GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2008 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
December31, 2008
Ohio State University
PII exposed online
18,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 31, 2008
New Hampshire's Lakes Region General Hospital/UPS
Parcel containing PHI, PII lost in transit
1,500 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
December 28, 2008
RBS WorldPay
Twenty years of payment processing history as well as SSNs are compromised by hackers
1,500,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 24, 2008
FEMA
PII exposed on privately run websites
16,857 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 23, 2008
Ohio University-Chillicothe
An external computer hard drive missing or stolen
38 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 23, 2008
Cedars-Sinai Medical Center
A former billing department employee steals hospital patients
PII
1,000 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 22, 2008
University of North Carolina School of the Arts
PII may have been accidentally exposed in a security breach involving a university computer server
2,700 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 20, 2008
Pulte Homes
Backup tapes stolen from offices, PII including financial account information affected
16,000 California SB-1386 & other State derivatives, GLBA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 19, 2008
Austin Peay State University
Two computers containing personal information were stolen
750 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 18, 2008
Bill Dube Ford/Toyota
Data backup tape stolen, PII compromised
10,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
December 17, 2008
New Hampshire Dept. of Health and Human Services
PHI, PII was mistakenly attached to an e-mail to health care organizations
9,300 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
December 17, 2008
Bar Council London, UK
Bank account information and other confidential data stolen from offices
3,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 15, 2008
Louisiana Department of Revenue
The Louisiana Department of Revenue accidentally divulged the personal information of taxpayers to other people with tax debts
299 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 15, 2008
University of North Carolina
Virus may have allowed unauthorized access on a computer in the Accounting Services office.
Unknown
California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 14, 2008
Zyacorp Entertainment Cinemagic Stadium
Hackers broke into a Merrimack movie theater's servers and stole customers' credit card information
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 12, 2008
Oregon Health & Science University
A laptop stolen contained PHI, PII. It was stolen from a hotel while an OHSU employee> was there on business
890 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
December 11, 2008
Hewlett-Packard/Symantec, Houston TX
Employee records were on a laptop that was stolen from an
HP employee based in the Houston area
Thousands
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
December 06, 2008
Landesbank Berlin
CCNs inadvertently sent to the newspaper> Frankfurter
Rundschau.
10,000 California SB-1386 & other State derivatives, PCI/Visa CISP & EU Directive on Data Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 05, 2008
British National Party (BNP) UK
Unauthorized release of the BNP party membership> list
13,500 UK Data Protection Act
& EU Directive on Data
Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 05, 2008
Cal Poly Pomona
A student accesses an Excel file containing PII while on the
Internet.
675 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 04, 2008
Deo B. Colburn Foundation
PII exposed online for 3 years. Google search engine exposed personal data
341 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 03, 2008
Central California Appellate Program
A backup computer disk was in a safe taken by thieves who broke into a storage facility. PII compromised
Unknown
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 02, 2008
Florida Agency for WorkforceInnovation, FL
Thousands of files containing millions of employment records were posted online in the course of developing a new website
259,193 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 26, 2008
Luxottica Retail
Hacked, PII compromised
59,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 25, 2008
Weber State University
Hard copy records of postal box office rental information stolen from center
70 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 24, 2008
Starbucks Corp
Laptop stolen
97,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
November 22, 2008
Maryland Dept.of the Environment
Two laptops belonging to two ex-employees stolen
1,367 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 21, 2008
Jackson-Madison County School System
Computer disk containing SSNs stolen from Principal's car
200 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
November 12, 2008
Pinellas County and Florida State Agency offices
Documents with PII, PHI & other confidential found in trash
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 12, 2008
University of Florida
College of Dentistry computer server hacked, PII, PHI
compromised
330,000 California SB-1386 & other State derivatives, HIPAA Security, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 09, 2008
Sinclair Community College
Exposed online
1,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 09, 2008
City of Charlottesville
Two laptops containing voter registration information> stolen from building
25,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 09, 2008
Texas A&M University
Internet search exposes document online
1,430 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 07, 2008
Christus Health Care
Backup tapes stolen from car
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
November 06, 2008
Havard Law School
Computer tape containing PII, financial information missing or stolen
21,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 05, 2008
North Carolina Dept.of Health & Human Services
Employee laptop stolen
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
November 04, 2008
Arizona Department of Economic Security
Children's PII stored on hard drives stolen from a storage unit
40,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 01, 2008
Bayor Health Care System Inc.
Laptop stolen from employee's car. PII & PHI compromised
100,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
November 01, 2008
Veterans Affairs Medical Centre
PII inadvertently posted on public website
1,600 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 01, 2008
Seattle School District
PII inadvertently released to local union
5,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 31, 2008
U.S. Postal Service
Breach in database security that allowed a ring of thieves including government employees> to obtain confidential information> so they could fraudulently use credit cards stolen from the mail
400 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
October 27, 2008
Shell Oil Co.Texas
Employees of third party contractor misuse information stored on corporate datatbase. PII compromised
Unknown
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
October 26, 2008
Unknown company, Boise, Idaho
Forty boxes filled with files containing SSNs, bank account numbers, address histories and credit histories of at least 100 people dumped outside a Boise recycling center
100 California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 25, 2008
City of Goodyear, Arizona
Employee list of SSNs was stolen from the car of a staffer who had taken the data home
570 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
October 24, 2008
Shenendehowa Transportation Employees, NY
Misconfigured server gives student access to employees> PII
250 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 23, 2008
Medical Mutual of Ohio
Eleven computer disks missing in transit with US Postal
Service
36,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
October 23, 2008
Banco Santander/Abbey National Plc UK
"CONFIDENTIAL details of dozens of bank customers> were found dumped in a back street in Bolton town centre."
Unknown
UK Data Protection Act
& EU Directive on Data
Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 22, 2008
KRM Management
Workstations and laptops stolen from offices, Police officer
PIIs affected
5,700 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 20, 2008
Johnston County, NC
SSNs readily available to the public through the Johnston County, North Carolina Register of Deeds web site. The information is also available to anyone that asks for it.
22,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 20, 2008
Community Bank of the Ozarks
Possibly hacked, bank account information> compromised
Hundreds
California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 19, 2008
Mary Washington Hospital
Online Computer system breached. PHI affected
803 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 18, 2008
City of Goodyear, Arizona
List of SSNs stolen from employee's car at home
570 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
October 17, 2008
State University of New York, Binghampton
PIIs of students that attended university in the 1970s found in dumpster on campus
56 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 17, 2008
The Planet, Texas
Customer portal account and server passwords compromised
25,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 15, 2008
City of Indianapolis
Spreadsheets with confidential data (PII) inadvertently exposed online
3,300 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2008
Aspen Dental
Confidential patient dental records found on the street
60 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 14, 2008
Horizon Restaurants Inc./Lansky's
CCNs breached 'electronically' from a Bellevue Lansky's
40 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2008
Things Remembered Inc.
An "unknown, unauthorized person accessed a file" containing employee> personal information
4,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2008
Dept. of Homeland Security/Federal Emergency Management Emergency (FEMA)/Unnamed mailing contractor
Victims PII which included account numbers exposed through mailing error
1,000 California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 13, 2008
eBay Inc.
eBay logins. eBay accounts, including usernames, passwords and mail address compromised by hackers
5,534 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 13, 2008
Southwest Mississippi> Community College
Personal data exposed online
1,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 10, 2008
Ministry of Defence/EDS Corporation, UK
IT contractor loses Govt removable hard drive
1,700,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
October 07, 2008
Department of Administration, Charleston
Laptop stolen from auditor's vehicle
535 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
October 07, 2008
UND Alumni Association, ND
Software vendor's laptop stolen from car. CCNs, PII
compromised
84,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
October 01, 2008
The Foothills Parks and Recreation District (Littleton, CO)
Malware attack compromises PIIs and CCNs
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 29, 2008
Royal Airforce, Innsworth, UK
Thieves broke into base and stole disc drives containing> PII
which includes bank details
50,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 26, 2008
Fort Wayne Community Schools
Man may have misused some employees' personal information in his possession arrested for forgery and counterfeiting .
3,348 California SB-1386 & other State derivatives, FERPA
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
September 23, 2008
Texas Lottery Commission, Texas
A former Texas Lottery Commission computer analyst downloaded his own work files off his computer containing the personal data of Texas lottery winners and took them to his next job. PII compromised.
27,075 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
September 22, 2008
Sonoma State University, California
Social Security numbers have been exposed to the public through an internal department website.
600 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 19, 2008
Texas A & M University, Texas
Computer server hacked. SSNs compromised
31 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 15, 2008
Forever 21, LA, California
Criminals hacked computers containing credit and debit card numbers
98,930 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 13, 2008
State Farm Insurance
An employee of State Farm fraudulently used customer information to open credit-card accounts.
137 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
September 12, 2008
Tennessee State University
A flash drive containing students financial information and
SSNs reported missing.
9,000 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
September 11, 2008
University of Iowa College of Engineering
Computer containing> a file with names and Social Security numbers of students stored on its hard drive breached.
500 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 11, 2008
Marshall University
The names and SSNs of Marshall University students were openly available on the Internet.
198 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 10, 2008
Franklin Savings and Loans
An unauthorized person gained access to a database containing personal information such as names, addresses, phone numbers, account numbers, account balances and SSNs.
25,000 California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 10, 2008
Ivy Tech Community College
Employee inadvertently shared file meant for a single employee of the college. Due to a clerical error, the invitation to view the file was sent to a list of all Indianapolis region employees.
Unknown
California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 09, 2008
University of Pittsburgh
Laptop stolen from campus
Unknown
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 06, 2008
National Offender Management Service/EDS, UK
Computer hard drive lost by private firm EDS
5,000 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
September 05, 2008
East Burke (Morganton, NC) High School
PII exposed online for 5 years. Yahoo search engine exposed personal data
163 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 02, 2008
Clarkson University
PII exposed on shared server, by non-malicious hacker
245 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 28, 2008
Reynoldsburg Ohio City School District
Laptop stolen from technicians car after PII phase out on database
4,259 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 27, 2008
Kansas State University
Documents stolen from vehicle
86 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 26, 2008
Prince William Co. Public Schools
File-sharing program on home computer exposes PII online
2,600 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 26, 2008
Pennsylvania Public Welfare Department
Welfare renewal packets sent to wrong addresses
2,845 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 26, 2008
Graphic data, Royal Bank of Scotland, NatWest, American Express UK
Drive sold on ebay contained PII, CCN
1,000,000 UK Data Protection Act
& EU Directive on Data Protection,> PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 23, 2008
Best Western
Hacked, CCNs compromised
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 22, 2008
Louisiana Real Estate Commission
Inadvertently exposed online
13,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 21, 2008
PA Consulting/The Home Office, UK
Contractor loses memory stick containing PII of prolific offenders
10,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 20, 2008
Princeton Review
Configuration flaw exposes PII with test scores on website
108,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 20, 2008
Barclays Bank Plc UK
Wrong account details sent to customers, CCNs compromised
17,000 UK Data Protection Act
& EU Directive on Data Protection,> PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 19, 2008
Kingston Tax Service
Office computers stolen during burglary
Unknown
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 18, 2008
UK Department for Work Pensions
Laptop stolen
62,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 18, 2008
Dominion Enterprises/Interactive Financial Marketing
Group IFMG
Hacked
92,095 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 14, 2008
Wuesthoff Medical Centre
PHI, PII compromised as data Inadvertently posted online
500 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 13, 2008
Charter Communications
Several laptops stolen from offices
9,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 11, 2008
Ireland Dept, of Social & Family Affairs
Laptop containing unencrypted welfare receipients PII missing for a year
380,000 IRL Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 07, 2008
Harris County Hospital District
Low level employee downloads PHI on flash drive and loses it
1,200 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 04, 2008
Arapahoe Community> College
Contractor flashdrive stolen or lost at a mountain resort, SSNs and CCNs compromised
15,000 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
August 02, 2008
Countrywide Financial Corp
Employee copies customer data (Mortgage application> data)
for resale
2,000,000 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
August 01, 2008
Stepping Hill Hospital UK
Laptop stolen during office burgalary
1,581 UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 01, 2008
Delphi Automotive/Ohio Dept of Job & Family Services
Flash drive removed from unattended laptop of employee out having lunch
2,600 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 31, 2008
University of Texas at Dallas
Hacked
9,100 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 30, 2008
City of Yuma, Arizona
Email containing PII sent unintentionally
300 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
July 29,2008
Anheuser-Busch, St. Louis
Laptop stolen from office
Undisclosed
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 29,2008
Blue Cross Blue Shield of Georgia
Benefit letters containing PII, PHI sent to wrong receipients
202,000 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 26, 2008
Connecticut College
Hacked
2,800 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 25, 2008
Ohio University
Clerical error exposes PII online
492 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.3 - Publicly Available Information
July 24, 2008
University of Houston
PII posted on internet for 2 years
259 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.3 - Publicly Available Information
July 24, 2008
Hillsborough Community College
Programmers laptop stolen from hotel parking lot
2,000 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 24, 2008
Saint Mary's Regional Center
Proprietary database hacked, PII and limited health information compromised
128,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 24, 2008
Village of Tinley Park, Illinois
Back-up tape lost in transit
20,400 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
July 19, 2008
Minneapolis Veterans Home
Backup server stolen from office, PII, PHI affected
336 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 18, 2008
Falkirk & District Royal Infirmary UK
Laptop stolen from offices
89 UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 17, 2008
University of Maryland
Expose SSNs on mailed letters
23,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 17, 2008
Bristol Myers Squibb Co.
Back-up tape stolen in transit
Undisclosed
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
July 15, 2008
University of Texas Austin
PII Inadvertently exposed online by professors
2,500 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.3 - Publicly Available Information
July 15, 2008
Missouri National Guard
Undisclosed
2,000 California SB-1386 &
other State derivatives
 
July 15, 2008
Weber Law Firm
Financial records containing PII found in dumpster
Hundreds
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 15, 2008
Indiana State University
Laptop stolen from office
2,500 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 14, 2008
Washington Metropolitan Area Transit Authority
PII Inadvertently exposed on website
4,700 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.3 - Publicly Available Information
July 11, 2008
Fort Lewis
Laptops stolen from Army employee truck
900 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 10, 2008
Williamson County ( TN) Schools
Director posts students PII unto the internet
4,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 09, 2008
Wagner Resource Group
Employee exposes PII by using P-2-P software on his official laptop
2,000 California SB-1386 &
other State derivatives
A.10.9.3 - Publicly Available Information
July 08, 2008
LPL Financial
Hackers compromise employee systems. Passwords, accounts may have been compromised
10,219 California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 08, 2008
Yan Chai Hospital Hong Kong
Floppy disks containing patient PII lost, but did not contain
PHI
3,000 Personal Data Privacy
Ordinance
 
July 07, 2008
Florida Agency for Health Care Administration
Database containing donor PII exposed online
55,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 04, 2008
Clark County Nevada District Court
Vendor exposes juror PIIs by email
380 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
July 02, 2008
Associated Newspapers UK
Laptop stolen, PII, financial data may have been compromised
Thousands
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
July 02, 2008
University of Nebraska at Kearney
Possibly hacked, PHI compromised
2,035 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 02, 2008
Baptist Health
Employee steals customers PII and uses it to obtain credit
1,800 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
June 27, 2008
Montgomery Ward
Hacked, CCNs compromised
51,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 26, 2008
Texas Dept. of Public Safety/L-1 Identity Solutions
Lockbox stolen from office of L-1 Identity solutions employee
PII compromised
826 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 24, 2008
South East Missouri State University
Former employee found with SSNs and unauthorised access to students accounts
800 California SB-1386 & other State derivatives, FERPA
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
June 23, 2008
California >   Dept. of Consumer Affairs
Document improperly> transmitted electronically outside department
5,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 20, 2008
Virgin Media UK
Unencrypted cd missing, Bank account information> affected
3,000 UK Data Protection Act
& EU Directive on Data
Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 19, 2008
Petroleum Wholesale
Dumped records in trash. Compromised data includes receipts with CCNs, PII
Hundreds
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 18, 2008
Castlecroft Medical Practice
Laptop containingPII, PHI stolen from home of GP
11,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 13, 2008
Texas Insurance Claims Services
Files found in dumpster containing PII
Hundreds
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 12, 2008
Colombia University
Student employee posted database on Google hosted website for months
5,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2008
Dickson county (TN) Board of Education
Personnel employee> information on laptop stolen from office
850 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 10, 2008
University of Florida
Inadvertently exposed online
11,300 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2008
University of Utah Hospitals & Clinics
Back-up tapes stolen from courier who drove home in transit
2,200,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
June 10, 2008
1st Source Bank
Debit cards compromised after hacking incident
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2008
Cotton Traders
Website hacked, credit cards compromised
38,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 09, 2008
University of California
Desktop computer stolen from office
7,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 07, 2008
East Tennessee State University
Desktop computer stolen
6,200 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 06, 2008
Stanford University
Laptop stolen
72,000 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 04, 2008
Canadian Canol Growers Association CCGA
Laptop stolen from offices
32,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 04, 2008
AT & T
Laptop stolen from car, containing unencrypted PII
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 04, 2008
Medisure
Back - up tapes in transit stolen from van by thieves, PHI
affected
1,700 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
June 03, 2008
Oregon State University
Servers hacked, credit cards compromised following online orders
4,700 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 02, 2008
Connecticut Department> of Labor
Records inadvertently shredded
2,100 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 02, 2008
Walter Army Medical Center
Compromised file found on insecure non-governmental computer. No PHI affected, breach type unknown
1,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 31, 2008
Pocno Mountain School District
Hacked
11,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 29, 2008
State Street Corp//Unnamed vendor
Computer stolen from unnamed vendor 5 months ago
45,500 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 28, 2008
University of California, San Francisco
Possibly hacked, PHI compromised
3,569 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 22, 2008
Downington Area School District
Hacked by student
55,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 21, 2008
Bank of New York Mellon/Archive Systems Inc.
Unencrypted back-up tape lost, PII, account information affected
4,500,000 California SB-1386 & other State derivatives, GLBA
A.10.8.3 - Physical media in transit
May 21, 2008
Oklahoma Corporation> Commission
Server bought at auction contained PII
5,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 20, 2008
New York University
Inadvertently exposed online for months
273 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 20, 2008
University of Florida, College of Medicine, Jacksonville
PII, PHI including photographs stored on doctor's personal computer who gives laptop to friend
1,900 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 16, 2008
Greil Memorial Pschiatric Hospital
Index cards containing PII missing from hospital
Hundreds
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 16, 2008
Spring Independent School District, Texas
Laptop stolen from employee's car
8,000 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 15, 2008
BB & T Insurance
Laptop stolen, PHI, PII compromised
Undisclosed
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 14, 2008
Oklahoma State University
Computer server hacked
70,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 14, 2008
First Calgary Savings
Laptop stolen from car
Undisclosed
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 12, 2008
Pfizer Inc.
Company laptop & flash drive stolen
13,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 12, 2008
Dave & Buster's
Computerized cash registers hacked
5,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 11, 2008
Chilean Ministry of Education
Government files hacked and posted on internet
6,000,000   A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 09, 2008
Princeton University Tower Club
Email inadvertently sent to alumni members contained members PII
103 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 08, 2008
Las Cruces Public Schools
Staff member inadvertently posts student & staff PII on website
1,800 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 08, 2008
Dominican University
Spreadsheets with confidential data exposed on network storage area
5,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 08, 2008
Kong Kong & Shanghai Banking Corporation
Server stolen from offices during renovation,> contained account numbers and transactions
159,000   A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 06, 2008
Northeast Security
PII including cancelled cheques & details of security system found in dumpster
Undisclosed
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 06, 2008
Ohio State University Agricultural Technical Institute
PII including salaries of staff mistakenly sent to 680 students in an email
192 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 04, 2008
Westpac
VISA cards compromised. Breach type undisclosed, possible hacking
2,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 02, 2008
First Citizens Bank/Iredell County Tax Administration
Courier vehicle with shipment containing tax information stolen
468 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
May 01, 2008
Lunardi's Supermarket
ATM & credit card reader switched at checkout aisle. CCNs compromised
100 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 01, 2008
Target America Inc./University of California,> San
Francisco
PII, PHI exposed on Target's (vendor) website over a 3 month period
6,313 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 01, 2008
Staten Island University Hospital
Desktop & hardrive stolen from offices, PII compromised, PHI
not affected
88,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 25, 2008
Baltimore Highway Administration
Employee inadvertently transferred personnel> transaction data to a shared drive
1,800 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 25, 2008
University of Colorado, Boulder
PIIs compromised, possibly hacked
9,500 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 25, 2008
Wisebuys
Credit cards and debit cards compromised, type of breach unknown
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
 
April 24, 2008
Coos County Oregon
Laptop stolen from the car of an employee of an accounting firm
500 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 23, 2008
Chrysler Financial
Data tape lost in transit
Undisclosed
California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 23, 2008
Southern Connecticut State University
Exposed online, PII may have been accessed by hackers
11,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 23, 2008
University of Texas Health Science Center
SSNs visible on billing envelopes sent out to customers
2,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 22, 2008
CollegeInvest
Hard drive lost during office relocation
200,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 22, 2008
University of Massachusetts Amherst Health Services
Hacked, PHI compromised
Thousands
California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 22, 2008
Boots Dental Plan UK
Data tapes stolen from courier's vehicle, bank account details compromised
34,000 UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
April 22, 2008
LendingTree
Former employees share passwords with other lenders who accessed customer information
Undisclosed
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
April 22, 2008
Bank of Ireland, Rep. of Ireland
Laptops missing over the past year, PII compromised
30,000 UK/IRL Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 19, 2008
Central Collection Bureau
Server stolen from offices during break-in, contained> billing information
700,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 17, 2008
University of Miami
Computer tapes stolen from van of off-site storage company. PII, PHI, CCNs compromised
2,100,000 California SB-1386 & other State derivatives, PCI/Visa CISP, HIPAA Security
A.10.8.3 - Physical media in transit
April 17, 2008
SunGard/Connecticut State University System/Buffalo
State/Northwest Missouri State University> + Others
Laptop containing data retained longer than necessary by
SunGard employee stolen
3,400 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 16, 2008
University of Virginia
Laptop stolen from employee at an 'undisclosed' location
7,000 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 14, 2008
Stokes County High Schools
Computer stolen from a locked closet
800 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 13, 2008
University of Toledo
Personal data inadvertently placed on server with 'public' access
6,500 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.9.3 - Publicly Available Information
April 12, 2008
West Seneca School District
Hacked by current and ex-students, exposing school employee data
1,800 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2008
NY Presbyterian Hospital/Weill Cornell Medical Center
Employee steals data from hospital. No PHIs affected
40,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 10, 2008
Joliet West High School
Authorized student user downloads names and SSNs using
IPOD
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
April 08, 2008
Wellcare of Georgia
Exposed online due to ''human error'', PHI compromised
71,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 08, 2008
Wellpoint
PII, PHI exposed online over a one year period
128,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 07, 2008
Pfizer Inc.
Laptop stolen from home of contractor, CCNs compromised
800 California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 04, 2008
University of California Irvine
Unknown
7,000 California SB-1386 & other State derivatives, FERPA
 
April 01, 2008
Okemo Mountain Resort
Hacked, CCNs compromised
18,401 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 31, 2008
Advance auto parts
'Network intrusion'' exposes customer financial information at
14 locations. Possible CCN compromise
56,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 28, 2008
Museum of Science Bolton
Contractor exposes PII, CCNs on museum's website
140 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 28, 2008
Leicester NHS Trust UK
Documents found in the street, compromised data includes bank details
180 UK Data Protection Act
& EU Directive on Data
Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 28, 2008
Antioch University
Hacked thrice in a year
70,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 26, 2008
BNY Mellon Shareowner Services
Back up tapes missing (PII and bank account numbers compromised)
3,500 California SB-1386 & other State derivatives, GLBA
A.10.8.3 - Physical media in transit
March 26, 2008
The Dental Network
PII Inadvertently posted online
75,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 24, 2008
National Institutes of Health
Laptop stolen from car trunk of employee> contained PII and
PHI
2,500 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 23, 2008
Western Carolina University
Server hacked
555 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 22, 2008
Agilent Technologies
Laptop stolen from vendor contains PII and financial information
51,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 21, 2008
Compass Bank
Former programmer steals hard drive and commits debit card fraud with customer data
1,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
March 21, 2008
Rhode Island of Administration
Computer disk containing SSNs missing
1,400 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 20, 2008
Lasell College
Hacked
20,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 19, 2008
Affordable Realty
SSNs and financial records found in dumpster
Hundreds
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 17, 2008
Binghampton University
SSNs of students erroneously emailed to other students
300 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 17, 2008
Hannaford
Hacked
4,200,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 15, 2008
Utah Division of Finance
Hacked, PII compromised
500 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 13, 2008
University Health Care Utah
Laptop stolen from office
4,800 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 12, 2008
Harvard University
Hacked
10,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 10, 2008
Blue Cross Blue Shield of Western New York
Laptop missing presumed stolen
40,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 08, 2008
MTV Networks
Hacked
5,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 06, 2008
Cascade Healthcare Community
Exposure online compromises data which includes CCNs and
PII
11,500 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 05, 2008
Nevada Department of Public Safety
Thumb drive lost
109 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
March 05, 2008
Madeley Health center UK
Laptop with USB key attached stolen
238 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 03, 2008
Kraft Foods
Company laptop stolen from traveling employee
20,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 29, 2008
Welleslley Health Department
Open envelope received with contents missing. PII
compromised
480 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 27, 2008
Healthnet Federal Services
SSNs exposed online
103,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 25, 2008
Mecklenburg County
Employee vehicle stolen, contained printout of account numbers
400 GLBA, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment> off-premises
February 21, 2008
Newfoundland Eastern School District
Laptops stolen from offices
28,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 16, 2008
Texas A & M University
Inadvertently posted online
3,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 15, 2008
First Magnus Financial
Hard copies containing PIIs, CCNs recovered from dumpster
Thousands
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 15, 2008
Crosslines Ministries of Carthage
Hard copies stolen during burglary at offices
2000 Families
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 15, 2008
Lexmark International
Employee data exposed on file sharing site
Undisclosed
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 14, 2008
Russells Hall Hospital UK
Laptop stolen from outpatients department, PHI compromised
5,123 UK Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 14, 2008
Tenet Healthcare Corporation
PII exposed to former employee previously convicted of identity theft
37,000 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Terminati
February 13, 2008
Middle Tennessee State University
Professor leaves laptop unattended briefly and allows laptop to be used inappropriately
1,500 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 13, 2008
Lifeblood Mid South Regional Center
Laptops containing PII, PHI missing possibly stolen
321,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 12, 2008
Long Island University
Improperly packaged> envelopes expose PII
30,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 12, 2008
Modesto California City Schools/Systematic Automation
Inc.
Unencrypted hard drive stolen from Systematic> Automation's offices
3,500 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 11, 2008
Jefferson County (CO) Public Schools
Laptop stolen from employee's home
2,900 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 08, 2008
MLSgear.com
SQL injection attacks compromises data held by third party service providers. Data includes CCNs, and account passwords
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 07, 2008
Memorial Hospital (South Bend, IN)
Employee loses laptop while travelling
4,300 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 02, 2008
Diocese of Providence
Computers containing> data on employees stolen
5,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 01, 2008
J & E Associates/Marine Corps Bases, Japan
Contractor's laptop stolen
4,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 31, 2008
South Carolina Dept. Of Health & Environmental Control
Laptop stolen from worker's car outside a convenience store. No PHI
400 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 31, 2008
University of Minnesota Reproductive Medicine Center
Flash drive lost. Contains PHI
3,100 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
January 30, 2008
Davidson Companies
Hacked - PII including account number and balances
226,000 California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 29, 2008
Georgetown University
Hard drive stolen from offices
38,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 29, 2008
Wake County (NC) Emergency Medical Services
Laptop missing presumed stolen
850 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 29, 2008
Horizon Blue Cross Blue Shield of New Jersey
Laptop stolen. No PHI compromised
300,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 28, 2008
T.Rowe Retirement Plan Services
Computer stolen from offices
35,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 25, 2008
Penn State University
Laptop stolen form traveling faculty member
677 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 24, 2008
Fallon Community Health Plan
Laptop stolen from third party vendor's offices, compromised data includes PHI
29,800 California SB-1386 & other State derivatives, HIPAA Security
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 18, 2008
United Kingdom Ministry of Defence
Laptop stolen from officer, compromised data includes PHI
600,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 17, 2008
GE Money / Iron Mountain
GE Money customer CCNs exposed when Iron Mountain loses backup tape
650,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.8.3 - Physical media in transit
January 16, 2008
University of Wisconsin Madison
Exposed online
205 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 15, 2008
Naval Surface Warfare Center Dahlgren Division
13 year old report exposes PII of Navy employees
100 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 15, 2008
Wisconsin Dept. Of Revenue
SSNs exposed through envelope window in mail sent out
5,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 14, 2008
Tennessee Tech University
Portable storage drive lost
990 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
January 12, 2008
California State University, Stanislaus
Hacked, Credit Card information exposed for over 6 months
Thousands
California SB-1386 & other State derivatives, FERPA, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2008
University of Akron
Portable hard drive missing
800 California SB-1386 & other State derivatives, FERPA
A.10.8.3 - Physical media in transit
January 11, 2008
University of Iowa
PII erroneously exposed online for a few months
216 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2008
Oldham Primary Care Trust UK
Two data sticks containing patient PHI missing
148 UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
January 11, 2008
Virginia Dept. Of Social Services
Social Services employee misuses computer by applying for a credit card with her landlord's address
1,500 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Terminati
January 10, 2008
Select Physical Therapy
Dumped sensitive information including PHI, CCNs in garbage containers behind offices
4,000 California SB-1386 & other State derivatives, HIPAA Security, PCI/VISA,CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 08, 2008
Wisconsin Dept. Of Health & Family Services
SSNs printed on envelopes sent out
260,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 08, 2008
University of Georgia
Hacked
4,250 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 07, 2008
Geeks.com
Hacked - CCNs compromised
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 05, 2008
New Mexico State University
Computer hard drive missing from faculty
Undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 04, 2008
Health Net
Laptop stolen from unnamed vendor. No PHI lost
5,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 04, 2008
Florida Dept. of Children & Families
5 laptops stolen from offices
1,200 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 04, 2008
Maryland Dept. Of Assessments & Taxation
Data exposed online because web based application> system did not have the necessary> security certificate to encrypt information before it was sent over the internet
900 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2008
Dorothy Hains Elementary School
Computer stolen from building
undisclosed
California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 02, 2008
Workers Compensation Fund
Laptop stolen
2,800 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
    ESTIMATED TOTAL (ROUGH):
33,960,487    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.