PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
December 27, 2005
|
Marriott
International Inc (Time Share Division)
|
Missing
back-up tapes containing credit card info.
|
206,000 |
California
SB-1386 & other
State derivatives, PCI/Visa
CISP
|
A.10.8.3 -
Physical media in transit
|
December 22, 2005
|
Ford Motor
Company
|
Stolen
computer
|
70,000 |
California
SB-1386 & other
State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
December 21, 2005
|
DHL/Lasalle
Bank/ABN Amro Mortgage Group
Inc.
|
Tape lost
but recovered
|
2,000,000 |
GLB Act,
California SB-1386
& other State derivatives
|
A.10.8.3 -
Physical media in transit
|
December 19, 2005
|
Guidance
Software, Pasadena Calif.
|
Security
firm hacked
|
3,800 |
California
SB-1386 & other
State derivatives, PCI/Visa
CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
December 12, 2005
|
Sam's Club
(A Div. of Wal-Mart)
|
Undetermined
|
Undetermined
|
California
SB-1386 & other
State derivatives, PCI/Visa
CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
December 12, 2005
|
Iowa state
University
|
2 computers
containing encrypted info. breached
|
2,500 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
December 12, 2005
|
Aid to the
Church in need (UK Charity)
|
Hacked -
Criminals steal credit card details
|
2,800 |
California
SB-1386 & other
State derivatives, PCI/Visa
CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
December 6, 2005
|
Washington
State Employment Security Dept.
|
Stolen
Laptop
|
530 |
California
SB-1386 & other
State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
December 3, 2005
|
University
of San Diego
|
Network
security breach
|
7,800 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
December 3, 2005
|
First Trust
Bank
|
Stolen
Laptop
|
Undetermined
(Thousands)
|
GLB Act,
California SB-1386
& other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
December 2, 2005
|
Cornell
University
|
Hacked
|
900 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
November 26, 2005
|
Scottrade/Troy
Group
|
Hacked
|
140,000 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
November 20, 2005
|
Vermont
Technical College
|
Exposed on
web
|
Undetermined
|
GLB Act,
California SB-1386
& other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
November 20, 2005
|
Wilcox
Memorial Hospital
|
Lost disk
drive
|
130,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.10.8.3 -
Physical media in transit
|
November 20, 2005
|
Monmouth
University
|
Exposed on
web
|
677 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
November 18, 2005
|
Boeing
company (Seattle)
|
Laptop
Theft
|
161,000 |
California
SB-1386 & other
State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
November 15, 2005
|
Montclair
State University
|
Exposed
online
|
9,100 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
November 11, 2005
|
Georgia
Tech Office of Enrollment Services
|
Stolen
computers
|
13,000 |
California
SB-1386 & other
State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
November 9, 2005
|
TransUnion
LLC (California)
|
Stolen
computers from company that maintains credit history on individuals
|
3,623 |
California
SB-1386 & other
State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
November 7, 2005
|
Papa John's
(Louisville, KY)
|
Personal
data exposed through web-based customer feedback
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
November 7, 2005
|
Bank of
America
|
Laptop
Theft
|
Unknown
|
GLB Act,
California SB-1386
& other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
November 5, 2005
|
Safeway
(Hawaii)
|
Stolen
Laptop
|
1,400 |
California
SB-1386 & other
State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
November 4, 2005
|
Keck School
of Medicine (USC)
|
Stolen
server
|
50,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
November 1, 2005
|
University
of Tennessee Medical Centre
|
Stolen
Laptop
|
3,800 |
GLB Act,
California SB-1386
& other State derivatives, FERPA, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
October 29, 2005
|
University
of Tennessee
|
PII
Inadvertently posted on internet
|
1,900 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
October 21, 2005
|
State of
California
|
PII
exposed
|
Tens of
Thousands
|
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
September 29, 2005
|
University
of Georgia
|
Hacked
|
1,600 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
September 28, 2005
|
RBC Dain
Rauscher Inc. (Minneapolis)
|
Ex-employee
with enabled logical access
|
300,000 |
California
SB-1386 & other
State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
September 28, 2005
|
City
University of New York
|
Unprotected
Google search links access privileged information
|
771 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
September 19, 2005
|
Children's
Health Council
|
Stolen
Back-up tape
|
6,700 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.10.8.3 -
Physical media in transit
|
September 17, 2005
|
North Fork
Bank
|
Stolen
Laptop
|
9,000 |
GLB Act,
California SB-1386
& other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
September 16, 2005
|
Choicepoint
(Atlanta)
|
Unauthorized
access to PII
|
5,236 |
California
SB-1386 & other
State derivatives
|
A.6.2.1 -
Identification of risks related to external
parties
A.6.2.2 - Addressing security when dealing with customers
A.6.2.3 - Addressing security in third party agreements
|
September 16, 2005
|
Miami
University (Ohio)
|
Online
exposure
|
21,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
September 13, 2005
|
Fort
Carson
|
4 Hard
Drives Stolen
|
15,000 |
California
SB-1386 & other
State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
September 10, 2005
|
Kent State
University
|
Stolen
Computers
|
100,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 30, 2005
|
JP Morgan
Chase (Dallas)
|
Stolen
Laptop
|
Undetermined
|
GLB Act,
California SB-1386
& other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
August 30, 2005
|
California
State University
|
Hacked
|
154 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 27, 2005
|
ChartOne
|
Laptop
Theft
|
3,851 |
California
SB-1386 & other
State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
August 19, 2005
|
United
States Airforce
|
Hacked
using legitimate ID and password
|
33,000 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 19, 2005
|
University
of Colorado
|
Unauthorized
access (Hacked)
|
49,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 12, 2005
|
Verizon
Wireless (New York)
|
Programming
error exposes customer account info
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 9, 2005
|
Sonoma
State university
|
Hacked
|
61,709 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 9, 2005
|
University
of North Texas
|
Hacked
|
39,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 4, 2005
|
Cal Poly
Pomona
|
Hacked
|
31,000 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 3, 2005
|
University
of Colorado
|
Hacked 3
times in 2 weeks
|
36,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 29, 2005
|
San Diego
County Employees Retirement
Association
|
Hacked
|
32,000 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 25, 2005
|
KC &
Associates ( St. John's Regional Medical centre
|
Stolen
computers
|
27,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 20, 2005
|
Iowa State
University
|
Hacked
|
2,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 15, 2005
|
SpreadFirefox
.com
|
Hacked
(Unpatched vulnerability exploited)
|
100,000 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 13, 2005
|
Arizona
Biodyne (Blue Cross Blue Shield)
|
Safe
containing tapes stolen
|
57,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 9, 2005
|
University
of Southern California
|
Hacked
|
270,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 7, 2005
|
Michigan
State University
|
Server
Hacked
|
27,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 6, 2005
|
Iron
mountain/Time Warner, Inc
|
Physical
loss of back-up tapes
|
600,000 |
California
SB-1386 & other
State derivatives
|
A.10.8.3 -
Physical media in transit
|
July 6, 2005
|
Ohio State
University Medical Centre
|
Stolen
Laptop
|
15,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
June 30, 2005
|
Infinity
eSearch ( India)
|
Alleged
sale of PII by call center employees
|
1,000 |
UK Data
Protection Act EU Directive on Data Protection
|
A.6.2.3 -
Addressing security in Third Party
Agreements
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
|
June 30, 2005
|
DSW
Shoes
|
Hacked
|
1,400,000 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 29, 2005
|
Medica
Health Plans (Minnetonka)
|
System
Administrators may have accessed records
|
1,200,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
June 28, 2005
|
University
of Connecticut
|
Unpatched
vulnerability exploited by
hacker who also attempted to install a backdoor
|
72,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 23, 2005
|
Kent State
University
|
Laptop
Theft
|
1,400 |
California
SB-1386 & other
State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
June 22, 2005
|
Eastman
Kodak Co./Hewitt Associates
|
Consultant
to firm's laptop stolen
|
5,800 |
California
SB-1386 & other
State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
June 21, 2005
|
CVS Corps
(Providence R.I.)
|
Online
exposure of credit card transactions
|
Millions
|
California
SB-1386 & other
State derivatives, PCI/Visa
CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 19, 2005
|
CardSystems,
Atlanta (Mastercard, Visa, American Express)
|
Hacked
|
40,000,000 |
California
SB-1386 & other
State derivatives, GLB Act, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 17, 2005
|
University
of Hawaii
|
Unscrupulous
employee
|
150,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
June 17, 2005
|
Federal
Deposit Insurance Corporation (FDIC)
|
Undetermined
|
6,000 |
California
SB-1386 & other
State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
June 17, 2005
|
Equifax
Canada, Inc
|
National
consumer credit reporting agency database hacked through improper use of
customer access codes and password
|
605 |
California
SB-1386 & other State derivatives, GLB Act, PCI/Visa CISP
|
A.11.2.1 -
User registration
A.11.2.2 - Privilege management A.11.2.3 - User password management
A.11.2.4 - Review of user access rights A.11.3.1 - Password use
|
June 13, 2005
|
Motorola
|
Theft of
computers
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 6, 2005
|
UPS/Citigroup
|
Computer
tapes go missing
|
3,900,000 |
GLB Act,
California SB-1386
& other State derivatives
|
A.10.8.3 -
Physical media in transit
|
June 4, 2005
|
Cleveland
State University
|
Laptop
Theft
|
44,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
June 4, 2005
|
Duke
University Medical Center (Durham NC)
|
Password
Breach (Hacked)
|
14,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 1, 2005
|
U.S. Dept
of Justice/Omega World Travel
|
Laptop
Theft
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
May 31, 2005
|
California
Dept. of Health Services
|
Stolen
Laptop
|
21,600 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
May 27, 2005
|
Stanford
University
|
Possible
hacking
|
9,600 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 25, 2005
|
Purdue
University
|
Hacked
|
11,679 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 23, 2005
|
Bank of
America/Wachovia & Others
|
Unscrupulous
bank employees sell customer account info to agent who in turn sells to
collection agencies, law firms etc
|
670,000 |
GLB Act,
California SB-1386
& other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
May 23, 2005
|
MCI
|
Stolen
Laptop
|
16,500 |
California
SB-1386 & other
State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
May 23, 2005
|
Jackson
Community College
|
Hacked
|
8,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 22, 2005
|
Valdosta
State University
|
Hacked
|
40,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 18, 2005
|
University
of Iowa
|
Possibly
Hacked
|
30,000 |
California
SB-1386 & other
State derivatives, FERPA, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 16, 2005
|
Oklahoma
State University
|
Stolen
Laptop
|
37,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
May 14, 2005
|
Georgia
Technology Authority
|
PII stolen
by government employee
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
May 12, 2005
|
Westborough
University
|
Data lost
to insider (a convicted felon)
|
750 |
California
SB-1386 & other
State derivatives, FERPA
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
May 12, 2005
|
Hinsdale
Central High School
|
2 students
hack into system
|
Undetermined
|
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 6, 2005
|
Michigan
State University
|
Server
intrusion
|
40,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 2, 2005
|
Colorado
State University
|
Stolen
Laptop
|
1,600 |
California
SB-1386 & other
State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
April 28, 2005
|
Georgia
Southern University
|
Undetermined
|
Undetermined
(Running into thousands)
|
California
SB-1386 & other
State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
April 26, 2005
|
Christus
St. Joseph Hospital (Houston)
|
Computer
stolen
|
16,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
April 21, 2005
|
Carnegie
Mellon University
|
Hacked
|
19,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 20, 2005
|
Ameritrade
(Omaha)
|
Back-up
tape missing
|
200,000 |
California
SB-1386 & other
State derivatives
|
A.10.8.3 -
Physical media in transit
|
April 15, 2005
|
Polo Ralph
Lauren
|
Data stolen
at Polo Ralph Lauren affects
180,000 GM card holders
|
180,000 |
California
SB-1386 & other
State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
April 15, 2005
|
ComCast
(Washington)
|
Unauthorized
sharing of PII with debt
collection agency
|
1 |
California
SB-1386 & other
State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
April 12, 2005
|
Tufts
University, Boston
|
Hacked
|
106,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 12, 2005
|
Eastern
National (Washington)
|
Hacked
|
15,000 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 12, 2005
|
Lexis Nexis
(Ohio)
|
Stolen
passwords and IDs of legitimate users of info, used to access database
(59
Admitted Incidents in 2 years)
|
310,000 |
California
SB-1386 & other
State derivatives
|
A.11.2.1 -
User registration
A.11.2.2 - Privilege management A.11.2.3 - User password management
A.11.2.4 - Review of user access rights A.11.3.1 - Password use
|
April 8, 2005
|
San Jose
Medical Group
|
Stolen
Computer
|
185,000 |
California
SB-1386 & other
State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 28, 2005
|
University
of California, Berkeley
|
Stolen
Laptop
|
98,369 |
California
SB-1386 & other
State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
March 18, 2005
|
University
of Nevada, Las Vegas
|
Hacked
|
5,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 18, 2005
|
State of
Michigan
|
Undetermined
breach of drivers and voter
records
|
Millions
|
California
SB-1386 & other
State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
March 17, 2005
|
Boston
College
|
Hacked
|
120,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 16, 2005
|
Chico State
University
|
Hacked
|
59,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 11, 2005
|
Kaiser
Permanente
|
Information
exposed online
|
140 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 11, 2005
|
Choicepoint
(Atlanta)
|
Improper
vetting of their customers who had access to PII
|
145,000 |
California
SB-1386 & other
State derivatives
|
A.6.2.1 -
Identification of risks related to external
parties
A.6.2.2 - Addressing security when dealing with customers
A.6.2.3 - Addressing security in third party agreements
|
March 11, 2005
|
Las Vegas
Dept. of Motor Vehicles
|
Stolen
computer
|
8,900 |
California
SB-1386 & other
State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
February 26, 2005
|
New York
State Agencies
|
Web sites
hacked 72 times in 5 years
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 26, 2005
|
Bank of
America
|
Computer
tapes go missing
|
1,000,000 |
GLB Act,
California SB-1386
& other State derivatives
|
A.10.8.3 -
Physical media in transit
|
February 21, 2005
|
T-Mobile
USA Inc (Bellevue, Washington)
|
Mainly
social engineering & hacking techniques used to obtain personal address
book of a celebrity
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 18, 2005
|
University
of Chicago Hospital
|
Unscrupulous
employee
|
85 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 18, 2005
|
University
of California San Diego
|
2 computers
hacked
|
3,500 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 16, 2005
|
T-Mobile
USA Inc, (Bellevue, Washington)
|
Hacked
|
400 |
California
SB-1386 & other
State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 12, 2005
|
Science
Applications International Corp SAIC (San Diego)
|
Stolen
computer containing PII of
Government employees with high security clearance
|
Undetermined
|
California
SB-1386 & other
State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
January 10, 2005
|
George
Mason University, Fairfax Va.
|
Main server
hacked
|
32,000 |
California
SB-1386 & other
State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
| |
|
ESTIMATED
TOTAL (ROUGH):
|
54,836,780 |
|
|
|
|
|
|
|
|
