Hacker breaks into research study data

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.charlotteobserver.com/local/story/967722.html

By Eric Ferreri
newsobserver.com
Sept. 25, 2009

CHAPEL HILL - A hacker has infiltrated a computer server housing the 
personal data of 236,000 women enrolled in a UNC Chapel Hill research 
study. Among the information exposed: the Social Security numbers of 
163,000 participants.

The data is part of the Carolina Mammography Registry, a 14-year-old 
project that compiles and analyzes mammography data submitted by 
radiologists across North Carolina.

Though the intrusion was detected in late July, computer forensics experts 
say it might have happened two years ago, said Matthew Mauro, chairman of 
the UNC Department of Radiology.

UNC officials and a private computer forensic expert have spent two months 
investigating, but they still don't know who did the hacking, where the 
attack originated, or even whether data was downloaded.

"There's no direct evidence that any information has been removed," Mauro 
said. "But we can't say for sure."

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php