A recap of breaches reported or updated last week on the main news site, PogoWasRight.org, where it was another busy week. How busy was it, you ask? Well, we even had a breach reported from the principality of Liechtenstein, and that’s the first one I can recall in about 7 years of covering privacy news.

Newly reported incidents in the U.S.:

• Union Security Insurance Company became the fourth organization affected by the theft of a computer from Administrative Systems, Inc. in Seattle: 3,000 Milwaukee Public Schools teachers  who have disability insurance with Union Security have been notified that their personal information was on the computer.
• A computer stolen from Systematic Automation Inc. in Fullerton, California contained personal information on about 3,500 Modesto City Schools employees, about 4,000 Clovis Unified School District employees, and approximately 8,275 employees of the Los Angeles Department of Water and Power. One report says that 15 organizations had data on the stolen computer.
• Tenet Healthcare Corp. , which owns 54 hospitals in a dozen states, including Hilton Head Regional Medical Center and Coastal Carolina Medical Center reports that Terrence Brooks, a former employee who was convicted of identity theft, had access to the personal information of about 37,000 patients. The ex-employee worked at a Frisco, Texas, billing center for less than two years, and is confirmed to have stolen the names, Social Security numbers and other personal information of about 90 patients.
• Two laptop computers with personal information, including some SSN, on approximately 320,000 blood donors are missing from Lifeblood and are presumed to be stolen.
• Lexmark International told employees that personal information, including SSN, had been inadvertently posted on a company file transfer site had been accessed by two unknown parties. The company said it has traced the IP addresses of the two parties who accessed the data, but their Internet service provider has not divulged their identities. Both current and former employees, including at least one who left the firm a decade ago, had their data exposed. The company said it had retained that data on former employees for “a variety of legal, tax and other reasons.”
• Cross Country Travcorps, Inc.. NovaPro, Inc., and Assignment America, Inc. (dba “Cross Country Staffing“) reported that an unencrypted laptop with sensitive employee data was stolen from a corporate executive’s car.
• Software vendor Salesforce.com reported that an unencrypted storage device with sensitive employee data was stolen from an employee’s vehicle.
• The Children’s Home Society of Florida reported that some personal information such as names, addresses, and Social Security numbers may have been provided to other independent contractors.
• Crosslines Ministries of Carthage in Missouri was burglarized and paper files, containing the personal information of about 2,000 families, were stolen.
• It was a difficult week for keeping student information protected: Long Island University notified 25,000 to 30,000 students that annual 1098-T “Tuition Statements” mailed to them last week in “defective mailers” might have exposed their details when the mailers got somewhat mangled by the U.S.P.S. Middle Tennessee State University officials reported that an unknown person accessed an unattended computer containing the names and Social Security numbers of about 1,500 past and current students. Cal State Fullerton reports the arrest of a burglar found in possession of mail to students, university personnel, and student organizations. There have been at least 27 possible cases of identity theft confirmed by authorities, but the relationship of any ID theft to mail theft is not clear. The University of Toledo reports that more than 100 students had some of their personal information inadvertently emailed to other students. The names, Social Security numbers and dates of birth of about 1,900 Rose-Hulman Institute of Technology students were inadvertently posted on a public Web site from last fall until Feb. 4. Ivy Tech Community College has notified students that a vendor in Hancock County responsible for printing and mailing federal 1098-T information returns improperly disposed of some forms that had been printed or sorted incorrectly. Texas A & M reports that computer records dating back 8 years containing names and Social Security numbers of 3,000 current and former employees of Texas AgriLife Extension Service, formerly known as Texas Cooperative Extension and the College of Agriculture and Life Sciences were inadvertently made accessible over the Internet. Approximately 2,900 Jeffco Public Schools special education students’ families are being notified that their children’s information was on a personal laptop and jump drive stolen from the home of a special education technician.
• In Massachusetts, three laptop computers were stolen from the Springfield School Department’s central office over a period of eight days. One of the laptops had the names and Social Security numbers of 38 Springfield school teachers on it.
• In Ft. Lauderdale, paper records containing consumers’ personal information belonging to the defunct First Magnus Financial were found just lying inside stacked boxes inside an industrial garbage container.
• A DeKalb County (GA) police officer Teresa Shover admitted (mis)using a classified law enforcement computer to look up another woman’s personal information. She then mailed flyers to the woman’s family and friends.
  

Newly reported incidents in the U.K.:

• Another red face for the Ministry of Defence: The personal details of more than 200 soldiers and some military details were lost when an army officer left his laptop in a pub.
• Personal records of more than 3,000 patients have been dumped at a landfill site. It is the third data-loss scandal to involve the health service in Bolton this year.
• A laptop containing personal records and medical details of more than 5,000 outpatients has been stolen from the anticoagulant clinic at Russells Hall Hospital in Dudley.
• Hundreds of people whose birth details were stolen from Poole Register Office almost 20 years ago were never told. Whether or not you think they should have been may depend on what office you work for.

Newly reported incidents elsewhere:

• South Korea’s oldest and largest online shopping site, Auction.co.kr, has reportedly claimed it was attacked by a Chinese hacker who made off with the user information on 18 million members and a large amount of financial data.
• In Canada: Bell Canada is trying to determine just who has seen a limited amount personal information, including some unpublished telephone numbers that were found in the possession of man who was arrested and charged with stealing the data. The Canadian Privacy Commissioner is also looking into.
• Also in Canada: an elusive gang of thieves believed to be an Eastern European organized crime group is raking in possibly “huge” amounts of cash by replacing retailers’ debit card terminals with skimmers which they then recover.
• In Australia: Geelong Hospital is under investigation after sending a psychiatric patient’s confidential medical records to the wrong person.
• in New Zealand: police and banking investigators say thieves in an international criminal network are using Auckland money machines to defraud British customers. The fraudsters are believed to be working within a criminal ring involving British service workers, stealing money from credit cards in the latest “skimming” ring to affect the country.
• In Liechtenstein: LGT, the bank at the centre of a German tax evasion scandal, said on Friday that a former employee stole customer data in 2002. The bank said in a statement it did not know how much customer data was stolen but said it would promptly bring charges. It did not name the person who would be charged.
• In Spain: police have detained 76 people acrosss the country as part of what they described Sunday as their biggest-ever probe into Internet fraud.
• In South Africa: Vodacom, the country’s biggest cellphone company, has been forced to fix an embarrassing security breech, which allowed Internet users access to other customers’ confidential call records.

Updates on previously reported incidents from here and abroad:

• Vodafone said hardware had failed during an upgrade of Vodafone-owned ihug’s e-mail server, enabling customers to see the subject and sender or recipient of e-mails belonging to other customers.
• Although the cops have got their men, a news story reveals that there was a one-week delay in the Davidson County Election Commission notifying the police of the theft.

In the courts:

• A woman who had cosmetic surgery to remove excess skin has sued Body Aesthetics Plastic Surgery and Skin Care Center Inc. and Drs. V. Leroy Young, Robert Centeno and C.B. Boswell for breach of privacy, wrongful commercial appropriation and other claims for publishing before-and-after photographs.
• Michel Carvajal, who was prosecuted in Sarasota in 2006 on charges of fraudulently using a disabled man’s credit card and sentenced to probation has now been sentenced to two years in prison and five years’ probation — this time for ordering credit cards on the Internet with information he stole from medical files at Dr. Steven Y. Chun’s offices. Chun is an anesthesiologist who rented an office at HealthSouth Ridgelake Hospital. Carvajal was an office cleaner there.
• Eric Abraham Hernandez, an 18-year-old former intern to San Jose Councilman Sam Liccardo is facing a felony charge that he illegally hacked into the city’s e-mail system more than 100 times looking for political dirt to spread about his former boss’s girlfriend. Somewhat ironically, perhaps, he was looking for evidence of email misuse.
• In the UK, brothers Mark and Steven Forbes have been convicted of manslaughter in the death of Bernard Gilbert, 79. Gilbert died of a heart attack less than one hour after the brothers threw a brick through his window. The incident stemmed from a verbal altercation Mark Forbes’ wife Zoe had had with Gilbert over a parking space a few days previously. Forbes reportedly obtained the victim’s address by asking a “then-serving” police officer to look up Gilbert’s address from his license plate tag.

To get all breach news reports, updates, and articles discussing breaches as they’re posted, subscribe to the Breaches RSS feed from PogoWasRight.org. To get all privacy-related headlines from the main news site, subscribe to the All-Headlines RSS feed. To get this blog by RSS, subscribe to Dissent’s feed. For a running total on U.S. breaches this year, the most complete listing is the Identity Theft Resource Center’s breach list for 2008 [pdf].

Possibly Related Posts

• No Related Post

Comments are closed