GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2009 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
December 31, 2009 Eastern Washington University Hacked 130,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 30, 2009 Collective2 LLC Hacked server exposes PII, CCNs Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 29, 2009 Little Italy Infected POS terminals exposes CCNs 150 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 22, 2009 Plymouth County Correctional Facility Inmate hacks prison systems 1,100 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2009 Durham Region Health Department, Canada PHI on lost usb drive 83,524 PIPEDA, PIPA & PHIPA A.10.8.3 - Physical media in transit
December 18, 2009 Penn State University Infected computer exposes SSNs 261 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 18, 2009 Shropshire County Council, UK Unencrypted memory stick lost, contained PHI of residents and staff Unknown UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
December 17, 2009 Family and Morale, Welfare and Recreation
Command 
Laptop stolen from employee contained PII 42,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 17, 2009 United States Army Stolen laptop contained PII, CCN 42,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 17, 2009 North Carolina Community College System Library system of 25 community libraries hacked compromising SSNs, drivers licenses 51,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 15, 2009 Detroit Department of Health and Wellness Promotion Flash drive stolen from vehicle contained city residents PII Unknown California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
December 15, 2009 Detroit Department of Health and Wellness Promotion Computer stolen from office contained vaccination details Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 11, 2009 The Beijing Center for Chinese Studies, US Laptop stolen Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 11, 2009 State of Minnesota, Lookout Services Inc Website exposes state employee data 500 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 10, 2009 Bushland Independent School District Meal applications found in dumpster exposing PII 100 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 10, 2009 University Medical Center Las Vegas Accident patients data leaked to attorneys 141 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 07, 2009 Anglo Irish Bank A bank executive errorneously emailed a Northern Ireland client   details of derivatives transactions of other customers 504 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
December 04, 2009 MedSolutions, North Carolina Division of Medical Assistance, UK Website exposes PII of physicians Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 04, 2009 University of Nebraska Lincoln, Hinsdale High School District 86 Hacked 4,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 04, 2009 Eastern Illinois University Virus compromises server with PII  9,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 04, 2009 Wake County Public School System 5000 postcards sent with SSNs printed on the outside 5,000 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 04, 2009 Passport Canada, Post Office Canada Passport applications stolen by employee 70 PIPEDA, PIPA & PHIPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 03, 2009 Office of Consumer Affairs Sensitive documents found in dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 01, 2009 The Children's Hospital of Philadelphia Laptop stolen 943 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 01, 2009 Textron Missing usb contains PII and financial details 54 California SB-1386 & other State derivatives, GLBA A.10.8.3 - Physical media in transit
December 01, 2009 Nation Wide Credit Counseling Dumpster full of documents with PII Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 29, 2009 Oregon Housing and Community Services, Oregon Parks and Recreation Department PII exposed in open recycling bin Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 27, 2009 NorthgateArinso, Verity Trustees, UK Laptop stolen 110,000 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 26, 2009 Penn State University Laptop compromised by virus 303 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 25, 2009 Aurora St. Luke's Medical Center Laptop stolen, PII, PHI affected 6,400 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 23, 2009 Acorn Sensitive documents thrown in trash Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 20, 2009 University of Notre Dame PII of employees placed on public website Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 19, 2009 Tadgear Hacked, CCNs compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 19, 2009 Health Net Hard drive missing from office exposes PII, PHI 1,500,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 18, 2009 Universal American Insurance Postcards sent to receipients expose SSNs 80,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 17, 2009 Nebraska Workers' Compensation Court Hacked Thousands California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 17, 2009 T-Mobile, UK Employee sells customer data to rival firm Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 17, 2009 E.On, UK PII, bank details sent to wrong receipients by mail 817 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 15, 2009 Guam Memorial Hospital PII, PHI on stolen laptop 2,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 13, 2009 United States Army Corps of Engineers Hard drive lost 60,000 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
November 13, 2009 Cal Poly Pomona SSNs, addresses exposed online 355 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 11, 2009 Bloomsburg University Laptop stolen 574 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 11, 2009 Mercy Medical Center Patients records accessed by former employee Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 10, 2009 Obsidian Financial Group Customers SSNs & bank reference numbers stolen by employee Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 06, 2009 Chaminade University Students PII accessible via web 4,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 28, 2009 Bank of New York Mellon Corp. (BK) Computer technician steals PII of fellow employees to make $1.1M 150 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 28, 2009 Rural Payments Agency, UK Computer tapes missing, contained PII & bank info 100,000 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
October 28, 2009 Llywelyn's Pub Hacked, CCNs & other PII affected 100 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 26, 2009 CalOptima PII, PHI on lost discs 68,000 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
October 26, 2009 University of Wisconsin-Madison Hacked 2,920 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 21, 2009 Baptist Hospital East Email leaks PII 350 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 21, 2009 Zurich Insurance, ZA Policy details on lost backup tape 641,000 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
October 21, 2009 Roane State Community College PII on stolen data storage device 15,977 California SB-1386 & other State derivatives, FERPA A.10.8.3 - Physical media in transit
October 20, 2009 Bullitt County Public Schools Email accidentally sent affecting PII 676 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 20, 2009 ChoicePoint, Reed Elsevier Hacked 13,750 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 19, 2009 Cheers Liquor Mart Customer data including CCNs exposed in hacking incident Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 16, 2009 Halifax Health PII on stolen laptop 33,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 14, 2009 Virginia Department of Education Flash drive lost 103,000 California SB-1386 & other State derivatives, FERPA A.10.8.3 - Physical media in transit
October 13, 2009 California State University Los Angeles SSNs accidentally posted on website 82 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 13, 2009 Pitt County Memorial Hospital Usb device containing SSNs, PHI missing from where it was stored 1,700 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 09, 2009 M&T Bank Records found in dumpster, PII exposed 52 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.8.2.2 - Information security awareness, education and training
October 07, 2009 CLP Skilled Trade Solutions Dumpster full of PII and tax records Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.8.2.2 - Information security awareness, education and training
October 05, 2009 National Archives and Records Administration Hard drive improperly disposed of 76,000,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.8.2.2 - Information security awareness, education and training
October 04, 2009 Suffolk County Community College Names and SSNs mistakenly listed in an email 300 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 03, 2009 Blue Cross Blue Shield Association Stolen laptop 187,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 29, 2009 Memorial University of Newfoundland Material used for recycling project inadvertently exposes SSNs Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 28, 2009 Tennessee Department of Human Services Doctors inadvertently fax patient records to an Indiana business Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 25, 2009 University of North Carolina Hacked, PII compromised 236,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 25, 2009 Penrose Hospital Binder containing PII stolen 175 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 23, 2009 Eastern Kentucky University PII inadvertently posted on the web 5,045 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 23, 2009 Demon Internet, UK Billing email inadvertently exposes customers PII 3,600 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 23, 2009 Kern Medical Center Break-in compromises PII 31,000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 23, 2009 Socorro County Housing Authority Files containing SSNs and financial details found in dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 22, 2009 Cincinnati Metropolitan Housing Authority Housing residents PII exposed online 900 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 22, 2009 AlixPartners LLP Laptop stolen, contained PII and account information of Madoff investors 2,246 California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 21, 2009 Rocky Mountain Bank Email attachment sent to wrong Google email address contained names, SSNs and account details 1,325 California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 18, 2009 Akron Children's Hospital Spyware compromises patients PII, PHI and financial information 62 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 14, 2009 University of Florida, Florida Department of Transportation Educational trainers names and SSNs exposed 25 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 14, 2009 Jones General Store Customer credit card receipts stolen from store by burglars Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 06, 2009 School for the Physical City High School Students PHI, PII dumped on street Unknown California SB-1386 & other State derivatives, HIPAA Security, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 05, 2009 Mitsubishi Corporation Server hacked, CCNs compromised 52,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 02, 2009 Naval Hospital Pensacola Laptop missing, contained names and SSNs 38,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 01, 2009 Bluegrass Community and Technical College A file containing students names and SSNs missing 100 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 29, 2009 Birmingham NHS, Trulife, UK Stolen laptops contain PHI 7,000 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 28, 2009 Iron Mountain, Cuyahoga County, Ohio Box containing documents with PII falls off a truck during transit 300 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
August 25, 2009 Guardsmark Employee files containing PII found in trash 100 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 25, 2009 Worthing Borough Council, UK Confidential papers found on street, PHI affected Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 21, 2009 University of Massachusetts at Amherst (UMASS) Server hacked, PHI compromised Unknown California SB-1386 & other State derivatives, HIPAA Security, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 20, 2009 Boston University Army Reserve Officers' Training Corps PII exposed through file transfer program 6,675 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 20, 2009 Prompt Med Dumped medical files exposes PHI 623 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 19, 2009 Radisson Hotels & Resorts Unauthorised access of CCNs, PII on systems Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 18, 2009 Sun Valley Mortgage Lost laptop exposes clients' names, account numbers 600 California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 18, 2009 California State University, Los Angeles Stolen computers contained PII 600 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 15, 2009 Northern Kentucky University Laptop stolen 200 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 14, 2009 Calhoun Area Career Center PII exposed online 455 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 13, 2009 Chase Bank Tape lost at offsite storage location Unknown California SB-1386 & other State derivatives, GLBA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 13, 2009 Louisiana State University PII exposed on website Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 11, 2009 University of California, Berkeley Web server hacked, PII exposed 493 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2009 Amuse Inc, Japan Hacked, CCNs & other PII affected 148,680 Japan Privacy Act, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 08, 2009 Iowa Secretary of State SSNs found on public website 2,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 06, 2009 Mitsubishi UFJ Nicos, Japan Privacy records on microfiche film missing 197,000 Japan Privacy Act A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 06, 2009 Colorado Department of Corrections Email containing PII inadvertently sent to co-workers 1,084 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
August 04, 2009 United States Army National Guard Laptop stolen 131,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 28, 2009 University of Colorado CO Springs Stolen laptop may have contained PII 766 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 25, 2009 Network Solutions Breach on web servers exposes credit card accounts 573,928 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 24, 2009 Hampton Redevelopment and Housing Authority SSNs of employees inadvertently sent by postal mail 900 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 23, 2009 American International Group (AIG), American Life Insurance Co., Japan Policy holders CCNs compromised 1,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 22, 2009 HSBC Holdings plc, HSBC Life Policy holders PII on lost CD 180,000 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
July 22, 2009 HSBC Holdings plc, HSBC Actuaries, UK Lost floppy disk contained pension scheme members PII 1,917 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
July 22, 2009 The Highland Council, UK Stolen laptops contain PHI 1,400 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 21, 2009 United Kingdom Ministry of Defence, UK MOD admits losing an entire server 700 UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 17, 2009 Francis Howell School District Laptop stolen 1,700 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 16, 2009 University of California San Diego Moores Cancer Center Server hacked, PHI compromised 30,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 16, 2009 Johnson County Kansas File containing SSNs inadvertently attached to email 8,600 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
July 14, 2009 LexisNexis Employee exposes PII to organized crime syndicate 13,329 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 13, 2009 Florida Department of Education Hard files containing PII missing 475 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 08, 2009 AT&T Temporary employee steals other employee PII including SSNs 2,100 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 08, 2009 Canyons School District Lost thumb drive contained PII 6,000 California SB-1386 & other State derivatives, FERPA A.10.8.3 - Physical media in transit
July 08, 2009 Alberta Health Services Edmonton Virus compromises PHI 11,582 PIPEDA, PIPA & PHIPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 07, 2009 Jubilee Managing Agency Limited, UK Unencrypted disk containing PII of policy holders lost 2,100 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
July 02, 2009 Redford Union School District Mailing error exposes SSNs on address labels 400 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 02, 2009 American Express (Technologies) DBA steals thousands of cardmember data and creates own plastics Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 23, 2009
Florida Department of Revenue
Names, addresses and SSNs of people on a password- protected flash drive stolen from the car of an employee.
2,828 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
June 23, 2009
Cornell University
Computer stolen from university
45,277 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 22, 2009
Broadridge Financial Solutions,Inc.
Inadvertently disclosed Dynegy shareholder information including name, address, SSNs and other account information to another client.
Unknown
California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 22, 2009
Baptist Medical Center
Folders containing PHI found at dump site
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 17, 2009
Bord Gais', Ireland
Unencrypted laptop stolen from office contained account details of customers
75,000 Irish Data Protection Act
& EU Directive on Data
Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 17, 2009
Blackbaud / University of North Dakota
Laptop stolen from car contained financial information
84,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 16, 2009
Redondo Beach Arco Gas Station
Organized crime ring infiltrates station as 'employee' installs a skimmer that steals PIIs, CCNs
1,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 15, 2009
Beam Global Spirits & Wine Inc.
Unauthorized access of HR database by former employee exposes PII
Unknown
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 14, 2009
Custom House Coffee
Hackers access stores wireless network to steal credit & debit card data
50 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 12, 2009
Charles Schwab & Co
Hard drive stolen
60 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
June 12, 2009
JFY Networks
Website hacked exposing PII
Unknown
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 12, 2009
Oregon Health & Science University
A physician's laptop was stolen from a car parked at the doctor's home. PHI affected
1,000 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 12, 2009
Kirkwood Community College
Storage device stolen from office
1,600 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 08, 2009
Low Cost Pharmacy
Patients records thrown in dumpster
100 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 07, 2009
T-Mobile USA
Hacked
Unknown
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 06, 2009
Ohio State Dining Services
Student employees had their social security numbers accidentally leaked in an e-mail.
350 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
June 05, 2009
Virginia Commonwealth University
Computer desktop stolen from office, PII impacted
17,214 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 04, 2009
Salford Royal NHS Foundation Trust, UK
Stolen laptop contains patient details
3,500 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 04, 2009
City of Duncan, Oklahoma
Utility system breach exposes customers' bank account details
170 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 04, 2009
Maine Office of Information Technology
Printing error causes SSNs to be sent to wrong recipients
597 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 03, 2009
Aviva
Malware compromises account numbers and other PII
550 California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 02, 2009
Virginia Department of Health Professions
Hacked, SSNs compromised
531,400 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2009
Northern Ireland Department Human Resources, UK
Laptop stolen
30,000 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 01, 2009
LPL Financial
Computer stolen contains PII
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
June 01, 2009
NHS Lothian, UK
Medical histories on lost usb stick
137 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
June 01, 2009
University of Nevada
Virus found on computer with PII
20 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 28, 2009
Pensions Trust, NorthgateArinso, UK
Laptop stolen
109,000 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 27, 2009
Aetna Inc.
Website exposes PII
65,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 27, 2009
Warren County Virtual Community School, OH
PII found in dumpster
140 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 27, 2009
Batteries.com
Network hacked, CCNs compromised
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2009
Moran Health Care Group
Medical & employment records found on the street
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 23, 2009
Indiana Department of Workforce Development/Pitney Bowes
Accidental disclosure> of SSNs to incorrect employer
4,500 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 22, 2009
Royal Air Force, Ministry of Defence, UK
3 Unencrypted disks missing from base
500 UK Data Protection Act & EU Directive on Data Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 22, 2009
Ministry of Defence, UK
Army laptop stolen as employee leaves it in vehicle overnight
Thousands
UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 19, 2009
National Archives and Records Administration
Hard drive lost
100,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
May 19, 2009
CompuCredit
Computer glitch exposes credit card statements online
100 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 18, 2009
Anderson Kia of Boulder
Defunct dealership exposes PII as documents found in bins
Unknown
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 18, 2009
New Jersey Department of Labor and Workforce Development
SSNs erroneously emailed to wrong employers
28,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 14, 2009
John Hopkins Hospital
Employee steals patient data, PHI not affected
10,000 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 13, 2009
United Food and Commercial Workers Union
Laptop stolen
47,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 11, 2009
Washington D.C. Office of the State Superintendent of
Education
PII erroneously emailed to wrong recipients
2,400 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 08, 2009
University of California Berkeley
Hacked , PHI affected
160,000 California SB-1386 & other State derivatives, HIPAA Security, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 07, 2009
West Herts Hospitals Trust, UK
Laptops stolen
2,000 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 05, 2009
The Provincial Health Department
Lost blackberry not password protected contained PHI
Undisclosed
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
May 05, 2009
East Burke Christian Ministries
Burglary, laptop stolen
1,000 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 04, 2009
Virginia Department of Health Professions
PII, PHI stolen from company , backup also missing. Perpetrator demands $10M for return of the data
8,257,378 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.10.5.1 Information back-up
May 04, 2009
Fulton County Board of Registration and Elections
Discarded voter registration documents> expose PII
100,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 04, 2009
Kapiolani Community College
Malware exposes PII
15,487 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 01, 2009
LexisNexis, Investigative Professional
PII exposed in fraud scheme
32,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 30, 2009
Oklahoma Housing Finance Agency
Laptop stolen
225,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 29, 2009
Bradford Teaching Hospital NHS Foundation> Trust, UK
Lost data stick contained SSNs, names & hospital numbers
5,650 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
April 29, 2009
Federal Reserve Bank, New York
Former IT employee found with PII used to obtain loans fraudulently
Unknown
FISMA, California SB-
1386 & other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 29, 2009
Addenbrooks Hospital, UK
Lost data stick contained PHI
741 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
April 25, 2009
Ministry of Defence, UK
A junior Royal Navy officer's laptop stolen from his car
600,000 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 23, 2009
Carbonite
Online backup company Carbonite loses customer data due to defective hardware and blames suppliers
Undisclosed
California SB-1386 &
other State derivatives
A.10.5.1 Information> back-up
April 23, 2009
Journal Space
Malicious act by disgruntled employee wipes out main database for which there was no backup
Undisclosed
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
A.10.5.1 Information back-up
April 23, 2009
University of Manchester, UK
Unauthorized staff emails PII to 469 other students
1,700 UK Data Protection Act & EU Directive on Data Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 23, 2009
SunTrust Bank
Undisclosed type of breach, possibly hacked, CCNs account numbers affected
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 23, 2009
Czech Government
EU summit participants including Prime Ministers and
Presidents PII & PHI found on public computers
200 EU Directive on Data
Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 23, 2009
Aberdeen Royal Infirmary, UK
Laptop stolen from premises contained PII and coded PHI
1,392 UK Data Protection Act & EU Directive on Data Protection
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 23, 2009
Oklahoma Department> of Human Services
Laptop stolen
1,000,000 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 22, 2009
Marian Medical Center
Blackberry stolen contained PII & PHI
3,200 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 21, 2009
FairPoint Communications
Portable data storage device lost
4,400 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 18, 2009
British Council UK
Unencrypted disk lost
2,000 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
April 13, 2009
Moses Cone Hospital, VHA Inc.
Laptop stolen
14,380 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 12, 2009
CBIZ Medical Management Professionals/Southwest
Mississippi Regional Medical Center
Laptop stolen
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 11, 2009
Peninsula Orthopaedic> Associates
Data tapes lost or stolen in transit exposes patients PII
including insurance numbers
100,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.8.3 - Physical media in transit
April 10, 2009
Borrego Springs Bank/Vavrinek, Trine, Day and Co.
Names & account numbers on stolen laptops
Unknown
California SB-1386 & other State derivatives, GLBA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 10, 2009
Penn State Erie, The Behrend College
Malicious software found on computer, PII exposed
10,868 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 10, 2009
Gexa Energy
Hacked
Unknown
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 09, 2009
Fox Entertainment Group/MySpace.com
Unauthorized access by employee exposes PII
Unknown
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 09, 2009
Inet Interactive
PIIs & CCNs with CCVs exposed in hacking incident
9,561 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 09, 2009
North Carolina Department of Motor Vehicles
Undisclosed type of breach, PII affected
13 California SB-1386 &
other State derivatives
 
April 08, 2009
Northeast Rehabilitation Hospital
Laptop stolen
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 08, 2009
Metropolitan Nashville Public Schools, Public Consulting
Group
Students PII exposed online
18,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 08, 2009
Hawaii Dept of Transportation
Laptop stolen
1,892 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 07, 2009
Richmond Dermatology Specialists, PC
Documents found scattered along street
Unknown
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 03, 2009
Policy Studies Inc./Tennessee Department of Human Services
Contracted employee> steals SSNs and bank account numbers
1,600 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 03, 2009
Town of Culpeper
PII including SSNs inadvertently posted on internet
7,845 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2009
Wigan Borough Council, UK
Laptop stolen contained PII of special needs children
33,000 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
April 02, 2009
Fujitsu Consulting Inc.
Package containing storage device lost in transit
3,410 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
April 01, 2009
University of Washington
Hacked
6,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 01, 2009
State of Maryland
State employees PII including SSNs lost in mail
8,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
March 30, 2009
Symantec
BBC reported that it managed to purchase CCNs obtained from Symantec's call center from an individual
200 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 26, 2009
Pacific University
Laptop stolen
Unknown
California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 25, 2009
Westaff Employment Staffing Company
Dumped personal documents in the trash
Unknown
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 24, 2009
Massachusetts General Hospital
Paperwork containing> PHI lost when an employee> apparently left it on a train.
66 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 21, 2009
Royal Air Force Mildenhall, UK
Computer stolen from post office employee's residence contained PII of mailbox holders
6,000 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 19, 2009
Bailey Middle School
Confidential papers found on street
21 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 18, 2009
Walgreens
PII of state retirees were e-mailed to the Kentucky Retirement
Systems without being properly encrypted
28,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 18, 2009
University of West Georgia
Personal information was on a laptop stolen from a traveling professor
1,300 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 18, 2009
Central Ohio Transit Authority, COTA
COTA personnel workers gave 51 companies names and identification numbers
900 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 17, 2009
Penn State Office of Physical Plant
A virus infiltrated a computer that contained> more than 1,000 social security numbers of OPP employees
1,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 16, 2009
Comcast
Phishing scam exposes passwords
4,000 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 16, 2009
University of Toledo
Computer stolen
24,000 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 13, 2009
Dezonia Group/Chicago Fire Department> ambulance
An employee's laptop containing PII stolen
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 12, 2009
US Army
Web-based database hacked
1,600 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 12, 2009
Sprint
Former employee sold or otherwise provided account data without permission to third parties
Unknown
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 12, 2009
Sen. Norm Colemans Campaign
Database exposed online contained> information on campaign donors, including PII, CCNs and the three-digit> security codes
Undisclosed
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 11, 2009
The Department for Work and Pensions
Memory stick was found in a pub car park
containing confidential passcodes> to the online Government
Gateway system
12,000,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
March 11, 2009
Binghamton University
Payment information including CCNs stored insecurely on campus, Door that was not only unlocked but taped open.
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 11, 2009
Gwent Police, Wales UK
Sent mail arrives without unencrypted CD containing crime victims PII
2,300 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
March 09, 2009
Road Policing Division of Police Headquarters Edinburgh, UK
USB drive missing
Unknown
UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
March 09, 2009
Wiltshire County Council, UK
USB stick lost in transit
1,385 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
March 07, 2009
Department of Human Services, Oklahoma
Files ? which included PII and details on child abuse investigations ? reportedly were left behind when a DHS worker was evicted from a rent house
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 07, 2009
Idaho National Laboratory (INL)
An encoded disc containing PII from the employees was either lost or stolen in transit via United Parcel Service
59,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
March 06, 2009
Federal Emergency Management Agency (FEMA)
Laptop stolen from car
50 FISMA, California SB-
1386 & other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 05, 2009
St. Rita's Medical Center
Bag stolen during an automobile break-in
242 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 04, 2009
New York Police Department
A civilian employee of the department's pension fund is accused of stealing eight tapes containing SSNs
80,000 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 04, 2009
Elk Grove Unified School District
A document with the SSNs of employees was lost by a district employee
500 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
March 04, 2009
Western Oklahoma State College
A rootkit was installed on a server administered by an outside party
1,500 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 03, 2009
Developers Diversified> Realty Corporation (DDR), National City Bank
An affiliate mailed out 1099-DIV forms to the wrong recipients, potentially exposing PII.
1,799 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 02, 2009
City of Muskogee
Hard drives disposed of carelessly
4,500 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 01, 2009
National Health Service (NHS) Scotland UK
NHS doctor inappropriately accesses Emergency> summary care system containing> PHI
2,500,000 UK Data Protection Act & EU Directive on Data Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 25, 2009
Stemboat Springs School District
Laptop stolen
1,300 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 24, 2009
North Wales NHS Trust, UK
Disks containing patient information found in trash
Unknown
UK Data Protection Act & EU Directive on Data Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 23, 2009
Vantage Point Retirement Living
Nurse steals patient information
3 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 23, 2009
Seaview Financial
Mortgage broker dumps files in trash
Unknown
California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 23, 2009
Ryerson University
Software error exposes students PII
588 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 22, 2009
Fiat Financial Services
Documents mailed to wrong customers, bank account numbers impacted
6 California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 20, 2009
Scottsdale Healthcare> Chandler Regional Medical Center
Employee steals credit card information
15 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 20, 2009
Arkansas Dept. of Information Systems /Information Vaulting
Services
Tape containing information on background checks missing
807,000 California SB-1386 &
other State derivatives
A.10.8.3 - Physical media in transit
February 20, 2009
Del Mar College
Class roster stolen
53 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 19, 2009
California Pizza Kitchen
Employee steals credit card information with skimming machine
50 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 19, 2009
University of Florida
Hacked
97,200 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 18, 2009
People's bank
Documents containing> bank account numbers & PII found in dumpster
Unknown
California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 18, 2009
Northeast Orthopaedics, LLP Mrecord
PHI, PII exposed online
1,000 California SB-1386 & other State derivatives, HIPAA Security
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 18, 2009
John Hopkins Hospital
Employee steals patients credit to obtain credit cards and loans
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 17, 2009
Broome Community College
SSNs printed on backcover of alumni mailer
14,000 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 14, 2009
University of Alabama
Hacked
37,000 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 13, 2009
Clayton County Sherriff's Department
Employee suspected> of stealing Deputies PII
Unknown
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 10, 2009
SemGroup LP
Financial information inadvertently exposed on court bankruptcy document
160 California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 10, 2009
Royal Bolton Hospital, UK
Patients details lost near hospital grounds, PHI affected
1,300 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
February 09, 2009
United States Federal Aviation Administration (FAA)
Hacked
45,000 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2009
Parkland Health & Hospital System
Laptop stolen
9,300 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 09, 2009
United States Postal Service
Employee steals debit and credit cards in mail
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 09, 2009
Nationwide Children's> Hospital, UK
PHI stolen from car
23 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 06, 2009
East Moon Asian Bistro
Waiters steal hundreds of CCNs from customers
200 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 06, 2009
Kaiser Permanente
PII found with individual, breach type unknown
29,500 California SB-1386 &
other State derivatives
 
February 06, 2009
Motorola
CCNs exposed on website
6 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 06, 2009
Catskill Regional Medical Center
Unauthorized viewing of SSNs and financial information> by employee
431 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.3 - Removal of access rights
February 05, 2009
Royal Liverpool University Hospital, UK
Documents with patients PII stolen form car
354 UK Data Protection Act & EU Directive on Data Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 05, 2009
Brent Teaching Primary Care Trust
Laptop stolen, PHI affected
389 California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 04, 2009
Trent University
Hacked, PII, CCNs compromised
21 California SB-1386 & other State derivatives, FERPA, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 04, 2009
Womancare Inc
Medical records found in dumpster
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 04, 2009
US Department of Veteran Affairs
Mail containing Veterans PII, PHI sent to a disabled veteran
20 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 03, 2009
Georgia State Board of Pardons & Paroles
Parolee PII on computer stolen from undisclosed> contractor
Unknown
California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 03, 2009
Moorevilles Dry Cleaning station
Owner closes down and elopes with credit card data
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education> and training
A.8.3.2 - Return of assets
February 03, 2009
United Way
Systems hacked, CCNs compromised
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 03, 2009
Baystate Medical Centers Pediatrics
Laptops stolen, PHI affected
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
February 03, 2009
Purdue University
Tax forms mailed to wrong addresses, Financial information exposed
Unknown
California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 02, 2009
Best Buy
Employee steals CCNs with card skimming device
4,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 02, 2009
Southern Satellite
PII, CCNs found in dumpster
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 01, 2009
Airtricity
Customer bank information exposed online
1,160 California SB-1386 & other State derivatives, GLBA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2009
Centura Health
PHI, SSNs found in auctioned storage unit, employee suspected of fraudulent involvement
150 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 31, 2009
Ball State University
Email attachment inadvertently discloses the SSNs of special- events employees
19 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 31, 2009
HoneyBaked Ham Store
Computer server containing CCNs stolen from store
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 30, 2009
Greater Ormond General Hospital
Laptop stolen
458 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 30, 2009
Kansas State University
Inadvertently exposed online through departmental website
45 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 29, 2009
Educational Testing Services
Missing Laptop contains names, SSNs
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 28, 2009
Citystage/Springfield Performing Arts Development
Corporation
Hacked
60 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 27, 2009
United States State Department
Files containing names, bank account numbers, SSNs of
Marines and employees left inside auctioned filing cabinet
Hundreds
California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 27, 2009
UK Medical Practice/Unnamed courier
Computer tape lost in transit
8,000 UK Data Protection Act & EU Directive on Data Protection
A.10.8.3 - Physical media in transit
January 27, 2009
City Habitats
Sensitive documents found strewn on the street
Unknown
California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 26, 2009
MassMutual Financial Group
Inadvertent disclosure> of client information to another client
Unknown
California SB-1386 & other State derivatives, GLBA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 26, 2009
US Defence Department
Files found on pawned MP3 player containing> PII
60 California SB-1386 &
other State derivatives
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 26, 2009
Pflugerville Independent School District
Two students hack into school computer system
Unknown
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 26, 2009
City of Madison
Laptop computer stolen from office
500 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 25, 2009
British Council UK
Disk lost during shipment exposes staff names, salary, bank account and insurance details
2,000 UK Data Protection Act
& EU Directive on Data
Protection
A.10.8.3 - Physical media in transit
January 24, 2009
Abertawe >   Bro Morgannwq University> NHS Trust, UK
Stolen laptop contains patient details
5,000 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 23, 2009
Hays Pharma, Japan
Patients' personal information stolen from car, names, DOB, and PHI
10 Japan Privacy Act
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 23, 2009
Monster Worldwide Inc
Hackers steal PII of online jobseekers
Millions
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 22, 2009
Lloyds TSB UK
Customers bank account details mailed to unauthorized person
14 UK Data Protection Act
& EU Directive on Data
Protection
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 21, 2009
Missouri State University
University office inadvertently sends email message with foreign students PII attached
565 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 21, 2009
Kanawha-Charleston Health Department/Express Personnel
Services
Temporary worker administering billing information steals patients PII, PHI
11,000 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 20, 2009
SRA International Inc
Virus potentially exposes sensitive current and former employee, client data
Unknown
California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 20, 2009
Indiana Dept. of Administration
SSNs erroneously posted online
8,775 California SB-1386 &
other State derivatives
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 20, 2009
University of Rochester
Hacked
450 California SB-1386 & other State derivatives, FERPA
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 20, 2009
Heartland Payment Systems
Hacked - CCNs compromised
Millions
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 19, 2009
Forcht Bank/First Data Corporation
Hackers compromise merchant card processor data prompting Forcht to cancel cards
8,500 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 17, 2009
Kennebec Savings Bank/Unnamed card processor
Debit cards compromised
1,500 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 16, 2009
Smokers Choice
Business owner installs skimmer, steals and fraudulently uses customer credit cards
300 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 16, 2009
Southwestern Orego Community College
Laptop computer stolen from campus
200 California SB-1386 & other State derivatives, FERPA
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 15, 2009
Express EMS Services
Medical records of defunct ambulance> company's patients found in parking lot and dumpster. PHI compromised
Unknown
California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 13, 2009
Oregon Department of Health Services
Laptop stolen
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 13, 2009
University of Oregon
Laptop stolen
2,000 California SB-1386 & other State derivatives, FERPA
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 13, 2009
Blue Ridge Community Action, NC
External hard drive missing, presumed stolen from offices
300 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 12, 2009
Continental Airlines Inc.
Laptop stolen from locked office, employee,> vendor and 'new hire candidates> ' PII affected
230 California SB-1386 &
other State derivatives
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 12, 2009
Columbus City Schools
Employees PII found with common criminals, who had intercepted or stolen part of mailing from payroll division. PII misused
100 California SB-1386 & other State derivatives, FERPA
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 11, 2009
Family Funbox
Affected by massive credit card fraud putting company out of business
2,500 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2009
Circuit City
Closed store stashes customers' documents containing> credit card details behind store
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 10, 2009
Letterkenny General Hospital
Medical records containing names, dates of birth and hospital numbers dumped
16 California SB-1386 & other State derivatives, HIPAA Security
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 09, 2009
NHS Trust/Central Lancashire Primary Care Trust, UK
USB stick used for back-up missing
6,360 UK Data Protection Act
& EU Directive on Data
Protection
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 07, 2009
Cedars-Sinai Medical Center
Former employee steals PHI to commit insurance fraud
1,000 California SB-1386 & other State derivatives, HIPAA Security
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 07, 2009
Seventh-Day Adventist Church
Laptop stolen
292 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 07, 2009
Indiana Dept. Of Workforce Development
Unspecified breach, CCNs affected
1,000 California SB-1386 & other State derivatives, PCI/Visa CISP
 
January 06, 2009
Checkfree
Hacked website redirects customer traffic to malicious sites, CCNs may have been compromised
5,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 06, 2009
Occidental Petroleum> Corporation
Former Employee emailed spreadsheet with PII to personal email account
Unknown
California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 05, 2009
Innodata Isogen Inc.
Laptop stolen from employee's car containing names, addresses, SSNs of current and former employees
141 California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 05, 2009
United States Library of Congress
Human resources employee steals employee SSNs from
Library of Congress
10 California SB-1386 &
other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 02, 2009
Wydnam
Computer systems compromised, CCNs affected
Unknown
California SB-1386 & other State derivatives, PCI/Visa CISP
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 01, 2009
Pepsi Bottling Group
Portable data storage device lost
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
January 01, 2009
Kanagawa Prefectural> Senior High Schools, Japan
File sharing software exposes students PII online
110,000 Japan Privacy Act
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.8.2.2 - Information security awareness, education and training
January 01, 2009
Merril Lynch & Unknown third party contractor
Computer stolen from home in violent burglary
Unknown
California SB-1386 &
other State derivatives
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing and communications A.11.7.2 - Teleworking
    ESTIMATED TOTAL (ROUGH):
113,735,745    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.