A recap of breaches newly reported or updated last week on the main news site, PogoWasRight.org. For those looking for annual statistics: as of their last update on August 5, the Identity Theft Resource Center shows 423 breaches reported in the U.S. for this year.

Newly reported incidents in the U.S.:

• The U.S. Justice Department has charged 11 people in the theft of tens of millions of credit and debit card numbers of customers shopping at major U.S. retailers, including TJX, BJ’s Wholesale Club; Barnes and Noble; Sports Authority; Boston Market; Office Max; Dave and Busters restaurants; DSW shoe stores; and Forever 21.  Some retailers are questioning whether they were breached.
• A Bank of America laptop containing customer information including names, account numbers and social security numbers was stolen from a bank facility.
• Confidential medical information for about 1,200 Harris County Hospital District AIDS patients may have been compromised when a flash drive used to store the data was lost or stolen.
• Larry V. Bates Jr. was sentenced in federal court for conspiracy to commit identity theft.  Evidence presented in court established that Bates used stolen identification information from members of the International Brotherhood of Electrical Workers Union to obtain driver’s licenses, car loans, birth certificates, post office boxes, and credit cards.
• California State Sen. Patricia Wiggins, D-Santa Rosa, is thinking about new legislation to protect consumers’ identities after she had her personal e-mail account hacked.
• Social security numbers of eight TVA employees were present on a laptop computer that was one of a total of 20 computers stolen from the federal power provider.
• Verified Identity Pass, which operates under the brand name Clear, was suspended by the Transportation Security Administration Monday after a laptop containing unencrypted personal information for 33,000 people signing up for their registered traveler program was stolen from San Francisco International Airport on July 26.  The laptop was recovered this week after being found in the same room from which it reportedly went missing.
• Information from an internal auditing document belonging to Central Florida Healthcare Federal Credit Union containing Social Security numbers, credit-union account numbers, birth dates, loan balances, and types of vehicles belonging to 200 car-loan customers accidentally got posted online where anyone could see it.
• In Iowa, parents allege that school and health records for dozens of students ended up in the trash or on the auction block after crews cleaned out Russell’s only school building.
• A small group of people from the Dorchester area of Massachusetts is suspected in a $100,000-plus scheme using stolen credit card numbers to boost balances on Dunkin’ Donuts gift cards, all with the aid of a computer.  They allegedly bought stolen credit card numbers in Internet chat rooms.
• John Kenneth Leighnor, Jr. was indicted by a federal gand Jury on three counts of mail fraud and eight counts of aggravated identity theft for an ongoing identity theft scheme that he coordinated from the Federal Correctional Institute in Petersburg, Virginia.
• Eileen M. Comire was arrested as  part of an alleged criminal ring that has collected more than $300,000 through identity theft and bank fraud at Citizens, M&T and Wachovia bank branches in Pennsylvania, Delaware, New York and other states.
• A simple bit of carelessness led to a police investigation of the city of Bakersfield’s Information Technology department and a police search of a local residence after personal information was improperly disposed of and wound up in a local person’s hands.
• Employees of Sparrow Hospital were fired or disciplined in July after it was discovered they attempted to access computerized medical information about Gov. Jennifer Granholm when she was admitted there in April.
• The California Department of Public Health found that nearly twice as many medical center employees as had previously been reported peeked at confidential medical records at UCLA. Nearly 60 additional employees gained improper access to records between January 2004 and June 2006, the report said, bringing the total number of workers implicated in the growing scandal to 127.
• Arapahoe Community College is notifying 15,000 students that their personal information has been lost or stolen while under the control of a contractor who had the flash drive at a resort.

Newly reported incidents elsewhere:

In the U.K.:

• 66 victims reported losses totaling $37,917 at RAF Lakenheath from July 5 to Aug. 5. Approximately 150 identity theft incidents totaling about $70,000 were reported within the RAF Mildenhall and Lakenheath communities in the past month, according to Air Force investigators
• Satellite broadcaster Sky television has launched an investigation after personal details including bank account numbers of 33 people from several areas of Wexford became available online.
• The BBC has apologized to parents and started an investigation after a memory stick containing the personal data of hundreds of children who applied to take part in a cookery show was stolen.
• An investigation has been launched after hundreds of mortgage applications belonging to Classic Mortgages of Old Trafford were found dumped in a library car park.

In Ireland:

• Confidential documents containing financial information about a senior Metro employee were sent to the wrong address by  the Department for Work and Pensions (DWP).
• Hundreds of bank customers have had their credit cards cancelled after thieves hacked into the online database of one of the country’s  retailers, who is as yet unnamed.  A former employee is suspected of being responsible.

Elsewhere:

• In Cyprus, an IT specialist was released without charge yesterday after being accused of hacking into the computers of a former client, an unnamed nternational investment and finance services company, and downloading customer and other data for possible sale to others.
• Police in the Netherlands are warning victims whose computers were infected by a botnet that was shut down last week. The victims will be forwarded to a special web page offering instructions on cleaning up their systems.

Updates on previously reported breaches from here and abroad:

• The number of employees affected  by the Anheuser-Bush incident climbed to 90,000, then to 150,000, and then to 190,000 as reporters gained access to state-required disclosures.
• The FTC has issued its final orders concerning the Reed Elsevier Inc. and Seisint, Inc. breach.
• The FTC also issued its final orders concerning the TJX breach.
• Although S&K Menswear had originally reported that there had been no compromise of their customer’s data, a news story this week suggests that they had  been compromised.
• A federal criminal investigation into the theft of confidential customer information from LendingTree Inc.’s computer system is under way.  Former LendingTree employee Jarrod Beddingfield, accused in a lawsuit of scheming with others to steal the information, has acknowledged he is a target.
• The man accused of stealing customer data from home mortgage lender Countrywide probably was able to download and save the data to an external drive due to an oversight by the company’s IT department.

To get all breach news reports, updates, and articles discussing breaches as they’re posted, subscribe to the Breaches RSS feed from PogoWasRight.org. To get this blog by RSS, subscribe to Dissent’s feed.

Possibly Related Posts

• No Related Post

Comments are closed