PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
| July 27, 2010 |
Cooper University Hospital |
Thumb drive missing, PII affected |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 22, 2010 |
Hell Pizza, NZ |
Customer records stolen from online database |
230,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 20, 2010 |
British Columbia
Lottery Corporation |
'Data crossover' that
made PII and credit card information visible to other gamblers on
website
|
130 |
Canada PIPA & PIPEDA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 19, 2010 |
South Shore
Hospital |
Vendor loses backup tape, PII affected |
800,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| July 19, 2010 |
Starbucks |
Employee collects customer credit card details |
41 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 19, 2010 |
Maryland
Department of Human Resources |
Employee accidentally posts clients SSNs on third party website |
3,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 19, 2010 |
LV Financial
Services |
Boxes of PII, PHI disposed of in dumpster |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 16, 2010 |
Socialist Party in Madrid, Telecinco and the Children's
Ombudsman of the Community of Madrid, Spain |
Hacked |
120,000 |
Organic Law 15/99, EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2010 |
Utah Department
of Workforce Services |
Improper access of illegal immigrants PII by 2 employees |
1,300 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 16, 2010 |
Buena Vista
University |
Database hacked |
93,000 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2010 |
Connecticut
Department of Labor |
Stolen laptop exposes PII |
5,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 15, 2010 |
Prince William
County |
PII & PHI on stolen blackberry |
669 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 12, 2010 |
Entertainment
Software Ratings Board |
Complainants PII exposed as ''Reply All'' button used in sending
email |
1,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| July 10, 2010 |
London Borough of Barnet, West Sussex County Council and
Buckinghamshire, County Council, UK |
Poor handling of personal data |
9,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 08, 2010 |
Cisco |
Event attendance list hacked |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 08, 2010 |
The Pirate Bay |
Security weaknesses in the hugely popular file-sharing Web site
the piratebay.org exposed user PII |
4,000,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 06, 2010 |
Massachusetts
Secretary of the Commonwealth |
CD containing PII mistakenly sent to wrong receipient |
139,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 06, 2010 |
DentaQuest |
Contractor laptop stolen |
76,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 06, 2010 |
University of
Hawaii at Manoa |
CCNs & PII breached in hacked server |
53,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 06, 2010 |
University of
Florida |
Mailing labels printed with PII & PHI |
2,047 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 02, 2010 |
American
Airlines, AMR Corporation |
PII on hard drive stolen from office HQ |
79,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| July 02, 2010 |
Beautiful Brands
International, Camilles Sidewalk Cafe |
Credit card processing system hacked |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 30, 2010 |
A4e |
PII on stolen laptop |
24,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 29, 2010 |
Lincoln Medical
and Mental Health Center |
Cd with PHI stolen in transit |
130,495 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| June 29, 2010 |
University of
Maine |
Hacked |
4,585 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 25, 2010 |
University Hospital (Augusta, GA), Augusta Data Storage Inc. |
Data backup tape missing from offsite storage centre |
13,000 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 23, 2010 |
Oregon National
Guard |
Laptop stolen |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 23, 2010 |
Anthem Blue
Cross Blue Shield |
Patients PHI exposed online |
470,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 23, 2010 |
Destination
Hotels & Resorts, The Driskill Hotel |
Credit card data stolen from hacked server |
700 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 22, 2010 |
Florida
International University |
Unsecured database hacked |
19,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 19, 2010 |
Caritas Medical
Centre, Hong Kong |
Computer hard drive missing |
3,000 |
Personal Data (Privacy)
Ordinance (PCPD) |
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 17, 2010 |
Ocean Lakes High
School |
Student inappropriately gains access to file on server |
Unknown |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 09, 2010 |
AT&T/Apple |
Hacked |
114,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 09, 2010 |
Tufts University |
Virus-infected computer may have exposed PII |
7,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 07, 2010 |
Nursing Visioned
Medical Services |
Defunct business documents dumped, PII, PHI impacted |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 03, 2010 |
Safe Harbor Med
Evaluations |
Hard drive with PII, PHI stolen from office |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 02, 2010 |
Penn State
University |
Hacked |
15,806 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2010 |
West Berkshire
Council, UK |
USB memory stick lost |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 02, 2010 |
Rainbow Hospice
and Palliative Care |
Laptop stolen, PII, PHI affected |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 02, 2010 |
University of
Louisville |
Patients PII, PHI exposed online |
708 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2010 |
Bank of America |
Call centre employee steals
customer PII |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 01, 2010 |
Roanoke City
Public Schools |
Surplus computers sold with employees' PII |
2,000 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 31, 2010 |
Tralee Town
Council, Ireland |
Bank details relating to a significant number of companies sent
to rival suppliers by email |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| May 28, 2010 |
Cincinnati
Children's Hospital Medical Center |
Laptop stolen from employee's car contained PHI |
61,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 27, 2010 |
HM Revenue and
Customs, UK |
HMRC wrongly mails PII to wrong addresses |
50,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 26, 2010 |
Payless Travel
& Cruises |
Employee steals credit card details |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 26, 2010 |
City of
Charlotte |
DVD media lost in mail exposes workers' PII |
5,220 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| May 25, 2010 |
Loma Linda
University Medical Center |
Desktop stolen from offices, PII, PHI impacted |
500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| May 25, 2010 |
AT&T,
Ferrell Communication |
Dumped files contained PII, CCNs |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 22, 2010 |
Aldaco's Mexican
Cuisine |
Computer systems hacked |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 21, 2010 |
Strong Memorial
Hospital |
Bills mailed to patients exposed PII, PHI |
1,250 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 17, 2010 |
Oconee Heart
Center |
Laptop stolen |
600 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 13, 2010 |
United States Army Reserve, Serco Inc. |
Contractor's laptop stolen |
207,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 12, 2010 |
U.S. Department
of Veterans Affairs |
Contractor's laptop stolen |
644 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 12, 2010 |
Peterborough
District Hospital, UK |
Laptop stolen |
1,100 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 11, 2010 |
West Monroe Partners LLC, DentaQuest, New Mexico Human Services
Department |
Subcontractor's laptop stolen |
9,600 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 11, 2010 |
Curtlin
Manufacturing |
Tax documents containing PII stolen from vacant office building |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| May 10, 2010 |
Los Angeles
Firemen's Credit Union |
Files containing PII exposed in transit |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| May 10, 2010 |
Mid Atlantic
Processing |
Boxes containing documents with PII including cancelled cheques
improperly disposed of |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 07, 2010 |
FHG Finance |
Documents containing PII, account details found in dumpster |
300 |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 07, 2010 |
Fast Cash Plus
Inc. |
Documents containing PII, account details found in dumpster |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 03, 2010 |
Our Lady of
Peace |
Flash drive missing, PHI affected |
24,600 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| April 29, 2010 |
St. Jude
Heritage Medical Center |
Computers stolen exposing PII |
20,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 28, 2010 |
Paychex |
Payroll company accidentally merges 2 organisations data |
21 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 28, 2010 |
Montana Tech of
The University of Montana |
Employee accidentally emails students PII |
260 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| April 28, 2010 |
The Medical
Center at Bowling Green |
Hard drive stolen contained PII, PHI |
5,418 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 26, 2010 |
DRC Physical
Therapy Plus |
Patients files containing PII, PHI dumped outside |
Hundreds |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 26, 2010 |
Texas Child
Protective Services Division |
Employee steals parents PII |
70 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 21, 2010 |
Affinity Health
Plan |
Leased equipment hardrive returned unerased, PHI affected |
400,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.6 Secure disposal or re-use of equipment |
| April 21, 2010 |
Royal Bank of
Scotland, UK |
Van containing documents stolen |
20 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 21, 2010 |
United Imaging,
Chattanooga State |
Contractor mishandles student applications containing PII during
a scanning project |
1,700 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 21, 2010 |
St. Patrick's
College Drumcondra, Ireland |
PII and bank checks of student applications stolen |
20 |
Irish Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 20, 2010 |
Massachusetts
Eye and Ear Infirmary |
Laptop stolen |
3,526 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 16, 2010 |
Gwent Police, UK |
PII accidentally emailed |
10, 006 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| April 12, 2010 |
Baylor Health
Care System Inc. |
Thousands of patients PHI found in dumpster |
Thousands |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 11, 2010 |
LPL Financial |
Portable hardrive containing PII stolen from car |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 09, 2010 |
Atlanta Fire
Rescue |
Hacked, PII affected |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 09, 2010 |
Hollywood Video |
Customer mebership forms dumped by closed store |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 08, 2010 |
HCR ManorCare,
ManorCare Health Services |
Patients PII, PHI found on documents by the roadside |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 08, 2010 |
St. Francis
Hospital |
Employee steals patients PII, PHI |
60 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 08, 2010 |
H&R Block |
Tax preparer steals customer tax details to file false tax
claims |
20 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 07, 2010 |
Mad Capper
Saloon & Eatery |
CCNs compomised, possibly hacked |
80 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 06, 2010 |
Providence
Hospital |
Hard drive missing, PII, PHI impacted |
12 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 05, 2010 |
John Muir Health |
Two laptops stolen, PII, PHI compromised |
5,450 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 30, 2010 |
Barnet Council, UK |
Employee's
home burgled, unencrypted storage devices containing PII stolen |
9,000 |
UK
Data Protection Act & EU Directive on Data Protection |
A.9.2.5
- Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 25, 2010 |
Educational Credit
Management Corporation |
PII
including SSNs exposed on portable media device stolen from office |
3,300,000 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 25, 2010 |
Northwestern
Memorial Hospital, The Millard Group,Inc. |
Patients'
files stolen from unlocked cabinets by cleaning crew, PHI, PII affected |
250 |
California
SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 24, 2010 |
Evergreen
Public Schools, Vancouver Public Schools, Washington Schools Information
Processing Cooperative (WSIPC) |
Former
student hacks systems |
5,000 |
California
SB-1386 & other State derivatives, FERPA |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 23, 2010 |
H&R Block |
Employee
steals customers' PII |
60 |
California
SB-1386 & other State derivatives |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 22, 2010 |
Connecticut Office of
Policy and Management |
Temporary
employee may have stolen PII of rebate program applicants |
11,000 |
California
SB-1386 & other State derivatives |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 20, 2010 |
Royal London Mutual
Insurance Society, UK |
8
laptops stolen from offices |
2,135 |
UK
Data Protection Act & EU Directive on Data Protection |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 18, 2010 |
Mary's Pizza Shack |
POS
terminal infected with virus exposes customers' CCNs |
50 |
California
SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 17, 2010 |
University of Calgary
Sunridge Medical Clinic |
PHI
may have been accessed by unauthorized parties after two viruses infected
clinic's computers |
4,700 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 17, 2010 |
University of South
Carolina Beaufort |
Former
students' personal information on a stolen school-owned laptop |
480 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 16, 2010 |
Vanderbilt University |
Computer
stolen PII compromised |
7,174 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 16, 2010 |
California State
University Los Angeles |
Theft
of a computer from a department office exposes SSNs |
232 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 16, 2010 |
House of Commons of
Canada |
Computer
glitch incorrectly mails tax forms to the wrong address PII exposed |
697 |
PIPEDA |
A.7.2.1
- Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| March 12, 2010 |
NHS Stoke on Trentl,
Haywood Hospital, UK |
Patients
records improperly disposed |
2,000 |
UK
Data Protection Act & EU Directive on Data Protection |
A.7.2.1
- Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| March 10, 2010 |
St. Louis
Metropolitan Police Department |
Malware
exposes PII |
24 |
California
SB-1386 & other State derivatives |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 10, 2010 |
Thrivent Financial
for Lutherans |
Laptops
stolen from office, PII, PHI affected |
9,500 |
California
SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 07, 2010 |
Diabetes Direct, Inc. |
Employee
steals patients PII |
Unknown |
California
SB-1386 & other State derivatives |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 05, 2010 |
Starwood
Hotels and Resorts Worldwide Inc., Westin Bonaventure Hotel & Suites |
Hacked,
CCNs, Debit cards affected |
Unknown |
California
SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 05, 2010 |
University of Texas
Southwestern Medical Center |
Patients
exposed after a former employee was found in possession of a limited amount
of patient billing data |
12,000 |
California
SB-1386 & other State derivatives, FERPA |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 05, 2010 |
Small Dog Electronics |
Hacked,
CCNs affected |
1,225 |
California
SB-1386 & other State derivatives, FERPA |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 04, 2010 |
Wake Forest
University Baptist Medical Center |
Documents
of patients names and SSNs stolen from car |
554 |
California
SB-1386 & other State derivatives |
A.9.2.5
- Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 03, 2010 |
Argos Ltd, UK |
Customers
PII, CCNs, three-digit CCV security code exposed in order confirmation emails |
Unknown |
UK
Data Protection Act & EU Directive on Data Protection |
A.7.2.1
- Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 28, 2010 |
Wyndham Hotels and Resorts (WHR) |
Hacked, PII,
CCN affected |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 25, 2010 |
Coastal Community Credit Union |
CCNs improperly discarded |
257 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 24, 2010 |
Citigroup |
Mailing error exposes SSNs on envelope |
600000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 23, 2010 |
Medix School
London Campus |
Students PII, PHI discarded in trash |
50 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 19, 2010 |
TennCare |
Mail sent to wrong addresses exposing PII |
3900 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 18, 2010 |
Valdosta State
University |
Hacked |
170000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 17, 2010 |
Southern Illinois
University at Carbondale |
Malware found on faculty members workstation |
900 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 17, 2010 |
Cardiology
Consultants Inc |
Stolen laptop contained PII, PHI |
8000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 16, 2010 |
Dairy Queen
Corporation |
POS terminal hacked, CCNs stolen |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 15, 2010 |
West Memphis
Arkansas Police Department |
Police employee improperly accesses computer containing other
employees PII |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 13, 2010 |
Eclipse Property
Solutions |
Employee steals credit card details |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 11, 2010 |
University of
Texas Medical Branch, MedAssets |
Former employee with history of ID theft alleged to have had
access to other employees PII |
1200 |
California SB-1386 & other State derivatives, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 11, 2010 |
Automatic Data
Processing (ADP), Equifax Inc. |
Mailing error exposes SSNs in envelope window |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 09, 2010 |
Kansas City Art
Institute |
SSNs and DOB on stolen computer from the campus |
145 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| February 09, 2010 |
California
Department of Health Care Services |
SSNS printed on address labels |
50000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 08, 2010 |
AvMed Health
Plans |
Laptops stolen affecting PII, PHI |
208000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 05, 2010 |
Wyoming
Department of Health |
PII of children exposed on web |
9000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 04, 2010 |
University of
Texas at El Paso |
Mailing error exposes students SSNs in envelope window |
15000 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 04, 2010 |
Social Security
Administration |
Employee loses CD containing PII, PHI |
969 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| February 03, 2010 |
Highmark, Inc.,
Boscov's Department Store, LLC |
Mail arrives with signs of being tampered with |
3700 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| February 02, 2010 |
Ozarks Area
Community Action Corporation |
Mailing error exposes landlords SSNs |
243 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 31, 2010 |
Columbia University |
3 laptops
stolen from office |
1400 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 30, 2010 |
Humboldt
State University |
Virus infected computer may have exposed PII |
3500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 30, 2010 |
Iowa Racing and
Gaming Commission |
Hacked |
80000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 29, 2010 |
Ameriquest Mortgage Company |
Ex-employee
steals mortgage applications and commits fraud |
100 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 29, 2010 |
Rabjohns
Financial Group, MedHQ LLC, Lindy Manufacturing |
Hundreds of job application papers found blowing in the wind |
Hundreds |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 28, 2010 |
State of Alaska, Price Waterhouse Coopers LLC, Mercer |
PII goes missing from PWC's offices |
77000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
National Archives and Records Administration |
Missing hard drive contained PII |
250000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
Ontario Teachers Insurance Plan, Toronto District School Board |
3 laptops stolen from offices |
8600 |
PIPEDA (Ontario) |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
University of
California San Francisco |
Stolen laptop contained PII, PHI |
4400 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 26, 2010 |
Methodist
Hospital |
Stolen laptop contained PII, PHI |
689 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 24, 2010 |
Ladbrokes UK |
PII of Ladbrokes gamblers offered for sale by ex-employee |
10000 |
UK Data Protection Act & EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 22, 2010 |
City of Columbus
Ohio |
City health workers PII stolen by employee |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 19, 2010 |
University of
Missouri |
SSNs visible externally on mail |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 18, 2010 |
Goodwill
Industries of Greater Grand Rapids |
Safe stolen, PII affected |
Thousands |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 18, 2010 |
City of Oakridge
Oregon |
List of city employees PII mistakenly sent with monthly water
bills |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| January 13, 2010 |
Kaiser
Permanente Northern California |
Stolen electronic storage device contained PHI |
15500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| January 11, 2010 |
Suffolk County
National Bank |
Customer credentials stolen from server where they were stored
in plain text |
8378 |
California SB-1386 & other State derivatives, GLBA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 06, 2010 |
Eugene School
District 4J |
Hacked |
13000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 05, 2010 |
Metropark USA
Inc |
Job applications containing PII found in parking lot |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 03, 2010 |
Transportation Security Administration, Boston International
Airport |
Employee steals and sells workers PII |
16 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 01, 2010 |
Larch
Corrections Center |
Employee's briefcase containing documents with PII stolen from
car |
43 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| |
|
ESTIMATED TOTAL (ROUGH): |
12,125,523 |
|
|
|
|
|
|
|
|
