Archived News

Database breach raises concerns over Web security

In August a computer hacker broke into a North Carolina Community College System server and potentially gained access to the personal information of 51,000 library users across the state.

The cyber break-in was deemed harmless by investigators in the wake of the event, but it left behind glaring questions about the security of personal information on the Internet.

According to N.C. Community College officials, the perpetrator accessed the library patron information in August via a computer server housed in the community college system office in Raleigh by decoding a user password.

An initial investigation revealed that 8,300 driver’s license numbers, originally collected by 18 colleges to help identify library users, were stored on the server. However, an ongoing review of the incident revealed that an additional Social Security numbers of 42,500 library patrons were also stored on the breached server, including the information of patrons from Haywood Community College and Southwestern Community College.

Ryan Schwiebert, IT director at SCC, explained how the breach affected the college.

“As a college we stopped using social security numbers quite some time ago,” Schweibert said. “The social security numbers that were jeopardized in the breach were left in the library’s system from two years ago.”

Related Items

Schwiebert said the state’s community college library server is an “open facing” system, which means it can be accessed via the Internet. He said best policy dictates that private information be maintained only on servers that don’t allow that level of access. For instance, the SCC’s student information database is secured on a server protected by layers of firewalls.

“That type of server would be very difficult for a hacker to access without being caught,” Schwiebert said. “Even for one of our own people.”

In the wake of the security breach, N.C. Community College officials notified 51,000 library users from 25 community colleges that a security breach had occurred on a computer server containing their personal information. While reviews and investigations after the event indicated that the hacker had not accessed any personal information, state and federal privacy laws dictated that the college system inform all of the users who had potentially been affected by the breach.

Forty-six community colleges that participate in the Community College Libraries in North Carolina consortium maintain information on more than 270,000 library users on this server. The security breach was discovered Monday, Aug. 24, during a routine security review and was reported to the state’s Information Technology Service at that time. Students potentially affected weren’t notified for another four months.

Smokey Mountain News Logo
SUPPORT THE SMOKY MOUNTAIN NEWS AND
INDEPENDENT, AWARD-WINNING JOURNALISM
Go to top
Payment Information

/

At our inception 20 years ago, we chose to be different. Unlike other news organizations, we made the decision to provide in-depth, regional reporting free to anyone who wanted access to it. We don’t plan to change that model. Support from our readers will help us maintain and strengthen the editorial independence that is crucial to our mission to help make Western North Carolina a better place to call home. If you are able, please support The Smoky Mountain News.

The Smoky Mountain News is a wholly private corporation. Reader contributions support the journalistic mission of SMN to remain independent. Your support of SMN does not constitute a charitable donation. If you have a question about contributing to SMN, please contact us.