GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2006 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION(PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
Dec 29, 2006
Wisconsin Dept of Revenue
SSNs exposed on mail envelope sent to tax payers
170,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Dec 27, 2006
Nissan Motor Company Ltd Japan
Customer database may have been leaked. Details largely undisclosed
5,380,000 UK Data protection act, EU Directive on Data protection, California SB-
1386 & other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information A.9.1.1 - Physical security perimeter A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 27, 2006
Montana State University
Inadvertently posted details of other students financial loans data including their PII to other students
259 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Dec 23, 2006
Deaconess Hospital
Password protected laptop stolen from offices possibly containing PII & PHI
128 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 22, 2006
Utah Valley State College
Inadvertently exposed online as PIIs showing up in search engines
Thousands
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 22, 2006
Bank of America, Charleston
Unidentified former contractor responsible for undisclosed type of breach
Undisclosed
GLB Act, California SB-
1386 & other State derivatives, FACT Act
A.8.3 Termination or change of employment
A.8.3.2 Return of assets
A.8.3.3 Removal of access rights
A.9.2.7 Removal of property
Dec 22, 2006
U.S. State Department
Passport application forms go missing in transit
700 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Dec 21, 2006
Santa Clara County (Employment Agency)
Computer stolen from offices, believed to be encrypted
2,500 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 20, 2006
SFX Baseball Inc.
Dumpster diving was technique used to obtain data from trash cans outside SFX
90 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
Dec 20, 2006
Big Foot High School, Wisconsin
PII ?inadvertently? posted on a publicly accessible Web site
87 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 20, 2006
Lakeland Library Co-operative
PII ?inadvertently? posted on a publicly accessible Web site
15,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 19, 2006
Mississipi State University
PII ?inadvertently? posted on a publicly accessible Web site
2,400 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 16, 2006
City of Wickliffe, Ohio
Hacked
125 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 15, 2006
University of Colorado at Boulder
Server Hacked
17,500 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 15, 2006
Geisinger Health Systems/Electronic Registry
Systems
Computer containing medical records stolen from offices
25,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 14, 2006
St. Vrain Valley School District
Laptop stolen
600 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 14, 2006
Durham Public Schools
Hacked by 2 students during school assignment
Thousands
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 13, 2006
Boeing Co.
Laptop stolen from an employee's car
382,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 12, 2006
University of Texas at Dallas
Hacked
5,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 12, 2006
Aetna Inc./Un-named vendor
Backup tapes containing medical info. stolen from vendor's offices
130,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 12, 2006
UCLA
Database hacked
800,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 11 2006
Independent Living Funds UK
Back-up tapes containing PII stolen from truck during transit
Thousands
UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
Dec 9, 2006
Virginia Commonwealth University
PII inadvertently included in two attachments in an e-mail.
561 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Dec 8, 2006
State of Vermont/Segal Group
Inadvertently posted PIIs on website
Hundreds
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 6, 2006
Premier Bank
Book containing customer's newly opened account data missing
1,800 GLB Act, California SB-
1386 & other State derivatives, FACT Act
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Dec 5, 2006
West Virginia Army National Guard 130th Airlift
Wing, Charleston
Laptop stolen
Every member of unit
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 5, 2006
Nassau Community College
Print-out containing all the institution's PII
stolen from unattended desk
21,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 3, 2006
City of Grand Prairie
Employee PII inadvertently posted on website
Hundreds
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 30, 2006
TransUnion Credit Bureau
Individuals with a single password are able to illegally download hundreds of other people's PII
1,700 GLB Act, California SB-
1386 & other State derivatives, FACT Act
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 30, 2006
Pennsylvania Department of Transportation
Thieves stole equipment from a driver?s license center and got away with computers containing PII. The thieves also got a camera and a printer plus enough card
stock and laminate to make about 750 fake licenses
11,384 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 29, 2006
California state University Charter College of
Education
An employee's USB drive was inside a purse stolen from a car trunk
2,534 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
Nov 28, 2006
Kaiser Permanente Colorado
Laptop stolen from the personal car of a national Kaiser Permanente employee in Oakland, Calif.
38,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Nov 27, 2006
Johnston County, SMITHFIELD, N.C.
County mistakenly posts taxpayer's info online
2 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 27, 2006
The Greenville County School District
Computers sold off contained SSNs and birth dates
101,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
Nov 27, 2006
All Printing & Graphics Inc
Inadvertently mailed a spreadsheet used to make mailing labels, that contained Chicago former school employees PII including home addresses
1,740 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Nov 25, 2006
Unnamed Health Center/Indiana Department of
Health
2 Computers stolen from health center containing PII & PHI
7,700 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 21, 2006
LogicaCMG/UK Police
3 laptops stolen from offices containing National Insurance number of officers including that of the commissioner of police
15,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 20, 2006
Administration of Children's Services
Confidential files dumped in street
200 families
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
Nov 20, 2006
SourceMedia
Ex- employee hacked into the company's network, reading confidential e-mails, and tipping off employees who were in line to be laid off
Unknown
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Nov 17, 2006
Jefferson College of Health Sciences
Financial aid director inadvertently emails
PIIs to all students of the college
143 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Nov 14, 2006
Connors State College, Oklahoma
Laptop stolen by student from college
22,500 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 14, 2006
Chartenay-Malabry Laboratory, France
A hacker stole data from computers at the French anti-doping lab where tests are being challenged by American cyclist Floyd Landis. In a manipulation of information letters are sent to other labs and IOC in an effort to discredit the lab.
Unknown
California SB-1386 & other State derivatives, HIPAA Security, EU Directive on Data Protection
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 11, 2006
Hertz Global Holdings Inc.
Computer containing the names and SSNs of most of Hertz's U.S. workers found at the home of a former employee.
22,800 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Nov 10, 2006
ARCO Westminster
Thieves used a device to record account numbers and pin codes onto memory chips from pay-point islands
Hundreds
California SB-1386 & other State derivatives, PCI/ Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.10.4.1 - Controls against malicious code
Nov 10, 2006
KSL Services Inc/Los Alamos National Laboratory
CD missing
1,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Nov 09, 2006
Calgary Health Region
Laptop stolen from home of staffer
1,000 PIPEDA and Other derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Nov 07, 2006
City of Lubbock
Website hacked
5,800 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 06, 2006
Bowling Green, Ohio, Police Department
Unsanitized police report posted on website. Data included SSNs, race, description of incidents etc
200 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 03, 2006
Starbucks Corporation
Four retired laptops missing from the
Corporate Support Center in Seattle
60,080 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 03, 2006
West Shore Bank/Unnamed Third party Processor
Unknown type of breach of debit cards
1,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 03, 2006
Student Financial Services, Cavalier
Error in software code sends emails containing SSNs to wrong students
632 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 03, 2006
Wesco Gas Stations
Confidentiality of credit cards breached
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 02, 2006
Intermountain Health Care
Old company laptops sold for $20 contained confidential data
6,244 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
Nov 02, 2006
Villanova University Hilb, Rogal & Hobbs Plymouth
Laptop stolen from offices
1,243 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 02, 2006
Greater Media Inc.
Laptop stolen from offices
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 02, 2006
Veteran's Affair Medical Center in Muskogee
Three disks mailed for billing purposes lost.
1,400 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Nov 02, 2006
Manhattan Veterans Affairs Medical Center.
Computer stolen from hospital containing PII
& PHI
Hundreds
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 01, 2006
U.S. Army Cadet Command
Laptop stolen
4,600 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 28, 2006
HSBC, Halifax, Natwest, Royal Bank of Scotland, a
Post Office (UK)
Unshredded customer account data found in garbage bags
Undisclosed
UK Data Protection Act & EU Directive on Data Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Oct 28, 2006
Hancock Askew & Co.LLP/Atlantis Plastics
Laptop stolen on NY trip
Undetermined
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 27, 2006
Gymboree, San Francisco
Thief follows company exec into office building, into an elevator, hangs out in bathroom for an hour before emerging to pick up the laptop from the empty exec's office. Returns a 2nd time and makes off with 2 laptops.
20,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
Oct 26, 2006
TD Ameritrade/E-Trade (Brokers)
Dummy/hijacked accounts used to perpetrate stock market fraud
$22 Million loss
GLB Act, California SB-
1386 & other State derivatives
A.6.2.1 Identification of risks related to external parties A.6.2.2 - Addressing security when dealing with customers
A.6.2.3 - Addressing security in third party agreements
Oct 26, 2006
Tuscarawas County/Lexis Nexis
Voter's SSNs exposed online via Lexis
Nexis database
Undetermined
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 26, 2006
Children's Hospital Akron
Computers containing banking info. and personal data hacked
200,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 26, 2006
Colorado Dept. of Human Services
Password protected desktop stolen from offices
Undetermined
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 26, 2006
Ontario Science Center
Laptop stolen from offices
Undetermined
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 25, 2006
Dept. of Homeland Security
Portable storage device missing
500 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 25, 2006
Swedish Medical Center
Unscrupulous employee obtains credit card using patients data
1,100 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Oct 24, 2006
Chicago Board of Election
Registered votes info. exposed by vulnerabilities in website
780,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 24, 2006
The Sisters of St. Francis Health Services/ARS
CDs missing temporarily as CDs are left in laptop bag being returned
260,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Oct 20, 2006
Allina Hospitals & Clinics
Laptop stolen from nurse's car
14,000 Households
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 20, 2006
T-Mobile USA Inc. Oregon
Laptop stolen from employee's checked luggage
430,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 18, 2006
Germanton Elementary School, NC
Computer containing encrypted & password protected data stolen from cafeteria
Undetermined
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 17, 2006
City of Visalia, Ca.
Copies of city records tossed in street
200 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Oct 13, 2006
Ohio Ethics Commission
Hundreds of documents containing employee SSNs & financial statements found littering a neighborhood
Undetermined
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Oct 12, 2006
University of Texas at Arlington
Two computers stolen from a faculty member's home
2,500 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 12, 2006
Brock University
Hacked credit card and bank account numbers
70,000 California SB-1386 & other State derivatives, FERPA, PCI/ Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 11, 2006
Undisclosed UK ( 600 financial institutions affected)
Malware powered ID scam - pc seized in US containing names and credit card details & transactions of UK punters
8,500   A.10.4.1 - Controls against malicious code
Oct 11, 2006
Adams State College Public Safety office
Laptop stolen from locked closet on premises
184 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 11, 2006
Republican National Committee
Erroneously e-mailed a list that contained the names, races and SSNs of top Republican donors, identified two of the contributors as Muslim to a reporter.
76 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Oct 11, 2006
Workforce Innovation, Florida Labor Dept.
Unwittingly posted the names and SSNs on internet, exposed by search engine
4,600 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 9, 2006
Troy Athens High School
Hard drive on computer having technical work done stolen from premises. Failed to inform those affected in a timely manner, because specific information on drive undetermined
Undetermined
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 6, 2006
Camp Pendleton Marine Corps base
Laptop missing or stolen
2,400 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 6, 2006
Cleveland Air Route Traffic Control Center Oberlin
Hard drive containing info on air traffic controllers stolen from computer on premises. ''Believed'' to be encrypted and may contain other classified military info.
At least 400
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 5, 2006
Capistrano Unified School District HQ
5 Computers stolen from premises
Undetermined
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 5, 2006
Statistics Canada
Cabinet containing data sold off at auction
75 PIPEDA and Other derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Oct 3, 2006
Call & Data centers in India
Credit card data of brits sold by employees
Undetermined
UK Data Protection Act
& EU Directive on Data
Protection
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Oct 3, 2006
Cumberland County
Sensitive information inadvertently exposed for a long period of time on website
1,200 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 2, 2006
Seattle-Tacoma International Airport
Six computer disks stolen/lost from premises
7,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 29, 2006
State of Kentucky
SSNs exposed in mail envelope windows sent to government employees
146,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Sept 29, 2006
University of Iowa
Computer containing PII, PHI data on research subjects hacked
14,500 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 28, 2006
North Carolina DMV, Louisburg
Computer stolen from office
16,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 27, 2006
America Online AOL
Phishing scam used to infect AOL customers with malware to harvest PII, credit card info. over a 2-yr period
Undetermined (running into thousands)
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.10.4.1 - Controls against malicious code
Sept 25, 2006
General Electric
Employee laptop stolen from locked hotel room while traveling on business
50,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 24, 2006
Nagasaki University Hospital of Medicine & Dentistry
6 laptops, 8 USB memory units, 2 hard disks containing PHI stolen
9,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 23, 2006
Erlanger Hospital (Tennessee)
USB storage device lost or stolen from locked office, no PHI
4,150 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 23, 2006
Allstate Canada Inc.
Policy holders files stolen from sales agent working at home who in turn failed to notify managers for 12 days
60-70
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Sept 22, 2006
Purdue University, Ind.
Hacked
2,482 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 22, 2006
University of Colorado, Boulder
2 Computers lost/stolen in transit
1,372 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.9.2.5 - Security of equipment off-premises
Sept 21, 2006
U.S. Dept. of Commerce & Census Bureau
1137 laptops containing some PII lost since
2001, Census bureau is a major collector of information on Americans
558 Households
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 21, 2006
Pima County Health Dept. Arizona
Names, DOBs & some PHI recovered in stolen vehicle
2,500 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Sept 20, 2006
City of Savannah
Possible online exposure
8,800 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 20, 2006
Berry College
PII in paper and digital form ''misplaced'' by financial aid consultant
2,093 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Sept 19, 2006
Life Is Good Boston
Hacked
9,250 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 18, 2006
DePaul Medical Center (Norfolk, Virginia)
Two computers stolen from hospital
100 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 17, 2006
Whistle Junction Restaurant Orlando/Florida
Closing business documents containing PII
found in dumpster
Undetermined
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Sept 17, 2006
Direct Loan
PII exposed online
21,000 GLB Act, California SB-
1386 & other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 16, 2006
Michigan Department of Community Health
Flash drive missing presumed stolen from office containing PII but no PHI
4,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 16, 2006
Morris, Davis & Chan, Oakland/Howard Rice etc
Howard Rice data on laptop stolen from auditor's car
500 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 15, 2006
University of Texas San Antonio
Hacked
64,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 15, 2006
Mercy Medical Center Merced
Unencrypted memory stick found months after employee misplaced it
259 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 14, 2006
Illinois Dept. of Corrections
Document found ''outside agency grounds''
Undetermined
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Sept 14, 2006
Nikon Inc Ala.
Inadvertent online exposure as Link in email exposes credit card nos and other PII on website
3,235 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 13, 2006
American Family Insurance
Laptop stolen from office
2,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 11, 2006
Telesource
Copies of customers PII found in dumpster
Undetermined
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Sept 8, 2006
Cleveland Clinic Florida/Advanced Medical Claims
Employee prints out patients PII and sells to cousin to file fraudulent claims
1,100 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Sept 8, 2006
University of Minnesota
2 Computers stolen from office
13,084 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 8, 2006
Linden Lab/Second Life
Hacked - Unencrypted names addresses, payment info, passwords of Second Life users exposed.Unencrypted credit card info on another server not hacked
Undetermined but sizeable amount
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 8, 2006
BMO Bank Of Montreal
Laptop stolen from office
900 GLB Act, California SB-
1386 & other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 7, 2006
Florida National Guard
Laptop stolen in car burglary
100 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 7, 2006
Chase Card Services
Computer tapes containing data
''mistakenly'' thrown into trash
2,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Sept 6, 2006
Transportation Security Administration/Accenture
Contractor makes ''administrative error'' and sends mails containing PII to wrong addresses
1,195 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Sept 1, 2006
City of Chicago/Nationwide Retirement Solutions
laptop stolen, public disclosure not made for a year due to ''internal communications error''
38,443 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 1, 2006
Wells Fargo
Stolen laptop
Undetermined
GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 1, 2006
Virginia Commonwealth University
Online exposure of PIIs on unsecured server for 8 months
2,100 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 31, 2006
Domino's Pizza
Credit card receipts found in dumpster
Thousands
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Aug 31, 2006
LabCorp
Computer stolen from offices
Undetermined
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Aug 29, 2006
Valley Baptist Medical Centre
'Computer glitch'' exposes healthcare workers info on website
73 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 29, 2006
U.S. Dept of Education
Two laptops containing unencrypted data stolen from contractor
43 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 29, 2006
Compass Health, Everett
Stolen laptop, No PHI
Limited number of people'
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 29, 2006
AT&T San Francisco
Hacked
Fewer than 19000'
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 27,2006
New Mexico Administrative Office of the Courts
Online exposure of PIIs on unsecured server of a password protected FTP site
1,500 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 26, 2006
University of South Carolina
Hacked
6,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 26, 2006
PortTix
Website hacked exposing credit card information
2,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 25, 2006
Verizon Wireless
Inadvertently exposed by email
5,210 California SB-1386 &
other State derivatives
A.10.8.4 - Electronic messaging
Aug 25, 2006
Sovereign Bank Mass.
Three Managers laptops stolen
Possibly Thousands
GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 25, 2006
Dominion Resources
Two laptops stolen
Undetermined
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 25, 2006
The Federal Motor Safety Administration, Baltimore
Stolen laptop
193 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 23, 2006
U.S. Dept. of Education
software glitch' exposes PII, student loan records online
'Limited number of 6.4
Million''
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 22, 2006
Troy Beaumont Hospital
Stolen laptop containing PIIs and PHIs
28,400 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 22, 2006
Beaverton School District (Oregon)
Missing time slips containing PIIs
1,600 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
Aug 22, 2006
Aflac
Stolen laptop
612 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 18, 2006
California Dept. of Mental Health
Computer tape missing
9,468 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
Aug 17, 2006
HCA Inc.
10 computers stolen
Undetermined
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Aug 17, 2006
Williams-Sonoma/Unnamed Audit firm
Auditor's laptop stolen
1,200 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 16, 2006
Chevron/Unnamed accounting firm
Unnamed accounting firm employee laptop stolen
Tens of thousands
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 15, 2006
University of Kentucky (Lexington, KY)
Names and SSNs inadvertently posted on website
710 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 11, 2006
Madrona medical Group
Former employee illegally downloads patient records, PII
6,000 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Aug 9, 2006
U.S. Dept of Transportation Fla.
Laptop stolen from office
133,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Aug 8, 2006
Linen n' Things
Receipts with credit card numbers taken from store
90 California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
Aug 8, 2006
Virginia Bureau of Insurance
Inadvertent online exposure
Undetermined
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 8, 2006
U.S.Dept. of Veteran Affairs/Unisys
Stolen computer, data lost includes billing info. Medical info, insurance carriers
38,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Aug 6. 2006
American Online AOL
Online search queries exposed including some PII
650,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 4, 2006
PSA Healthcare
Stolen laptop containing PIIs, PHI
51,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 4, 2006
Matrix Bancorp Inc.
Laptop stolen onsite containing proprietary and customer info
Undetermined
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Aug 4, 2006
Toyota
Laptop stolen onsite
1,500 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Aug 2, 2006
Vassar Brothers Medical Center
Stolen laptop, No PHI
257,800 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 2, 2006
Belhaven College
Stolen laptop
300 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 2, 2006
West Virginia Division of Rehabilitation Services
Stolen laptop
Undetermined
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Aug 1, 2006
Wichita State University
Hacked - exposing credit card info.
2,000 California SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Aug 1, 2006
Dollar Tree Calif.
Possible POS compromise, cash withdrawn through ATMs from customers accounts
Undetermined
GLB Act, California SB-
1386 & other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Aug 1, 2006
U.S. Bank Cincinnati
Briefcase stolen
Small amount
GLB Act, California SB-
1386 & other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Aug 1, 2006
Cal Poly
Laptop stolen from home of employee, SSNs, names lost
3,020 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 29, 2006
Sentry Insurance (Wis.)
Unscrupulous consultant steals and sells some names and SSNs
112,270 GLB Act, California SB-
1386 & other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 27, 2006
LA County Dept.of Community and Senior Services
Laptops stolen from employee and computer hacked in separate incidents
Hundreds
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 27, 2006
Kaiser Permanente (Northern California)
Laptop stolen from 'secure' office
160,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 26, 2006
United States Navy (Washington)
Laptops stolen from offices
31,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 26, 2006
MD Management/Canadian Medical Assoc.
Laptop stolen from car
8,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 25, 2006
Cablevision Systems
Tape lost b/w 2 external vendors containing
SSNs & (401k) election info.of employees
13,700 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
July 25, 2006
Old Mutual Inc.
Stolen laptop with SSNs & PII
6,500 GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 25, 2006
Armstrong World Industries/Deloitte & Touche' (Lancaster, PA)
Laptop containing PII stolen from audit firms employee's car
12,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 25, 2006
Georgetown University Hospital/InstantDX
Patients PII exposed to consultant
Thousands
California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 24, 2006
New York City Dept. of Homeless Services
Email containing patients PII inadvertently sent
8,400 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.4 - Electronic messaging
July 21, 2006
CS Stars/ Special Conservation Committee (NY)
Lost track of computer containing PII
500,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 18, 2006
Nelnet/United Parcel Service (UPS) Lincoln
Lost back-up tape
188,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
July 18, 2006
United States Dept. of Agriculture
Stolen laptop containing PIIs
350 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 16, 2006
Mississipi Secretary of State
Exposed online (Posted on website)
Thousands
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 14, 2006
NorthWestern University(Evanston, ILL)
Hacked
17,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 14, 2006
Hampton Circuit Court (Virginia)
PIIs exposed on publicly available computer
Hundreds
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 14, 2006
University of Iowa
Stolen laptop
280 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 13, 2006
Moraine Park Technical College (Milwaukee)
CD containing students PII misplaced
1,500 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
July 7, 2006
Montana Public Health and Human Services
Helena, Mont.
Computer stolen from offices
Undetermined
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 7, 2006
United States Navy (Washington)
SSNs and other PII exposed online
Over 100000
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 7, 2006
National Associatiion of Securities Dealers (NASD) Fla.
Ten Laptops stolen from offices
Undetermined
(Possibly thousands)
GLB Act, California SB-
1386 & other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 6, 2006
University of Tennessee
Hacked
36,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 6, 2006
Automatic Data Processing Inc.
Inadvertent disclosure of investors names,mailing addresses,no.of shares in certain companies to data thief using social engineering techniques
Thousands
GLB Act, California SB-
1386 & other State derivatives
A.10.2.1 - Service delivery
A.10.2.2 - Monitoring and review of 3rd party services
July 5, 2006
Bisys Group Inc (San Diego)
Back-up tapes stolen containing PII and hedge fund info with truck during transit
61,000 GLB Act, California SB-
1386 & other State derivatives
A.10.8.3 - Physical media in transit
July 1, 2006
American Red Cross (Dallas)
Laptop with encrypted SSNs and health info stolen from undisclosed local office
Undetermined
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 30, 2006
United States Department of Veterans Affairs
Indianapolis VA office is missing backup tape with vets' records
16,000 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.8.3 - Physical media in transit
June 29, 2006
National Institute of Health Federal Credit Union
Details not released
41,000 GLB Act, California SB-
1386 & other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
June 29, 2006
Nebraska Treasurer's Office
Child support computer system containing names, SSNs and other PII hacked
300,000 individuals,
9,000 businesses
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 29, 2006
AllState (Huntsville)
Stolen computer containing SSNs, correspondence and other PII
2,700 GLB Act, California SB-
1386 & other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 28, 2006
AAAAA Rent-A- Space (Colma)
Names, SSNs, Credit card nos, addresses exposed online
13,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 28, 2006
Minnesota Dept. of Revenue
Tape containing public and private tax records lost in transit
2,400 individuals,
48,000 businesses
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
June 27, 2006
Government Accountability Office GAO
Inadvertently posted online
Less than 1,000
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 27, 2006
HSBC Data Processing Unit (Bangalore)
Off-shore employee accesses confidential account info and passes it on to criminal associates stealing 233,000 from UK accounts
20 UK Data Protection Act EU Directive on Data Protection
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 26,2006
King County Elections (Washington)
Names & SSNs exposed online
Thousands
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 26,2006
Australian High Tech Crime Centre
Investigator loses memory stick containing Bank account details, while investigating phishing scams
3,500 Unknown
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 24, 2006
Catawba County Schools, North Carolina
Students' Social security numbers found through Google search
619 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 23, 2006
San Francisco State University
Stolen laptop contains names and Social Security numbers of current and former students
3,000 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 23, 2006
United States Navy
Social Security numbers and other personal data found on public web site
28,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 22, 2006
United States Department of Agriculture
Hacker may have obtained names and Social Security numbers of workers and contractors
26,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 22, 2006
Federal Trade Commission
Personal and financial information on stolen laptops
110 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 22, 2006
Ohio University
Hacking
173,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2006
University of Alabama at Birmingham
Names, Social Security numbers and medical information on stolen computer
9,800 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 18, 2006
Equifax Inc.
Stolen company laptop with names and
Social Security numbers
2,500 GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 17, 2006
Western Illinois University
Hacked
240,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 17, 2006
ING U.S. Financial Services
Laptop Stolen From D.C. Home of Employee had Social Security Numbers of City Workers, Retirees
13,000 GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 17, 2006
Automatic Data Processing Inc.
Social Security numbers and income information exposed
80 GLB Act, California SB-
1386 & other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
June 13, 2006
Oregon Dept of Revenue
Unauthorized use, Trojan downloaded
2,200 California SB-1386 &
other State derivatives
A.7.1.3 - Acceptable use of assets
A.10.4.1 - Controls against malicious code
June 13, 2006
Office of State Auditor (Minnesota)
3 laptops apparently stolen from state auditor's office
493 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 13, 2006
Hanford Nuclear Reservation (Energy Dept)
Undetermined - Sensitive Information found in a home
4,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
June 13, 2006
KDDI (Japan)
Names, addresses, phone numbers, and other information belonging to customers leaked
3,996,789 Unknown
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
June 8, 2006
University of Michigan Credit Union
Stolen Unshredded Documents
5,000 California SB-1386 & other State derivatives, GLBA, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
June 7, 2006
Energy Dept Nuclear Weapons Agency
Albuquerque N.M.
Data on nuclear agency workers hacked
1,500 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 6, 2006
University of Texas El Paso
Hacking
4,719 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 5, 2006
IRS
Fingerprint records lost in transit
291 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 2, 2006
Humana (Louisville)
Lack of security awareness - Confidential information downloaded on public computer by authorized user
17,000 California SB-1386 & other State derivatives, HIPAA Security
A.8. 2. 2 - Information security awareness training and education
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 2, 2006
Stop & Shop, Giant& Tops (Boston)
Lost Laptop
Undetermined
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 1, 2006
Denver Election Commission (Colorado)
Microfilmed voter records missing or lost in a cabinet while moving offices
150,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
June 1, 2006
Hotels.com/Ernst & Young
Stolen Laptop
243,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 1, 2006
Buckeye community health plan
Stolen Laptop
72,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 1, 2006
YMCA Greater Providence
Laptop stolen
65,000 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 1, 2006
Miami University (Ohio)
Lost PDA
851 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 31, 2006
University of Kentucky (Lexington, KY)
Inadvertently exposed online
1,300 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 31, 2006
Florida International University
Hacked
Undetermined (Running into thousands)
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 28, 2006
U.S. Dept. of Defense
Hacked
14,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 28, 2006
State of Ohio
Unsanitized records exposed
7,700,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
May 26, 2006
Hummingbird Limited (Toronto, Canada)
Stolen Hardware
1,300,000 GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 26, 2006
AIG (Washington)
Stolen Server
930,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 24, 2006
Sacred Heart University (Fairfield)
Hacked
Undetermined
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment sitting and protection
May 23, 2006
University of Delaware (Newark, DE)
Server Intrusion
1,076 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 22, 2006
U.S. Dept of Veterans Affairs
Stolen Laptop and disks from employees home
26,500,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 18, 2006
Unknown retailer (Affecting banks across the country)
Hacked
9,300 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 18, 2006
American Red Cross (Washington)
Criminal Insider
Undetermined
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 16, 2006
AICPA (American Institute of CPAs ) New Jersey
Damaged hard drive lost in transit
330,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.8.3 - Physical media in transit
May 12, 2006
Mercantile Potomac Bank (North Virginia)
Stolen laptop
44,000 GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 11, 2006
Nations Holding Company
Dumpster diving and Hacking
Undetermined
GLB Act, FTC
Settlement, California SB
1386 & other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.7.2.2 - Information labeling and handling
May 11, 2006
Columbus bank & Trust/Unknown retailer
Hacked
2,000 GLB Act, California SB-
1386 & other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 11, 2006
Ohio University Hudson Health Centre
Hacked
60,000 California SB-1386 & other State derivatives, HIPAA Security, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 5, 2006
Wells Fargo (San Francisco)
Lost computer in transit, presumed stolen
Undetermined
GLB Act, California SB-
1386 & other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 4, 2006
Idaho Power Company (Boise, ID)
Hard drives not degaussed or destroyed sold on ebay
Undetermined
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.9.2.6 - Secure disposal or re-use of equipment
May 2, 2006
State of Georgia
Government computers not degaussed/destroyed sold
Undetermined
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.9.2.6 - Secure disposal or re-use of equipment
May 2, 2006
Ohio State University
Hacked
300,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 29, 2006
Union Pacific (California)
Stolen/ Missing Laptop, Unauthorized use
30,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 27, 2006
Iron Mountain Inc/Long Island Railroad
Data tapes lost/stolen
17,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 27, 2006
Mastercard/Clydesdale Bank UK/Morgan Stanley
Hacked
2,000 GLB Act, California SB-
1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 26, 2006
Aetna Inc.
Stolen Laptop
38,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 26, 2006
Purdue University School of Electrical and
Computer Engineering
Unauthorized Access
1,351 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 23, 2006
University of Texas McComb's School of Business
Undetermined
197,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 21, 2006
University of Alaska Fairbanks
Hacked
38,941 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2006
University of Southern California
Hacked (SQL Injection Attack)
270,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 16, 2006
Fraser Health Authority
Missing computer and disk
Undetermined (Running into thousands)
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 14, 2006
University of Southern Carolina
Inadvertently exposed via email
1,400 California SB-1386 & other State derivatives, FERPA
A.10.8.4 - Electronic messaging
April 12, 2006
Ross-Simons (Rhode Island)
Unauthorized Access
32,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2006
Broward County Record Division Florida
Exposed online (Posted on website)
Undetermined (Running into millions)
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 9, 2006
University of Medicine & Dentistry of New Jersey
Hacked
2,000 California SB-1386 & other State derivatives, HIPAA Security, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 7, 2006
DiscountDomainRegistry.com
Unpatched vulnerability/Hacked
Undetermined (Running into thousands)
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 31, 2006
L.A. County Dept. of Social Services
Unshredded documents exposed (Dumpster diving)
94,000 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
March 30, 2006
Connecticut Technical High School
Exposed via E-mail
1,250 California SB-1386 &
other State derivatives
A.10.8.4 - Electronic messaging
March 30, 2006
Georgia Technology Authority
Unpatched vulnerability exploited by hacker
570,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 26, 2006
Florida Dept. of Management services/Convergys
Corp
Improper outsourcing procedures
108,000 California SB-1386 &
other State derivatives
A.10.2.1 - Service delivery
A.10.2.2 - Monitoring and review of 3rd party services
March 24, 2006
U.S. Marine Corps
Portable drive lost
207,750 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
March 24, 2006
Vermont State College
Stolen Laptop
Undetermined (Running into thousands)
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 24, 2006
California State Employment Division
Software glitch sends tax forms to wrong addresses
64,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.12.2.1 - Input data validation
March 22, 2006
Fidelity Investments/Hewlett-Packard
Laptop Theft
196,000 GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 16, 2006
Banana.com
Undetermined unauthorized access
274 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 15, 2006
Ernst & Young/IBM
Laptop stolen
Undetermined (Running into thousands)
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 14, 2006
General Motors
Ex-employee uses stolen data to access systems after termination
100 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 14, 2006
Buffalo Bisons/Choice One Online
Hacked
Undetermined
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 5, 2006
Georgetown University
Server Hacked
41,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 3, 2006
Metropolitan State College (Denver)
Laptop Theft
93,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 2, 2006
Olympic Funding Chicago
3 unencrypted hard drives stolen, Office alarm system not activated.
Undetermined
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 1, 2006
Verizon Communications
2 laptops stolen
Undisclosed but significant
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 1, 2006
Medco Health solutions Inc (Ohio)
Unencrypted laptop stolen
4,600 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 1, 2006
Bank of Bermuda/Unamed Retailer
Hacked
800 GLB Act, California SB-
1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 27, 2006
Deloitte & Touche/McAfee
Unencrypted Cd left on airline seat
9,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
February 25, 2006
Ernst & Young UK
Stolen laptop
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 22, 2006
New Hampshire dept. of Motor Vehicles
Malware found on server
Undetermined
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.10.4.1 - Controls against malicious code
February 18, 2006
University of Northern Iowa
Unauthorized Access
6,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 17, 2006
Pelican Bay State Prison
Unauthorized access to personnel data by inmates
  California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
February 17, 2006
Mount St. Mary's Hospital (Lewiston)
2 laptops stolen
Undetermined but significant
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 16, 2006
U.S. Dept of Agriculture
Tax records inadvertently released to other parties
350,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
February 16, 2006
Blue Cross & Blue Shield (Fla)
Information emailed to home computer
27,000 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
February 15, 2006
Old Dominion University (Norfolk)
Information inadvertently placed on web server 2 years before public notification
601 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 15, 2006
Suffolk County Clerk's Office, New York
Information Inadvertently placed on website
7,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 9, 2006
Bank of America/Undisclosed Company
Undisclosed debit card security breach
200,000 GLB Act, California SB-
1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 7, 2006
Blue Cross & Blue Shield (North Carolina)
Human error - SSNs printed on mailed letters
629 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
February 6, 2006
Regions Bank/Card processor (Nationwide)
Undisclosed credit card security breach
100,000 GLB Act, California SB-
1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 4, 2006
FedEx
Processing error ,Tax info mailed to wrong employees
9,600 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
February 1, 2006
University of Colorado at Colorado Springs
Hacked and infected with virus
2,500 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 1, 2006
Boston Globe and Worcester Telegram & Gazette
Inadvertently sent out credit card info during newspaper distribution
240,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
January 30, 2006
Price Waterhouse & Coopers (Atlanta)
Laptop stolen
4,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 27, 2006
State of Rhode Island
Hacked
4,118 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 27, 2006
College of St. Scholastica
Stolen but recovered computer may have suffered unauthorized access
12,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 25, 2006
Ameriprise Financial, Inc (Minneapolis)
Stolen Laptop
226,000 GLB Act, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 25, 2006
University of Delaware
Hacked and back-up hard drive stolen
159 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 24, 2006
Providence Home Services (Oregon)
Back-up disk and tapes stolen
365,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
January 24, 2006
University of Washington Medical Centre
Stolen Laptop
1,600 California SB-1386 & other State derivatives, HIPAA Security, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 23, 2006
University of Notre Dame
Hacked
Undetermined
California SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 21, 2006
Honeywell International
Unknown Hacker posts PII on website
19,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 21, 2006
Californian National Guard
Stolen briefcase containing PII
Hundreds
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 20, 2006
University of Kansas
Possible hacking
Undisclosed
GLB Act, California SB-
1386 & other State derivatives, PCI/Visa CISP, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2006
Peoples Bank (Connecticut)/UPS
Lost computer tape
90,000 GLB Act, California SB-
1386 & other State derivatives
A.10.8.3 - Physical media in transit
January 8, 2006
Kerzner International/Atlantis (Bahamas)
Possible hacking as info goes missing from database
55,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 2, 2006
H & R Block
Mailing error includes SSNs
Undisclosed
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
January 1, 2006
University of Pittsburgh Medical Centre
6 Computers stolen
700 California SB-1386 & other State derivatives, HIPAA Security, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment sitting and protection
    ESTIMATED TOTAL (ROUGH):
59,891,890    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.