PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION(PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
Dec 29, 2006
|
Wisconsin
Dept of Revenue
|
SSNs
exposed on mail envelope sent to tax payers
|
170,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Dec 27, 2006
|
Nissan
Motor Company Ltd Japan
|
Customer
database may have been leaked. Details largely undisclosed
|
5,380,000 |
UK Data
protection act, EU Directive on Data protection, California SB-
1386 & other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information A.9.1.1 - Physical security
perimeter A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 27, 2006
|
Montana
State University
|
Inadvertently
posted details of other students financial loans data including their PII to
other students
|
259 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Dec 23, 2006
|
Deaconess
Hospital
|
Password
protected laptop stolen from offices possibly containing PII & PHI
|
128 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 22, 2006
|
Utah Valley
State College
|
Inadvertently
exposed online as PIIs showing up in search engines
|
Thousands
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 22, 2006
|
Bank of
America, Charleston
|
Unidentified
former contractor responsible for undisclosed type of breach
|
Undisclosed
|
GLB Act,
California SB-
1386 & other State derivatives, FACT Act
|
A.8.3
Termination or change of employment
A.8.3.2 Return of assets
A.8.3.3 Removal of access rights
A.9.2.7 Removal of property
|
Dec 22, 2006
|
U.S. State
Department
|
Passport
application forms go missing in transit
|
700 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Dec 21, 2006
|
Santa Clara
County (Employment Agency)
|
Computer
stolen from offices, believed to be encrypted
|
2,500 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 20, 2006
|
SFX
Baseball Inc.
|
Dumpster
diving was technique used to obtain data from trash cans outside SFX
|
90 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
|
Dec 20, 2006
|
Big Foot
High School, Wisconsin
|
PII
?inadvertently? posted on a publicly accessible Web site
|
87 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 20, 2006
|
Lakeland
Library Co-operative
|
PII
?inadvertently? posted on a publicly accessible Web site
|
15,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 19, 2006
|
Mississipi
State University
|
PII
?inadvertently? posted on a publicly accessible Web site
|
2,400 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 16, 2006
|
City of
Wickliffe, Ohio
|
Hacked
|
125 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 15, 2006
|
University
of Colorado at Boulder
|
Server
Hacked
|
17,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 15, 2006
|
Geisinger
Health Systems/Electronic Registry
Systems
|
Computer
containing medical records stolen from offices
|
25,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 14, 2006
|
St. Vrain
Valley School District
|
Laptop
stolen
|
600 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 14, 2006
|
Durham
Public Schools
|
Hacked by 2
students during school assignment
|
Thousands
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 13, 2006
|
Boeing
Co.
|
Laptop
stolen from an employee's car
|
382,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 12, 2006
|
University
of Texas at Dallas
|
Hacked
|
5,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 12, 2006
|
Aetna
Inc./Un-named vendor
|
Backup
tapes containing medical info. stolen from vendor's offices
|
130,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 12, 2006
|
UCLA
|
Database
hacked
|
800,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 11 2006
|
Independent
Living Funds UK
|
Back-up
tapes containing PII stolen from truck during transit
|
Thousands
|
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3 -
Physical media in transit
|
Dec 9, 2006
|
Virginia
Commonwealth University
|
PII
inadvertently included in two attachments in an e-mail.
|
561 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Dec 8, 2006
|
State of
Vermont/Segal Group
|
Inadvertently
posted PIIs on website
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 6, 2006
|
Premier
Bank
|
Book
containing customer's newly opened account data missing
|
1,800 |
GLB Act,
California SB-
1386 & other State derivatives, FACT Act
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Dec 5, 2006
|
West
Virginia Army National Guard 130th Airlift
Wing, Charleston
|
Laptop
stolen
|
Every member
of unit
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 5, 2006
|
Nassau
Community College
|
Print-out
containing all the institution's PII
stolen from unattended desk
|
21,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 3, 2006
|
City of
Grand Prairie
|
Employee
PII inadvertently posted on website
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 30, 2006
|
TransUnion
Credit Bureau
|
Individuals
with a single password are able to illegally download hundreds of other
people's PII
|
1,700 |
GLB Act,
California SB-
1386 & other State derivatives, FACT Act
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 30, 2006
|
Pennsylvania
Department of Transportation
|
Thieves
stole equipment from a driver?s license center and got away with computers
containing PII. The thieves also got a camera and a printer plus enough
card
stock and laminate to make about 750 fake licenses
|
11,384 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 29, 2006
|
California
state University Charter College of
Education
|
An
employee's USB drive was inside a purse stolen from a car trunk
|
2,534 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3 -
Physical media in transit
|
Nov 28, 2006
|
Kaiser
Permanente Colorado
|
Laptop
stolen from the personal car of a national Kaiser Permanente employee in
Oakland, Calif.
|
38,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Nov 27, 2006
|
Johnston
County, SMITHFIELD, N.C.
|
County
mistakenly posts taxpayer's info online
|
2 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 27, 2006
|
The
Greenville County School District
|
Computers
sold off contained SSNs and birth dates
|
101,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
|
Nov 27, 2006
|
All
Printing & Graphics Inc
|
Inadvertently
mailed a spreadsheet used to make mailing labels, that contained Chicago
former school employees PII including home addresses
|
1,740 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Nov 25, 2006
|
Unnamed
Health Center/Indiana Department of
Health
|
2 Computers
stolen from health center containing PII & PHI
|
7,700 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 21, 2006
|
LogicaCMG/UK
Police
|
3 laptops
stolen from offices containing National Insurance number of officers
including that of the commissioner of police
|
15,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 20, 2006
|
Administration
of Children's Services
|
Confidential
files dumped in street
|
200
families
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
|
Nov 20, 2006
|
SourceMedia
|
Ex-
employee hacked into the company's network, reading confidential e-mails, and
tipping off employees who were in line to be laid off
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Nov 17, 2006
|
Jefferson
College of Health Sciences
|
Financial
aid director inadvertently emails
PIIs to all students of the college
|
143 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Nov 14, 2006
|
Connors
State College, Oklahoma
|
Laptop
stolen by student from college
|
22,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 14, 2006
|
Chartenay-Malabry
Laboratory, France
|
A hacker
stole data from computers at the French anti-doping lab where tests are being
challenged by American cyclist Floyd Landis. In a manipulation of information
letters are sent to other labs and IOC in an effort to discredit the
lab.
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security, EU Directive on Data
Protection
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 11, 2006
|
Hertz
Global Holdings Inc.
|
Computer
containing the names and SSNs of most of Hertz's U.S. workers found at the
home of a former employee.
|
22,800 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Nov 10, 2006
|
ARCO
Westminster
|
Thieves
used a device to record account numbers and pin codes onto memory chips from
pay-point islands
|
Hundreds
|
California
SB-1386 & other State derivatives, PCI/ Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.10.4.1 - Controls against malicious code
|
Nov 10, 2006
|
KSL
Services Inc/Los Alamos National Laboratory
|
CD
missing
|
1,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Nov 09, 2006
|
Calgary
Health Region
|
Laptop
stolen from home of staffer
|
1,000 |
PIPEDA and
Other derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Nov 07, 2006
|
City of
Lubbock
|
Website
hacked
|
5,800 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 06, 2006
|
Bowling
Green, Ohio, Police Department
|
Unsanitized
police report posted on website. Data included SSNs, race, description of
incidents etc
|
200 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 03, 2006
|
Starbucks
Corporation
|
Four
retired laptops missing from the
Corporate Support Center in Seattle
|
60,080 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 03, 2006
|
West Shore
Bank/Unnamed Third party Processor
|
Unknown
type of breach of debit cards
|
1,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 03, 2006
|
Student
Financial Services, Cavalier
|
Error in
software code sends emails containing SSNs to wrong students
|
632 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 03, 2006
|
Wesco Gas
Stations
|
Confidentiality
of credit cards breached
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 02, 2006
|
Intermountain
Health Care
|
Old company
laptops sold for $20 contained confidential data
|
6,244 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
|
Nov 02, 2006
|
Villanova
University Hilb, Rogal & Hobbs Plymouth
|
Laptop
stolen from offices
|
1,243 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 02, 2006
|
Greater
Media Inc.
|
Laptop
stolen from offices
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 02, 2006
|
Veteran's
Affair Medical Center in Muskogee
|
Three disks
mailed for billing purposes lost.
|
1,400 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Nov 02, 2006
|
Manhattan
Veterans Affairs Medical Center.
|
Computer
stolen from hospital containing PII
& PHI
|
Hundreds
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 01, 2006
|
U.S. Army
Cadet Command
|
Laptop
stolen
|
4,600 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 28, 2006
|
HSBC,
Halifax, Natwest, Royal Bank of Scotland, a
Post Office (UK)
|
Unshredded
customer account data found in garbage bags
|
Undisclosed
|
UK Data
Protection Act & EU Directive on Data Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Oct 28, 2006
|
Hancock
Askew & Co.LLP/Atlantis Plastics
|
Laptop
stolen on NY trip
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 27, 2006
|
Gymboree,
San Francisco
|
Thief
follows company exec into office building, into an elevator, hangs out in
bathroom for an hour before emerging to pick up the laptop from the empty
exec's office. Returns a 2nd time and makes off with 2 laptops.
|
20,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
|
Oct 26, 2006
|
TD
Ameritrade/E-Trade (Brokers)
|
Dummy/hijacked
accounts used to perpetrate stock market fraud
|
$22 Million
loss
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.6.2.1
Identification of risks related to external parties A.6.2.2 - Addressing
security when dealing with customers
A.6.2.3 - Addressing security in third party agreements
|
Oct 26, 2006
|
Tuscarawas
County/Lexis Nexis
|
Voter's
SSNs exposed online via Lexis
Nexis database
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 26, 2006
|
Children's
Hospital Akron
|
Computers
containing banking info. and personal data hacked
|
200,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 26, 2006
|
Colorado
Dept. of Human Services
|
Password
protected desktop stolen from offices
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 26, 2006
|
Ontario
Science Center
|
Laptop
stolen from offices
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 25, 2006
|
Dept. of
Homeland Security
|
Portable
storage device missing
|
500 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 25, 2006
|
Swedish
Medical Center
|
Unscrupulous
employee obtains credit card using patients data
|
1,100 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Oct 24, 2006
|
Chicago
Board of Election
|
Registered
votes info. exposed by vulnerabilities in website
|
780,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 24, 2006
|
The Sisters
of St. Francis Health Services/ARS
|
CDs missing
temporarily as CDs are left in laptop bag being returned
|
260,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Oct 20, 2006
|
Allina
Hospitals & Clinics
|
Laptop
stolen from nurse's car
|
14,000
Households
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 20, 2006
|
T-Mobile
USA Inc. Oregon
|
Laptop
stolen from employee's checked luggage
|
430,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 18, 2006
|
Germanton
Elementary School, NC
|
Computer
containing encrypted & password protected data stolen from
cafeteria
|
Undetermined
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 17, 2006
|
City of
Visalia, Ca.
|
Copies of
city records tossed in street
|
200 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Oct 13, 2006
|
Ohio Ethics
Commission
|
Hundreds of
documents containing employee SSNs & financial statements found littering
a neighborhood
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Oct 12, 2006
|
University
of Texas at Arlington
|
Two
computers stolen from a faculty member's home
|
2,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 12, 2006
|
Brock
University
|
Hacked
credit card and bank account numbers
|
70,000 |
California
SB-1386 & other State derivatives, FERPA, PCI/ Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 11, 2006
|
Undisclosed
UK ( 600 financial institutions affected)
|
Malware
powered ID scam - pc seized in US containing names and credit card details
& transactions of UK punters
|
8,500 |
|
A.10.4.1 -
Controls against malicious code
|
Oct 11, 2006
|
Adams State
College Public Safety office
|
Laptop
stolen from locked closet on premises
|
184 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 11, 2006
|
Republican
National Committee
|
Erroneously
e-mailed a list that contained the names, races and SSNs of top Republican
donors, identified two of the contributors as Muslim to a reporter.
|
76 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Oct 11, 2006
|
Workforce
Innovation, Florida Labor Dept.
|
Unwittingly
posted the names and SSNs on internet, exposed by search engine
|
4,600 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 9, 2006
|
Troy Athens
High School
|
Hard drive
on computer having technical work done stolen from premises. Failed to inform
those affected in a timely manner, because specific information on drive
undetermined
|
Undetermined
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 6, 2006
|
Camp
Pendleton Marine Corps base
|
Laptop
missing or stolen
|
2,400 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 6, 2006
|
Cleveland
Air Route Traffic Control Center Oberlin
|
Hard drive
containing info on air traffic controllers stolen from computer on premises.
''Believed'' to be encrypted and may contain other classified military
info.
|
At least
400
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 5, 2006
|
Capistrano
Unified School District HQ
|
5 Computers
stolen from premises
|
Undetermined
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 5, 2006
|
Statistics
Canada
|
Cabinet
containing data sold off at auction
|
75 |
PIPEDA and
Other derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Oct 3, 2006
|
Call &
Data centers in India
|
Credit card
data of brits sold by employees
|
Undetermined
|
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Oct 3, 2006
|
Cumberland
County
|
Sensitive
information inadvertently exposed for a long period of time on website
|
1,200 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 2, 2006
|
Seattle-Tacoma
International Airport
|
Six
computer disks stolen/lost from premises
|
7,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 29, 2006
|
State of
Kentucky
|
SSNs
exposed in mail envelope windows sent to government employees
|
146,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Sept 29, 2006
|
University
of Iowa
|
Computer
containing PII, PHI data on research subjects hacked
|
14,500 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 28, 2006
|
North
Carolina DMV, Louisburg
|
Computer
stolen from office
|
16,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 27, 2006
|
America
Online AOL
|
Phishing
scam used to infect AOL customers with malware to harvest PII, credit card
info. over a 2-yr period
|
Undetermined
(running into thousands)
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.10.4.1 - Controls against malicious code
|
Sept 25, 2006
|
General
Electric
|
Employee
laptop stolen from locked hotel room while traveling on business
|
50,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 24, 2006
|
Nagasaki
University Hospital of Medicine & Dentistry
|
6 laptops,
8 USB memory units, 2 hard disks containing PHI stolen
|
9,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 23, 2006
|
Erlanger
Hospital (Tennessee)
|
USB storage
device lost or stolen from locked office, no PHI
|
4,150 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 23, 2006
|
Allstate
Canada Inc.
|
Policy
holders files stolen from sales agent working at home who in turn failed to
notify managers for 12 days
|
60-70
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Sept 22, 2006
|
Purdue
University, Ind.
|
Hacked
|
2,482 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 22, 2006
|
University
of Colorado, Boulder
|
2 Computers
lost/stolen in transit
|
1,372 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.9.2.5 - Security of equipment off-premises
|
Sept 21, 2006
|
U.S. Dept.
of Commerce & Census Bureau
|
1137
laptops containing some PII lost since
2001, Census bureau is a major collector of information on Americans
|
558
Households
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 21, 2006
|
Pima County
Health Dept. Arizona
|
Names, DOBs
& some PHI recovered in stolen vehicle
|
2,500 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Sept 20, 2006
|
City of
Savannah
|
Possible
online exposure
|
8,800 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 20, 2006
|
Berry
College
|
PII in
paper and digital form ''misplaced'' by financial aid consultant
|
2,093 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Sept 19, 2006
|
Life Is
Good Boston
|
Hacked
|
9,250 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 18, 2006
|
DePaul
Medical Center (Norfolk, Virginia)
|
Two
computers stolen from hospital
|
100 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 17, 2006
|
Whistle
Junction Restaurant Orlando/Florida
|
Closing
business documents containing PII
found in dumpster
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Sept 17, 2006
|
Direct
Loan
|
PII exposed
online
|
21,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 16, 2006
|
Michigan
Department of Community Health
|
Flash drive
missing presumed stolen from office containing PII but no PHI
|
4,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 16, 2006
|
Morris,
Davis & Chan, Oakland/Howard Rice etc
|
Howard Rice
data on laptop stolen from auditor's car
|
500 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 15, 2006
|
University
of Texas San Antonio
|
Hacked
|
64,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 15, 2006
|
Mercy
Medical Center Merced
|
Unencrypted
memory stick found months after employee misplaced it
|
259 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 14, 2006
|
Illinois
Dept. of Corrections
|
Document
found ''outside agency grounds''
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Sept 14, 2006
|
Nikon Inc
Ala.
|
Inadvertent
online exposure as Link in email exposes credit card nos and other PII on
website
|
3,235 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 13, 2006
|
American
Family Insurance
|
Laptop
stolen from office
|
2,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 11, 2006
|
Telesource
|
Copies of
customers PII found in dumpster
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Sept 8, 2006
|
Cleveland
Clinic Florida/Advanced Medical Claims
|
Employee
prints out patients PII and sells to cousin to file fraudulent claims
|
1,100 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Sept 8, 2006
|
University
of Minnesota
|
2 Computers
stolen from office
|
13,084 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 8, 2006
|
Linden
Lab/Second Life
|
Hacked -
Unencrypted names addresses, payment info, passwords of Second Life users
exposed.Unencrypted credit card info on another server not hacked
|
Undetermined
but sizeable amount
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 8, 2006
|
BMO Bank Of
Montreal
|
Laptop
stolen from office
|
900 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 7, 2006
|
Florida
National Guard
|
Laptop
stolen in car burglary
|
100 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 7, 2006
|
Chase Card
Services
|
Computer
tapes containing data
''mistakenly'' thrown into trash
|
2,000,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Sept 6, 2006
|
Transportation
Security Administration/Accenture
|
Contractor
makes ''administrative error'' and sends mails containing PII to wrong
addresses
|
1,195 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Sept 1, 2006
|
City of
Chicago/Nationwide Retirement Solutions
|
laptop
stolen, public disclosure not made for a year due to ''internal
communications error''
|
38,443 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 1, 2006
|
Wells
Fargo
|
Stolen
laptop
|
Undetermined
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 1, 2006
|
Virginia
Commonwealth University
|
Online
exposure of PIIs on unsecured server for 8 months
|
2,100 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 31, 2006
|
Domino's
Pizza
|
Credit card
receipts found in dumpster
|
Thousands
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Aug 31, 2006
|
LabCorp
|
Computer
stolen from offices
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Aug 29, 2006
|
Valley
Baptist Medical Centre
|
'Computer
glitch'' exposes healthcare workers info on website
|
73 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 29, 2006
|
U.S. Dept
of Education
|
Two laptops
containing unencrypted data stolen from contractor
|
43 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 29, 2006
|
Compass
Health, Everett
|
Stolen
laptop, No PHI
|
Limited
number of people'
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 29, 2006
|
AT&T
San Francisco
|
Hacked
|
Fewer than
19000'
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 27,2006
|
New Mexico
Administrative Office of the Courts
|
Online
exposure of PIIs on unsecured server of a password protected FTP site
|
1,500 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 26, 2006
|
University
of South Carolina
|
Hacked
|
6,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 26, 2006
|
PortTix
|
Website
hacked exposing credit card information
|
2,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 25, 2006
|
Verizon
Wireless
|
Inadvertently
exposed by email
|
5,210 |
California
SB-1386 &
other State derivatives
|
A.10.8.4 -
Electronic messaging
|
Aug 25, 2006
|
Sovereign
Bank Mass.
|
Three
Managers laptops stolen
|
Possibly
Thousands
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 25, 2006
|
Dominion
Resources
|
Two laptops
stolen
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 25, 2006
|
The Federal
Motor Safety Administration, Baltimore
|
Stolen
laptop
|
193 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 23, 2006
|
U.S. Dept.
of Education
|
software
glitch' exposes PII, student loan records online
|
'Limited
number of 6.4
Million''
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 22, 2006
|
Troy
Beaumont Hospital
|
Stolen
laptop containing PIIs and PHIs
|
28,400 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 22, 2006
|
Beaverton
School District (Oregon)
|
Missing
time slips containing PIIs
|
1,600 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
Aug 22, 2006
|
Aflac
|
Stolen
laptop
|
612 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 18, 2006
|
California
Dept. of Mental Health
|
Computer
tape missing
|
9,468 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3 -
Physical media in transit
|
Aug 17, 2006
|
HCA
Inc.
|
10
computers stolen
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Aug 17, 2006
|
Williams-Sonoma/Unnamed
Audit firm
|
Auditor's
laptop stolen
|
1,200 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 16, 2006
|
Chevron/Unnamed
accounting firm
|
Unnamed
accounting firm employee laptop stolen
|
Tens of
thousands
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 15, 2006
|
University
of Kentucky (Lexington, KY)
|
Names and
SSNs inadvertently posted on website
|
710 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 11, 2006
|
Madrona
medical Group
|
Former
employee illegally downloads patient records, PII
|
6,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Aug 9, 2006
|
U.S. Dept
of Transportation Fla.
|
Laptop
stolen from office
|
133,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Aug 8, 2006
|
Linen n'
Things
|
Receipts
with credit card numbers taken from store
|
90 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
Aug 8, 2006
|
Virginia
Bureau of Insurance
|
Inadvertent
online exposure
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 8, 2006
|
U.S.Dept.
of Veteran Affairs/Unisys
|
Stolen
computer, data lost includes billing info. Medical info, insurance
carriers
|
38,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Aug 6. 2006
|
American
Online AOL
|
Online
search queries exposed including some PII
|
650,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 4, 2006
|
PSA
Healthcare
|
Stolen
laptop containing PIIs, PHI
|
51,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 4, 2006
|
Matrix
Bancorp Inc.
|
Laptop
stolen onsite containing proprietary and customer info
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Aug 4, 2006
|
Toyota
|
Laptop
stolen onsite
|
1,500 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Aug 2, 2006
|
Vassar
Brothers Medical Center
|
Stolen
laptop, No PHI
|
257,800 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 2, 2006
|
Belhaven
College
|
Stolen
laptop
|
300 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 2, 2006
|
West
Virginia Division of Rehabilitation Services
|
Stolen
laptop
|
Undetermined
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Aug 1, 2006
|
Wichita
State University
|
Hacked -
exposing credit card info.
|
2,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Aug 1, 2006
|
Dollar Tree
Calif.
|
Possible
POS compromise, cash withdrawn through ATMs from customers accounts
|
Undetermined
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Aug 1, 2006
|
U.S. Bank
Cincinnati
|
Briefcase
stolen
|
Small
amount
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Aug 1, 2006
|
Cal
Poly
|
Laptop
stolen from home of employee, SSNs, names lost
|
3,020 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 29, 2006
|
Sentry
Insurance (Wis.)
|
Unscrupulous
consultant steals and sells some names and SSNs
|
112,270 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
July 27, 2006
|
LA County
Dept.of Community and Senior Services
|
Laptops
stolen from employee and computer hacked in separate incidents
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 27, 2006
|
Kaiser
Permanente (Northern California)
|
Laptop
stolen from 'secure' office
|
160,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 26, 2006
|
United
States Navy (Washington)
|
Laptops
stolen from offices
|
31,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 26, 2006
|
MD
Management/Canadian Medical Assoc.
|
Laptop
stolen from car
|
8,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 25, 2006
|
Cablevision
Systems
|
Tape lost
b/w 2 external vendors containing
SSNs & (401k) election info.of employees
|
13,700 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
July 25, 2006
|
Old Mutual
Inc.
|
Stolen
laptop with SSNs & PII
|
6,500 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 25, 2006
|
Armstrong
World Industries/Deloitte & Touche' (Lancaster, PA)
|
Laptop
containing PII stolen from audit firms employee's car
|
12,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 25, 2006
|
Georgetown
University Hospital/InstantDX
|
Patients
PII exposed to consultant
|
Thousands
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 24, 2006
|
New York
City Dept. of Homeless Services
|
Email
containing patients PII inadvertently sent
|
8,400 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.4 -
Electronic messaging
|
July 21, 2006
|
CS Stars/
Special Conservation Committee (NY)
|
Lost track
of computer containing PII
|
500,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 18, 2006
|
Nelnet/United
Parcel Service (UPS) Lincoln
|
Lost
back-up tape
|
188,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
July 18, 2006
|
United
States Dept. of Agriculture
|
Stolen
laptop containing PIIs
|
350 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 16, 2006
|
Mississipi
Secretary of State
|
Exposed
online (Posted on website)
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 14, 2006
|
NorthWestern
University(Evanston, ILL)
|
Hacked
|
17,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 14, 2006
|
Hampton
Circuit Court (Virginia)
|
PIIs
exposed on publicly available computer
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 14, 2006
|
University
of Iowa
|
Stolen
laptop
|
280 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 13, 2006
|
Moraine
Park Technical College (Milwaukee)
|
CD
containing students PII misplaced
|
1,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3 -
Physical media in transit
|
July 7, 2006
|
Montana
Public Health and Human Services
Helena, Mont.
|
Computer
stolen from offices
|
Undetermined
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 7, 2006
|
United
States Navy (Washington)
|
SSNs and
other PII exposed online
|
Over
100000
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 7, 2006
|
National
Associatiion of Securities Dealers (NASD) Fla.
|
Ten Laptops
stolen from offices
|
Undetermined
(Possibly thousands)
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 6, 2006
|
University
of Tennessee
|
Hacked
|
36,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 6, 2006
|
Automatic
Data Processing Inc.
|
Inadvertent
disclosure of investors names,mailing addresses,no.of shares in certain
companies to data thief using social engineering techniques
|
Thousands
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.10.2.1 -
Service delivery
A.10.2.2 - Monitoring and review of 3rd party services
|
July 5, 2006
|
Bisys Group
Inc (San Diego)
|
Back-up
tapes stolen containing PII and hedge fund info with truck during
transit
|
61,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.10.8.3 -
Physical media in transit
|
July 1, 2006
|
American
Red Cross (Dallas)
|
Laptop with
encrypted SSNs and health info stolen from undisclosed local office
|
Undetermined
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 30, 2006
|
United
States Department of Veterans Affairs
|
Indianapolis
VA office is missing backup tape with vets' records
|
16,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.8.3 - Physical media in transit
|
June 29, 2006
|
National
Institute of Health Federal Credit Union
|
Details not
released
|
41,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
June 29, 2006
|
Nebraska
Treasurer's Office
|
Child
support computer system containing names, SSNs and other PII hacked
|
300,000
individuals,
9,000 businesses
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 29, 2006
|
AllState
(Huntsville)
|
Stolen
computer containing SSNs, correspondence and other PII
|
2,700 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 28, 2006
|
AAAAA
Rent-A- Space (Colma)
|
Names,
SSNs, Credit card nos, addresses exposed online
|
13,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 28, 2006
|
Minnesota
Dept. of Revenue
|
Tape
containing public and private tax records lost in transit
|
2,400
individuals,
48,000 businesses
|
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
June 27, 2006
|
Government
Accountability Office GAO
|
Inadvertently
posted online
|
Less than
1,000
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 27, 2006
|
HSBC Data
Processing Unit (Bangalore)
|
Off-shore
employee accesses confidential account info and passes it on to criminal
associates stealing £233,000 from UK accounts
|
20 |
UK Data
Protection Act EU Directive on Data Protection
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
June 26,2006
|
King County
Elections (Washington)
|
Names &
SSNs exposed online
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 26,2006
|
Australian
High Tech Crime Centre
|
Investigator
loses memory stick containing Bank account details, while investigating
phishing scams
|
3,500 |
Unknown
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 24, 2006
|
Catawba
County Schools, North Carolina
|
Students'
Social security numbers found through Google search
|
619 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 23, 2006
|
San
Francisco State University
|
Stolen
laptop contains names and Social Security numbers of current and former
students
|
3,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 23, 2006
|
United
States Navy
|
Social
Security numbers and other personal data found on public web site
|
28,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 22, 2006
|
United
States Department of Agriculture
|
Hacker may
have obtained names and Social Security numbers of workers and
contractors
|
26,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 22, 2006
|
Federal
Trade Commission
|
Personal
and financial information on stolen laptops
|
110 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 22, 2006
|
Ohio
University
|
Hacking
|
173,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 20, 2006
|
University
of Alabama at Birmingham
|
Names,
Social Security numbers and medical information on stolen computer
|
9,800 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 18, 2006
|
Equifax
Inc.
|
Stolen
company laptop with names and
Social Security numbers
|
2,500 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 17, 2006
|
Western
Illinois University
|
Hacked
|
240,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 17, 2006
|
ING U.S.
Financial Services
|
Laptop
Stolen From D.C. Home of Employee had Social Security Numbers of City
Workers, Retirees
|
13,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 17, 2006
|
Automatic
Data Processing Inc.
|
Social
Security numbers and income information exposed
|
80 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
June 13, 2006
|
Oregon Dept
of Revenue
|
Unauthorized
use, Trojan downloaded
|
2,200 |
California
SB-1386 &
other State derivatives
|
A.7.1.3 -
Acceptable use of assets
A.10.4.1 - Controls against malicious code
|
June 13, 2006
|
Office of
State Auditor (Minnesota)
|
3 laptops
apparently stolen from state auditor's office
|
493 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection A.9.2.5 - Security of equipment
off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 -
Teleworking
|
June 13, 2006
|
Hanford
Nuclear Reservation (Energy Dept)
|
Undetermined
- Sensitive Information found in a home
|
4,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
June 13, 2006
|
KDDI
(Japan)
|
Names,
addresses, phone numbers, and other information belonging to customers
leaked
|
3,996,789 |
Unknown
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
June 8, 2006
|
University
of Michigan Credit Union
|
Stolen
Unshredded Documents
|
5,000 |
California
SB-1386 & other State derivatives, GLBA, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
June 7, 2006
|
Energy Dept
Nuclear Weapons Agency
Albuquerque N.M.
|
Data on
nuclear agency workers hacked
|
1,500 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 6, 2006
|
University
of Texas El Paso
|
Hacking
|
4,719 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 5, 2006
|
IRS
|
Fingerprint
records lost in transit
|
291 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 2, 2006
|
Humana
(Louisville)
|
Lack of
security awareness - Confidential information downloaded on public computer
by authorized user
|
17,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8. 2. 2 -
Information security awareness training and education
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
June 2, 2006
|
Stop &
Shop, Giant& Tops (Boston)
|
Lost
Laptop
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 1, 2006
|
Denver
Election Commission (Colorado)
|
Microfilmed
voter records missing or lost in a cabinet while moving offices
|
150,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
June 1, 2006
|
Hotels.com/Ernst
& Young
|
Stolen
Laptop
|
243,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 1, 2006
|
Buckeye
community health plan
|
Stolen
Laptop
|
72,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 1, 2006
|
YMCA
Greater Providence
|
Laptop
stolen
|
65,000 |
California
SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 1, 2006
|
Miami
University (Ohio)
|
Lost
PDA
|
851 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
May 31, 2006
|
University
of Kentucky (Lexington, KY)
|
Inadvertently
exposed online
|
1,300 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 31, 2006
|
Florida
International University
|
Hacked
|
Undetermined
(Running into thousands)
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 28, 2006
|
U.S. Dept.
of Defense
|
Hacked
|
14,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 28, 2006
|
State of
Ohio
|
Unsanitized
records exposed
|
7,700,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
May 26, 2006
|
Hummingbird
Limited (Toronto, Canada)
|
Stolen
Hardware
|
1,300,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
May 26, 2006
|
AIG
(Washington)
|
Stolen
Server
|
930,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 24, 2006
|
Sacred
Heart University (Fairfield)
|
Hacked
|
Undetermined
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment sitting and protection
|
May 23, 2006
|
University
of Delaware (Newark, DE)
|
Server
Intrusion
|
1,076 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 22, 2006
|
U.S. Dept
of Veterans Affairs
|
Stolen
Laptop and disks from employees home
|
26,500,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
May 18, 2006
|
Unknown
retailer (Affecting banks across the country)
|
Hacked
|
9,300 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 18, 2006
|
American
Red Cross (Washington)
|
Criminal
Insider
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
May 16, 2006
|
AICPA
(American Institute of CPAs ) New Jersey
|
Damaged
hard drive lost in transit
|
330,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.8.3 -
Physical media in transit
|
May 12, 2006
|
Mercantile
Potomac Bank (North Virginia)
|
Stolen
laptop
|
44,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
May 11, 2006
|
Nations
Holding Company
|
Dumpster
diving and Hacking
|
Undetermined
|
GLB Act,
FTC
Settlement, California SB
1386 & other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.7.2.2 - Information labeling and handling
|
May 11, 2006
|
Columbus
bank & Trust/Unknown retailer
|
Hacked
|
2,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 11, 2006
|
Ohio
University Hudson Health Centre
|
Hacked
|
60,000 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 5, 2006
|
Wells Fargo
(San Francisco)
|
Lost
computer in transit, presumed stolen
|
Undetermined
|
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 4, 2006
|
Idaho Power
Company (Boise, ID)
|
Hard drives
not degaussed or destroyed sold on ebay
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.9.2.6 - Secure disposal or re-use of equipment
|
May 2, 2006
|
State of
Georgia
|
Government
computers not degaussed/destroyed sold
|
Undetermined
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.9.2.6 - Secure disposal or re-use of equipment
|
May 2, 2006
|
Ohio State
University
|
Hacked
|
300,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 29, 2006
|
Union
Pacific (California)
|
Stolen/
Missing Laptop, Unauthorized use
|
30,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
April 27, 2006
|
Iron
Mountain Inc/Long Island Railroad
|
Data tapes
lost/stolen
|
17,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
April 27, 2006
|
Mastercard/Clydesdale
Bank UK/Morgan Stanley
|
Hacked
|
2,000 |
GLB Act,
California SB-
1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 26, 2006
|
Aetna
Inc.
|
Stolen
Laptop
|
38,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
April 26, 2006
|
Purdue
University School of Electrical and
Computer Engineering
|
Unauthorized
Access
|
1,351 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 23, 2006
|
University
of Texas McComb's School of Business
|
Undetermined
|
197,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 21, 2006
|
University
of Alaska Fairbanks
|
Hacked
|
38,941 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 20, 2006
|
University
of Southern California
|
Hacked (SQL
Injection Attack)
|
270,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 16, 2006
|
Fraser
Health Authority
|
Missing
computer and disk
|
Undetermined
(Running into thousands)
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
April 14, 2006
|
University
of Southern Carolina
|
Inadvertently
exposed via email
|
1,400 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.4 -
Electronic messaging
|
April 12, 2006
|
Ross-Simons
(Rhode Island)
|
Unauthorized
Access
|
32,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 11, 2006
|
Broward
County Record Division Florida
|
Exposed
online (Posted on website)
|
Undetermined
(Running into millions)
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 9, 2006
|
University
of Medicine & Dentistry of New Jersey
|
Hacked
|
2,000 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 7, 2006
|
DiscountDomainRegistry.com
|
Unpatched
vulnerability/Hacked
|
Undetermined
(Running into thousands)
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 31, 2006
|
L.A. County
Dept. of Social Services
|
Unshredded
documents exposed (Dumpster diving)
|
94,000 |
California
SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
March 30, 2006
|
Connecticut
Technical High School
|
Exposed via
E-mail
|
1,250 |
California
SB-1386 &
other State derivatives
|
A.10.8.4 -
Electronic messaging
|
March 30, 2006
|
Georgia
Technology Authority
|
Unpatched
vulnerability exploited by hacker
|
570,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 26, 2006
|
Florida
Dept. of Management services/Convergys
Corp
|
Improper
outsourcing procedures
|
108,000 |
California
SB-1386 &
other State derivatives
|
A.10.2.1 -
Service delivery
A.10.2.2 - Monitoring and review of 3rd party services
|
March 24, 2006
|
U.S. Marine
Corps
|
Portable
drive lost
|
207,750 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
March 24, 2006
|
Vermont
State College
|
Stolen
Laptop
|
Undetermined
(Running into thousands)
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 24, 2006
|
California
State Employment Division
|
Software
glitch sends tax forms to wrong addresses
|
64,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.12.2.1 - Input data validation
|
March 22, 2006
|
Fidelity
Investments/Hewlett-Packard
|
Laptop
Theft
|
196,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 16, 2006
|
Banana.com
|
Undetermined
unauthorized access
|
274 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 15, 2006
|
Ernst &
Young/IBM
|
Laptop
stolen
|
Undetermined
(Running into thousands)
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 14, 2006
|
General
Motors
|
Ex-employee
uses stolen data to access systems after termination
|
100 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
March 14, 2006
|
Buffalo
Bisons/Choice One Online
|
Hacked
|
Undetermined
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 5, 2006
|
Georgetown
University
|
Server
Hacked
|
41,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 3, 2006
|
Metropolitan
State College (Denver)
|
Laptop
Theft
|
93,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 2, 2006
|
Olympic
Funding Chicago
|
3
unencrypted hard drives stolen, Office alarm system not activated.
|
Undetermined
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 1, 2006
|
Verizon
Communications
|
2 laptops
stolen
|
Undisclosed
but significant
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 1, 2006
|
Medco
Health solutions Inc (Ohio)
|
Unencrypted
laptop stolen
|
4,600 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 1, 2006
|
Bank of
Bermuda/Unamed Retailer
|
Hacked
|
800 |
GLB Act,
California SB-
1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 27, 2006
|
Deloitte
& Touche/McAfee
|
Unencrypted
Cd left on airline seat
|
9,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
February 25, 2006
|
Ernst &
Young UK
|
Stolen
laptop
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
February 22, 2006
|
New
Hampshire dept. of Motor Vehicles
|
Malware
found on server
|
Undetermined
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.10.4.1 - Controls against malicious code
|
February 18, 2006
|
University
of Northern Iowa
|
Unauthorized
Access
|
6,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 17, 2006
|
Pelican Bay
State Prison
|
Unauthorized
access to personnel data by inmates
|
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
February 17, 2006
|
Mount St.
Mary's Hospital (Lewiston)
|
2 laptops
stolen
|
Undetermined
but significant
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
February 16, 2006
|
U.S. Dept
of Agriculture
|
Tax records
inadvertently released to other parties
|
350,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
February 16, 2006
|
Blue Cross
& Blue Shield (Fla)
|
Information
emailed to home computer
|
27,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
February 15, 2006
|
Old
Dominion University (Norfolk)
|
Information
inadvertently placed on web server 2 years before public notification
|
601 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 15, 2006
|
Suffolk
County Clerk's Office, New York
|
Information
Inadvertently placed on website
|
7,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 9, 2006
|
Bank of
America/Undisclosed Company
|
Undisclosed
debit card security breach
|
200,000 |
GLB Act,
California SB-
1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 7, 2006
|
Blue Cross
& Blue Shield (North Carolina)
|
Human error
- SSNs printed on mailed letters
|
629 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
February 6, 2006
|
Regions
Bank/Card processor (Nationwide)
|
Undisclosed
credit card security breach
|
100,000 |
GLB Act,
California SB-
1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 4, 2006
|
FedEx
|
Processing
error ,Tax info mailed to wrong employees
|
9,600 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
February 1, 2006
|
University
of Colorado at Colorado Springs
|
Hacked and
infected with virus
|
2,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
February 1, 2006
|
Boston
Globe and Worcester Telegram & Gazette
|
Inadvertently
sent out credit card info during newspaper distribution
|
240,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
|
January 30, 2006
|
Price
Waterhouse & Coopers (Atlanta)
|
Laptop
stolen
|
4,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
January 27, 2006
|
State of
Rhode Island
|
Hacked
|
4,118 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
January 27, 2006
|
College of
St. Scholastica
|
Stolen but
recovered computer may have suffered unauthorized access
|
12,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
January 25, 2006
|
Ameriprise
Financial, Inc (Minneapolis)
|
Stolen
Laptop
|
226,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
January 25, 2006
|
University
of Delaware
|
Hacked and
back-up hard drive stolen
|
159 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
January 24, 2006
|
Providence
Home Services (Oregon)
|
Back-up
disk and tapes stolen
|
365,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3 -
Physical media in transit
|
January 24, 2006
|
University
of Washington Medical Centre
|
Stolen
Laptop
|
1,600 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
January 23, 2006
|
University
of Notre Dame
|
Hacked
|
Undetermined
|
California
SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
January 21, 2006
|
Honeywell
International
|
Unknown
Hacker posts PII on website
|
19,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
January 21, 2006
|
Californian
National Guard
|
Stolen
briefcase containing PII
|
Hundreds
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
January 20, 2006
|
University
of Kansas
|
Possible
hacking
|
Undisclosed
|
GLB Act,
California SB-
1386 & other State derivatives, PCI/Visa CISP, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
January 11, 2006
|
Peoples
Bank (Connecticut)/UPS
|
Lost
computer tape
|
90,000 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.10.8.3 -
Physical media in transit
|
January 8, 2006
|
Kerzner
International/Atlantis (Bahamas)
|
Possible
hacking as info goes missing from database
|
55,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
January 2, 2006
|
H & R
Block
|
Mailing
error includes SSNs
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
|
January 1, 2006
|
University
of Pittsburgh Medical Centre
|
6 Computers
stolen
|
700 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment sitting and protection
|
| |
|
ESTIMATED
TOTAL (ROUGH):
|
59,891,890 |
|
|
|
|
|
|
|
|
