Financial accounts and more than 350,000 Social Security numbers belonging to current and former staff members and students at UNC-Charlotte were exposed to the Internet.
Campus officials said a "human error" in the IT department led to the exposure of the sensitive information. The school was alerted to the problem at the end of January and immediately hired a forensic data investigation team to determine the scope of the exposure. The team also corrected the errors that exposed the data to the Internet.
The team's investigation revealed information from "General University Systems" was exposed from Nov. 9, 2011, through Jan. 31, 2012. During the investigation, the team also discovered a second data exposure dating back to 1998 in the university's College of Engineering.
"One of the reasons Social Security numbers were involved (was) because at that time, that was our identifier of members of the university community," campus spokesman Stephen Ward said. "We hadn't yet shifted to an ID number system."
Despite the massive scope of the exposure, Ward said, "We have no indications that there was any detrimental activity related to any possible access of that exposed data."
The university is referring all current and former students and staff to a special website for more information or if they have concerns about identity theft.