Tuesday, April 03, 2007
Data Breaches 2007
Data Breaches 2007
From Brian Koerner,
Your Guide to Identity Theft.
FREE Newsletter. Sign Up Now!
A Record of Incidents
As the crime of identity theft occurs every 79 seconds, it is the fastest growing crime in United States. Consumers' personal information is exposed on a daily basis and because of tougher legislation, organizations are now required to report that a breach has occurred if it meets certain criteria.
The following is a list of data breaches that have occurred in 2007. Much like the Data Breaches in 2006 article, the data that was compromised was of such a nature that it could potentially lead to identity theft and other crimes of fraud. For those breaches that affect thousands of people and may be of particular interest to my readers, more detail on the breach is provided.
Fruit of the Loom Data Breach - Reported February 28, 2007. 2,000 present and former employees of five Fruit of the Loom facilities were affected in this breach as their names and SSNs were posted to a company Web site.RISK = MEDIUM
SpeedMark (Mystery Shopping Company), Woodland Texas - Reported February 10, 2007. 35,000 employees and contractors of this mystery shopping company were affected after computers were stolen that contained the names, addresses and SSNs RISK = MEDIUM
East Carolina University, Greenville NC - Reported February 10, 2007. 65,000 students, staff and alumni affected in this breach as the names, addresses, SSNs and in some instances, banking information (credit card numbers) was displayed on a Web site due to a programming error.past RISK = MEDIUM
Johns Hopkins University and Johns Hopkins Hospital - Reported February 7, 2007. Approximately 135,000 past and present employees and patients affected in this data breach.
The university reports that 9 backup tapes are missing including payroll information, SSN's and in some instances banking information. There was also one tape that contained patient information, though it is not clear just how sensitive that information really is. RISK = HIGH
U.S. Department of Veteran's Affairs- Reported February 3, 2007. They are at it again, this time with approximately 500,000 veterans and 1 million non-va physicians having their personal, or otherwise sensitive, information compromised. This information consisted of SSNs of veterans and medical billing information of these physicians that occured as the result of a hard drive of a VA employee at a Department facility in Birmingham, Alabama, is either lost or stolen. RISK = HIGH
Vanguard University- Reported January 27, 2007. Approximately 5,000 financial aid students have their personal information such as names, addresses, drivers license and date of birth compromised as (2) computers are stolen from the universities financial aid office. RISK = HIGH
Washiawa WIC program, Honolulu, HI- Reported January 25, 2007. Approximately 11,000 current and former clients had their personal information such as names, addresses and SSNs stolen by an agency employee. The employee then went on victimize three of those clients perpetrating identity theft and other crimes of fraud. RISK = HIGH
Ohio Board of Nursing- Reported January 25, 2007. Approximately 3,000 recently license nurses had their names and SSNs posted to a Web site. This is the second time that this has occurred. As normal practice the newly licensed nurses are posted to a Web site however personal information such as SSN should have been removed prior to being posted.RISK = MEDIUM
KB Home - Charleston South Carolina- Reported January 17, 2007. Approximately 3,000 people had their personal information such as names, addresses, phone numbers, social security numbers and other identifying information stolen when a computer was stolen from the sales office of this home builder. Those affected were those that had visited the sales office for Foxbank Plantation near the Charleston area. The system was not protected with ay encryption technology.RISK = MEDIUM
Department of Revenue - North Carolina- Reported January 14, 2007. Approximately 30,000 people had their personal information tax payer information which included names, SSNs, federal tax information compromised whe a laptop was stolen from an employee of the NC Department of Revenue. RISK = HIGH
MoneyGram International- Reported January 12, 2007. Approximately 79,000 people had their personal information such as names, addresses, phone numbers and in a few cases--bank account information. The breach occurred as it was discovered that the data was illegally accessed over the Internet. The matter is under investigation.RISK = HIGH
University of Idaho- Reported January 11, 2007. The names, addresses and SSN's of at least 70,000 alumni, donors, employees and students of the University was exposed as (3) computer systems were stolen.
Altria- Reported January 09, 2007. When a former employee (allegedly) stole (5) laptops that contained personally identifiable information approximately 18,000 people were affected. The personal information on the computers consisted of names, SSN's and other benefit related data.
From Brian Koerner,
Your Guide to Identity Theft.
FREE Newsletter. Sign Up Now!
A Record of Incidents
As the crime of identity theft occurs every 79 seconds, it is the fastest growing crime in United States. Consumers' personal information is exposed on a daily basis and because of tougher legislation, organizations are now required to report that a breach has occurred if it meets certain criteria.
The following is a list of data breaches that have occurred in 2007. Much like the Data Breaches in 2006 article, the data that was compromised was of such a nature that it could potentially lead to identity theft and other crimes of fraud. For those breaches that affect thousands of people and may be of particular interest to my readers, more detail on the breach is provided.
Fruit of the Loom Data Breach - Reported February 28, 2007. 2,000 present and former employees of five Fruit of the Loom facilities were affected in this breach as their names and SSNs were posted to a company Web site.RISK = MEDIUM
SpeedMark (Mystery Shopping Company), Woodland Texas - Reported February 10, 2007. 35,000 employees and contractors of this mystery shopping company were affected after computers were stolen that contained the names, addresses and SSNs RISK = MEDIUM
East Carolina University, Greenville NC - Reported February 10, 2007. 65,000 students, staff and alumni affected in this breach as the names, addresses, SSNs and in some instances, banking information (credit card numbers) was displayed on a Web site due to a programming error.past RISK = MEDIUM
Johns Hopkins University and Johns Hopkins Hospital - Reported February 7, 2007. Approximately 135,000 past and present employees and patients affected in this data breach.
The university reports that 9 backup tapes are missing including payroll information, SSN's and in some instances banking information. There was also one tape that contained patient information, though it is not clear just how sensitive that information really is. RISK = HIGH
U.S. Department of Veteran's Affairs- Reported February 3, 2007. They are at it again, this time with approximately 500,000 veterans and 1 million non-va physicians having their personal, or otherwise sensitive, information compromised. This information consisted of SSNs of veterans and medical billing information of these physicians that occured as the result of a hard drive of a VA employee at a Department facility in Birmingham, Alabama, is either lost or stolen. RISK = HIGH
Vanguard University- Reported January 27, 2007. Approximately 5,000 financial aid students have their personal information such as names, addresses, drivers license and date of birth compromised as (2) computers are stolen from the universities financial aid office. RISK = HIGH
Washiawa WIC program, Honolulu, HI- Reported January 25, 2007. Approximately 11,000 current and former clients had their personal information such as names, addresses and SSNs stolen by an agency employee. The employee then went on victimize three of those clients perpetrating identity theft and other crimes of fraud. RISK = HIGH
Ohio Board of Nursing- Reported January 25, 2007. Approximately 3,000 recently license nurses had their names and SSNs posted to a Web site. This is the second time that this has occurred. As normal practice the newly licensed nurses are posted to a Web site however personal information such as SSN should have been removed prior to being posted.RISK = MEDIUM
KB Home - Charleston South Carolina- Reported January 17, 2007. Approximately 3,000 people had their personal information such as names, addresses, phone numbers, social security numbers and other identifying information stolen when a computer was stolen from the sales office of this home builder. Those affected were those that had visited the sales office for Foxbank Plantation near the Charleston area. The system was not protected with ay encryption technology.RISK = MEDIUM
Department of Revenue - North Carolina- Reported January 14, 2007. Approximately 30,000 people had their personal information tax payer information which included names, SSNs, federal tax information compromised whe a laptop was stolen from an employee of the NC Department of Revenue. RISK = HIGH
MoneyGram International- Reported January 12, 2007. Approximately 79,000 people had their personal information such as names, addresses, phone numbers and in a few cases--bank account information. The breach occurred as it was discovered that the data was illegally accessed over the Internet. The matter is under investigation.RISK = HIGH
University of Idaho- Reported January 11, 2007. The names, addresses and SSN's of at least 70,000 alumni, donors, employees and students of the University was exposed as (3) computer systems were stolen.
Altria- Reported January 09, 2007. When a former employee (allegedly) stole (5) laptops that contained personally identifiable information approximately 18,000 people were affected. The personal information on the computers consisted of names, SSN's and other benefit related data.
# posted by raveneye @ 9:00 PM 
