GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification Request PDF Excel    2010 Security Breach Matrix - For Educational Purposes Only  Request PDF Excel GRC Certification
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
February 28, 2010 Wyndham Hotels and Resorts (WHR) Hacked, PII, CCN affected Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 25, 2010 Coastal Community Credit Union CCNs improperly discarded 257 California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 24, 2010 Citigroup Mailing error exposes SSNs on envelope 600000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 23, 2010 Medix School London Campus Students PII, PHI discarded in trash 50 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 19, 2010 TennCare Mail sent to wrong addresses exposing PII 3900 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 18, 2010 Valdosta State University Hacked 170000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 17, 2010 Southern Illinois University at Carbondale Malware found on faculty members workstation 900 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 17, 2010 Cardiology Consultants Inc Stolen laptop contained PII, PHI 8000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 16, 2010 Dairy Queen Corporation POS terminal hacked, CCNs stolen Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 15, 2010 West Memphis Arkansas Police Department Police employee improperly accesses computer containing other employees PII Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 13, 2010 Eclipse Property Solutions Employee steals credit card details Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 11, 2010 University of Texas Medical Branch, MedAssets Former employee with history of ID theft alleged to have had access to other employees PII 1200 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 11, 2010 Automatic Data Processing (ADP), Equifax Inc. Mailing error exposes SSNs in envelope window Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 09, 2010 Kansas City Art Institute SSNs and DOB on stolen computer from the campus 145 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 09, 2010 California Department of Health Care Services SSNS printed on address labels 50000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 08, 2010 AvMed Health Plans Laptops stolen affecting PII, PHI 208000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 05, 2010 Wyoming Department of Health PII of children exposed on web 9000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 04, 2010 University of Texas at El Paso Mailing error exposes students SSNs in envelope window 15000 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 04, 2010 Social Security Administration Employee loses CD containing PII, PHI 969 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
February 03, 2010 Highmark, Inc., Boscov's Department Store, LLC Mail arrives with signs of being tampered with 3700 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
February 02, 2010 Ozarks Area Community Action Corporation Mailing error exposes landlords SSNs 243 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 31, 2010 Columbia University 3 laptops stolen from office 1400 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 30, 2010 Humboldt State University Virus infected computer may have exposed PII 3500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 30, 2010 Iowa Racing and Gaming Commission Hacked 80000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 29, 2010 Ameriquest Mortgage Company Ex-employee steals mortgage applications and commits fraud 100 California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 29, 2010 Rabjohns Financial Group, MedHQ LLC, Lindy Manufacturing Hundreds of job application papers found blowing in the wind Hundreds California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 28, 2010 State of Alaska, Price Waterhouse Coopers LLC, Mercer PII goes missing from PWC's offices 77000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 27, 2010 National Archives and Records Administration Missing hard drive contained PII 250000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 27, 2010 Ontario Teachers Insurance Plan, Toronto District School Board 3 laptops stolen from offices 8600 PIPEDA (Ontario) A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 27, 2010 University of California San Francisco Stolen laptop contained PII, PHI 4400 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 26, 2010 Methodist Hospital Stolen laptop contained PII, PHI 689 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 24, 2010 Ladbrokes UK PII of Ladbrokes gamblers offered for sale by ex-employee 10000 UK Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 22, 2010 City of Columbus Ohio City health workers PII stolen by employee Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 19, 2010 University of Missouri SSNs visible externally on mail Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 18, 2010 Goodwill Industries of Greater Grand Rapids Safe stolen, PII affected Thousands California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 18, 2010 City of Oakridge Oregon List of city employees PII mistakenly sent with monthly water bills Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 13, 2010 Kaiser Permanente Northern California Stolen electronic storage device contained PHI 15500 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
January 11, 2010 Suffolk County National Bank Customer credentials stolen from server where they were stored in plain text 8378 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 06, 2010 Eugene School District 4J Hacked 13000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 05, 2010 Metropark USA Inc Job applications containing PII found in parking lot Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 03, 2010 Transportation Security Administration, Boston International Airport Employee steals and sells workers PII 16 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 01, 2010 Larch Corrections Center Employee's briefcase containing documents with PII stolen from car 43 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
    ESTIMATED TOTAL (ROUGH): 1,543,990    
GRC Certification
Bookmark and Share
Copyright 2005-2010 by eFortresses, Inc. All rights reserved.