identity theft and scams
Welcome to
Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
There Have Been 
 Identity Theft Victims Year-To-Date
Identity Theft Articles

UNC Latest College to Unveil Data Breach

Colleges, Universities are Popular Targets

October 5th, 2009 Phillip Britt

The University of North Carolina at Chapel Hill this week began notifying the participants in a federally funded mammography study that their personal information may have been breached.

University of North Carolina at Chapel Hill Data Breach

University of North Carolina at Chapel Hill Old Well; Leaking Data?

According to information the university provided to a local newspaper, the breach involved 236,000 total records, including 163,000 Social Security numbers from women who had participated in the study. Their records had been on a computer at the university’s School of Medicine. The study has been going on for 15 years.

The breach, university officials said, may have occurred two years ago. The breach was initially discovered in July, the notifications were just going out, university officials said, because it took some time for the computer forensics team to determine what records may have been compromised. State law requires notification of people who’s records were compromised in the event of such a breach, even, as in this case, if it is unknown if the compromised records were ever actually acquired by a hacker, it’s just known that they were exposed.

The breach adds to several announced by higher education institutions this year. Just a few examples:

• The University of Rochester in January reported that personal information for 450 current and former university students was stolen from a university database.

• An Abilene Christian University computer server was hacked near the end of February. An e-mail dated one week ago from the college's information technology branch states that the school experienced a security breach in a database containing myACU usernames and passwords tied to the school's internal e-mail system.

• Also in February, a cyber burglar crept into the University of Florida's computer system, jeopardizing the personal information of almost 100,000 people.

• In June, hackers broke into the computers of the Oregon University and posted a message telling President Barack Obama to stop talking about the disputed Iranian election.

• In July, the personal information of nearly 800 students who attended The University of Colorado at Colorado Springs was compromised after a faculty member's laptop was stolen.

Colleges and universities are at high risk for such breaches for several different reasons:

• They have massive amounts of identity information for students. • They conduct large amounts of research requiring the storage of more data, some of it personal.

• Due to this treasure trove of information, they are natural targets of hackers.

• In addition to the treasure trove of information, they have some of the nation’s most powerful computers, which not only house sensitive information, but in the wrong hands, can be used in attempts to break into other systems on and off campus.

• They have some very knowledgeable students who may have physical access to the information or who may know enough about the institution’s security systems or policies to be able to break in relatively easily.

The North Carolina at Chapel Hill case should give university officials and study participants alike some pause when they are involved in research. While some identifying information is certainly necessary (e.g., weight and age could be very important factors in a medical study), only that information that is absolutely necessary should be retained (e.g., another “subject identifier” outside of a Social Security Number could have been used).



Rob Douglas identity theft expert

Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world? 

Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder? 

Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud? 

If so, we invite you to learn more about identity theft and scam expert Rob Douglas.