GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2005 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
December 27, 2005
Marriott International Inc (Time Share Division)
Missing back-up tapes containing credit card info.
206,000 California SB-1386 & other
State derivatives, PCI/Visa
CISP
A.10.8.3 - Physical media in transit
December 22, 2005
Ford Motor Company
Stolen computer
70,000 California SB-1386 & other
State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 21, 2005
DHL/Lasalle Bank/ABN Amro Mortgage Group
Inc.
Tape lost but recovered
2,000,000 GLB Act, California SB-1386
& other State derivatives
A.10.8.3 - Physical media in transit
December 19, 2005
Guidance Software, Pasadena Calif.
Security firm hacked
3,800 California SB-1386 & other
State derivatives, PCI/Visa
CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 12, 2005
Sam's Club (A Div. of Wal-Mart)
Undetermined
Undetermined
California SB-1386 & other
State derivatives, PCI/Visa
CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
December 12, 2005
Iowa state University
2 computers containing encrypted info. breached
2,500 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 12, 2005
Aid to the Church in need (UK Charity)
Hacked - Criminals steal credit card details
2,800 California SB-1386 & other
State derivatives, PCI/Visa
CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 6, 2005
Washington State Employment Security Dept.
Stolen Laptop
530 California SB-1386 & other
State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 3, 2005
University of San Diego
Network security breach
7,800 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 3, 2005
First Trust Bank
Stolen Laptop
Undetermined
(Thousands)
GLB Act, California SB-1386
& other State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 2, 2005
Cornell University
Hacked
900 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 26, 2005
Scottrade/Troy Group
Hacked
140,000 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 20, 2005
Vermont Technical College
Exposed on web
Undetermined
GLB Act, California SB-1386
& other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 20, 2005
Wilcox Memorial Hospital
Lost disk drive
130,000 California SB-1386 & other
State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
November 20, 2005
Monmouth University
Exposed on web
677 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 18, 2005
Boeing company (Seattle)
Laptop Theft
161,000 California SB-1386 & other
State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 15, 2005
Montclair State University
Exposed online
9,100 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 11, 2005
Georgia Tech Office of Enrollment Services
Stolen computers
13,000 California SB-1386 & other
State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 9, 2005
TransUnion LLC (California)
Stolen computers from company that maintains credit history on individuals
3,623 California SB-1386 & other
State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 7, 2005
Papa John's (Louisville, KY)
Personal data exposed through web-based customer feedback
Undetermined
California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 7, 2005
Bank of America
Laptop Theft
Unknown
GLB Act, California SB-1386
& other State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 5, 2005
Safeway (Hawaii)
Stolen Laptop
1,400 California SB-1386 & other
State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 4, 2005
Keck School of Medicine (USC)
Stolen server
50,000 California SB-1386 & other
State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 1, 2005
University of Tennessee Medical Centre
Stolen Laptop
3,800 GLB Act, California SB-1386
& other State derivatives, FERPA, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
October 29, 2005
University of Tennessee
PII Inadvertently posted on internet
1,900 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 21, 2005
State of California
PII exposed
Tens of Thousands
California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 29, 2005
University of Georgia
Hacked
1,600 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 28, 2005
RBC Dain Rauscher Inc. (Minneapolis)
Ex-employee with enabled logical access
300,000 California SB-1386 & other
State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 28, 2005
City University of New York
Unprotected Google search links access privileged information
771 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 19, 2005
Children's Health Council
Stolen Back-up tape
6,700 California SB-1386 & other
State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
September 17, 2005
North Fork Bank
Stolen Laptop
9,000 GLB Act, California SB-1386
& other State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 16, 2005
Choicepoint (Atlanta)
Unauthorized access to PII
5,236 California SB-1386 & other
State derivatives
A.6.2.1 - Identification of risks related to external
parties
A.6.2.2 - Addressing security when dealing with customers
A.6.2.3 - Addressing security in third party agreements
September 16, 2005
Miami University (Ohio)
Online exposure
21,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 13, 2005
Fort Carson
4 Hard Drives Stolen
15,000 California SB-1386 & other
State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 10, 2005
Kent State University
Stolen Computers
100,000 California SB-1386 & other
State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 30, 2005
JP Morgan Chase (Dallas)
Stolen Laptop
Undetermined
GLB Act, California SB-1386
& other State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 30, 2005
California State University
Hacked
154 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 27, 2005
ChartOne
Laptop Theft
3,851 California SB-1386 & other
State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 19, 2005
United States Airforce
Hacked using legitimate ID and password
33,000 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 19, 2005
University of Colorado
Unauthorized access (Hacked)
49,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 12, 2005
Verizon Wireless (New York)
Programming error exposes customer account info
Undetermined
California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 9, 2005
Sonoma State university
Hacked
61,709 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 9, 2005
University of North Texas
Hacked
39,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 4, 2005
Cal Poly Pomona
Hacked
31,000 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 3, 2005
University of Colorado
Hacked 3 times in 2 weeks
36,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 29, 2005
San Diego County Employees Retirement
Association
Hacked
32,000 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 25, 2005
KC & Associates ( St. John's Regional Medical centre
Stolen computers
27,000 California SB-1386 & other
State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 20, 2005
Iowa State University
Hacked
2,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 15, 2005
SpreadFirefox .com
Hacked (Unpatched vulnerability exploited)
100,000 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 13, 2005
Arizona Biodyne (Blue Cross Blue Shield)
Safe containing tapes stolen
57,000 California SB-1386 & other
State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 9, 2005
University of Southern California
Hacked
270,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 7, 2005
Michigan State University
Server Hacked
27,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 6, 2005
Iron mountain/Time Warner, Inc
Physical loss of back-up tapes
600,000 California SB-1386 & other
State derivatives
A.10.8.3 - Physical media in transit
July 6, 2005
Ohio State University Medical Centre
Stolen Laptop
15,000 California SB-1386 & other
State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 30, 2005
Infinity eSearch ( India)
Alleged sale of PII by call center employees
1,000 UK Data Protection Act EU Directive on Data Protection
A.6.2.3 - Addressing security in Third Party
Agreements
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
June 30, 2005
DSW Shoes
Hacked
1,400,000 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 29, 2005
Medica Health Plans (Minnetonka)
System Administrators may have accessed records
1,200,000 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 28, 2005
University of Connecticut
Unpatched vulnerability exploited by
hacker who also attempted to install a backdoor
72,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 23, 2005
Kent State University
Laptop Theft
1,400 California SB-1386 & other
State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 22, 2005
Eastman Kodak Co./Hewitt Associates
Consultant to firm's laptop stolen
5,800 California SB-1386 & other
State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 21, 2005
CVS Corps (Providence R.I.)
Online exposure of credit card transactions
Millions
California SB-1386 & other
State derivatives, PCI/Visa
CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 19, 2005
CardSystems, Atlanta (Mastercard, Visa, American Express)
Hacked
40,000,000 California SB-1386 & other
State derivatives, GLB Act, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 17, 2005
University of Hawaii
Unscrupulous employee
150,000 California SB-1386 & other
State derivatives, FERPA
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 17, 2005
Federal Deposit Insurance Corporation (FDIC)
Undetermined
6,000 California SB-1386 & other
State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
June 17, 2005
Equifax Canada, Inc
National consumer credit reporting agency database hacked through improper use of customer access codes and password
605 California SB-1386 & other State derivatives, GLB Act, PCI/Visa CISP
A.11.2.1 - User registration
A.11.2.2 - Privilege management A.11.2.3 - User password management A.11.2.4 - Review of user access rights A.11.3.1 - Password use
June 13, 2005
Motorola
Theft of computers
Undetermined
California SB-1386 & other
State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 6, 2005
UPS/Citigroup
Computer tapes go missing
3,900,000 GLB Act, California SB-1386
& other State derivatives
A.10.8.3 - Physical media in transit
June 4, 2005
Cleveland State University
Laptop Theft
44,000 California SB-1386 & other
State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 4, 2005
Duke University Medical Center (Durham NC)
Password Breach (Hacked)
14,000 California SB-1386 & other
State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 1, 2005
U.S. Dept of Justice/Omega World Travel
Laptop Theft
Undetermined
California SB-1386 & other
State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 31, 2005
California Dept. of Health Services
Stolen Laptop
21,600 California SB-1386 & other
State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 27, 2005
Stanford University
Possible hacking
9,600 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2005
Purdue University
Hacked
11,679 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2005
Bank of America/Wachovia & Others
Unscrupulous bank employees sell customer account info to agent who in turn sells to collection agencies, law firms etc
670,000 GLB Act, California SB-1386
& other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 23, 2005
MCI
Stolen Laptop
16,500 California SB-1386 & other
State derivatives
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 23, 2005
Jackson Community College
Hacked
8,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 22, 2005
Valdosta State University
Hacked
40,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 18, 2005
University of Iowa
Possibly Hacked
30,000 California SB-1386 & other
State derivatives, FERPA, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 16, 2005
Oklahoma State University
Stolen Laptop
37,000 California SB-1386 & other
State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 14, 2005
Georgia Technology Authority
PII stolen by government employee
Undetermined
California SB-1386 & other
State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 12, 2005
Westborough University
Data lost to insider (a convicted felon)
750 California SB-1386 & other
State derivatives, FERPA
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 12, 2005
Hinsdale Central High School
2 students hack into system
Undetermined
California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 6, 2005
Michigan State University
Server intrusion
40,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 2, 2005
Colorado State University
Stolen Laptop
1,600 California SB-1386 & other
State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 28, 2005
Georgia Southern University
Undetermined
Undetermined (Running into thousands)
California SB-1386 & other
State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
April 26, 2005
Christus St. Joseph Hospital (Houston)
Computer stolen
16,000 California SB-1386 & other
State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 21, 2005
Carnegie Mellon University
Hacked
19,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2005
Ameritrade (Omaha)
Back-up tape missing
200,000 California SB-1386 & other
State derivatives
A.10.8.3 - Physical media in transit
April 15, 2005
Polo Ralph Lauren
Data stolen at Polo Ralph Lauren affects
180,000 GM card holders
180,000 California SB-1386 & other
State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
April 15, 2005
ComCast (Washington)
Unauthorized sharing of PII with debt
collection agency
1 California SB-1386 & other
State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
April 12, 2005
Tufts University, Boston
Hacked
106,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2005
Eastern National (Washington)
Hacked
15,000 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2005
Lexis Nexis (Ohio)
Stolen passwords and IDs of legitimate users of info, used to access database (59
Admitted Incidents in 2 years)
310,000 California SB-1386 & other
State derivatives
A.11.2.1 - User registration
A.11.2.2 - Privilege management A.11.2.3 - User password management A.11.2.4 - Review of user access rights A.11.3.1 - Password use
April 8, 2005
San Jose Medical Group
Stolen Computer
185,000 California SB-1386 & other
State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 28, 2005
University of California, Berkeley
Stolen Laptop
98,369 California SB-1386 & other
State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 18, 2005
University of Nevada, Las Vegas
Hacked
5,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 18, 2005
State of Michigan
Undetermined breach of drivers and voter
records
Millions
California SB-1386 & other
State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
March 17, 2005
Boston College
Hacked
120,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 16, 2005
Chico State University
Hacked
59,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 11, 2005
Kaiser Permanente
Information exposed online
140 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 11, 2005
Choicepoint (Atlanta)
Improper vetting of their customers who had access to PII
145,000 California SB-1386 & other
State derivatives
A.6.2.1 - Identification of risks related to external
parties
A.6.2.2 - Addressing security when dealing with customers
A.6.2.3 - Addressing security in third party agreements
March 11, 2005
Las Vegas Dept. of Motor Vehicles
Stolen computer
8,900 California SB-1386 & other
State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 26, 2005
New York State Agencies
Web sites hacked 72 times in 5 years
Undetermined
California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 26, 2005
Bank of America
Computer tapes go missing
1,000,000 GLB Act, California SB-1386
& other State derivatives
A.10.8.3 - Physical media in transit
February 21, 2005
T-Mobile USA Inc (Bellevue, Washington)
Mainly social engineering & hacking techniques used to obtain personal address book of a celebrity
Undetermined
California SB-1386 & other
State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 18, 2005
University of Chicago Hospital
Unscrupulous employee
85 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 18, 2005
University of California San Diego
2 computers hacked
3,500 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 16, 2005
T-Mobile USA Inc, (Bellevue, Washington)
Hacked
400 California SB-1386 & other
State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 12, 2005
Science Applications International Corp SAIC (San Diego)
Stolen computer containing PII of
Government employees with high security clearance
Undetermined
California SB-1386 & other
State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 10, 2005
George Mason University, Fairfax Va.
Main server hacked
32,000 California SB-1386 & other
State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
    ESTIMATED TOTAL (ROUGH):
54,836,780    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.