A prominent UNC-Chapel Hill researcher has settled a dispute with the university, re-gaining her credentials and full salary while agreeing to retire at the end of the year.

Bonnie Yankaskas, a noted epidemiologist, had been demoted, her pay cut essentially in half, after a hacker infiltrated a computer server that she, as the principal investigator for a massive breast cancer study, oversaw.

Yankaskas has overseen the Carolina Mammography Registry, a federally funded project that compiles and analyzes mammogram data submitted by dozens of radiology offices across North Carolina to improve breast cancer screening.

The university held her responsible for the breach and first tried to fire her before later recommending the demotion from full to associate professor and the pay cut.

Under the terms of a settlement announced Friday, Yankaskas has regained her status as a full professor and her full salary of $175,000 has been restored.

She agreed to retire Dec. 31 of this year, according to a news release issued late Friday.

Under the terms of the agreement, the university will not comment on the settlement’s terms. Nor will Yankaskas, according to her attorney, Raymond Cotton.

Are the cases of Butch Davis and Bonnie Yankaskas similar? Were the two UNC-Chapel Hill employees, each quite well-regarded in their respective fields, treated equally?

Should they have been?

News & Observer Executive Editor John Drescher raises these points in a recent column comparing the way UNC-Chapel Hill Holden Thorp dealt with two high profile cases.

One: Butch Davis and the UNC football situation. The other: Bonnie Yankaskas, the epidemiologist harshly sanctioned by the university because a cancer research database she oversaw was infiltrated by a hacker.

As Drescher points out, there were plenty of similarities between the two cases, and yet, the results were quite different.

Read on.

A story last week about UNC researcher Bonnie Yankaskas prompted a lot of questions from readers related to the notion that the university has "scapegoated" her - which is how at least one of her colleagues has characterized the situation.

As you may recall: Yankaskas is a nationally prominent epidemiologist who for the last 15 years has run the Carolina Mammography Registry, a federally funded research study that analyzes mammograms submitted by radiologists across North Carolina.

The database containing much of the data was hacked in 2007, an infiltration not discovered until 2009. As the project's principal investigator, Yankaskas was held responsible for the breach and punished for it. She was demoted and her salary was cut nearly in half.

Yankaskas has appealed the punishment, saying she should not be held responsible for data security since that's not her field of expertise.

My story last week led some readers to wonder whether anyone besides Yankaskas was punished for the gaffe, which compromised 114,000 social security numbers. (UNC says there's no evidence those numbers were copied or removed)

Here's what UNC Chancellor Holden Thorp had to say on the issue. He addressed it late last fall at a meeting with faculty.

"Dr. Yankaskas has not been scapegoated. Other members of her staff were also disciplined in conjunction with the security breach, consistent with their roles and responsibilities. Dr. Yankaskas had more responsibility than they did for the deplorable state of computer security in her project, so her supervisors recommended that she be dismissed. At the end of the day I concluded that a case for dismissal had not been met, but I agreed with the Hearings Committee that her neglect of duty warranted demotion and a pay cut."

The matter is now going to mediation.

At UNC-Chapel Hill, a cancer researcher held responsible for a security breach involving a computer service is fighting a demotion and pay cut.

Bonnie Yankaskas has spent 15 years running the Carolina Mammography Registry, a database of mammogram data used to better breast cancer screening.

Last summer, campus officials discovered a server holding much of that information had been breached. Yankaskas was blamed, her rank reduced from full to associate professor and her salary cut nearly in half.

She's not going without a fight, though. Yankaskas believes she's not responsible for the security breach and wants her job back.

Here's her story.

I've heard from a lot of readers concerned about their personal data being compromised when a UNC Chapel Hill computer server was hacked.

These women, whose mammograms and related personal information were submitted by radiologists to a UNC-CH medical school study, have been asking one question more than any other lately: Why does UNC need social security numbers, dates of birth and other personal information for a medical study?

Karen McCall, a spokeswoman for UNC Health Care, explained today that the study tracks the mammograms of individual patients over time. So, if you have a mammogram each year and it is submitted to the study, someone will analyze it and look for patterns or suggestions that cancer either has developed or could in the future.

Thus, the personal data is necessary because they're examining specific cases, not just using data in aggregate.

"They're tracking people," McCall said. "They're trying to find out if they get cancer. Years ago, they used Social Security numbers. That's how we identified people. The radiologist is responsible for tracking the person for a long time. They give this responsibility to the registry, and the registry reports back to them. So they have to know who the people are."

The university ceased using Social Security numbers as identifiers in 2007, she said.

McCall explained further that this data was stored on two computer servers. One was secure, with all the data "coded," and scrubbed of personal information. But before that happened, it was stored on what she called a "transition" server.

That's the server that got hacked.

Wake Radiology has suspended its relationship with the UNC Chapel Hill medical school study whose computer server was recently hacked, exposing personal data including social security numbers of more than 100,000 patients.

The practice will only participate again if all data is anonymous and unidentified, a spokeswoman said today.

In July, UNC-CH med school officials discovered that a hacker had infiltrated a computer server housing the personal data of about 160,000 patients, including 114,000 social security numbers.

The data was sent the university over time by the dozens of radiology practices who contribute to the Carolina Mammography Registry, a 14-year-old med school study that collects and analyzes mammogram information.

It should have been secure and stripped of identifying information but was not, university officials say.

A hacker who wormed into a UNC Chapel Hill computer server may not have gotten access to as much information as officials originally feared.

UNC School of Medicine officials said last week that a security breach had left data related to as many as 236,000 women enrolled in a mammography study exposed, including 163,000 social security numbers.

But now school officials say the number of exposed files is actually about 160,000 total, including about 114,000 social security numbers, said Stephanie Crayton, a UNC Health Care spokeswoman.

"As we're getting knee-deep into the investigation, we're finding the numbers coming down," she said.

The intrusion was detected in July but may have occurred as far back as 2007. A hacker got into the Carolina Mammography Registry, a 14-year-old UNC medical school research project that stores and analyzes mammogram information submitted by radiologists across the state.

The medical school set up a special phone line for people to call with questions. By mid-week, that line had received several dozen calls from women enrolled in the study, officials said.

The number is 877-434-3065 and is staffed from 9 a.m. to 6 p.m.