Data “Dysprotection:” breaches reported last week

By , September 17, 2007 7:51 am

A recap of breaches reported or updated last week in the news section.

Newly reported incidents:

  • Gander Mountain Company announced that computer equipment containing certain customer transaction information is missing and may have been stolen.
  • Americhoice Inc., a TennCare provider, is offering free identity protection after a courier service lost the personal information of nearly 67,000 TennCare enrollees.
  • TD Ameritrade Holding Corp. reported that one of its databases was hacked and contact information for its more than 6.3 million customers was stolen.
  • Two computers containing the mental health histories of 375,000 Medicaid recipients were stolen from a Pennsylvania Public Welfare Department office last month.The mental health information on the computers identified people by codes and not by name, but full names and Social Security numbers of nearly 2,000 people were also on the computers.
  • Affiliated Computer Services (ACS) reportedly misplaced a backup tape containing names and Social Security numbers of an unspecified number of Kraft employees, former employees, and their dependents. This is not the first incident involving ACS. Other incidents include a hard drive containing data on the Delaware Courts that was in luggage stolen from an ACS employee in July and five earlier incidents.
  • A Hewlett-Packard executive left a laptop containing the names, addresses, dates of birth, Social Security numbers, compensation information and citizenship information of 1,425 former Mercury Interactive employees in a taxicab.
  • A former Farmer’s Insurance agent in Arkansas improperly disposed of thousands of files and documents with sensitive information.
  • Over in the UK, Dudley Group of Hospitals NHS Trust has been trying to find out how a hard drive containing sensitive patient information from a trust hospital was sold on the auction site eBay.
  • Also in the UK: bank and national insurance details of 1,380 people on St Edmundsbury Borough Council‘s payroll were stored on a laptop computer stolen from the home of a council worker on September 6.
  • A Carmel High School student has been charged with three felony counts for for illegally accessing the school’s computer system and acquiring the Social Security numbers, addresses, phone numbers and the dates of birth of every employee of the school district. Numerous other files containing student, parent and employee IDs and passwords were also acquired.
  • More than 8,000 former and current patients of two clinics affiliated with the University of Michigan are being notified that computer tapes containing their personal information were stolen last weekend.
  • Purdue University informed 111 people who were students in the fall of 2004 that information about them was inadvertently on the Internet.
  • Voxant reported that its e-commerce server was hacked on or about June 20th as a result of a phishing scheme; credit card details on 4,500 customers “could have been” accessed.
  • One of five desktop computers stolen in mid-August from Printpack, Inc.‘s new headquarters in Atlanta was from their Finance Department and contained personal information on current and former Printpack employees including Social Security numbers, dates of birth, marital status, addresses, and other information used for tax and human resources purposes.
  • AW Direct, Inc., direct marketers of towing and trucking equipment, reported that there may have been unauthorized access to portions of their web site containing customer orders including details such as names, addresses, and credit card information.
  • As many as 700 employees at the Veterans Affairs Medical Center in Martinsburg are trying to figure out how and why envelopes bearing their Social Security numbers were recently lost.
  • North of the border, personal medical information from several health facilities in Winnipeg have been faxed to someone who has nothing to do with the cases — and the problem continued even after provincial health officials were alerted. Christina Sikorsky said that, for years, she has been receiving faxes destined for the Mount Carmel Clinic in Winnipeg, which has a fax number similar to Sikorsky’s home number.
  • Some 3,100 current or past Tennessee Tech University students who owe the university money were notified today that some of their personal data including Social Security numbers may have been sent to another student’s address due to a bill printing glitch.
  • Meanwhile, “down under,” NSW Police are investigating the possible compromise of an online florist’s database and theft of customers’ credit card details. The Fraud Squad has set up Strike Force Parkview to investigate the case that involves the retailer Roses Only.
  • A potential treasure trove for identity thieves of personal information on thousands of the Gary Indiana‘s most vulnerable residents sat for the taking behind an open door with no lock and no key after the door was stolen from a building the city stopped using in 2004. Inside the building were file cabinets, roughly 2,000 records alphabetized by last name, displaying home addresses, dates of birth, Social Security numbers, incomes, martial and employment status, and other information about people who once came to the city for help.

Updates:

  • The names and Social Security numbers of more than 66,600 more individuals, including former state workers, were on a computer backup tape stolen from an Ohio state intern’s car in June, officials said today. That brings the total to more than 1.3 million individuals, businesses and other entities whose sensitive information is on the tape.
  • A Miami man was sentenced to five years in prison for his involvement in an identity theft ring that was tied to the data breach at TJX Cos. Irving Escobar was also ordered to pay nearly $600,000 in restitution for “leading the criminal operation that used personally identifiable information stolen from the TJX data breach,” according to a press release.
  • The Ohio Department of Public Safety expects to temporarily close the Fairlawn License Bureau as it searches for a new deputy registrar. Fairlawn’s current Deputy Registrar, Susan Suso, was terminated last week following a Channel 3 News investigation into how dozens of documents with drivers’ personal information was found unsecured in the BMV’s trash dumpster.
  • The case of missing luggage containing the personal information of 61 Brevard Public School District employees, has been solved. Melbourne International Airport police arrested a defense subcontractor from California on charges of stealing luggage from the airport — including the bag that belonged to a state auditor who was reviewing documents of Brevard Public Schools employees.
  • Connecticut State Comptroller Nancy Wyman says names and Social Security numbers of 57 Connecticut residents were improperly listed on a computer backup tape stolen in Ohio. Accenture, a consultant that worked on both states’ computer systems, will pay for free credit monitoring.
  • Also in CT, State Attorney General Richard Blumenthal is urging Yale University to provide identity theft protection for 10,200 students and faculty whose names and Social Security numbers were on university laptops stolen in July.

One Response to “Data “Dysprotection:” breaches reported last week”

  1. Adam says:

    Dang, that’s a lot of outside the US revalations.

    Cool.

Panorama Theme by Themocracy