The university explained in a press release that, “because of system misconfiguration and incorrect access settings”, the information was posted on a publicly accessible site. There were two incidents, one affecting the general university systems over a period of three months and another impacting the university’s College of Engineering systems over a period exceeding a decade.
“The university has no reason to believe that any information from either incidents was inappropriately accessed or that information was used for identity theft or other crime. The exposed data involved people connected to the university, and included names, addresses, social security numbers, and/or financial account information provided in association with transactions with the university”, the institution said in a press release.
The university said it learned of the first incident on January 31, 2012, and implemented its security incident response plan. The data exposures have been “remediated”, it said.
UNC Charlotte informed state and federal regulatory and law enforcement agencies, which assisted with the investigation and remediation.
"I think that's really scary. It makes me feel unsafe to think my information could be out there and that somebody could take my credit and do what they want to with my social security," Jennifer Affinito, a student at the university, told WBTV news.