A recap of breaches newly reported or updated last week on the main news site, PogoWasRight.org. For those looking for annual statistics: as of their last update on July 15, the Identity Theft Resource Center shows 366 breaches reported in the U.S. for this year.

Newly reported incidents in the U.S.:

Business sector:

• Baxter International reports that a company laptop containing personal information on 6,900 employees was stolen from an employee’s hotel room while the employee was attending a conference.  The laptop only required a username/password to access the data.
• Former employees of Netegrity, Inc. are among those whose personal information was on computers stolen from Colt Express Outsourcing Services over the Memorial Day weekend.
• Bristol-Myers Squibb Co. (BMY) said a backup tape containing employees’ personal information, including Social Security numbers and in some cases, banking data, was stolen recently.   The data on the tape were protected by a 12-character password.
• Two Idaho men pleaded guilty in federal court Thursday to identity theft. The plea agreement indicates that Butherus and Gregory stole over 200 cellular applications from Wireless FX in Ontario, Oregon and then used the customer information from the applications to create over 50 fraudulent identification cards that they used to obtain merchandise.
• U.S. Secret Service agents continue to investigate last fall’s theft of customer credit-card data from the Amarillo location of Zoo-Kini’s Soups, Salads and Grill, which closed in June.  The August data security breach spanned more than 100 customers and resulted in the fraudulent charging of more than $50,000 in merchandise.
• Bruce Horner, restaurant owner, used roughly 50 credit card numbers obtained from customers at Wat a Lunch n More in Tamarac to ring up more than $100,000 in fraudulent charges.
• Yet another L.A. Weight Loss has shut its doors, leaving customer records containing personal information and Social Security numbers in a dumpster.
• Harris County Sheriff’s deputies uncovered hundreds of people’s personal financial files, some of which contained medical information, that had been discarded in a dumpster from  Houston attorney William Weber’s office.  Now the Texas AG is investigating.
• Personal information on hundreds of closing sale documents were found in an open garage of an unfinished home in a subdivision. Residents blame Supreme Builders.
• A dumpster full of Social Security numbers, names and addresses was traced back to E.F. Mortgage of Portage, a business that  no longer exists.

Government sector:

• FEMA officials confirmed that a housing inspector’s briefcase containing personal information of flood victims was stolen from his car while he was staying at the Aspen Inn in Iowa.
• Three Metro employees have been disciplined after the Social Security numbers of nearly 4,700 current and former employees were mistakenly posted on the transit agency’s Web site last month, officials said yesterday.
• Waukesha County EEOC gave a woman the social security numbers, salaries, college backgrounds and other personal information of 130 people because she filed a complaint when she didn’t get a job and asked for information on the other applicants for the job.
• The Missouri National Guard has called for a criminal investigation after it learned that the personal information of as many as 2,000 soldiers had been breached, but details have not been provided.
• Burglars stole a backup server from a Minneapolis Veterans Home that contained password-protected information about home residents and some dependents.
• A Florida Department of Business and Professional Regulation employee is accused of unsuccessfully trying to get credit cards with personal information the agency received on complaint forms submitted by 3 people. 150 people are being notified to check their credit statements.

Education sector:

• A password-protected laptop computer containing personal information for an estimated 2,500 or more current and former Indiana State University students was stolen from a professor.
• Almost 2,500 University of Texas - Austin students have had their personal information posted on the web without their knowledge for about five years.  The university disputes some of SSNBreach.org’s claims about the incident.
• University of Maryland accidentally released the addresses and social security numbers of more than 23,000 students due to a mailing label error.

Medical sector:

• 47,000 patients at Greensboro Gynecology Associates have been notified that a backup tape with their personal information — including Social Security numbers and addresses — was stolen in May from an employee’s vehicle while it sat in a parking lot at a restaurant.
• A total of three laptop computers have been reported stolen from two or more different areas of Covenant hospitals since May.
• A Wuesthoff Hospital worker was arrested on suspicion of using medical records to steal at least one  patient’s identity.
• Dr. Carlos Ocampo, a former Prince William Hospital anesthesiologist, was arrested on four criminal charges including using a patient’s information to access the computer that controls the dispensing of certain medications.
• The Cleveland Clinic is investigating the theft of a laptop computer that could contain patient medical records.

Other:

• More than 80 million Facebook users had their private birth dates  made public due to a security breach during testing of Facebook’s new design for members’ profiles.
• Sharing a Google Calendar with another Gmail user can expose the first name and last name that the recipient of the shared calendar supplied to set up a Gmail account.
• Stephan Maurice Cureton, a former teller at the Lafayette Hill branch of the Wachovia Bank pleaded guilty to felony charges of identity theft and unlawful use of a computer. There were at least 13 victims.

Continue Reading »

A recap of breaches newly reported or updated last week on the main news site, PogoWasRight.org. For those looking for annual statistics: as of their last update on July 8, the Identity Theft Resource Center shows 353 breaches reported in the U.S. for this year.

Newly reported incidents in the U.S.:

• U.S. Foodservice, Inc. (”USF”) reported the theft of a laptop containing unencrypted names, Social Security numbers, home addresses, and/or dates of birth of some present and former USF employees, and in a few instances, their dependents and applicants for jobs at USF.
• On April 25, publishing firm Houghton Mifflin Harcourt learned that an attack on one of its non-e-commerce web sites had resulted in access to personal information.
• A security breach in Florida’s Organ and Tissue Donor Registry may have exposed 55,000 donors’ personal information, including their social security numbers.
• Sometime late last year, an employee of Wagner Resource Group investment used LimeWire on a company computer. In doing so, he inadvertently opened the private files of about 2,000 of the firm’s clients to the public.
• A laptop computer that was reported stolen from an Army employee’s unlocked truck parked in front of his home  contained personal information on about 800 to 900 Fort Lewis soldiers.  The laptpop was recovered and a 17-year-old Lacey teen faces charges in the theft.
• Personal information of hundreds, maybe even thousands of people including tax and financial information was found on a road.  Many of the records are from Liberty Furniture.
• Parents in Williamson County are getting phone calls warning them that their children’s identities may have been compromised by an employee who mistakenly posted the Social Security numbers of some students on a personal web site almost a year ago. Details of the breach vary depending on which source you read.

Newly reported incidents elsewhere:

• In the U.K.: a tape containing the records of more than 11,000 patients at Whitaker Lane Practice in Prestwich has been lost.
• Also in the U.K.: confidential patient information with patients’ names, photographs and other paperwork were found scattered at Law Hospital in Carluke, which closed in 2001.
• In Australia: the WA Government was seeking urgent legal advice last night about how it could get back confidential documents detailing the private information of 25,500 motorists after they were sold to Wilson Parking, a private car parking company which was chasing outstanding fines.
• In Germany: market research firm TNS Infratest/Emnid has exposed 41,000 private data records of their survey participants.  Besides name and address, the data records included date of birth, email address and phone number. Many records also included very sensitive information: monthly income, education, bank account information, health insurance data, if and which credit cards are used, which electronic devices are used in the household, children’s ages and yet more private data.

Updates on previously reported breaches from here and abroad:

• Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers.
• Federal prosecutors are investigating whether State Department employees broke the law by snooping into celebrities’ passport records, Attorney General Michael Mukasey said Wednesday.
• A California state worker recently married to a member of the Mexican Mafia  is under investigation for downloading more than 5,000 names, addresses and Social Security numbers belonging to Department of Consumer Affairs staff.
• Jonah Greenthal said he hacked into the computer system at New Trier High School to check his class rank, but he managed to tap into confidential school data that included teacher salaries, medical records and grade histories for students who had graduated as long as three years ago. Greenthal was sentenced to one year of court supervision and ordered to perform 50 hours of community service and pay $320 in court costs.
• A former analyst for Certegy check authorizing company was sentenced to four years and nine months in federal prison for stealing more than 8.4 million consumer records that were sold to direct marketers.
• A man has been charged in Texas in an identity theft case that affected more than 1,100 students at the University of California, Irvine. Authorities allege he breached computer security at the Dallas office of UnitedHealthcare‘s department of student resources while he worked there in December 2007. 
  

To get all breach news reports, updates, and articles discussing breaches as they’re posted, subscribe to the Breaches RSS feed from PogoWasRight.org. To get this blog by RSS, subscribe to Dissent’s feed.

From EFF:

In a move that I can only describe as cowardice, Congress just passed legislation meant to immunize telephone companies for their illegal, disloyal, and irresponsible behavior. EFF has been fighting against telecom immunity, and we need your help to bring the fight to the next level:

http://secure.eff.org/wiretapping

Two and a half years ago, EFF sued AT&T on behalf of its customers, seeking to hold the telecom giant responsible for its craven complicity in the White House’s illegal warrantless wiretapping program.

Since then, the phone companies and their allies in Washington have spent tens of millions of dollars lobbying Congress to grant them retroactive immunity. They ran ridiculous fear-mongering attack ads against any politician who dared to oppose them. President Bush threatened to veto any bill that allowed EFF’s lawsuit to continue.

Yesterday, Congress completely capitulated to the President’s threats and voted to let the telecoms off the hook. If the telecoms are not held accountable, the administration will remain unchecked in its warrantless wiretapping of innocent Americans. This must stop!

We need your help to take the fight to the next level. We’re going to challenge Congress’s unconstitutional grant of immunity in our case against AT&T. We’re going to fight for a congressional repeal of immunity in the next Congress. And we’re going to file a new lawsuit against the government, challenging its warrantless surveillance practices, past, present and future.

Now, more than ever, we need your support!

http://secure.eff.org/wiretapping

The fight for civil liberties would never have come this far without your help. We can’t give up now. Help EFF today!

Sincerely,
Shari Steele
Executive Director
Electronic Frontier Foundation

Note from Dissent: Even if you’ve never donated to EFF before, if you can make a donation now, however much you can afford, do it. You can make a monthly donation as a member, or you can make a one-time donation via PayPal. I do both because although Congress is not representing my views, EFF is.

Although I didn’t cover this on the main news site, if you haven’t heard about DHS’s supposed interest in a stun bracelet that might be required for all airline travel, the Washington Times has an interesting piece on the story, but do read the comments.

Now excuse me while I just sit here and mutter to myself for a while. I don’t know if DHS is really seriously interested in this for all airline travelers, but what does it say that so many of us are ready to believe that they could be?

Three attempts to amend the FISA Amendments Act were rejected by the Senate today:

The Dodd Amendment to strike Title II was rejected. Roll Call 164. 32 YEA, 66 NAY, 2 NOT VOTING.

The Specter Amendment to limit retroactive immunity for providing assistance to the United States to instances in which a Federal court determines the assistance was provided in connection with an intelligence activity that was constitutional was rejected. Roll Call 165. 37 YEA, 61 NAY, 2 NOT VOTING.

The Bingaman Amendment to stay pending cases against certain telecommunications companies and provide that such companies may not seek retroactive immunity until 90 days after the date the final report of the Inspectors General on the President’s Surveillance Program is submitted to Congress was rejected. Roll Call 166. 42 YEA, 56 NAY, 2 NOT VOTING.

The 2 NOT VOTING were Ted Kennedy and John McCain.

Obama voted for all of the amendments.

Update 1: Motion to invoke cloture: 72 YEAs, 26 NAYS, 2 NOT VOTING. Roll Call 167.

The 2 NOT VOTING were Ted Kennedy and John McCain.

Obama voted for cloture.

Update 2: Vote on  H.R. 6304 (Foreign Intelligence Surveillance Act of 1978 ).  Passed 62 YEAS, 28 NAYS, 3 NOT VOTING.  Roll Call 168.

Obama voted for the bill.  McCain didn’t vote.

From the July 7th Daily Digest:

FISA Amendments Act–Agreement: A unanimous-consent agreement was reached providing that all debate time on the amendments must be utilized during the Tuesday, July 8, 2008 session of the Senate, and that at 9:30 a.m. on Wednesday, July 9, 2008, immediately after the opening of the Senate, Senate resume consideration of H.R. 6304, to amend the Foreign Intelligence Surveillance Act of 1978 to establish a procedure for authorizing certain acquisitions of foreign intelligence, with the debate time previously specified prior to the cloture vote commencing at that time, and that Senator Bingaman control 10 minutes of the time controlled by the Majority Leader; provided further, that after all debate time has been used or yielded back, Senate vote on or in relation to the amendments; that Senate then vote on the motion to invoke cloture on the bill, and then passage of the bill, as previously ordered; provided further, that the previous order with respect to debate time between votes and vote time in a sequence and all other provisions of the previous order remain in effect.

A unanimous-consent agreement was reached providing that Senate begin consideration of the bill at approximately 11 a.m., on Tuesday, July 8, 2008, and that all time in adjournment, recess, or morning business and consideration of the bill count post-cloture.