Just like last time, the information slowly trickles out about the breach at the Veterans Administration. Again, just as in the last case, they have made and will continue to make "revisions" to the amount of data that was actually lost. These revisions are always UP and involve new and shocking information with each release. The latest revision was released on a SUNDAY - yet again showing the VA's habit of releasing information on a holiday, weekend or at other times in an effort to "slide by" the media and the public.
When everything is said and done and they actually do find the hard drive in some black market stall, they will undeniably announce like they did last time that "the data has not been accessed" although we know this statement to be a lie since there is absolutely no way of knowing whether or not the data was accessed, copied or ghosted to another hard drive.
How about a full-blown press conference Mr. Nicholson - say at 2:00PM on a Wednesday - with 2 business days notice to the national and local press, full disclosure of all events and facts and a question & answer period at the end? I am sure you could find time in your schedule to enlighten the American people that pay your salary and actually fund the VA.
This UPdate pegged the number of VA Individuals that were affected was 535,000 (Not the 48,000 with only 20,000 records "unencrypted" as stated previously) and the real shocker this time is that there were additional NON-VA records of 1.3 million private Physicians although the VA states that only "some of the files contain personal information".
Whom and What to believe are the real questions here. The VA should know by now after 4 weeks exactly what information was on the hard drive and should disclose everything - not just feed us bit-by-bit hoping that no-one will put the information together.
VA Update on Missing Hard Drive in Birmingham, Ala
11 Feb 2007, 5:37 PM CST
WASHINGTON -- The Department of Veterans Affairs (VA) on Sunday issued an update on the information potentially contained on a missing government-owned, portable hard drive used by a VA employee at a Department facility in Birmingham, Ala.
“Our investigation into this incident continues, but I believe it is important to provide the public additional details as quickly as we can,” said Jim Nicholson, Secretary of Veterans Affairs. “I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened.
“VA will continue working around the clock to determine every possible detail we can,” Nicholson said.
VA and VA’s Office of Inspector General have learned that data files the employee was working with may have included sensitive VA-related information on approximately 535,000 individuals. The investigation has also determined that information on approximately 1.3 million non-VA physicians — both living and deceased— could have been stored on the missing hard drive. It is believed though, that most of the physician information is readily available to the public. Some of the files, however, may contain sensitive information.
VA continues to examine data on the employee’s work computer. The employee has been placed on administrative leave pending the outcome of the investigation. VA has no information the data has been misused.
The non-VA physician data is used by VA to enhance the quality of care for veterans by analyzing and comparing information about the health care received from VA and non-VA providers.
Next week, VA will begin making notifications to individuals whose sensitive information may have been on the hard drive. VA is also making arrangements to provide one year of free credit monitoring to those whose information proves compromised.
“VA is unwavering in our resolve to bolster our data security measures,” Nicholson added. “We remain focused on doing everything that can be done to protect the personal information with which we are entrusted.”
On January 22, the employee, who works at the Birmingham (Ala.) VA Medical Center, reported the external hard drive was missing. On January 23, VA’s IG was notified. The OIG opened a criminal investigation, sent special agents to the medical center, and notified the FBI. VA’s Office of Information & Technology in Washington, D.C. also dispatched an incident response team to investigate.
The OIG seized the employee’s work computer and began analyzing its contents. This analysis continues and VA IT staff has been providing technical support.
In addition to the ongoing criminal investigation, the OIG initiated an administrative investigation to determine how such an incident could occur.
VA is operating a call center that individuals can contact to get information about this incident. That toll-free number is 1-877-894-2600. The call center will operate every day from 7 a.m. to 9 p.m. CST as long as it is needed.
Showing posts with label Data Breach. Show all posts
Showing posts with label Data Breach. Show all posts
Monday, February 12, 2007
Monday, February 05, 2007
Update on Missing VA Hard Drive - The Plot Thickens...
It appears now that this "missing hard drive" was stolen from a VA FACILITY. This is in sharp contrast to last years missing-at-home scenario. This means that the drive walked out of a secure government facility with un-encrypted data on it.
Why was the data only partially encrypted? According to testimony before Congress by Director Jim Nicholson, ALL private data was to be encrypted on VA computers.
Why would the VA allow a "backup" from the employees computer when the data is only supposed to be on a secure VA Server?
There is an untold tale that will eventually surface regarding the rest of the story. We'll be waiting.
Why was the data only partially encrypted? According to testimony before Congress by Director Jim Nicholson, ALL private data was to be encrypted on VA computers.
Why would the VA allow a "backup" from the employees computer when the data is only supposed to be on a secure VA Server?
There is an untold tale that will eventually surface regarding the rest of the story. We'll be waiting.
Update for Small Accountancy Firms and Tax Preparers - GLBA
Congress passed sweeping legislation in 1999 to require "financial institutions" to protect their customers data. While traditional tax preparers aren't considered financial institutions, they do collect and warehouse private financial data and ARE subject to this rule.
Even though you "think" it may not apply to you, read on... It very well might.
See below for information from the following publication:
In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley ActEXEMPTIONS FOR CPA's - ONLY FROM PRIVACY REPORTING REQUIREMENT.
Protecting the privacy of consumer information held by "financial institutions" is at the heart of the financial privacy provisions of the Gramm-Leach-Bliley Financial Modernization Act of 1999. The GLB Act requires companies to give consumers privacy notices that explain the institutions' information-sharing practices. In turn, consumers have the right to limit some - but not all - sharing of their information.
Here's a brief look at the basic financial privacy requirements of the law.
Financial Institutions
The GLB Act applies to "financial institutions" - companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance. The Federal Trade Commission has authority to enforce the law with respect to "financial institutions" that are not covered by the federal banking agencies, the Securities and Exchange Commission, the Commodity Futures Trading Commission, and state insurance authorities. Among the institutions that fall under FTC jurisdiction for purposes of the GLB Act are non-bank mortgage lenders, loan brokers, some financial or investment advisers, tax preparers, providers of real estate settlement services, and debt collectors. At the same time, the FTC's regulation applies only to companies that are "significantly engaged" in such financial activities.
The law requires that financial institutions protect information collected about individuals; it does not apply to information collected in business or commercial activities.
CPAs Exempt from Gramm-Leach-Bliley Act Privacy Notification RequirementTax Preparers are however NOT currently exempt from the Security Rule of 15USC Sec. 6801 - which states:
Press Release from the AICPA, Washington, DC, October 13, 2006—The President today signed a bill that exempts certified public accountants from the Gramm-Leach-Bliley Act’s requirement that CPAs send their clients an annual privacy notice. The exemption is effective immediately.
Thank you George Toft from http://www.MyITAZ.com for bringing this to our attention.(b) Financial institutions safeguards
In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards -
(1) to insure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
Saturday, February 03, 2007
Missing Veterans Affairs hard drive sparks identity theft fears
Announced February 2nd, 2007
Portable Hard Drive Theft - Portable Data Breach - Unencrypted Data
Medical Data and Personal Identifying Data
48,000+ Records
Veterans (Current and Former?) Data Stolen AGAIN!???
Governing Privacy Law or Rule - HIPAA, Federal Information Security Management Act of 2002, 44 U.S.C. §§ 3541-3549, State Laws
WASHINGTON (Feb. 2, 2007) -- The Department of Veterans Affairs (VA) today announced that an employee reported a government-owned, portable hard drive used by the employee at a Department facility in Birmingham, Ala. and potentially containing personal information about some veterans is missing and may have been stolen.
"I am concerned about this report," said Jim Nicholson, Secretary of Veterans Affairs. "VA's Office of Inspector General and the FBI are conducting a thorough investigation into this incident. VA's Office of Information and Technology is conducting a separate review. We intend to get to the bottom of this, and we will take aggressive steps to protect and assist anyone whose information may have been involved."
Portable Hard Drive Theft - Portable Data Breach - Unencrypted Data
Medical Data and Personal Identifying Data
48,000+ Records
Veterans (Current and Former?) Data Stolen AGAIN!???
Governing Privacy Law or Rule - HIPAA, Federal Information Security Management Act of 2002, 44 U.S.C. §§ 3541-3549, State Laws
Feb 2, 2007
WASHINGTON (Feb. 2, 2007) -- The Department of Veterans Affairs (VA) today announced that an employee reported a government-owned, portable hard drive used by the employee at a Department facility in Birmingham, Ala. and potentially containing personal information about some veterans is missing and may have been stolen.
"I am concerned about this report," said Jim Nicholson, Secretary of Veterans Affairs. "VA's Office of Inspector General and the FBI are conducting a thorough investigation into this incident. VA's Office of Information and Technology is conducting a separate review. We intend to get to the bottom of this, and we will take aggressive steps to protect and assist anyone whose information may have been involved."
On January 22, the employee at the Birmingham VA Medical Center reported that an external hard drive was missing. The hard drive was used to back up information contained on the employee's office computer, and may have contained data from research projects the employee was involved in. The employee also indicated the hard drive may have contained personal identifying information on some veterans, but asserts that portions of the data were protected. Investigators are still working to determine the scope of the information potentially involved.
On January 23, VA's IG was notified the external hard drive was missing. The OIG opened a criminal investigation, sent special agents to the medical center, and notified the FBI. VA's Office of Information & Technology in Washington, D.C. also dispatched an incident response team to investigate.
The OIG has seized the employee's work computer and is in the process of analyzing its contents. VA IT staff is providing technical support in this effort. Analyzing the work computer may help investigators determine the nature of the information the hard drive potentially contained.
Pending results of the investigation, VA is prepared to send individual notifications and provide one year of free credit monitoring to those whose information proves compromised.
In addition to the ongoing criminal investigation, the OIG has initiated an administrative investigation to determine how such an incident could occur. VA will provide further updates as the investigation produces additional information.
"VA is unwavering in our resolve to be the leader in protecting personal information, and training and educating our employees in best practices in cyber and information security," said Nicholson. "We have made considerable progress, but establishing a culture that always puts the safekeeping of veterans' personal information first is no easy task. I have committed VA to achieving such reform ? and we will. This unfortunate incident will not deter our efforts, but it underscores the complexity of the task we have undertaken."
Wednesday, January 17, 2007
TJX Companies, Inc. "Unknown Amount of Records Breached"
Announced January 17, 2006
Computer Network Breach - "Unknown Amount of Records"
TJX Companies, Inc.
Retail (T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores)
Framingham, MA
Governing Privacy Law or Rule - PCI-DSS, State Laws, Federal Wire Fraud
FRAMINGHAM, Mass.--(BUSINESS WIRE)--The TJX Companies, Inc. (NYSE:TJX) today announced that it has suffered an unauthorized intrusion into its computer systems that process and store information related to customer transactions. While TJX has specifically identified some customer information that has been stolen from its systems, the full extent of the theft and affected customers is not yet known. This intrusion involves the portion of TJX’s computer network that handles credit card, debit card, check, and merchandise return transactions for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada, and may involve customers of its T.K. Maxx stores in the U.K. and Ireland. The intrusion could also extend to TJX’s Bob’s Stores in the U.S. The Company immediately alerted law enforcement authorities of the crime and is working closely with them to help identify those responsible. TJX is also cooperating with credit and debit card issuers and providing them with information on the intrusion.
TJX is conducting a full investigation of the intrusion with the assistance of several leading computer security and incident response firms and is seeking to determine what customer information may have been compromised. The Company is committed to providing its customers with more information when it becomes available.
With the help of leading computer security experts, TJX has significantly strengthened the security of its computer systems. While no computer security can completely guarantee the safety of data, these experts have confirmed that the containment plan adopted by TJX is appropriate to prevent future intrusions and to protect the safety of credit card, debit card and other customer transactions in its stores.
Ben Cammarata, Chairman and Acting Chief Executive Officer of The TJX Companies, Inc., stated, “We are deeply concerned about this event and the difficulties it may cause our customers. Since discovering this crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems and we believe customers should feel safe shopping in our stores. Our first concern is the potential impact of this crime on our customers, and we strongly recommend that they carefully review their credit card and debit card statements and other account information for unauthorized use. We want to assure our customers that this issue has the highest priority at TJX.”
The TJX Companies, Inc. is the leading off-price retailer of apparel and home fashions in the U.S. and worldwide. The Company operates 826 T.J. Maxx, 751 Marshalls, 271 HomeGoods, and 162 A.J. Wright stores, as well as 36 Bob’s Stores, in the United States. In Canada, the Company operates 184 Winners and 68 HomeSense stores, and in Europe, 212 T.K. Maxx stores. TJX’s press releases and financial information are also available on the Internet at www.tjx.com.
Source: Business Wire
Computer Network Breach - "Unknown Amount of Records"
TJX Companies, Inc.
Retail (T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores)
Framingham, MA
Governing Privacy Law or Rule - PCI-DSS, State Laws, Federal Wire Fraud
FRAMINGHAM, Mass.--(BUSINESS WIRE)--The TJX Companies, Inc. (NYSE:TJX) today announced that it has suffered an unauthorized intrusion into its computer systems that process and store information related to customer transactions. While TJX has specifically identified some customer information that has been stolen from its systems, the full extent of the theft and affected customers is not yet known. This intrusion involves the portion of TJX’s computer network that handles credit card, debit card, check, and merchandise return transactions for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada, and may involve customers of its T.K. Maxx stores in the U.K. and Ireland. The intrusion could also extend to TJX’s Bob’s Stores in the U.S. The Company immediately alerted law enforcement authorities of the crime and is working closely with them to help identify those responsible. TJX is also cooperating with credit and debit card issuers and providing them with information on the intrusion.
TJX is conducting a full investigation of the intrusion with the assistance of several leading computer security and incident response firms and is seeking to determine what customer information may have been compromised. The Company is committed to providing its customers with more information when it becomes available.
With the help of leading computer security experts, TJX has significantly strengthened the security of its computer systems. While no computer security can completely guarantee the safety of data, these experts have confirmed that the containment plan adopted by TJX is appropriate to prevent future intrusions and to protect the safety of credit card, debit card and other customer transactions in its stores.
Ben Cammarata, Chairman and Acting Chief Executive Officer of The TJX Companies, Inc., stated, “We are deeply concerned about this event and the difficulties it may cause our customers. Since discovering this crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems and we believe customers should feel safe shopping in our stores. Our first concern is the potential impact of this crime on our customers, and we strongly recommend that they carefully review their credit card and debit card statements and other account information for unauthorized use. We want to assure our customers that this issue has the highest priority at TJX.”
Important Information for Customers
- TJX has established a special helpline for its customers who have questions about this situation. Customers may reach the helpline toll-free at 866-484-6978 in the United States, 866-903-1408 in Canada, and 0800 77 90 15 in the United Kingdom and Ireland.
- TJX will also provide information for customers on its website, www.tjx.com, including tips on preventing credit and debit card fraud and other steps customers may take to protect their personal information.
- TJX strongly recommends that customers carefully review their account statements and immediately notify their credit or debit card company or bank if they suspect fraudulent use.
Actions Taken By TJX
- Upon discovery of the intrusion in mid-December, 2006, TJX immediately notified and began working closely with law enforcement authorities, including the United States Department of Justice and Secret Service and the Royal Canadian Mounted Police. The Company has coordinated its actions with these authorities and provided all assistance requested to seek to identify the criminals responsible for this incident. TJX maintained the confidentiality of this intrusion as requested by law enforcement.
- The Company immediately engaged General Dynamics Corporation and IBM Corporation, two leading computer security and incident response firms. TJX has been working aggressively with these firms to monitor and evaluate the intrusion, assess possible data compromise, and seek to identify affected information. These firms have assisted TJX in further securing its computer systems and implementing security upgrades.
- TJX promptly notified and began working closely with the major credit card companies (American Express, Discover, MasterCard and VISA) and entities that process our customers' transactions. The Company has been providing them information including all requested credit and debit card information.
Information About the Intrusion
Through its investigation, TJX has learned the following with respect to the intrusion:
- An unauthorized intruder accessed TJX's computer systems that process and store information related to customer transactions for its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico and its Winners and HomeSense stores in Canada.
- The Company is concerned that the intrusion may extend to the computer systems that process and store information related to customer transactions for T.K. Maxx in the U.K. and Ireland, although TJX’s investigation has not yet been able to confirm any such intrusion. It is possible that the intrusion may extend to Bob's Stores.
- Portions of the information stored in the affected part of TJX’s network regarding credit and debit card sales transactions in TJX’s stores (excluding Bob’s Stores) in the U.S., Canada, and Puerto Rico during 2003, as well as such information for these stores for the period from mid-May through December, 2006 may have been accessed in the intrusion. TJX has provided the credit card companies and issuing banks with information on these and other transactions.
- To date, TJX has been able to specifically identify a limited number of credit card and debit card holders whose information was removed from its system and is providing this information to the credit card companies. In addition, TJX has been able to specifically identify a relatively small number of customer names with related drivers' license numbers that were also removed from its system, and TJX is contacting these individuals directly.
- TJX is continuing its investigation seeking to determine whether additional customer information may have been compromised. TJX does not know if it will be able to identify additional information of specific customers that may have been taken.
The TJX Companies, Inc. is the leading off-price retailer of apparel and home fashions in the U.S. and worldwide. The Company operates 826 T.J. Maxx, 751 Marshalls, 271 HomeGoods, and 162 A.J. Wright stores, as well as 36 Bob’s Stores, in the United States. In Canada, the Company operates 184 Winners and 68 HomeSense stores, and in Europe, 212 T.K. Maxx stores. TJX’s press releases and financial information are also available on the Internet at www.tjx.com.
Source: Business Wire
Commentary - Secure the Data Already - AGAIN!
Your private data is everywhere. Your identity is valuable and if it is compromised, the economic, emotional and even physical damage can almost never be reversed.
With every purchase you make online, every major purchase like a home or car, each account you open with a bank, broker or insurance agent, health care agency, doctor, or even when you apply for basic services such as telephone or power you are "required by these providers" to release information such as your name, address, social security number, phone number, date of birth, credit card numbers, spouse and children's names, dates of birth, and other private data that is unique to your identity. Most of this data is collected under the guise of verifying your identity or to fulfill some government mandate or industry guideline to validate their internal procedures. The question is, what happens with this data?
There are several US Government laws that regulate what can and cannot be done with certain types of personally identifiable information. Each of these laws have penalties for breaches of the requirements. The sad truth is that almost none of these laws are enforced even when a very public breach has occurred.
ClipBio Pro - 1GB or 2GB Portable Flash Memory with Fingerprint Security starting at $69.95
iQBioDrive - 100GB or 160GB Portable Hard Drive with Fingerprint Security starting at $219.95
Each of the above is cheap insurance. Protect your data...
With every purchase you make online, every major purchase like a home or car, each account you open with a bank, broker or insurance agent, health care agency, doctor, or even when you apply for basic services such as telephone or power you are "required by these providers" to release information such as your name, address, social security number, phone number, date of birth, credit card numbers, spouse and children's names, dates of birth, and other private data that is unique to your identity. Most of this data is collected under the guise of verifying your identity or to fulfill some government mandate or industry guideline to validate their internal procedures. The question is, what happens with this data?
There are several US Government laws that regulate what can and cannot be done with certain types of personally identifiable information. Each of these laws have penalties for breaches of the requirements. The sad truth is that almost none of these laws are enforced even when a very public breach has occurred.
ClipBio Pro - 1GB or 2GB Portable Flash Memory with Fingerprint Security starting at $69.95
iQBioDrive - 100GB or 160GB Portable Hard Drive with Fingerprint Security starting at $219.95Each of the above is cheap insurance. Protect your data...Announced January, 17, 2007 - Fitchburg Savings Bank "1300+ Records Breached"
Network Computer Breach
Fitchburg Savings Bank
Business
Boston, MA
Governing Privacy Law or Rule - GLBA, State Laws
About 1,300 debit-ATM cards issued by Fitchburg Savings Bank were deactivated yesterday after the bank was told by Visa USA that a “large-scale data compromise” may have included its check cards.
None of the cards was used fraudulently and all are being replaced, said Martin F. Connors Jr., bank president and chief executive officer. “If someone has the person’s information, at this point they can’t do anything with it,” he said.
Mr. Connors said he was aware of at least one other financial institution in Worcester County with far more cards affected by the security breach. A broader problem was confirmed by the Massachusetts Bankers Association yesterday.
“It appears that Visa has notified a number of banks in Massachusetts that a large-scale retailer has had a problem with some of its customer data,” said Bruce E. Spitzer, an MBA spokesman. “Quite a few banks are replacing cards or notifying customers to be extra vigilant in monitoring their accounts. If a card needs to be reissued, the bank will do it.”
Another source indicated that the breach may be broader than Visa cards.
Mr. Connors said customers should receive new debit cards within a week. Cardholders may activate their new cards immediately by going to one of seven Fitchburg Savings Bank branches with proper personal identification and changing the PIN number on their new card. Or they can wait to receive a new pre-assigned PIN in the mail and follow the activation instructions, the bank said in a letter dated yesterday to customers.
Fitchburg Savings Bank
Business
Boston, MA
Governing Privacy Law or Rule - GLBA, State Laws
About 1,300 debit-ATM cards issued by Fitchburg Savings Bank were deactivated yesterday after the bank was told by Visa USA that a “large-scale data compromise” may have included its check cards.
None of the cards was used fraudulently and all are being replaced, said Martin F. Connors Jr., bank president and chief executive officer. “If someone has the person’s information, at this point they can’t do anything with it,” he said.
Mr. Connors said he was aware of at least one other financial institution in Worcester County with far more cards affected by the security breach. A broader problem was confirmed by the Massachusetts Bankers Association yesterday.
“It appears that Visa has notified a number of banks in Massachusetts that a large-scale retailer has had a problem with some of its customer data,” said Bruce E. Spitzer, an MBA spokesman. “Quite a few banks are replacing cards or notifying customers to be extra vigilant in monitoring their accounts. If a card needs to be reissued, the bank will do it.”
Another source indicated that the breach may be broader than Visa cards.
Mr. Connors said customers should receive new debit cards within a week. Cardholders may activate their new cards immediately by going to one of seven Fitchburg Savings Bank branches with proper personal identification and changing the PIN number on their new card. Or they can wait to receive a new pre-assigned PIN in the mail and follow the activation instructions, the bank said in a letter dated yesterday to customers.
Announced January, 17, 2007 - Diablo Municipal Water District "500 Records Breached"
Unencrypted Private Data - Stolen Computer Breach
Diablo Municipal Water District
Government Agency
San Marcos, CA
Governing Privacy Law or Rule - California Senate Bill SB1386
The credit-card numbers of about 500 customers in the Rincon del Diablo Municipal Water District were stolen yesterday in an early-morning break-in, officials said. Thieves smashed a glass wall at the district's offices on North Iris Lane and stole two computers, one from the customer services department and the other from engineering, said Darlene Lynn, interim general manager. Customers' names and credit-card numbers were contained in software on the customer services computer, but their Social Security numbers and birth dates were not on either computer, Lynn said. She said the number of stolen credit-card numbers could increase because officials are still determining the extent of information that was taken. No instances of credit-card numbers being used illegally have been reported, the district said, and police are investigating the burglary.
Diablo Municipal Water District
Government Agency
San Marcos, CA
Governing Privacy Law or Rule - California Senate Bill SB1386
The credit-card numbers of about 500 customers in the Rincon del Diablo Municipal Water District were stolen yesterday in an early-morning break-in, officials said. Thieves smashed a glass wall at the district's offices on North Iris Lane and stole two computers, one from the customer services department and the other from engineering, said Darlene Lynn, interim general manager. Customers' names and credit-card numbers were contained in software on the customer services computer, but their Social Security numbers and birth dates were not on either computer, Lynn said. She said the number of stolen credit-card numbers could increase because officials are still determining the extent of information that was taken. No instances of credit-card numbers being used illegally have been reported, the district said, and police are investigating the burglary.
Announced January, 11, 2007 - University of Idaho "70,000+ Records Breached"
Unencrypted Private Data - Stolen Computer Breach
University of Idaho
Educational Institution
Boise, Idaho
Governing Privacy Law or Rule - State Laws
Three desktop computers have disappeared from the University of Idaho’s Advancement Services office – and now school officials say the personal data of alumni, donors, employees and students may be in danger. UI says someone stole the computers – and an internal investigation shows that as many as 70,000 social security numbers, names and addresses may be stored on the hard drives.
University of Idaho
Educational Institution
Boise, Idaho
Governing Privacy Law or Rule - State Laws
Three desktop computers have disappeared from the University of Idaho’s Advancement Services office – and now school officials say the personal data of alumni, donors, employees and students may be in danger. UI says someone stole the computers – and an internal investigation shows that as many as 70,000 social security numbers, names and addresses may be stored on the hard drives.
Announced January, 08, 2007 - Notre Dame "Hundreds of Records Breached"
Unencrypted Private Data - Stolen Computer Breach
Notre Dame
Educational
South Bend, Indiana
Governing Privacy Law or Rule - State Laws
Notre Dame employees recently received a letter in the mail that some of their personal information may have gotten into the wrong hands. A University Director's laptop was stolen before Christmas. On January 2nd university employees received the letter notifying them of the crime. They were told they may want to monitor activities on personal accounts because the computer was storing Social Security numbers and salary information.
Announced January, 05, 2007 - Selma NC Fire Dept "250+ Records Breached"
Unencrypted Private Data - Stolen Computer Breach
Selma NC Fire Dept
State Agency
Selma, NC
Governing Privacy Law or Rule - State Laws
SELMA, NC -- A stolen laptop in Johnston County has firemen on alert for identity theft. The computer contained the names and social security numbers of volunteer firemen in Selma.
Selma NC Fire Dept
State Agency
Selma, NC
Governing Privacy Law or Rule - State Laws
SELMA, NC -- A stolen laptop in Johnston County has firemen on alert for identity theft. The computer contained the names and social security numbers of volunteer firemen in Selma.
Announced January, 04, 2007 - Emory Healthcare, Geisinger HC, Williamson Med Ctr, Electronic Registry Systems, Inc. "50,000+ Records Breached"
Unencrypted Private Data - Stolen Computer Breach
Emory Healthcare
Geisinger HC
Williamson Med Center
Electronic Registry Systems, Inc.
Other "John Doe" Health Care Corporations
Multiple Locations in 5 States
Governing Privacy Law or Rule - HIPAA, State Laws
The theft of a computer from the office of an Ohio-based health care contractor on Nov. 23 has exposed sensitive data belonging to tens of thousands of patients in five health care firms across five states. The compromised data includes the names, addresses, medical record numbers, diagnoses, treatment information and Social Security numbers of the patients. Among those affected are patients at Atlanta-based Emory Healthcare, Danville, Pa.-based Geisinger Health System and Franklin, Tenn.-based Williamson Medical Center. The names of two other health care providers affected by the burglary at Cincinnati-based Electronic Registry Systems Inc. (ERS) have not yet been released.
Emory Healthcare
Geisinger HC
Williamson Med Center
Electronic Registry Systems, Inc.
Other "John Doe" Health Care Corporations
Multiple Locations in 5 States
Governing Privacy Law or Rule - HIPAA, State Laws
The theft of a computer from the office of an Ohio-based health care contractor on Nov. 23 has exposed sensitive data belonging to tens of thousands of patients in five health care firms across five states. The compromised data includes the names, addresses, medical record numbers, diagnoses, treatment information and Social Security numbers of the patients. Among those affected are patients at Atlanta-based Emory Healthcare, Danville, Pa.-based Geisinger Health System and Franklin, Tenn.-based Williamson Medical Center. The names of two other health care providers affected by the burglary at Cincinnati-based Electronic Registry Systems Inc. (ERS) have not yet been released.
Announced January, 03, 2007 - Wisconsin State Dept of Revenue "171,000 Records Breached"
Printing & Distribution Error
Wisconsin State Dept of Revenue
State Agency
Milwaukee, WI
Governing Privacy Law or Rule - State Laws
MILWAUKEE The State Department of Revenue today is urging taxpayers to contact credit bureaus to guard against identity theft after acknowledging late last week that Social Security numbers for 171-thousand taxpayers inadvertently ended up on mailing labels.
Wisconsin State Dept of Revenue
State Agency
Milwaukee, WI
Governing Privacy Law or Rule - State Laws
MILWAUKEE The State Department of Revenue today is urging taxpayers to contact credit bureaus to guard against identity theft after acknowledging late last week that Social Security numbers for 171-thousand taxpayers inadvertently ended up on mailing labels.
Subscribe to:
Posts (Atom)