PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
December31, 2008
|
Ohio State
University
|
PII exposed
online
|
18,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 31, 2008
|
New
Hampshire's Lakes Region General
Hospital/UPS
|
Parcel
containing PHI, PII lost in
transit
|
1,500 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3
- Physical media in transit
|
December 28, 2008
|
RBS
WorldPay
|
Twenty years
of payment processing history as well
as SSNs are compromised by hackers
|
1,500,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 24, 2008
|
FEMA
|
PII exposed
on privately run websites
|
16,857 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 23, 2008
|
Ohio
University-Chillicothe
|
An external
computer hard drive missing or stolen
|
38 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
December 23, 2008
|
Cedars-Sinai
Medical Center
|
A former
billing department employee
steals hospital patients
PII
|
1,000 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
December 22, 2008
|
University
of North Carolina School of the Arts
|
PII may have
been accidentally exposed in a
security breach involving a university computer server
|
2,700 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 20, 2008
|
Pulte
Homes
|
Backup tapes
stolen from offices, PII including financial account information
affected
|
16,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
December 19, 2008
|
Austin Peay
State University
|
Two
computers containing
personal information
were stolen
|
750 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
December 18, 2008
|
Bill Dube
Ford/Toyota
|
Data backup
tape stolen, PII compromised
|
10,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
December 17, 2008
|
New
Hampshire Dept. of Health and Human
Services
|
PHI, PII was
mistakenly attached to an e-mail to
health care organizations
|
9,300 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
December 17, 2008
|
Bar Council
London, UK
|
Bank account
information and other
confidential data stolen from
offices
|
3,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
December 15, 2008
|
Louisiana
Department of Revenue
|
The Louisiana
Department of Revenue
accidentally divulged the personal
information of taxpayers
to other people with tax debts
|
299 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 15, 2008
|
University
of North Carolina
|
Virus may
have allowed unauthorized access on a computer in the Accounting
Services office.
|
Unknown
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 14, 2008
|
Zyacorp
Entertainment Cinemagic Stadium
|
Hackers broke
into a Merrimack movie theater's
servers and stole customers' credit
card information
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 12, 2008
|
Oregon Health
& Science University
|
A laptop
stolen contained PHI, PII. It was
stolen from a hotel while an OHSU employee>
was there on business
|
890 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
December 11, 2008
|
Hewlett-Packard/Symantec,
Houston TX
|
Employee
records were on a laptop that was stolen
from an
HP employee based in the Houston
area
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
December 06, 2008
|
Landesbank
Berlin
|
CCNs
inadvertently sent to the newspaper>
Frankfurter
Rundschau.
|
10,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP & EU Directive on Data
Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
December 05, 2008
|
British
National Party (BNP) UK
|
Unauthorized
release of the BNP party membership>
list
|
13,500 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
December 05, 2008
|
Cal Poly
Pomona
|
A student
accesses an Excel file containing PII
while on the
Internet.
|
675 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 04, 2008
|
Deo B.
Colburn Foundation
|
PII exposed
online for 3 years. Google search engine exposed personal data
|
341 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
December 03, 2008
|
Central
California Appellate Program
|
A backup
computer disk was in a safe taken by thieves who broke into a storage
facility. PII compromised
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
December 02, 2008
|
Florida
Agency for WorkforceInnovation,
FL
|
Thousands
of files containing
millions of employment
records were posted online in the course of
developing a new website
|
259,193 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
November 26, 2008
|
Luxottica
Retail
|
Hacked, PII
compromised
|
59,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
November 25, 2008
|
Weber State
University
|
Hard copy
records of postal box office rental information stolen from center
|
70 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
November 24, 2008
|
Starbucks
Corp
|
Laptop
stolen
|
97,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
November 22, 2008
|
Maryland
Dept.of the Environment
|
Two laptops
belonging to two ex-employees
stolen
|
1,367 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
November 21, 2008
|
Jackson-Madison
County School System
|
Computer
disk containing
SSNs stolen from Principal's
car
|
200 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
November 12, 2008
|
Pinellas
County and Florida State Agency offices
|
Documents
with PII, PHI & other confidential
found in trash
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
November 12, 2008
|
University
of Florida
|
College of
Dentistry computer server hacked, PII, PHI
compromised
|
330,000 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
November 09, 2008
|
Sinclair
Community College
|
Exposed
online
|
1,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
November 09, 2008
|
City of
Charlottesville
|
Two laptops
containing voter registration
information>
stolen from building
|
25,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
November 09, 2008
|
Texas A&M
University
|
Internet
search exposes document online
|
1,430 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
November 07, 2008
|
Christus
Health Care
|
Backup tapes
stolen from car
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
November 06, 2008
|
Havard Law
School
|
Computer
tape containing
PII, financial information
missing or stolen
|
21,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
November 05, 2008
|
North
Carolina Dept.of Health & Human Services
|
Employee
laptop stolen
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
November 04, 2008
|
Arizona
Department of Economic
Security
|
Children's
PII stored on hard drives stolen from a
storage unit
|
40,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
November 01, 2008
|
Bayor Health
Care System Inc.
|
Laptop stolen
from employee's car. PII & PHI
compromised
|
100,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
November 01, 2008
|
Veterans
Affairs Medical Centre
|
PII
inadvertently posted on public website
|
1,600 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
November 01, 2008
|
Seattle
School District
|
PII
inadvertently released to local union
|
5,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
October 31, 2008
|
U.S. Postal
Service
|
Breach in
database security that allowed a ring of thieves including government
employees>
to obtain confidential information>
so they could fraudulently use
credit cards stolen from the mail
|
400 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
October 27, 2008
|
Shell Oil
Co.Texas
|
Employees
of third party contractor
misuse information
stored on corporate datatbase.
PII compromised
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
October 26, 2008
|
Unknown
company, Boise, Idaho
|
Forty boxes
filled with files containing SSNs,
bank account numbers, address histories and credit histories of at least 100
people dumped outside a Boise recycling center
|
100 |
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
October 25, 2008
|
City of
Goodyear, Arizona
|
Employee
list of SSNs was stolen from the car of a
staffer who had taken the data home
|
570 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
October 24, 2008
|
Shenendehowa
Transportation Employees, NY
|
Misconfigured
server gives student access to employees>
PII
|
250 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 23, 2008
|
Medical
Mutual of Ohio
|
Eleven
computer disks missing in transit with US Postal
Service
|
36,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3
- Physical media in transit
|
October 23, 2008
|
Banco
Santander/Abbey National Plc UK
|
"CONFIDENTIAL
details of dozens of bank customers>
were found dumped in a back street in Bolton town centre."
|
Unknown
|
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
October 22, 2008
|
KRM
Management
|
Workstations
and laptops stolen from offices, Police officer
PIIs affected
|
5,700 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
October 20, 2008
|
Johnston
County, NC
|
SSNs readily
available to the public through the Johnston County, North Carolina Register
of Deeds web site. The
information is also available to
anyone that asks for it.
|
22,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 20, 2008
|
Community
Bank of the Ozarks
|
Possibly
hacked, bank account information>
compromised
|
Hundreds
|
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 19, 2008
|
Mary
Washington Hospital
|
Online
Computer system breached.
PHI affected
|
803 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 18, 2008
|
City of
Goodyear, Arizona
|
List of SSNs
stolen from employee's car at
home
|
570 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
October 17, 2008
|
State
University of New York,
Binghampton
|
PIIs of
students that attended university in the 1970s found in dumpster on
campus
|
56 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
October 17, 2008
|
The Planet,
Texas
|
Customer
portal account and server passwords
compromised
|
25,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 15, 2008
|
City of
Indianapolis
|
Spreadsheets
with confidential data (PII)
inadvertently exposed online
|
3,300 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 14, 2008
|
Aspen
Dental
|
Confidential
patient dental records found on the
street
|
60 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
October 14, 2008
|
Horizon
Restaurants Inc./Lansky's
|
CCNs breached
'electronically' from a Bellevue Lansky's
|
40 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 14, 2008
|
Things
Remembered Inc.
|
An
"unknown, unauthorized person
accessed a file" containing employee>
personal information
|
4,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 14, 2008
|
Dept. of
Homeland Security/Federal Emergency
Management Emergency (FEMA)/Unnamed
mailing contractor
|
Victims PII
which included account numbers exposed through mailing error
|
1,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
October 13, 2008
|
eBay
Inc.
|
eBay
logins. eBay accounts, including
usernames, passwords and mail address
compromised by hackers
|
5,534 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 13, 2008
|
Southwest
Mississippi>
Community College
|
Personal data
exposed online
|
1,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
October 10, 2008
|
Ministry of
Defence/EDS Corporation, UK
|
IT
contractor loses Govt removable
hard drive
|
1,700,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
October 07, 2008
|
Department
of Administration, Charleston
|
Laptop stolen
from auditor's vehicle
|
535 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
October 07, 2008
|
UND Alumni
Association, ND
|
Software
vendor's laptop stolen from car. CCNs, PII
compromised
|
84,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
October 01, 2008
|
The Foothills
Parks and Recreation District
(Littleton, CO)
|
Malware
attack compromises PIIs and CCNs
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 29, 2008
|
Royal
Airforce, Innsworth, UK
|
Thieves broke
into base and stole disc drives containing>
PII
which includes bank details
|
50,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
September 26, 2008
|
Fort Wayne
Community Schools
|
Man may have
misused some employees' personal
information in his possession
arrested for forgery and counterfeiting
.
|
3,348 |
California
SB-1386 & other State derivatives, FERPA
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
September 23, 2008
|
Texas Lottery
Commission, Texas
|
A former
Texas Lottery Commission computer
analyst downloaded his own work files
off his computer containing the
personal data of Texas lottery winners and took them to his next job. PII
compromised.
|
27,075 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
September 22, 2008
|
Sonoma State
University, California
|
Social
Security numbers have been exposed to the public through an internal
department website.
|
600 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 19, 2008
|
Texas A &
M University, Texas
|
Computer
server hacked. SSNs compromised
|
31 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 15, 2008
|
Forever 21,
LA, California
|
Criminals
hacked computers containing
credit and debit card numbers
|
98,930 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 13, 2008
|
State Farm
Insurance
|
An
employee of State Farm
fraudulently used customer
information to open credit-card
accounts.
|
137 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
September 12, 2008
|
Tennessee
State University
|
A flash drive
containing students financial
information and
SSNs reported missing.
|
9,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3
- Physical media in transit
|
September 11, 2008
|
University
of Iowa College of Engineering
|
Computer
containing>
a file with names and Social Security numbers of students stored on
its hard drive breached.
|
500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 11, 2008
|
Marshall
University
|
The names and
SSNs of Marshall University students
were openly available on the Internet.
|
198 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 10, 2008
|
Franklin
Savings and Loans
|
An
unauthorized person gained access to a database containing
personal information
such as names, addresses, phone numbers,
account numbers, account balances and SSNs.
|
25,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 10, 2008
|
Ivy Tech
Community College
|
Employee
inadvertently shared file meant for a
single employee of the college. Due to
a clerical error, the invitation to view the file was sent to a list of all
Indianapolis region employees.
|
Unknown
|
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
September 09, 2008
|
University
of Pittsburgh
|
Laptop stolen
from campus
|
Unknown
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
September 06, 2008
|
National
Offender Management Service/EDS, UK
|
Computer
hard drive lost by private firm EDS
|
5,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
September 05, 2008
|
East Burke
(Morganton, NC) High School
|
PII exposed
online for 5 years. Yahoo search engine exposed personal data
|
163 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
September 02, 2008
|
Clarkson
University
|
PII exposed
on shared server, by non-malicious hacker
|
245 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
August 28, 2008
|
Reynoldsburg
Ohio City School District
|
Laptop stolen
from technicians car after PII phase
out on database
|
4,259 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
August 27, 2008
|
Kansas State
University
|
Documents
stolen from vehicle
|
86 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
August 26, 2008
|
Prince
William Co. Public Schools
|
File-sharing
program on home computer exposes PII
online
|
2,600 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
August 26, 2008
|
Pennsylvania
Public Welfare Department
|
Welfare
renewal packets sent to wrong addresses
|
2,845 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
August 26, 2008
|
Graphic data,
Royal Bank of Scotland, NatWest, American Express UK
|
Drive sold on
ebay contained PII, CCN
|
1,000,000 |
UK Data
Protection Act
& EU Directive on Data Protection,>
PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
August 23, 2008
|
Best
Western
|
Hacked, CCNs
compromised
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
August 22, 2008
|
Louisiana
Real Estate Commission
|
Inadvertently
exposed online
|
13,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
August 21, 2008
|
PA
Consulting/The Home Office, UK
|
Contractor
loses memory stick containing
PII of prolific offenders
|
10,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
August 20, 2008
|
Princeton
Review
|
Configuration
flaw exposes PII with test scores on website
|
108,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
August 20, 2008
|
Barclays Bank
Plc UK
|
Wrong account
details sent to customers, CCNs
compromised
|
17,000 |
UK Data
Protection Act
& EU Directive on Data Protection,>
PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
August 19, 2008
|
Kingston Tax
Service
|
Office
computers stolen during burglary
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
August 18, 2008
|
UK
Department for Work Pensions
|
Laptop
stolen
|
62,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
August 18, 2008
|
Dominion
Enterprises/Interactive Financial Marketing
Group IFMG
|
Hacked
|
92,095 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
August 14, 2008
|
Wuesthoff
Medical Centre
|
PHI, PII
compromised as data Inadvertently posted online
|
500 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
August 13, 2008
|
Charter
Communications
|
Several
laptops stolen from offices
|
9,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
August 11, 2008
|
Ireland Dept,
of Social & Family Affairs
|
Laptop
containing unencrypted
welfare receipients
PII missing for a year
|
380,000 |
IRL Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
August 07, 2008
|
Harris County
Hospital District
|
Low level
employee downloads
PHI on flash drive and loses it
|
1,200 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
August 04, 2008
|
Arapahoe
Community>
College
|
Contractor
flashdrive stolen or lost at a mountain
resort, SSNs and CCNs compromised
|
15,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
August 02, 2008
|
Countrywide
Financial Corp
|
Employee
copies customer data (Mortgage
application>
data)
for resale
|
2,000,000 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
August 01, 2008
|
Stepping Hill
Hospital UK
|
Laptop stolen
during office burgalary
|
1,581 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
August 01, 2008
|
Delphi
Automotive/Ohio Dept of Job & Family Services
|
Flash drive
removed from unattended laptop of
employee out having lunch
|
2,600 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
July 31, 2008
|
University
of Texas at Dallas
|
Hacked
|
9,100 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
July 30, 2008
|
City of Yuma,
Arizona
|
Email
containing PII sent
unintentionally
|
300 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
July 29,2008
|
Anheuser-Busch,
St. Louis
|
Laptop stolen
from office
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
July 29,2008
|
Blue Cross
Blue Shield of Georgia
|
Benefit
letters containing PII, PHI sent to
wrong receipients
|
202,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
July 26, 2008
|
Connecticut
College
|
Hacked
|
2,800 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
July 25, 2008
|
Ohio
University
|
Clerical
error exposes PII online
|
492 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.9.3 - Publicly Available
Information
|
July 24, 2008
|
University
of Houston
|
PII posted on
internet for 2 years
|
259 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.9.3 - Publicly Available
Information
|
July 24, 2008
|
Hillsborough
Community College
|
Programmers
laptop stolen from hotel parking lot
|
2,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
July 24, 2008
|
Saint Mary's
Regional Center
|
Proprietary
database hacked, PII and limited health
information compromised
|
128,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
July 24, 2008
|
Village of
Tinley Park, Illinois
|
Back-up tape
lost in transit
|
20,400 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
July 19, 2008
|
Minneapolis
Veterans Home
|
Backup server
stolen from office, PII, PHI affected
|
336 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
July 18, 2008
|
Falkirk &
District Royal Infirmary UK
|
Laptop stolen
from offices
|
89 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
July 17, 2008
|
University
of Maryland
|
Expose SSNs
on mailed letters
|
23,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
July 17, 2008
|
Bristol Myers
Squibb Co.
|
Back-up tape
stolen in transit
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
July 15, 2008
|
University
of Texas Austin
|
PII
Inadvertently exposed online by professors
|
2,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.9.3 - Publicly Available
Information
|
July 15, 2008
|
Missouri
National Guard
|
Undisclosed
|
2,000 |
California
SB-1386 &
other State derivatives
|
|
July 15, 2008
|
Weber Law
Firm
|
Financial
records containing PII found in
dumpster
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
July 15, 2008
|
Indiana State
University
|
Laptop stolen
from office
|
2,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
July 14, 2008
|
Washington
Metropolitan
Area Transit Authority
|
PII
Inadvertently exposed on website
|
4,700 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.9.3 - Publicly Available
Information
|
July 11, 2008
|
Fort
Lewis
|
Laptops
stolen from Army employee truck
|
900 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
July 10, 2008
|
Williamson
County ( TN) Schools
|
Director
posts students PII unto the internet
|
4,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
July 09, 2008
|
Wagner
Resource Group
|
Employee
exposes PII by using P-2-P software on his
official laptop
|
2,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.3
- Publicly Available Information
|
July 08, 2008
|
LPL
Financial
|
Hackers
compromise employee
systems. Passwords, accounts may have been
compromised
|
10,219 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
July 08, 2008
|
Yan Chai
Hospital Hong Kong
|
Floppy disks
containing patient PII lost, but did
not contain
PHI
|
3,000 |
Personal Data
Privacy
Ordinance
|
|
July 07, 2008
|
Florida
Agency for Health Care Administration
|
Database
containing donor PII exposed
online
|
55,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
July 04, 2008
|
Clark County
Nevada District Court
|
Vendor
exposes juror PIIs by email
|
380 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
July 02, 2008
|
Associated
Newspapers UK
|
Laptop
stolen, PII, financial data may have been compromised
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
July 02, 2008
|
University
of Nebraska at Kearney
|
Possibly
hacked, PHI compromised
|
2,035 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
July 02, 2008
|
Baptist
Health
|
Employee
steals customers
PII and uses it to obtain credit
|
1,800 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
June 27, 2008
|
Montgomery
Ward
|
Hacked, CCNs
compromised
|
51,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 26, 2008
|
Texas Dept.
of Public Safety/L-1 Identity
Solutions
|
Lockbox
stolen from office of L-1 Identity solutions employee
PII compromised
|
826 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 24, 2008
|
South East
Missouri State University
|
Former
employee found with SSNs and
unauthorised access to students accounts
|
800 |
California
SB-1386 & other State derivatives, FERPA
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
June 23, 2008
|
California
> Dept. of Consumer
Affairs
|
Document
improperly>
transmitted electronically
outside department
|
5,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 20, 2008
|
Virgin Media
UK
|
Unencrypted
cd missing, Bank account information>
affected
|
3,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 19, 2008
|
Petroleum
Wholesale
|
Dumped
records in trash. Compromised data includes receipts with CCNs, PII
|
Hundreds
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 18, 2008
|
Castlecroft
Medical Practice
|
Laptop
containingPII, PHI stolen from home
of GP
|
11,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 13, 2008
|
Texas
Insurance Claims Services
|
Files found
in dumpster containing PII
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 12, 2008
|
Colombia
University
|
Student
employee posted database on Google
hosted website for months
|
5,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 11, 2008
|
Dickson
county (TN) Board of Education
|
Personnel
employee>
information on laptop stolen
from office
|
850 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 10, 2008
|
University
of Florida
|
Inadvertently
exposed online
|
11,300 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 10, 2008
|
University
of Utah Hospitals & Clinics
|
Back-up tapes
stolen from courier who drove home in transit
|
2,200,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
June 10, 2008
|
1st Source
Bank
|
Debit cards
compromised after hacking incident
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 10, 2008
|
Cotton
Traders
|
Website
hacked, credit cards compromised
|
38,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 09, 2008
|
University
of California
|
Desktop
computer stolen from office
|
7,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 07, 2008
|
East
Tennessee State University
|
Desktop
computer stolen
|
6,200 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 06, 2008
|
Stanford
University
|
Laptop
stolen
|
72,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 04, 2008
|
Canadian
Canol Growers Association CCGA
|
Laptop stolen
from offices
|
32,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 04, 2008
|
AT &
T
|
Laptop stolen
from car, containing unencrypted
PII
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 04, 2008
|
Medisure
|
Back - up
tapes in transit stolen from van by thieves, PHI
affected
|
1,700 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3
- Physical media in transit
|
June 03, 2008
|
Oregon State
University
|
Servers
hacked, credit cards compromised following online orders
|
4,700 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 02, 2008
|
Connecticut
Department>
of Labor
|
Records
inadvertently shredded
|
2,100 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 02, 2008
|
Walter Army
Medical Center
|
Compromised
file found on insecure non-governmental computer.
No PHI affected,
breach type unknown
|
1,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 31, 2008
|
Pocno
Mountain School District
|
Hacked
|
11,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 29, 2008
|
State Street
Corp//Unnamed vendor
|
Computer
stolen from unnamed vendor 5 months
ago
|
45,500 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 28, 2008
|
University
of California,
San Francisco
|
Possibly
hacked, PHI compromised
|
3,569 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 22, 2008
|
Downington
Area School District
|
Hacked by
student
|
55,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 21, 2008
|
Bank of New
York Mellon/Archive Systems Inc.
|
Unencrypted
back-up tape lost, PII, account information affected
|
4,500,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.8.3
- Physical media in transit
|
May 21, 2008
|
Oklahoma
Corporation>
Commission
|
Server bought
at auction contained PII
|
5,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 20, 2008
|
New York
University
|
Inadvertently
exposed online for months
|
273 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 20, 2008
|
University
of Florida, College of Medicine,
Jacksonville
|
PII, PHI
including photographs stored on doctor's personal computer who gives laptop
to friend
|
1,900 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 16, 2008
|
Greil
Memorial Pschiatric Hospital
|
Index cards
containing PII missing from
hospital
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
May 16, 2008
|
Spring
Independent School District, Texas
|
Laptop stolen
from employee's car
|
8,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 15, 2008
|
BB & T
Insurance
|
Laptop
stolen, PHI, PII compromised
|
Undisclosed
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 14, 2008
|
Oklahoma
State University
|
Computer
server hacked
|
70,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 14, 2008
|
First Calgary
Savings
|
Laptop stolen
from car
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 12, 2008
|
Pfizer
Inc.
|
Company
laptop & flash drive stolen
|
13,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 12, 2008
|
Dave &
Buster's
|
Computerized
cash registers hacked
|
5,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 11, 2008
|
Chilean
Ministry of Education
|
Government
files hacked and posted on internet
|
6,000,000 |
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 09, 2008
|
Princeton
University Tower Club
|
Email
inadvertently sent to alumni members contained members PII
|
103 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
May 08, 2008
|
Las Cruces
Public Schools
|
Staff member
inadvertently posts student & staff PII on website
|
1,800 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 08, 2008
|
Dominican
University
|
Spreadsheets
with confidential data exposed on
network storage area
|
5,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 08, 2008
|
Kong Kong
& Shanghai Banking Corporation
|
Server stolen
from offices during renovation,>
contained account numbers and transactions
|
159,000 |
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
May 06, 2008
|
Northeast
Security
|
PII including
cancelled cheques & details of security system found in dumpster
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 06, 2008
|
Ohio State
University Agricultural
Technical Institute
|
PII including
salaries of staff mistakenly sent to
680 students in an email
|
192 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
May 04, 2008
|
Westpac
|
VISA cards
compromised. Breach type undisclosed, possible hacking
|
2,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 02, 2008
|
First
Citizens Bank/Iredell County Tax
Administration
|
Courier
vehicle with shipment containing tax
information stolen
|
468 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
May 01, 2008
|
Lunardi's
Supermarket
|
ATM &
credit card reader switched at checkout aisle. CCNs compromised
|
100 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
May 01, 2008
|
Target
America Inc./University of California,>
San
Francisco
|
PII, PHI
exposed on Target's (vendor) website over a 3 month period
|
6,313 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 01, 2008
|
Staten Island
University Hospital
|
Desktop &
hardrive stolen from offices, PII compromised, PHI
not affected
|
88,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
April 25, 2008
|
Baltimore
Highway Administration
|
Employee
inadvertently transferred
personnel>
transaction data to a shared
drive
|
1,800 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
April 25, 2008
|
University
of Colorado,
Boulder
|
PIIs
compromised, possibly hacked
|
9,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 25, 2008
|
Wisebuys
|
Credit cards
and debit cards compromised, type of breach unknown
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
|
April 24, 2008
|
Coos County
Oregon
|
Laptop stolen
from the car of an employee of an
accounting firm
|
500 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 23, 2008
|
Chrysler
Financial
|
Data tape
lost in transit
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
April 23, 2008
|
Southern
Connecticut State University
|
Exposed
online, PII may have been accessed by hackers
|
11,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 23, 2008
|
University
of Texas Health Science Center
|
SSNs visible
on billing envelopes sent out to
customers
|
2,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
April 22, 2008
|
CollegeInvest
|
Hard drive
lost during office relocation
|
200,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
April 22, 2008
|
University
of Massachusetts Amherst Health
Services
|
Hacked, PHI
compromised
|
Thousands
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 22, 2008
|
Boots Dental
Plan UK
|
Data tapes
stolen from courier's vehicle, bank account details compromised
|
34,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3
- Physical media in transit
|
April 22, 2008
|
LendingTree
|
Former
employees share passwords
with other lenders who accessed customer
information
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
April 22, 2008
|
Bank of
Ireland, Rep. of Ireland
|
Laptops
missing over the past year, PII compromised
|
30,000 |
UK/IRL Data
Protection Act & EU Directive on Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 19, 2008
|
Central
Collection Bureau
|
Server stolen
from offices during break-in, contained>
billing information
|
700,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
April 17, 2008
|
University
of Miami
|
Computer
tapes stolen from van of off-site storage
company. PII, PHI, CCNs compromised
|
2,100,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP, HIPAA Security
|
A.10.8.3
- Physical media in transit
|
April 17, 2008
|
SunGard/Connecticut
State University System/Buffalo
State/Northwest Missouri State University>
+ Others
|
Laptop
containing data retained longer than
necessary by
SunGard employee stolen
|
3,400 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 16, 2008
|
University
of Virginia
|
Laptop stolen
from employee at an 'undisclosed'
location
|
7,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 14, 2008
|
Stokes County
High Schools
|
Computer
stolen from a locked closet
|
800 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
April 13, 2008
|
University
of Toledo
|
Personal data
inadvertently placed on server with 'public' access
|
6,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.9.3 - Publicly Available
Information
|
April 12, 2008
|
West Seneca
School District
|
Hacked by
current and ex-students, exposing
school employee data
|
1,800 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 11, 2008
|
NY
Presbyterian Hospital/Weill Cornell Medical Center
|
Employee
steals data from hospital. No PHIs
affected
|
40,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
April 10, 2008
|
Joliet West
High School
|
Authorized
student user downloads
names and SSNs using
IPOD
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
April 08, 2008
|
Wellcare of
Georgia
|
Exposed
online due to ''human error'', PHI compromised
|
71,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 08, 2008
|
Wellpoint
|
PII, PHI
exposed online over a one year period
|
128,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 07, 2008
|
Pfizer
Inc.
|
Laptop stolen
from home of contractor, CCNs
compromised
|
800 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
April 04, 2008
|
University
of California Irvine
|
Unknown
|
7,000 |
California
SB-1386 & other State derivatives, FERPA
|
|
April 01, 2008
|
Okemo
Mountain Resort
|
Hacked, CCNs
compromised
|
18,401 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 31, 2008
|
Advance auto
parts
|
'Network
intrusion'' exposes customer financial information
at
14 locations. Possible CCN compromise
|
56,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 28, 2008
|
Museum of
Science Bolton
|
Contractor
exposes PII, CCNs on museum's
website
|
140 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 28, 2008
|
Leicester NHS
Trust UK
|
Documents
found in the street, compromised data
includes bank details
|
180 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 28, 2008
|
Antioch
University
|
Hacked thrice
in a year
|
70,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 26, 2008
|
BNY Mellon
Shareowner Services
|
Back up tapes
missing (PII and bank account numbers compromised)
|
3,500 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.8.3
- Physical media in transit
|
March 26, 2008
|
The Dental
Network
|
PII
Inadvertently posted online
|
75,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 24, 2008
|
National
Institutes of Health
|
Laptop stolen
from car trunk of employee>
contained PII and
PHI
|
2,500 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 23, 2008
|
Western
Carolina University
|
Server
hacked
|
555 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 22, 2008
|
Agilent
Technologies
|
Laptop stolen
from vendor contains PII and financial information
|
51,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 21, 2008
|
Compass
Bank
|
Former
programmer steals hard drive and
commits debit card fraud with customer data
|
1,000,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.3 - Removal of access rights
|
March 21, 2008
|
Rhode Island
of Administration
|
Computer
disk containing
SSNs missing
|
1,400 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
March 20, 2008
|
Lasell
College
|
Hacked
|
20,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 19, 2008
|
Affordable
Realty
|
SSNs and
financial records found in dumpster
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 17, 2008
|
Binghampton
University
|
SSNs of
students erroneously emailed to other
students
|
300 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
March 17, 2008
|
Hannaford
|
Hacked
|
4,200,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 15, 2008
|
Utah Division
of Finance
|
Hacked, PII
compromised
|
500 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 13, 2008
|
University
Health Care Utah
|
Laptop stolen
from office
|
4,800 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
March 12, 2008
|
Harvard
University
|
Hacked
|
10,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 10, 2008
|
Blue Cross
Blue Shield of Western New York
|
Laptop
missing presumed stolen
|
40,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 08, 2008
|
MTV
Networks
|
Hacked
|
5,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 06, 2008
|
Cascade
Healthcare Community
|
Exposure
online compromises data which includes CCNs and
PII
|
11,500 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 05, 2008
|
Nevada
Department of Public Safety
|
Thumb drive
lost
|
109 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
March 05, 2008
|
Madeley
Health center UK
|
Laptop with
USB key attached stolen
|
238 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 03, 2008
|
Kraft
Foods
|
Company
laptop stolen from traveling employee
|
20,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 29, 2008
|
Welleslley
Health Department
|
Open envelope
received with contents missing. PII
compromised
|
480 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 27, 2008
|
Healthnet
Federal Services
|
SSNs exposed
online
|
103,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 25, 2008
|
Mecklenburg
County
|
Employee
vehicle stolen, contained
printout of account numbers
|
400 |
GLBA,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment>
off-premises
|
February 21, 2008
|
Newfoundland
Eastern School District
|
Laptops
stolen from offices
|
28,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 16, 2008
|
Texas A &
M University
|
Inadvertently
posted online
|
3,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 15, 2008
|
First Magnus
Financial
|
Hard copies
containing PIIs, CCNs recovered
from dumpster
|
Thousands
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 15, 2008
|
Crosslines
Ministries of Carthage
|
Hard copies
stolen during burglary at offices
|
2000
Families
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 15, 2008
|
Lexmark
International
|
Employee
data exposed on file sharing site
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 14, 2008
|
Russells Hall
Hospital UK
|
Laptop stolen
from outpatients department,
PHI compromised
|
5,123 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 14, 2008
|
Tenet
Healthcare Corporation
|
PII exposed
to former employee previously
convicted of identity theft
|
37,000 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Terminati
|
February 13, 2008
|
Middle
Tennessee State University
|
Professor
leaves laptop unattended briefly and
allows laptop to be used inappropriately
|
1,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 13, 2008
|
Lifeblood Mid
South Regional Center
|
Laptops
containing PII, PHI missing possibly
stolen
|
321,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 12, 2008
|
Long Island
University
|
Improperly
packaged>
envelopes expose PII
|
30,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 12, 2008
|
Modesto
California City Schools/Systematic Automation
Inc.
|
Unencrypted
hard drive stolen from Systematic>
Automation's offices
|
3,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 11, 2008
|
Jefferson
County (CO) Public Schools
|
Laptop stolen
from employee's home
|
2,900 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 08, 2008
|
MLSgear.com
|
SQL injection
attacks compromises data held by third party service providers.
Data includes CCNs, and account
passwords
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 07, 2008
|
Memorial
Hospital (South Bend, IN)
|
Employee
loses laptop while travelling
|
4,300 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 02, 2008
|
Diocese of
Providence
|
Computers
containing>
data on employees stolen
|
5,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 01, 2008
|
J & E
Associates/Marine Corps Bases, Japan
|
Contractor's
laptop stolen
|
4,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 31, 2008
|
South
Carolina Dept. Of Health & Environmental Control
|
Laptop stolen
from worker's car outside a convenience store. No PHI
|
400 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 31, 2008
|
University
of Minnesota
Reproductive Medicine Center
|
Flash drive
lost. Contains PHI
|
3,100 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3
- Physical media in transit
|
January 30, 2008
|
Davidson
Companies
|
Hacked - PII
including account number and balances
|
226,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 29, 2008
|
Georgetown
University
|
Hard drive
stolen from offices
|
38,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 29, 2008
|
Wake County
(NC) Emergency Medical Services
|
Laptop
missing presumed stolen
|
850 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 29, 2008
|
Horizon Blue
Cross Blue Shield of New Jersey
|
Laptop
stolen. No PHI compromised
|
300,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 28, 2008
|
T.Rowe
Retirement Plan Services
|
Computer
stolen from offices
|
35,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 25, 2008
|
Penn State
University
|
Laptop stolen
form traveling faculty member
|
677 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 24, 2008
|
Fallon
Community Health Plan
|
Laptop stolen
from third party vendor's offices, compromised data includes PHI
|
29,800 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 18, 2008
|
United
Kingdom Ministry of Defence
|
Laptop stolen
from officer, compromised data includes PHI
|
600,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 17, 2008
|
GE Money /
Iron Mountain
|
GE Money
customer CCNs exposed when Iron Mountain loses backup tape
|
650,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.8.3
- Physical media in transit
|
January 16, 2008
|
University
of Wisconsin
Madison
|
Exposed
online
|
205 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 15, 2008
|
Naval Surface
Warfare Center Dahlgren Division
|
13 year old
report exposes PII of Navy employees
|
100 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 15, 2008
|
Wisconsin
Dept. Of Revenue
|
SSNs exposed
through envelope window in mail sent out
|
5,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 14, 2008
|
Tennessee
Tech University
|
Portable
storage drive lost
|
990 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3
- Physical media in transit
|
January 12, 2008
|
California
State University, Stanislaus
|
Hacked,
Credit Card information exposed for
over 6 months
|
Thousands
|
California
SB-1386 & other State derivatives, FERPA, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 11, 2008
|
University
of Akron
|
Portable hard
drive missing
|
800 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3
- Physical media in transit
|
January 11, 2008
|
University
of Iowa
|
PII
erroneously exposed online for a few
months
|
216 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 11, 2008
|
Oldham
Primary Care Trust UK
|
Two data
sticks containing patient PHI
missing
|
148 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3
- Physical media in transit
|
January 11, 2008
|
Virginia
Dept. Of Social Services
|
Social
Services employee misuses computer by
applying for a credit card with her landlord's address
|
1,500 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Terminati
|
January 10, 2008
|
Select
Physical Therapy
|
Dumped
sensitive information including PHI,
CCNs in garbage containers behind
offices
|
4,000 |
California
SB-1386 & other State derivatives, HIPAA Security, PCI/VISA,CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 08, 2008
|
Wisconsin
Dept. Of Health & Family Services
|
SSNs printed
on envelopes sent out
|
260,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 08, 2008
|
University
of Georgia
|
Hacked
|
4,250 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 07, 2008
|
Geeks.com
|
Hacked - CCNs
compromised
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 05, 2008
|
New Mexico
State University
|
Computer
hard drive missing from faculty
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 04, 2008
|
Health
Net
|
Laptop stolen
from unnamed vendor. No PHI lost
|
5,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 04, 2008
|
Florida Dept.
of Children & Families
|
5 laptops
stolen from offices
|
1,200 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 04, 2008
|
Maryland
Dept. Of Assessments & Taxation
|
Data exposed
online because web based application>
system did not have the necessary>
security certificate to encrypt information
before it was sent over the internet
|
900 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 03, 2008
|
Dorothy Hains
Elementary School
|
Computer
stolen from building
|
undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 02, 2008
|
Workers
Compensation Fund
|
Laptop
stolen
|
2,800 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
| |
|
ESTIMATED
TOTAL (ROUGH):
|
33,960,487 |
|
|
|
|
|
|
|
|
