The women involved are getting letters in the mail warning them of the breach. University officials say they discovered someone had accessed the files in July, but they said there is no evidence that any data was downloaded.
As many as 180,000 patient files may have been exposed, including more than 100,000 that included social security numbers.
News that their data has been accessed came as a shock to many of the women - who told ABC11 that they didn't even know they were taking part in the study.
That's because federal guidelines that require patents approve the sharing of their person medical information are often waived for large medical studies.
"How could this be legal?" asked Kay McCarthy - who was one of the women who were notified by letter that their information may have been exposed.
"I can't believe it's legal. That must be a very fine line. And if it is legal, that needs to be changed," she said.
McCarthy says she contacted the North Carolina Attorney General's office about the breach. The AG's office told ABC11 it's looking into it.