Data “Dysprotection:” breaches reported last week

By , September 10, 2007 7:19 am

A recap of breaches reported or updated last week in the news section.

Newly reported incidents:

  • Pfizer was back in the news for the third time in as many months. It disclosed (pdf) a breach affecting 34,000 employees that occurred last year when an employee removed copies of confidential information from a Pfizer computer system without the company’s knowledge or approval. Pfizer didn’t become aware of the breach until July 10. According to their Aug. 24 letter to those affected (pdf), the breach may have caused employees’ names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed.
  • To add to their woes, Pfizer‘s computers were infected and turned into spambots, churning out tons of spam that flooded their own inboxes with spam for their own products. Okay, I have to admit that I do see this one as a kind of poetic justice.
  • Health-care services company McKesson is alerting thousands of patients that their personal information is at risk after two of its computers were stolen from an office on July 18.
  • Police have confirmed Watford firm Loans.co.uk have contacted them regarding the possible theft of thousands of customers’ personal details, possibly including credit card numbers and bank account details.
  • A piece of luggage belonging to a state auditor that contained the names and SSN of 61 Brevard Public Schools employees went missing during a Delta airlines flight.
  • The personal details (but not financial details) of thousands of mostly U.S.-based PC users have been discovered stashed on a server located in France. The web site could be connected to a crime ring based in the Middle East.
  • Family Video stores have been accused of leaving boxes of employee applications sitting in their public restrooms at the Geistown store, as well as at their stores in Altoona, Latrobe, Somerset, Greensburg and Indiana.
  • The University of South Carolina is looking into what it called an “accidental disclosure” of private student information on the Internet. The breach involved 1,482 students.
  • De Anza College warned Thursday that a laptop swiped from a math teacher’s home contained personal information – including many Social Security numbers – of about 4,375 students.
  • Patient information has been compromised after Calgary Health Region computers were stolen.

Updates:

  • A stolen computer containing the personal records of 5,783 patients with cancer was returned to Johns Hopkins Hospital over the weekend, a hospital spokesman said.
  • Defense and national security contractor SAIC Inc. reported higher profit in the second quarter on sales of border patrol and port security technology and cost cutting measures.The San Diego-based company also said it spent $8 million in the quarter to deal with a security breach in July when it compromised personal information about more than half a million military personnel and their relatives when it transmitted information unencrypted.

2 Responses to “Data “Dysprotection:” breaches reported last week”

  1. ed dickson says:

    Drinking my java and muttering. Thanks for keeping us all up to date on all of this!

  2. dissent says:

    You’re welcome, Ed. Last week was pretty light by comparison. Today’s only Tuesday and there have already been reports affecting more than half a million records or individuals.

    And yet… and yet… Congress does nothing. One really wonders what it will take to get these folks in gear on this.

Panorama Theme by Themocracy