PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
| February 28, 2010 |
Wyndham Hotels and Resorts (WHR) |
Hacked, PII,
CCN affected |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 25, 2010 |
Coastal Community Credit Union |
CCNs improperly discarded |
257 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 24, 2010 |
Citigroup |
Mailing error exposes SSNs on envelope |
600000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 23, 2010 |
Medix School
London Campus |
Students PII, PHI discarded in trash |
50 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 19, 2010 |
TennCare |
Mail sent to wrong addresses exposing PII |
3900 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 18, 2010 |
Valdosta State
University |
Hacked |
170000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 17, 2010 |
Southern Illinois
University at Carbondale |
Malware found on faculty members workstation |
900 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 17, 2010 |
Cardiology
Consultants Inc |
Stolen laptop contained PII, PHI |
8000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 16, 2010 |
Dairy Queen
Corporation |
POS terminal hacked, CCNs stolen |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 15, 2010 |
West Memphis
Arkansas Police Department |
Police employee improperly accesses computer containing other
employees PII |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 13, 2010 |
Eclipse Property
Solutions |
Employee steals credit card details |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 11, 2010 |
University of
Texas Medical Branch, MedAssets |
Former employee with history of ID theft alleged to have had
access to other employees PII |
1200 |
California SB-1386 & other State derivatives, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 11, 2010 |
Automatic Data
Processing (ADP), Equifax Inc. |
Mailing error exposes SSNs in envelope window |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 09, 2010 |
Kansas City Art
Institute |
SSNs and DOB on stolen computer from the campus |
145 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| February 09, 2010 |
California
Department of Health Care Services |
SSNS printed on address labels |
50000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 08, 2010 |
AvMed Health
Plans |
Laptops stolen affecting PII, PHI |
208000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 05, 2010 |
Wyoming
Department of Health |
PII of children exposed on web |
9000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 04, 2010 |
University of
Texas at El Paso |
Mailing error exposes students SSNs in envelope window |
15000 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 04, 2010 |
Social Security
Administration |
Employee loses CD containing PII, PHI |
969 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| February 03, 2010 |
Highmark, Inc.,
Boscov's Department Store, LLC |
Mail arrives with signs of being tampered with |
3700 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| February 02, 2010 |
Ozarks Area
Community Action Corporation |
Mailing error exposes landlords SSNs |
243 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 31, 2010 |
Columbia University |
3 laptops
stolen from office |
1400 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 30, 2010 |
Humboldt
State University |
Virus infected computer may have exposed PII |
3500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 30, 2010 |
Iowa Racing and
Gaming Commission |
Hacked |
80000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 29, 2010 |
Ameriquest Mortgage Company |
Ex-employee
steals mortgage applications and commits fraud |
100 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 29, 2010 |
Rabjohns
Financial Group, MedHQ LLC, Lindy Manufacturing |
Hundreds of job application papers found blowing in the wind |
Hundreds |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 28, 2010 |
State of Alaska, Price Waterhouse Coopers LLC, Mercer |
PII goes missing from PWC's offices |
77000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
National Archives and Records Administration |
Missing hard drive contained PII |
250000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
Ontario Teachers Insurance Plan, Toronto District School Board |
3 laptops stolen from offices |
8600 |
PIPEDA (Ontario) |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
University of
California San Francisco |
Stolen laptop contained PII, PHI |
4400 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 26, 2010 |
Methodist
Hospital |
Stolen laptop contained PII, PHI |
689 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 24, 2010 |
Ladbrokes UK |
PII of Ladbrokes gamblers offered for sale by ex-employee |
10000 |
UK Data Protection Act & EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 22, 2010 |
City of Columbus
Ohio |
City health workers PII stolen by employee |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 19, 2010 |
University of
Missouri |
SSNs visible externally on mail |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 18, 2010 |
Goodwill
Industries of Greater Grand Rapids |
Safe stolen, PII affected |
Thousands |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 18, 2010 |
City of Oakridge
Oregon |
List of city employees PII mistakenly sent with monthly water
bills |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| January 13, 2010 |
Kaiser
Permanente Northern California |
Stolen electronic storage device contained PHI |
15500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| January 11, 2010 |
Suffolk County
National Bank |
Customer credentials stolen from server where they were stored
in plain text |
8378 |
California SB-1386 & other State derivatives, GLBA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 06, 2010 |
Eugene School
District 4J |
Hacked |
13000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 05, 2010 |
Metropark USA
Inc |
Job applications containing PII found in parking lot |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 03, 2010 |
Transportation Security Administration, Boston International
Airport |
Employee steals and sells workers PII |
16 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 01, 2010 |
Larch
Corrections Center |
Employee's briefcase containing documents with PII stolen from
car |
43 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| |
|
ESTIMATED TOTAL (ROUGH): |
1,543,990 |
|
|
|
|
|
|
|
|
2010 Security Breach Matrix - For
Educational Purposes Only 
