The server stores a database of names, addresses and social security numbers of UNCW employees, including part-time and temporary employees. It also contains the details of graduate students, adjunct instructors, and people who took a foreign language placement test at the university between 2002 and 2006.
It appears that the cybercriminals abused the server to host a phishing page. The attackers somehow gained access to the password for an administrator account.
The file containing the sensitive information has been removed from the server in question. The organization has also updated all server operating systems and applications. It has restricted access to the application server, and has increased the frequency of security scans.
Existing applications have been moved to separate, more secure servers, and special software has been deployed to find personally identifiable information stored on the university’s computers.
Impacted individuals are being notified via email or snail mail if an email address is not available. Regulators and law enforcement have also been notified of the incident.