorized activities, such as unknown or suspicious withdrawals, have been made.
“We believe the risk to actual data is low, but we can’t take chances. We are notifying people about the situation, whether there is a risk or not.”
The situation was detected on Thursday afternoon (Dec. 11), when a payroll employee received a notification of a virus alert while attempting to access data. The computer was located in the Accounting Services office. It was discovered that the computer had been infected with a virus which may have allowed an unauthorized person to gain access to personal information.
Staff from UNCG’s accounting/payroll and information technology services areas are working to determine the level of access that unauthorized persons would have to employees’ personal information. Material on the affected computer included names, Social Security numbers, direct deposit routing and banking account information.
After checking, there is evidence that the virus has been on the workstation since April of this year. IT staff members have not been able to determine whether or not any personal data has actually been accessed.
Steps were taken immediately to see that personal information was protected from future unauthorized access. When the security breach was discovered, UNCG technicians came to the site of the incident, made a copy of the data on the affected workstation, and took the workstation offline. The hard disk of the affected workstation was reformatted. The workstation was reloaded with a clean copy of the operating system, and best practices were used to ensure that this image was protected, that the most current virus protection programs were loaded, and that the most current virus protection pattern file was in use.
A Web site, fsv.uncg.edu/incident, has been developed for employees to visit. The site is available now. Employees with questions can call 336-334-5851 weekdays from 9 a.m. to 5 p.m.
In addition to protective measures, the university is notifying the three major credit reporting agencies, TransUnion, Experian, and Equifax.
It has also notified the Consumer Protection Division of the North Carolina Attorney General’s office.
Employees have been advised to monitor their banking accounts which receive direct deposits from UNCG.
Employees who suspect any fraudulent activity to their accounts are being advised to place a free fraud alert on their personal credit files to protect against identity theft. A fraud alert tells creditors to either contact an individual or use reasonable policies and procedures to verify the consumer's identity before they open any new accounts in the person’s name or change existing accounts. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to create fraud alerts.
