GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2007 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
Dec 28, 2007
United States Airforce
Laptop missing/stolen from home of military band member
2,800 California SB-1386 &
other State derivatives
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 28, 2007
Davidson County (Tennessee) Election
Commission
Laptops stolen from offices
337,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 28, 2007
Minnesota Dept.of
Commerce/Promissor Corporation
Laptop stolen from employee
219 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 21, 2007
Franklin County Municipal Court (Ohio)
Exposed Online
270 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 21, 2007
Skipton Financial Services/Moore
Stephens Consulting
Laptop stolen from consultants locker
14,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec, 20, 2007
Greenville County School District S.C.
Hacked
Hundreds
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec, 20, 2007
Dormitory Authority of the State of New
York/UPS
Data tapes missing possibly stolen
800 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Dec 19, 2007
Pennsylvania Department of Aging
Laptop stolen from home, contains PHI
21,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 18, 2007
HM Revenue & Customs (HMRC) UK
Data cartridge lost
6,500 UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
Dec 17, 2007
Royal Bolton Hospital
Laptop stolen from departmental office, contains PHI
350 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 17, 2007
W est Penn Allegheny Health System
Lapop stolen from nurse's home contains
PII & PHI
42,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 14, 2007
Deloitte & Touche'
Contractor's laptop stolen. Data was password protected but not encrypted
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 11, 2007
Iowa Dept. of Natural Resources
Thumb drive missing
7,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Dec 10, 2007
Cameron County, Texas
Auditor sends unauthorised email containing PII including employee salaries to newsreporter
Undisclosed
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Dec 10, 2007
Sutter Lakeside Hospital
Laptop stolen from contractor's home
45,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 10, 2007
Tricare Europe/ Electronic Data
Systems
Undisclosed
4,700 Families
California SB-1386 &
other State derivatives
 
Dec 07, 2007
Citizens Advice
Laptop stolen from staff member's car, data compromised includes bank account numbers
60,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 06, 2007
Oak Ridge National Laboratory
Hacked - phony emails containing malicious code in attachments
12,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 05, 2007
Forrester Research
Laptop stolen from employee's home
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Dec 05, 2007
Memorial Blood Centers
Laptop stolen from offices
268,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Dec 04, 2007
Duke University
Hacked
1,400 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 04, 2007
Indianapolis Power & Light
Data exposed online through website, some as long as 4 years
3,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Dec 04, 2007
Passport Canada
Exposed Online
Undisclosed
PIPA, PIPEDA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 30, 2007
Prescription Advantage
Data found with ID thief, includes PHI
15,000 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Nov 26, 2007
Provincial Health Laboratory
Computer unplugged and taken to home of consultant exposing PII and PHI
Undisclosed
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Nov 26, 2007
Allied Irish Bank
"Technical problem" in the issuing of international payment advice notices, exposes PII including account numbers
15,000 UK/IRELAND Data Protection Act & EU Directive on Data Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Nov 21, 2007
University of Florida
Exposed Online
415 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 20, 2007
HM Revenue and Customs HMRC UK
CD containing child benefit records lost in transit
25,000,000 UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
Nov 17, 2007
Batelle & Batelle LLC/Ohio Masonic
Home & Others
Laptop stolen from employee's car
1,200 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Nov 16, 2007
U.S. Dept. of Veteran Affairs
Ex-employee found with data on his home computer after using credit card issued with one of the stolen ids
185,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Nov 16, 2007
Service Canada
Laptop stolen from employee's home
1,600 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Nov 16, 2007
Kansas State University
Exposed Online
128 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 16, 2007
A.J . Falciani Realty Company
Computers stolen in burglary
1,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 15, 2007
Roudebush VA Medical Centre
2 computers and laptop stolen
12,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 13, 2007
Glenrose Rehabilitation Hospital
Memory stick in purse stolen from office, PHI included
270 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 13, 2007
Commerce Bancorp
Ex-employee gives out information on bank customers which included account numbers
Undisclosed
California SB-1386 & other State derivatives, GLBA
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Nov 13, 2007
The Foreign & Commonwealth Office U
KData exposed online through website
50,000 UK Data Protection Act
& EU Directive on Data
Protection
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 07, 2007
Carolinas Medical Centre
Laptop misplaced by ambulance crew, contains PHI
28,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Nov 06, 2007
Butte Community Bank
Laptop containing customers PII including account numbers stolen from bank
Undisclosed
California SB-1386 & other State derivatives, GLBA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Nov 06, 2007
Montana State University
3 separate incidents - Spreadsheets exposed online, data storage device stolen
326 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Nov 06, 2007
Alabama Dept. of Public Health
Information in letters wrongly sent to customers
1,554 families
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Nov 05, 2007
HM Revenue and Customs
HMRC/Standard Life UK
CD missing in transit, contains data on pension holders
15,000 UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
Nov 01, 2007
City University of New York
Laptop stolen from school's financial aid office
20,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 30, 2007
Hartford Financial Services Group
3 backup tapes misplaced
230,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Oct 30, 2007
University of Nevada, Reno
Professor loses flash drive
16,000 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
Oct 29, 2007
United States Postal Service
Laptop stolen
3,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 28, 2007
Art.com
W ebsite hacked, CCNs compromised
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 25, 2007
University of Akron
Microfilm lost
1,200 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
Oct 24, 2007
Not Your Average Joe
Undisclosed breach compromises data that includes CCNs
Thousands
California SB-1386 & other State derivatives, PCI/Visa CISP
 
Oct 23, 2007
Bates College
Documents exposed online
500 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 23, 2007
Dixie State College
Server hacked
11,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 23, 2007
Blockbuster
Membership forms with PII that includes
CCNs found in trash
400 California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Oct 23, 2007
W est Viginia Public Employees
Insurance Agency/UPS
Computer tape lost in transit
200,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Oct 18, 2007
University of Cincinnati
Employees loses thumb drive, possibly stolen
7,000 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
Oct 17, 2007
Louisiana Office of Student Financial As
Backups lost in transit, possibly stolen
Thousands
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Oct 17, 2007
Home Depot
Laptop stolen from car
10,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 16, 2007
Administaff Inc.
Laptop stolen
159,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 15, 2007
Transportation Security Administration
Laptops stolen from contractor
3,930 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 13, 2007
Montana State University
Hacker compromises PIIs including CCNs
1,400 California SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 12, 2007
King County Transportation Department
Laptop stolen from home
1,400 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 10, 2007
Pfizer /W heels Inc.
Data exposed online through website
1,800 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 08, 2007
Semtech/Unnamed vendor
Laptop stolen from vendor's premises
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 08, 2007
Carnegie Mellon University
2 laptops stolen from Professor's home
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 08, 2007
University of Iowa
Laptop stolen from home
184 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 05, 2007
HM Customs and Revenue UK
Employee's laptop stolen from car
400 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Oct 05, 2007
Kartenhaus
CCNs exposed online
66,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 04, 2007
MacEwan College
Personal credit details exposed online
  California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Oct 04, 2007
Massachussetts Division of
Professional Licensure
Inadvertent exposure of SSNs on disks posted to agencies
450,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Oct 02, 2007
Athens Regional Health Services
Computer stolen from offices. Data compromised includes PHI
1,441 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Oct 02, 2007
The Nature Conservancy
PII including bank account details compromised by hacker
14,000 California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 28, 2007
Gap Inc.
Third party vendor has laptop stolen from offices, contains PII of job applicants
800,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 24, 2007
Utah Department of W orkforce Services
Laptop stolen
2,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 21, 2007
ABN AMRO Mortgage Group
PII exposed online by Peer-to-Peer
(P-2-P) file sharing software by former employee
5,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.8.2.2 - Information Security awareness education &
training
Sept 21, 2007
City of Columbus Ohio
Computers stolen from warehouse
3,500 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 19, 2007
University of Michigan
8,585 data tapes stolen from locked room, no sign of forced entry
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept, 16, 2007
St. Edmundsbury Borough Council (UK)
Laptop stolen from council worker's home, contains bank and insurance account details
1,380 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 14, 2007
Tennessee Tech University
E-mails sent to wrong recipients, exposing account information and other PII
3,100 California SB-1386 & other State derivatives, FERPA
A.8.2.2 - Information security awareness education &
training
A.10.8.4 - Electronic messaging
Sept 14, 2007
TD Ameritrade Holding Corp.
Hacked
6,300,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 12, 2007
Tenncare/Americhoice Inc./UPS
Unencrypted CD lost in transit by courier
67,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Sept 11, 2007
Gander Mountain
Computer stolen or lost at ''undisclosed'' location. Includes CCNs
112,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 11, 2007
Pennsylvania Public W elfare Dept.
2 workstations stolen during break-in, contains PHI
300,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 10, 2007
Purdue University
PII inadvertently exposed online
111 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 07, 2007
McKesson
2 computers stolen, may contain PHI
Thousands
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Sept 06, 2007
De Anza College, California
Instructor's laptop stolen from home
4,375 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Sept 06, 2007
University of South California
PII inadvertently exposed online
1,482 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Sept 04, 2007
Pfizer Inc.
Employee removes confidential information which consists of PII, PHI, CCNs, bank account info.
34,000 California SB-1386 & other State derivatives, HIPAA, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Sept 01, 2007
John Hopkins Hospital
Desktop stolen, may also contain PHI
5,783 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 31, 2007
The Hospital For Sick Children
Doctor loses external hard drive which contains PHI at airport
3,300 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
August 30, 2007
AT&T
Laptop stolen from car of employee of professional services firm
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 30, 2007
Maryland Dept. of Environment
Laptop stolen
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 28, 2007
Connecticut Dept. of Revenue Services
Laptop stolen
106,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 26, 2007
American Ex-Prisoners of W ar
Hard drives, mail, paper files stolen during burglary
35,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 23, 2007
Loomis Chaffee School
Computer stolen during break-in
Hundreds
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 23, 2007
New York City Financial Information
Services Agency
Laptop stolen from IT consultant in restaurant
280,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 22, 2007
California Public Employees' Retirement
SSNs inadvertently printed on brochures distributed to retirees
445,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 21, 2007
W est Virginia Board of Barbers and
Cosmetologists
Safe stolen from offices
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 21, 2007
W alter Reed Army Institute of Research
Unshredded documents found in trash bin
Undisclosed
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 16, 2007
Toshiba General Hospital, Japan
Laptop stolen from hospital
51,156 Japan PIPA,
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 15, 2007
Sky Lakes Medical Centre/Verus Inc.
Exposed PII, PHI online during maintenance
30,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 15, 2007
Idaho Army National Guard
Thumb drive stolen from employee's car
3,400 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
August 13, 2007
Pfizer Inc.
2 laptops stolen from locked car
950 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 11, 2007
Providence Alaska Medical Centre
Laptop stolen, contains PHI
250 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 10, 2007
Unnamed Legacy Health Systems Practi
Employee allegedly steals PII, PHI, CCNs
747 California SB-1386 & other State derivatives, HIPAA, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 10, 2007
Tele2
Hacked
60,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 10, 2007
Loyola University
Hard drive improperly discarded
5,800 California SB-1386 & other State derivatives, FERPA
A.9.2.6 - Secure disposal or re-use of equipment. A.10.7.2 - Disposal of media
August 08, 2007
Yale University
Computers stolen from Dean's office
10,200 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 07, 2007
Electronic Data Systems Corp.
Employees steals data during period of employment and sells PII and possible PHI for use in fraudulent federal tax returns.
498 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 07, 2007
Merryll Lynch
'A computer device apparently was stolen from corporate offices in New Jersey''
33,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 07, 2007
First Response Finance UK
'Server equipment'' stolen during break-in
Thousands
UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 06, 2007
Verisign
Laptop stolen from employee's car
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 04, 2007
Kellogg Community Federal Credit Unio
nComputer stolen during break-in
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 03, 2007
W abash Valley Correctional Facility
Exposed online. Data file inadvertently moved from private drive to a publicly accessible drive
  California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 03, 2007
Capital Health
4 computers containing PII, PHI stolen.
20,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 02, 2007
E.On/Mountjoy & Bressler
Laptop stolen from accounting firm containing PII of E.On empoloyees
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 02, 2007
University of Toledo
2 hard drives stolen from premises
199 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 28, 2007
Yuba County Child support Services ( C
Laptop missing/stolen
70,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 27, 2007
City of Virginia Beach
Former employee found with PIIs
2,000 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 27, 2007
City Harvest
"Improper access of systems'' PIIs, CCNs compromised
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 27, 2007
American Education Services/Vista Fina
Laptop stolen
5,184 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 26, 2007
Aflac
Laptop stolen
152,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 26, 2007
United States Marine Corps/Penn State University
Exposed online
10,554 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 26, 2007
Newcastle City Council UK
CCNs exposed online on insecure server that was publicly accessible
54,000 UK Data Protection Act
& EU Directive on Data
Protection
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 24, 2007
St Vincent Hospital
SSNs exposed online, no PHI
51,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 21, 2007
University of Michigan
Hacked
5,500 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 20, 2007
SAIC
Military contractor exposes unencrypted data online which includes PHI
580,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 19, 2007
Texas Secretary of State
Exposed online
Thousands
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 19, 2007
Jackson Local Schools Ohio
Exposed online
1,800 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 19, 2007
Cricket Communications
Documents containing CCNs stolen from store
300 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 18, 2007
Connecticut General Assembly
Transportation Committee
Exposed online
300 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 17, 2007
Kingston Technological Company Inc.
Undisclosed breach compromises data that includes CCNs
27,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 17, 2007
Louisiana Board of Regents
Exposed online for two years
80,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 17, 2007
W estern Union
Hacked, data includes PII and CCN
20,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 13, 2007
Metropolitan St. Louis Sewer District
Disgruntled employee downloads file onto home computer
1,600 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 12, 2007
City of Encinitas
Data including CCNs inadvertently exposed online for 3 mths
1,200 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 11, 2007
Disney Movie Club/Alta Resources
Contractor steals and sells data
  California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 09, 2007
Cuyahoga County Dept of Development
Memory stick in stolen car
3,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
July 09, 2007
Resona Bank Japan
Documents lost from offices
980,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 07, 2007
Securitas Security Services USA Inc.
Laptops stolen from offices
100,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 05, 2007
Highland University
Burglary at offices compromises data which includes CCNs
420 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 03,2007
Fidelity National Information Services
Employee steals information from financial processing company. Data includes CCNs
2,300,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 29, 2007
Harrison County Schools (West Virginia
Computers stolen
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 27, 2007
University of California Davis
Hacked
1,120 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 27, 2007
Bowling Green State University
Flash drive missing
199 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 27, 2007
Milwaukee PC
Data including CCNs may have been exposed online
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 25, 2007
Ohio Bureau of W orkers Compensation
Laptop stolen from bureau auditor's home
439 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 23, 2007
W inn-Dixie
Documents containing PII & PHI inadvertently left in closed down pharmacy premises
Thousands
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 22, 2007
Texas First Bank
SSNs & Account nos. on laptop stolen from car
4,000 California SB-1386 & other State derivatives, GLBA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 21, 2007
American Airline
Pilots and CEO info exposed online
300 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 21, 2007
Tokyo University Hospital, Tokyo
Documents go missing from nurse's station
120 Unknown
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 18, 2007
Parisexposed.com
Exposed online
750 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 18, 2007
Texas A&M Corpu Christi
Professor loses data on disk while on vacation
8,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 15, 2007
State of Ohio
Backup device stolen from car
64,467 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 14, 2007
Georgia Tech (University)
Exposed online
23,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2007
Coastal Community Credit Union
Backup tapes stolen in transit
120,000 California SB-1386 & other State derivatives, GLBA
A.10.8.3 - Physical media in transit
June 14, 2007
City of Lynchburg
Data including PHI exposed online
1,200 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 13, 2007
Moorepay Ltd/Eden Project Cornwall, U
KLaptop stolen from employees car
500 UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 11, 2007
Grand Valley State University
Flash drive stolen from campus
3,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 11, 2007
Pfizer
File sharing software compromises data
17,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 09, 2007
Concord Hospital
Exposed online
9,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 09, 2007
Concordia Hospital
Hard drive stolen from hospital may include
PHI
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 08, 2007
University of Iowa
W ebsite security breach
1,100 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 08, 2007
University of Virginia
Hacked
5,735 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 07, 2007
Dearfield Medical Building
Box of unshredded documents found in bin
Undisclosed
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 06, 2007
Cedarburg High School
Students hack school system
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 04,2007
Stephens Hospital
Exposed online, no PHI
550 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 03, 2007
Gadsen Community State College
Documents found littering driveway
400 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 01, 2007
NorthW estern University
Exposed online
4,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2007
Bank of Scotland
Financial details lost in post
62,000 UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
June 01, 2007
Jax Federal Credit Union
Exposed online
7,500 California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2007
Fresno County California
Computer disk missing in transit
Undisclosed
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
May 31, 2007
Priority One Credit Union
PII exposed on mailed letters
Undisclosed
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 30, 2007
Saskatoon Health Region
Cards containing PIIs inadvertently given to charity. No PHI
2,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 26, 2007
Cover Tennessee Health Insurance
Computer glitch exposes applicants data online
279 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2007
Booker T. W ashington Community
Center, Auburn
Laptop stolen from center containing data that includes PHI, recovered from culprit at pawn shop
Undisclosed
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 25, 2007
North Carolina Department of
Transportation
Hacked
25,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2007
W aco Independent School District
2 students hack into server
17,400 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2007
Check Into Cash
Documents found in local bin
Hundreds
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 22, 2007
University of Colorado, Boulder
Hacked- Antivirus software not patched
45,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 22, 2007
University of Pittsburgh Medical Center
SSNs exposed through envelope window
6,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 21, 2007
Columbia Bank NJ
Hacked
Undisclosed
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 20, 2007
Northwestern University
Laptop stolen
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 19, 2007
Yuma Elementary School District
Briefcase containing documents stolen from employees car
91 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 19, 2007
W ylie Police Department
Laptops stolen from offices
229,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 19, 2007
Illinois Department of Financial and
Professional Regulation.
Hacked
300,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 19, 2007
Stony Brook University
Inadvertently exposed online as it was vulnerable to search engine Google
90,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2007
Alcatel-Lucent
Disk lost in transit
Undisclosed
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
May 17, 2007
Georgia Department of Human Resourc
Records improperly discarded
140,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 15, 2007
IBM
Unencrypted tapes lost in transit
Undisclosed
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
May 14, 2007
Community College of Southern Nevada
Hacked
197,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 12, 2007
Goshen College
Hacked
7,300 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 11, 2007
UCI Medical Centre
Files of patients PII and medical record numbers stored in off-site location missing
287 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 10, 2007
Highland Hospital
Laptop stolen from offices and sold but recovered on ebay contained no PHI
13,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 09, 2007
SEB
Hacked systems contained credit and debit card numbers
10,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 09, 2007
Standard Life UK
Policy documents sent to wrong customers
300 UK Data Protection Act
& EU Directive on Data
Privacy
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 08, 2007
University of Missouri
Hacked
22,396 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 07, 2007
State Department of Administration India
Inadvertently exposed online
Dozens
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 05, 2007
Marks & Spencer UK
Laptop stolen from printing firm
26,000 UK Data Protection Act
& E2
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 04, 2007
US Transportation Security Administrati
Hard drive missing from controlled area at ooffices
100,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 03, 2007
Louisiana State University
Laptop stolen from employee's home
750 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 03, 2007
Montgomery College
List of students with PII infromation inadvertently posted on shared network drive
Hundreds
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 03, 2007
Department of Natural Resources
Employee loses memory stick after downloading information to work from home
1,433 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 02, 2007
Royal Cornwall Hospitals NHS Trust
Computer stolen from offices, contains no
PHI
10,000 UK Data Protection Act
& EU Directive on Data
Privacy
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 01, 2007
W eston Travel and Insurance Agencies
Unshredded customer applications containing PII and CCNs found in dumpster
Hundreds
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 01, 2007
Champaign Fraternal Order of Police
Officers PII found on computer donated to charity
139 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 01, 2007
JP Morgan Chase
Computer tape lost in transit
47,000 California SB-1386 & other State derivatives, GLBA
A.10.8.3 - Physical media in transit
April 29, 2007
University of New Mexico
Laptop stolen from office
3,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 27, 2007
Couriers on Demand
Inadvertently posted PII on website
Hundreds
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 27, 2007
Caterpillar Inc.
Laptop stolen from consultant working with company
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 26, 2007
Ceridian Corp./Innovation Interactive
Former employee inadvertently exposes data on personal website after mistakenly leaving the company with the data
150 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 24, 2007
Purdue University
Inadvertently exposed PII online
175 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 24, 2007
Baltimore County Dept. of Health
Laptop stolen from offices
6,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 24, 2007
Neiman Marcus Group
Computer equipment stolen from company's pension consultant
160,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 23, 2007
Federal Emergency Management Agenc
SSNs printed on outer labels of reappointment letters
2,300 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 20, 2007
United States Dept. of Agriculture
Inadvertently posted on website
63,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2007
Los Alamos National Laboratory
Subcontractor inadvertently posted employees PII online
550 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 19, 2007
New Mexico University
Inadvertently exposed PII online for nearly 2 hours
5,600 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 18, 2007
University of California San Francisco
Computer file server stolen data include
PHI
3,000 California SB-1386 & other State derivatives, FERPA, HIPAA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 18, 2007
Ohio State University
Two laptops stolen from Professors home
3,500 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 17, 2007
CVS Corp
PII, PHI, CCNs dumped in garbage container
1,000 California SB-1386 & other State derivatives, HIPAA, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 17, 2007
Ohio State University
Hacked
14,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2007
Bank of America
Laptop stolen from employee during break- in, data included some bank's employee PII
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 12, 2007
Fulton County, Georgia
Voter registration cards recovered from dumpster
75,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 12, 2007
University of Pittsburgh Medical Centre
'Inadvertently'' posted PII and PHI on website
80 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2007
Black Hills State University
SSNs inadvertently posted on website
56 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2007
New Horizons Community Credit Union/
Laptop stolen from consultant containing protected loan account information
9,000 California SB-1386 & other State derivatives, GLBA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 11, 2007
ChildNet
Laptop stolen from HQ possibly by former employee
Thousands
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 07, 2007
Georgia Dept. Of Community Health/ Affiliated Computer Services
CD lost in transit containing PII but no PHI
2,900,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 09, 2007
Turbo Tax
W ebsite flaw exposes tax returns online
Thousands
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 08, 2007
Rogers Communications Inc. Canada
Order forms with PII and CCNs found strewn all over parking lot
Hundreds
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 06, 2007
Chicago Public Schools
Two laptops stolen from HQ
40,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 06, 2007
Hortica
Backup tapes lost during transit
Undisclosed
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 05, 2007
Mercer Human Resources
Consulting/DCH Health System
Encrypted disc and hard copies lost during transit
6,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 04, 2007
University of California San Francisco
Possibly hacked
46,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 30, 2007
University of Montana - W estern
Computer disk stolen from office
400-500
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 30, 2007
Navy Station San Diego
Laptops missing. Presumed stolen from offices
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 30, 2007
LA County Child Support Services
Laptops missing. Presumed stolen from offices
1,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 29. 2007
RadioShack
Employees payment slips with CCNs &
other PII found in dumpster
Thousands
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 27, 2007
Nottinghamshire Healthcare UK
Laptop stolen from offices
11,500 UK Data Protection Act
& EU Directive on Data
Privacy
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 27, 2007
St. Mary Parish Schools
Search engine exposes data online
380 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 27, 2007
Halifax Bank of Scotland HBOS Scotlan
Briefcase containing documents stolen dfrom employees car
13,000 UK Data Protection Act
& EU Directive on Data
Privacy
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 26, 2007
U.S. Army Training and Doctrine Comm
Laptop stolen from employee's vehicle
16,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 24, 2007
Group Health Co-operative Health
Care System,
2 laptops missing contain PII, but no PHI
31,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 23, 2007
Swedish Urology Group
Hard drives stolen from offices, may include
PHI
Hundreds
California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 21, 2007
HSBC Australia
Hardcopies of data with PII including financial data found on train
100 Australian Privacy Act, UK Data Protection Act
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 20, 2007
Tax Service Plus
Backup computer stolen from offices by intruder. Data included CCNs and other PII
4,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 16, 2007
Springfield Ohio City Schools
Laptop stolen from auditor's car
1,950 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 14, 2007
W ellpoint & Empire Blue Cross and Blue
Unencrypted compact disc containing data that includes medical info. missing or stolen
75,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
March 12, 2007
Dai Nippon Printing Company, Tokyo
Former employee steals data by copying data onto floppy disks that includes CCNs
9,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 10, 2007
University of Idaho
PII inadvertently exposed online
2,700 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 9, 2007
California National Guard
Hard drive stolen from physically secure room
1,300 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 7, 2007
United States Census Bureau
PII inadvertently posted on public available website
302 Households
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 7, 2007
Los Rios Community College
Database exposed online by aggressive search engine
2,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 3, 2007
Johnny's Selected Seeds
W ebsite hacked, CCNs compromised
11,500 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 2, 2007
Metropolitan State College of Denver
Computer stolen from campus office
988 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 1, 2007
W esterly hospital
PII and medical records posted online by unknown culprit
2,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 1, 2007
The Hospital For Sick Children
Laptop stolen from a physician's car
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 1, 2007
Tokyo University of Science
Bag containing a disk was stolen on lecturers train ride home
8,800   A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Feb 24, 2007
Japan Post, Japan
Bag containing data stolen from car
290,000   A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
Feb 23, 2007
National Australia Bank Australia
W rongly addressed bank details sent to customers
397 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Feb 23, 2007
W orcestershire County Council
Laptop containing bank details and other PII
stolen in street robbery
19,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Feb 23, 2007
Rabun Apparel Inc.
Inadvertently exposed PII online
1,006 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 22, 2007
Speedmark, Texas
Computer stolen from office
35,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Feb 21, 2007
Georgia Tech University
Hacked and illegal access gained to PII and purchasing card information
3,000 California SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 20, 2007
Companies Registrations Office Ireland
W ebsite hacked since December 2006, Defaced, Data on companies may have been accessed through this site
Unknown
UK/Irish Data Protection
Act
& EU Directive on Data
Privacy
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 20, 2007
Back & Joint Institute Texas
Medical records found dumped in trash bin
Hundreds
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Feb 19, 2007
Stop & Shop
Credit & debit card readers tampered with
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Feb 19, 2007
Seton Family of Hospitals
Laptop stolen from office
7,800 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Feb 19, 2007
Clarksville Montgomery County Middle
& High Schools
Inadvertently exposed PII on website
633 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 17, 2007
State of Connecticut
Inadvertently exposed PII on website for 3 years
1,753 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 15, 2007
City College of Francisco
PII inadvertently exposed online for 7 years
11,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 15, 2007
Iowa Dept. of Education
Hacked
160,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 14, 2007
Kaiser Permanente
Stolen laptop containing data that includes
PHI
22,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Feb 11, 2007
W ashington DC Metropolitan Police
Inadvertently released info to unauthorized advisory officials
2,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Feb 10, 2007
Dept. of W ork and Pensions UK
Letters containing PII sent to wrong recipients
26,000 UK Data Protection Act
& EU Directive on Data
Privacy
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Feb 10, 2007
State of Indiana
Hacked and programming error allows intruder to view unsuppressed credit card numbers
5,600 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 9, 2007
East Carolina University
Programming error exposes PII including
CCNs online
65,000 California SB-1386 & other State derivatives, FERPA, PCI/VISA CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 8, 2007
Piper Jaffray
Carelessly expose SSNs by printing on the outside of the envelope in letters sent to employees
Over 1000
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Feb 8, 2007
St. Mary's Hospital
Laptop stolen, no PHI
130,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Feb 7, 2007
Central Connecticut State University
Malfunctioning machine exposes SSNs in address windows of envelopes
750 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Feb 7, 2007
University of Nebraska, Lincoln
Employee inadvertently posts PII on website for two years
72 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 7, 2007
John Hopkins University Hospital
Backup tapes misplaced by contractor
52,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Feb 6, 2007
Metro Credit Services
Records obtained by defunct bill collector company containing PHI and PII found in trash bin
Thousands
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
Feb 6, 2007
New York Dept. of Labour
Documents stolen from tax auditor's home
537 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Feb 3, 2007
CTS Tax Service
Computer stolen from office
800 GLB Act, California SB-
1386 & other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Feb 2, 2007
Birmingham Veterans Medical Centre
Employee's portable hard drive containing
PII missing presumed stolen
Undisclosed
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
Feb 2, 2007
New York Dept. of State
Inadvertently exposed PII on website
Undisclosed
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 2, 2007
University of Missouri
Hacked
1,220 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Feb 2, 2007
W isconsin Legislative Human Resource
Report stolen from employees car outside a gym
150 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Feb 2, 2007
San Francisco Indian Consulate
Sensitive documents dumped in recycling centre yard
Thousands
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
Feb 1, 2007
Massachusetts Dept. of Industrial Accid
Former contractor allegedly accessed workers compensation database to steal PII eto commit fraud
1,200 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Jan 29 2007
Vermont Agency of Human Services
Hacked computer containing financial data
70,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Jan 29 2007
Halifax Bank of Scotland HBOS Scotlan
W oman inadvertently sent bank statements of 7p50p00 customgers
75,000 UK Data Protection Act
& EU Directive on Data
Privacy
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
Jan 28 2007
Salina Regional Center
offices
1,100 other State derivatives,
A.9.1.2 - Physical entry controls
Jan 26 2007
Eastern Illinois University
Computer stolen from offices
1,400 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 26 2007
Chase Bank/Bank One
Used desk purchased at furniture shop contained spreadsheet with PII of former employees
4,100 GLB Act, California SB-
1386 & other State derivatives, FACT Act
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
Jan 26 2007
Anthem Blue Cross Blue Shield
Cassettes containing customer info stolen from lock box
50,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 26 2007
Vanguard University
Two computers stolen
5,105 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 26 2007
Indiana Dept. of Transportation
Exposed on internal network drive
4,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Jan 25 2007
W ahiawa W omen Infants & Children
(Dept. of Health)
ID theft possibly involving employee
11,500 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
Jan 25 2007
Ohio Board of Nursing
PIIs exposed online
3,031 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Jan 24 2007
Rutgers University
Laptop stolen from office
200 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 23 2007
Clay High School
Student hacks school computers
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Jan 23 2007
Xerox W ilsonville
Laptop stolen from managers car
297 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Jan 22 2007
Chicago Board of Election
100 cds with the voters info wrongly distributed to aldermen & ward committee men, 6 discs are completely missing
1,300,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
A.10.8.4 - Electronic Messaging
Jan 20 2007
Greenville County School District S.C.
Boxes containing PII of teachers over a period of years left behind during renovation
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment off-premises A.10.8.3 - Physical media in transit
Jan 19 2007
IRS/Kansas City Govt
26 computer tapes containing taxpayer info.missing
Undisclosed
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.9.1.2 - Physical entry controls
Jan 18 2007
KB Home Charleston
Computer stolen
2,700   A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 17 2007
The TJX Companies Inc.
Possibly hacked, systems containing
CCNs, debit card nos etc
45,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Jan 17 2007
Rincon del Diablo Municipal W ater Distr
2 computers containing credit card numbers stolen from offices
500 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 16 2007
University of New Mexico
3 computers stolen from associate provost's office containing PII of faculty members
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 13 2007
North Carolina Dept. of Revenue
Laptop stolen from car
30,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Jan 12 2007
Moneygram/Unnamed biller
'Unlawfully accessed'' PII may include bank a/c numbers
79,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
Jan 11 2007
University of Idaho
3 desktops stolen from offices
70,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 08 2007
Towers Perrin/unnamed clients
Clients data on 5 laptops stolen from locked room in office building
Tens of thousands
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 08 2007
University of Notre Dame
University director's laptop stolen
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
Jan 04 2007
Johnston County, Selma
Laptop stolen from Selma water treatment plant
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
Jan 03 2007
Academic Magnet High School
Charleston
Laptops and PCs stolen from premises
Hundreds
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
    ESTIMATED TOTAL (ROUGH):
102,207,257    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.