A recap of breaches newly reported or updated last week on the main news site, PogoWasRight.org. For those looking for annual statistics: as of their last update on May 13, the Identity Theft Resource Center shows 259 breaches reported in the U.S. for this year.

Newly reported incidents in the U.S.:

• About 13,000 employees at Pfizer Inc. had their personal information compromised when a company laptop and flash drive were stolen about a month ago. This was their 6th known incident since last year. Slow learning curve?
• Three defendants have been charged in a federal grand jury indictment and complaint with illegally accessing the computer systems of Dave & Buster’s Inc. (D&B) restaurants and stealing credit and debit card numbers from that system. Statement by Dave and Buster’s.
• A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of about 70,000 students, staff and faculty who bought parking and transit services permits in the past six years.
• Through the wonders of modern technology, some of those federal economic stimulus checks from the Internal Revenue Service are being deposited directly into recipients’ bank accounts — sometimes the wrong recipients, exposing others’ Social Security numbers. A computer programming glitch was blamed, of course.
• Five workers at the Internal Revenue Service’s Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers’ files for their own purposes. 13 taxpayers were compromised.
• Cayuga County authorities are charging 24-year-old Eddie Camacho with conspiracy, criminal impersonation and unlawful possession of personal identification information. Camacho is accused of telephoning people from the jail and impersonating members of the district attorney’s office to obtain personal information, including Social Security numbers. Deputies say Camacho and two others used the information to obtain credit and services in the names of six victims.
• Cigna Healthcare reportedly repeatedly faxed documents revealing the patients’name, date of birth and sensitive medical information to a couple in Arizona.
• An Everett woman was arrested for stealing another woman’s identity to get health insurers to pay for doctor visits and prescription narcotics.
• Target 4 news reported on its investigation of Ohio state computer losses and breaches.
• An unknown security issue on Photobucket earlier this month has prompted the photo Web site to request that all its users change their passwords.
• Police are investigating a computer hacking by a 15-year-old student who authorities say broke into an office at Downingtown High School West and downloaded files containing restricted information on several dozen teachers and thousands of district taxpayers.
• Former Amegy Bank senior banker Lamont Wallace was sentenced to three years in federal prison for selling personal account information as part of an identity theft ring.
• A dumpster that was filled with boxes of personal information including everything from social security numbers to copies of birth certificates from youth in the Amateur Athletic Union.
• Nearly 8,000 students’ identities were at risk after a laptop containing their personal information was stolen from a Spring Independent School District employee’s car.
• Alabama Department of Mental Health and Mental Retardation officials say paper records containing patient information from Greil Hospital have gone missing.
• The University of Louisville recently sent letters to about 20 employees in the president’s office alerting them that documents had been copied and taken from a private office in the president’s office. The university learned of the theft when salary information was shared anonymously with some employees.
• It was called a criminal’s dream come true — a trash bin full of documents containing private information from cases handled by local law firms, including the DeWitt law firm, Sarah Arnold Esq., and Mediation Services of Central Florida. The attorneys will be required to inform former clients that their private information may have been compromised.
• Monica and Luzonica Tirado, twin sisters who used to work as teachers at The Goddard School in Plainfield, are accused of hijacking the identities of some of their students’ parents.
• The private financial and medical information of dozens of people fill boxes that sit in the front yard of a home that belonged to Dr. Richard Skouson of Affordable Chiropractic in Burton.
• A hacker obtained personal information from Concrete Reinforcing Products’s computer. A technician said he was on the company computer when he noticed that someone had hacked into the system. He was able to log the hacker off the computer and then discovered the hosting company was using the name “Dream Host.” He said he was able to guess the person’s password and found ”numerous” files containing people’s names, credit card account numbers and passwords.

Newly reported incidents elsewhere:

• A hacker in Chile calling himself the ‘Anonymous Coward‘ published confidential data belonging to six million people on the internet.
• In Ireland, the Bank of Ireland says it is investigating an allegation that another laptop was stolen — this one in 2001. The laptop was not encrypted. Its theft was reported to line management in the bank, but customers were not informed. The laptop had details of up to 4,000 Bank of Ireland customers.
• Also in Ireland: a disc containing personal information has been lost by the public inquiry team examining the loyalist murder of Catholic solicitor Rosemary Nelson in Northern Ireland.
• Also in Ireland: the Health Service Executive (HSE) has apologised and has contacted the Data Protection Commissioner after a number of letters sent to patients in the northeast in relation to a review of health tests were sent to the wrong addresses.
• In Canada, the theft of a laptop computer containing hundreds of clients’ confidential information from a First Calgary Savings employee’s vehicle has raised concerns for Alberta’s privacy commissioner.
• Also in Canada: hundreds of moviegoers at the Galaxy Theatre in St. Thomas could be unwitting victims in a debit-card scam aimed at stealing money from bank accounts.
• A section of the official Red Cross website has been hacked and access to the special accounts for earthquake disaster relief donations acquired.

Updates on previously reported breaches from here and abroad:

• The Naval Surface Warfare Center at Dahlgren is mailing 7,200 more letters to former employees through the Internal Revenue Service warning them about potential identity fraud.
• A young couple accused of stealing the identities of more than 16 people to live expensively and travel the world in style have agreed to plead guilty to federal charges.
• About those medical records found buried in a former landfill outside Cork, the Health Service Executive (HSE) now claims there were “only 15 fully legible sets of notes”.
• Metro informed Wackenhut Corp., that it has to pay taxpayers back the $840,000 it cost to clean up a mess it helped make when election commission data were stolen if it wants to keep its contract with the city.
• Attorneys have refiled a lawsuit against Davidson Companies.
• Almost 3 years after it happened, Kaylee Hall remains hurt, angry and embarrassed that an employee at Best Buy in Traverse City lifted intimate photos of Hall from her computer and spread the images to co-workers. Her lawsuit is headed to trial this summer.

To get all breach news reports, updates, and articles discussing breaches as they’re posted, subscribe to the Breaches RSS feed from PogoWasRight.org. To get this blog by RSS, subscribe to Dissent’s feed.

Possibly Related Posts

• No Related Post

Comments are closed