GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2011 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
December 31, 2011 California Statewide Law Enforcement Association PII as well as dozens of full credit card numbers with expiration dates and e-mail spools dumped by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 30, 2011 United Airlines PII of people available to individual who logged in to mobile web site 20 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 28, 2011 Care2 Members notified of forced password reset after hacker accesses "limited number" of users' logins 17,900,617 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 28, 2011 Loma Linda University Medical Center Social Security and driver's license numbers and patients' medical records stolen by employee 1,336 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 27, 2011 Promo-Web.org (Promo Web) Forum usernames, clear-text passwords, and e-mail addresses dumped by hacker 2,784 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 27, 2011 Welcome Financial Services , Cattles Group, UK Backup tapes or disks with PII of loan customers as well as data on some employees reported missing 1,400,000 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
December 26, 2011 Club Penguin Private Servers Usernames, e-mail addresses, IP addresses, and easily decrypted MD5 passwords posted to web by hacker Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 26, 2011 Tianya Forum members' usernames and clear-text passwords leaked online by hackers 40,000,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 25, 2011 Taishin International Bank PII including cash card number, national health insurance card, of applicants for cash cards leaked to a criminal ring 20,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 23, 2011 New York City Office of the Public Advocate Thousands of PII acquired and dumped by hacker Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 23, 2011 Virginia Department of General Services Database with Social Security numbers available on the web for over 10 years 639 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 22, 2011 Oregon Department of Human Services Laptop stolen from office contained fingerprints and other personal information 3,000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 22, 2011 7k7k Data for game site users reportedly leaked by hackers 20,000,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 22, 2011 Edinburgh City Council, UK Debt advice records accessed by hackers 8,745 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2011 Trion Worlds Usernames, encrypted passwords, birthdates, email, billing addresses, and partial credit card info acquired by hackers 3,300,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2011 Sociedad Española de Farmacia Hospitalaria, Spain Usernames and plain-text passwords acquired and dumped by hacker 2,071 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2011 Pearl River Resort Breach in card processing system suspected after reports of card fraud linked to gaming resort Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 20, 2011 Aegis Science Corporation Laptop and external hard drive stolen from an employee’s car contained PII of those undergoing drug testing and those doing the testing Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 20, 2011 MyVetDirect.com, Butler Schein Animal Health (Henry Schein) Customers' PII, CCNs and delivery information involved in web site security breach Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 17, 2011 Ministro per la pubblica amministrazione e l’innovazione (Minister for Public Administration and Innovation), Italy Administrative usernames and encrypted passwords as well as other PII dumped by hacker 9,195 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 16, 2011 Open Road Audi Brooklyn Employee used info stolen from UJA-Federation of NY and his employer to commit fraudulent financial transactions; 900 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 16, 2011 JPMorgan Chase (Chase Bank) At least three employees stole customer account info and/or allowed fraudulent transfers to occur Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 16, 2011 UJA-Federation of New York Employee snapped pictures of checks given collecting PII and account numbers of her victims that she then sold to others in a large fraud ring Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 16, 2011 AKAM Associates Inc. Employee allegedly stole identity and account info of people making payments to the property management firm 12 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 16, 2011 Hawaii Department of Taxation Audit revealed employees may have been improperly accessing tax database going back to 2008 Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 15, 2011 British Columbia Transplant (BC Transplant) Bag containing potential organ recipients' and staff PII was stolen from employee's unattended car 500 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 15, 2011 Harold’s New York Deli Owner convicted for his role in a larger credit card fraud ring Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 15, 2011 Government of Newfoundland and Labrador Motor Registration Division Government employee may have inappropriately accessed PII Unknown Canada PIPA & PIPEDA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 14, 2011 Pleasure Beach E-mail addresses and MD5 passwords dumped by hacker 6,321 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 14, 2011 SpecialForces.com CCNs as well as plain-text usernames, decrypted passwords, and 40,854 e-mail addresses acquired and leaked 36,368 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 14, 2011 Se7ensins.com Usernames, plain-text passwords and e-mail addresses dumped by hacker 14,993 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 14, 2011 Paul C. Brown, M.D., P.S. Burglars stole office equipment and CDs containing patients' PII & PHI Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 12, 2011 Bolton Council, UK Children's files stolen from employee's car Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 11, 2011 University of Mississippi Medical Center Patients' medical record numbers and PII' sensitive information on stolen researcher's laptop 1,475 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 11, 2011 Coalition of Law Enforcement and Retail (CLEAR) Law enforcement and retail organization members' PII hacked and dumped on the Internet along with some private messages (PMs) 2,430 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 10, 2011 Gene S. J. Liaw, M.D. Patients' PII & PHI on missing USB drive 1,105 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 09, 2011 Stone Oak Urgent Care Family Practice Patients PII & PHI on stolen computers from physician's office 3,079 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 09, 2011 Unknown Organization PII of financial accounts acquired by hacker; almost 50 dumped on Internet 3,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 09, 2011 Jumpers Junction Restaurant Sports Pub Dozens of customers' cards compromised by hack Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 09, 2011 Mr. Janitor , Eagle Harbor Country Club, Selva Marina Country Club Owner of janitorial service charged with stealing country club members' personal info and checks Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 08, 2011 Camden Council, UK Dozens of licensing applications containing PII viewable on the Internet Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 08, 2011 Unknown Organization, Subway Restaurants Romanian hackers compromise POS systems at 150 Subway stores plus 50 other unnamed merchants 80,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 08, 2011 Automatic Data Processing (ADP), A. W. Hastings Co. Laptop stolen from contractor's home held employees' data including names, addresses, and Social Security numbers. Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 07, 2011 Guide Publishing Group (GuideYou.com) Almost a year after code insertion, firm discovers that database with customers'PII & CCNs compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 07, 2011 Bruce W. Carter Department of Veterans Affairs Medical Center Employee charged with selling ID of disabled patients 22 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 06, 2011 Alan M Casson Associates Two unencrypted laptops and back up media containing PII on patients stolen during office burglary 8,000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 06, 2011 Powys County Council, UK Council fined by ICO following two shared printer-related breaches exposing sensitive child protection cases 2 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 06, 2011 Richard Dominic Preston Stolen laptop contained documents relating to barrister's cases plus e-mail correspondence Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 05, 2011 Metabasis Therapeutics Employee stole co-workers' and their dependents' personal information, which he used to obtain credit cards 90 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 04, 2011 Red River College Campus crime reports on more than 100 victims were dumped in a recycling bin 100 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
December 04, 2011 Yahama Motor Racing, Yamaha Factory Racing, Italy Usernames, e-mail addresses, and plain-text passwords acquired by hacker and dumped on Internet 10,147 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 03, 2011 State of Tennessee Mailing error exposed employees' insurance certificate data to the wrong parties 1,770 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
December 03, 2011 Napsu Travel site usernames, e-mail addresses, and plain-text passwords acquired by hacker and leaked on Internet 16,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 02, 2011 Pulaski County Special School District Laptop with employees' name and Social Security numbers stolen from former employee's home 1,100 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 02, 2011 South Central Strategic Health Authority E-mail containing sensitive personnel data relating to pathology staff mistakenly sent to a clinical reference group 1,822 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
December 02, 2011 University of Kansas Documents containing personal information of current and former student housing residents stolen from office Unknown California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 02, 2011 Contra Costa County Names of resident debtors of the county health department were included in a public document that was uploaded to the Internet 5,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 02, 2011 Blanca Games Ultimate Bet player records obtained and leaked online 3,500,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 01, 2011 Portal Mercosur Names, usernames, plain-text passwords, and e-mail addresses of trade organization's site acquired and dumped by hacker 3,163 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 01, 2011 Unknown Organization, Trilegiant Corporation Call center employee caught taking screenshots of customers' names and card numbers with his cellphone camera Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 30, 2011 African Imports, KY, US Customers' PII and credit card numbers acquired by hacker and posted online with server admin's username and password 1,193 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 30, 2011 Ekatra Books Users' e-mail addresses and plain-text passwords acquired and posted online by hacker 1,100 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 30, 2011 The College of New Jersey Vulnerability in Campus Student Employment System may have exposed student job applicants' information 12,815 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 30, 2011 Songs Fever PII including hashed passwords and userids acquired and posted by hacker, who also claims to have acquired credit card numbers 1,344 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 30, 2011 Relay Specialties, Inc. Database with e-mail addresses, most with plain-text passwords, posted on Internet 2,744 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 29, 2011 Evidalia.es, Spain Users' first names, nationality, e-mail addresses, plain-text passwords, and usernames acquired and posted by hacker 42 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 28, 2011 Telford & Wrekin Council, Moorfield Primary School, UK Employee dumped files in public bin that included PII of every student at a primary school who had a school meal 58 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 28, 2011 United Nations Usernames, passwords, and e-mail addresses from "old server" acquired and posted by hacker 850 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 28, 2011 Flin Flon Clinic Partially burned medical records were found blowing near a highway and gravel pit Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 28, 2011 Worcestershire County Council, UK Council fined for e-mailing sensitive info on a large number of vulnerable people to unintended recipients Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
November 28, 2011 North Somerset Council Council fined for repeated e-mail errors by an employee involving sensitive and confidential information Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
November 28, 2011 Vagus Cosmetics Patient database with patients' personal information acquired and dumped by hacker 2,555 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 27, 2011 Unknown Organization, 101Domain.com Phishing attempt on vendor resulted in a number of customers' accounts being at risk of compromise of personal and payment info Unknown California SB-1386 & other State derivatives, GLBA A.10.8.4 - Electronic messaging
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 27, 2011 Carbajal Realty Renters' payment records and information dumped online 625 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 25, 2011 Nexon Korea Corp Million players of Maple Story had their PII acquired by hacker 13,200,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 24, 2011 Lumen Christi College Names, usernames, department, position, and plain-text passwords dumped on web by hacker 15 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 23, 2011 Naijaloaded, Nigeria Users' names, passwords and location information acquired by hacker 243,089 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 23, 2011 Restaurant Depot, Jetro Cash & Carry Malware inserted in system exfiltrated customers' magstripe data to servers in Russia Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 23, 2011 Save Mart Supermarkets , Lucky Supermarkets Supermarket chain notifies customers after skimmers were found in self-checkout terminals at 23 stores Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 23, 2011 Club Penguin Private Servers Usernames, e-mail addresses, passwords and IP dumped on web by hacker 309 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 23, 2011 Math2020.com Usernames, e-mail addresses, and plain-text passwords dumped on web by hacker 99 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 23, 2011 New Jersey Motor Vehicles Commission Two employees sold PII; two other businessmen charged as part of the ring Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 23, 2011 MassBay Community College Failure to enable PeopleSoft when database launched in 2002 allowed employees to view PII of anyone in the database 400 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 23, 2011 EMR4Doctors.com, Sitka Wellness Center EMR vendor exposed patients' info on internet 566 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 22, 2011 Globeclassroom.ca, Globe and Mail, Canada Names, e-mail addresses, clear-text passwords, job title, school, and school contact details dumped on web by hacker 1,409 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 22, 2011 HostBooter.com Usernames, passwords, e-mail addresses, DNS, IP addresses, and Serial numbers dumped on web by hacker 713 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 22, 2011 NTR , Netherlands Names, dates of birth and e-mail addresses of 13,000 children using Sinterklaas web site downloaded by hacker 13,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 22, 2011 Virtual Radiologic Professionals (vRad) Laptop stolen from employee's car contained physician and patient info, including SSNs, bank account numbers or credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 21, 2011 Jewish Community Services of South Florida Employee sold Holocaust survivors' identity info to a confidential police informant 32 EU Directive on Data Protection
California SB-1386 & other State derivatives
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 21, 2011 Wine Library Customers' stored credit card data acquired and misused by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 21, 2011 Blairsville High School Students repeatedly accessed database with teachers' names, Social Security numbers, and salaries Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 21, 2011 London Borough of Southwark Council, UK Computer and papers containing peoples’ PII left behind after office move discovered when building was sold 1.5 years later and new landlord cleaned out building 7,200 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 21, 2011 Central Essex Community Services, UK A book containing information about the general health of mothers and their babies was taken from a locked office. 498 UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 18, 2011 Daisy’s Florist Owner arrested for skimming customers' card numbers for fraudulent use Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 18, 2011 Asia-Pacific Economic Cooperation Honolulu’s APEC Host Committee computers containing host members' Social Security numbers and dates of birth hacked 40 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 18, 2011 Unknown Organization, Lebanon Internal Medicine Associates, P. C. Patients' PII & PHI were on a flooded computer that was improperly discarded by a restoration contractor Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 18, 2011 Parkland Memorial Hospital (Parkland Health Hospital System) Employee accessed and copied patient information, allegedly to use for his own healthcare agency 1,311 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 17, 2011 Smith and Wollensky, Capital Grille, Wolfgang's Steakhouse, Morton’s, Bicycle Club, JoJo Waiters at high-end steakhouses recruited to skim high-limit credit cards 50 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 17, 2011 Ohio Rehabilitation Services Commission Confidential client files from state agency thrown in dumpster by employee. 50 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 17, 2011 Sawicki & Phelps, P.A. Employee donated old papers to an elementary school for scrap paper, not realizing they contained confidential client data Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 17, 2011 Medcenter One Laptop with limited patient information stolen from employee's car; 650 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 16, 2011 Netcar Finland Oy, Finland Usernames, passwords, and e-mail addresses leaked for netcar.fi car retail site 12,109 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 16, 2011 McDonald's Drive-thru window employee confessed she was recruited to skim and sell over 100 customers' credit/debit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 16, 2011 Union Bank Trust Co, Bright Directions Program (Illinois Treasurer's Office) SSNs of people enrolled in a college savings program appeared on the outside of envelopes mailed to participants 36,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 15, 2011 CEFCU Stolen laptop contained credit union members' names and account numbers Unknown California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 15, 2011 Pennsylvania Public School Employees Retirement System Pension fund members' names and SSNs exposed on Internet 2,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 14, 2011 Unknown Organization, YMCA of Metro Atlanta Stolen computer may expose YMCA members' personal information and encrypted bank account and debit/credit card numbers) Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 14, 2011 Stephen F. Austin Hotel Employee skimmed guests' credit or debit cards left in their hotel rooms Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 14, 2011 Clayton County Police Department Police officer left memo pad with identifiable info on traffic stops and crime victims in his personal car that he sold Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 14, 2011 Smokers Choice Smoke shop customers reported their card number stolen 200 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 13, 2011 FindFriendz.com, India Usernames and clear-text passwords acquired by hacker and posted on Internet 57,721 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 13, 2011 Providence Night Life Usernames, clear-text passwords, and e-mail addresses leaked on Internet 50,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 12, 2011 Zapateria Orinoco Customers’ e-mail addresses, clear-text passwords, security questions and security answers posted by hacker 487 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 12, 2011 University of California at Los Angeles (UCLA Applicants to Dept. of Psychology had first and last names, gender, date of birth and full mailing address in data dump by hacker, with 40 dept. usernames and passwords 40 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 12, 2011 AdventSource Ministry site users' PII and encoded credit card numbers and passwords posted on Internet 2,500 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 11, 2011 Transcend Capital Stolen laptop contained customers’ names, account numbers, and in some cases, Social Security numbers. Unknown California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 11, 2011 University of Texas - Pan American (UTPA) Spreadsheet containing PII and GPA of 19,276 students accessible on the Internet 19,276 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 11, 2011 Mu Explicito Usernames, e-mail addresses and clear-text passwords from online gaming site posted on Internet with site administrator's password 36 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 11, 2011 Microsoft, Unknown Organization Working MSN and Hotmail e-mail addresses and passwords found in phishing attempt attachment 47,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
November 11, 2011 Virginia Commonwealth University Notified after database containing PII and various programmatic or departmental information accessed by intruder 178,567 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 10, 2011 Steam (Valve, Inc.) Database containing PII and encrypted credit card information accessed by hacker(s). 35,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 10, 2011 LivingSocial Inc. Stolen laptop contained hundreds of current and former employees' names, dates of birth, and addresses Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 10, 2011 Brownsville School District PII and estimated monthly salary exposed on the internet for 5 months Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 10, 2011 Wakulla County School District Students' FCAT scores and SSNs exposed on the Internet 2,400 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 09, 2011 Habitat for Humanity of Delaware County ReStore Credit card transactions captured and exfiltrated to a server in Poland 444 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 07, 2011 Unknown Organization, iQor, Inc. Contractor's employee stole PII and used them to open credit card accounts 100 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 07, 2011 Computershare Inc Firm alleges former employee illegally accessed a protected computer and downloaded both proprietary information and shareholder information Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 06, 2011 Adidas AG (adidas.com, reebok.com, miCoach.com, adidas-group.com) E-mail addresses and passwords acquired and dumped by hackers 500,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 05, 2011 Work Efficiency Institute, Student Alliance Osku, WinNova Länsirannikon koulutus Ltd, Aducate - Centre for Training and Development (University of Eastern Finland) Social security numbers, home addresses, telephone numbers and email addresses hacked and posted online 16,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 05, 2011 Unknown Organization E-mail addresses and clear-text passwords posted in data dump 1,272 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 05, 2011 Waseela Marriage Center Usernames, MD5 hashed passwords and e-mail addresses from marriage-making site dumped by hacker 98 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 04, 2011 Washington South Supervisory Union Compromise of financial computer system put members' financial information at risk Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 04, 2011 Sociedad Española de Farmacia Hospitalaria, Spain Usernames and clear-text passwords, with some e-mail addresses, exposed by hacker 1,826 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 04, 2011 St. Joseph Medical Center X-rays with PII & PHI stolen 5,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 04, 2011 Jackson Hewitt Hundreds of completed tax returns found outside an abandoned office. Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 04, 2011 University of California Los Angeles Health System Patients' names, medical record numbers, addresses, and some medical info on hard drive stolen in home burglary 16,288 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 03, 2011 U.S. Department of Veterans Affairs Log book with personal and medical info stolen from a VA physician's car. 377 California SB-1386 & other State derivatives, HIPAA Security .7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 03, 2011 U.S. Department of Veterans Affairs 10-12 sheets of paper with lists of in-patient Veterans with full PII & PHI were found in a cybercafe in a veterans' residential treatment program 219 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 03, 2011 Rochdale Metropolitan Borough Council, UK Employee lost memory stick containing the details of over 18,000 residents, Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 03, 2011 ConsumerJournalWeekly.com Spread sheet of insurance leads with PII exposed on web in .txt file 6,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 03, 2011 Top of the Line Marketing Employee provided 1,200 individuals' names, Social Security numbers and birth dates to someone who used them for card fraud 1,200 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 02, 2011 Amsterdam Hospitality Group Auditor for the firm stole customer information and sold it to another party who used it to purchase airline tickets 237 EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 02, 2011 Timothy Mathis, M.D. Patients' records stored in old building were destroyed in fire; some found on street 4,200 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
November 02, 2011 University of Alabama E-mail gaffe exposes students' failing grades to each other Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
November 02, 2011 Maloney Properties Stolen laptop contained residents' housing data, including Social Security numbers Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 01, 2011 Metrolux 14 Theatres Cases of card fraud linked to breach at the theatre's system 1,180 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 01, 2011 Premier Imaging LLC, High Point Regional Health System, Premier Medical Plaza Employee fired after taking patients' files home for reasons that are unknown at this time 551 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 31, 2011 BanglaTV.ca Usernames and clear-text passwords acquired and dumped by hackers 1,517 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information"
October 31, 2011 Hi5ads.com (KathmanduInfosys Educational Consultancy) Usernames, clear-text passwords, e-mail addresses, phone numbers, and names acquired and dumped by hackers 5,067 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 31, 2011 Warren County Community College PII of former and current students and applicants may have been on stolen laptop 5,461 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 31, 2011 British Columbia Ministry of Children and Family Development, Canada Documents containing PII & PHI found in a dumpster behind an apartment complex Unknown Canada PIPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 29, 2011 Archangel Security Agency Ltd, Ireland Personal details of individuals in a security training program were found strewn on grounds of industrial estate 30 Irish Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 28, 2011 BrickWire LLC, Lawrence Memorial Hospital, Mid Continent Credit Services, Inc. (Blue Sky Credit) Online payment system exposed patients' credit card numbers and PII 10,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 28, 2011 United States Air Force, Japan Service members' medical records were found at a service member’s home on Yokota Air Base 593 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 28, 2011 Unknown Organization, Newcastle Youth Offending Team, Newcastle upon Tyne City Council, UK Personal data on laptop stolen from contractor's home 110 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 28, 2011 Hong Kong Labour Department, HK Personal data of 56 people who applied for employee compensation was lost 56 Personal Data (Privacy) Ordinance (PCPD) A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 27, 2011 James A. Haley Veterans Hospital Missing camera contained before and after pictures of breast cancer surgery patients with their SSNs Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 27, 2011 Muir Orthopaedic Specialists Stolen binder had patient labels including patients' date of birth 1,800 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 27, 2011 Mama’s Boy Italian Ristorante Customers' credit and debit card numbers captured during transmission and misused Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 27, 2011 Eaton Group, Jani-King Court documents with personal and financial information found strewn in street Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 27, 2011 Vancouver Coastal Health Authority Patients' names, medical record numbers, dates of birth and diagnoses on laptop and USB lost or stolen at airport 450 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 27, 2011 University Hospitals Coventry & Warwickshire NHS Trust, UK Patients' sensitive personal data found in public bin outside residential apartment complex 18 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 26, 2011 Indalex Inc. (Sapa AB) Bankrupt firm abandoned building with employee records containing Social Security numbers Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 26, 2011 Indigo Joe's Personal information on hundreds of people from pub that went out of business found at trash storage company Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 25, 2011 United States Department of Education "Glitch" exposed Direct Loan Program applicants' Social Security numbers and financial information to each other 5,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 25, 2011 Regions Bank, Ocala Police Department Police officer looked up PII of drivers for co-conspirator to open bank accounts to cash fraudulent tax return checks 149 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 25, 2011 Bloggtoppen.se, Unknown Organization Usernames and passwords of users of at least 58 web sites acquired by hackers 180,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 24, 2011 Cheaptickets.nl, Netherlands Database with 715000 customers, 1200000 tickets, 80000 passport numbers leaked 715,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 24, 2011 Emory Healthcare Patients notified as patients PII were used to file fraudulent tax returns 7,300 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 24, 2011 Ministry of Labor and Social Welfare, Israel Employee with access to the Population Registry stole the details of residents and then passed them to someone else; eventually publicly available 9,000,000 Israel Privacy Law A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 23, 2011 Hazleton Community Ambulance Association Hundreds of old sheets with personal information of employees and former patients found in a dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 22, 2011 Boston Police Patrolmen’s Association, International Association of Chief of Police, Matrix Group International, Baldwin County Sheriff's Office Personal data from law enforcement-related web sites and their host acquired and posted by hacker groups Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 22, 2011 Unknown Organization, Unknown Organization, Worker Benefit Plans (Concordia Plan Services), The Lutheran Church-Missouri Synod Box of microfilm containing plan enrollment information from the 1960s and 1970s sent by vendor to subcontractor lost by delivery service Unknown California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
October 20, 2011 Wells Fargo Printer malfunction resulted in customers receiving parts of other customers' bank statements, including account numbers, balance, and transaction history Unknown California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 20, 2011 Edge Hill University Students’ PII and student network passwords included in e-mail to 53 other students by mistake 798 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 19, 2011 Well United Methodist Church Church volunteers' SSNs and birthdates stolen by volunteer/former inmate 40 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 18, 2011 Aaron's, Inc. Customers' names and Social Security numbers were on a stolen computer Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 18, 2011 Lord of the Rings Online Forum, Turbine, Inc., UK Forum database hacked, users' passwords acquired Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 17, 2011 Metropolitan Police Service, UK Online disclosure log for freedom of information requests failed to redact personal information in cases 105 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 16, 2011 Ashley D. Bell Law Office Old client files containing sensitive information found in a newspaper's dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 15, 2011 Unknown Organization, United Healthcare, Futurity First Insurance Group, Mutual of Omaha Insurance , United of Omaha Life Insurance Company, United Health Group Health Plan, American Continental Insurance Company Hard driven stolen from repair vendor contained enrollee's personal and health information 7,602 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 15, 2011 Thomas Jefferson University Hospitals, Lankenau Medical Center, Grand View Hospital Patients' x-ray films were stolen by men posing as employees of recycling firm 3,000 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 15, 2011 San Antonio Independent School District Students' PII and the reasons the district considered them potential dropouts exposed on the Internet 360 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2011 Avia Dental Plan Stolen password enabled acquisition of members' PII and credit card information 2,500 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2011 Unknown Organization, Securities and Exchange Commission, Financial Tracking Technologies LLC SEC staffers notified that their personal brokerage account information may have been compromised by unauthorized subcontractor(s) Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 14, 2011 Praxis Care Isle of Man, Department of Social Care Memory stick containing confidential information on disabled clients and staff lost by employee 107 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 14, 2011 Social Security Administration Living Americans' names, birthdates and Social Security numbers exposed in Death Master Files 31,931 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2011 NEA Baptist Clinic Hack of clinic's web site compromised usernames, passwords, and in some cases additional details 3,116 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2011 Chili’s Grill Bar Restaurant Restaurant customers' credit card numbers hacked and misused Unknown UK Data Protection Act & EU Directive on Data Protection, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 13, 2011 Spectrum Health Services Inc. Stolen hard drive contained patients PII Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 11, 2011 Sony Online Entertainment, Sony Corporation PlayStation Network and Sony Online Entertainment usernames and passwords compromised via brute force attack 93,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 11, 2011 Chilliwack General Hospital Internal records with names, ages, admission dates, attending physician and diagnoses for patients found on a street. 27 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
October 10, 2011 Henry Ford Health System Stolen computer contained patients' name, physician’s name, medical record number, and results of a genotype test 520 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 10, 2011 Baxter, Baker, Sidle, Conn Jones, St. Joseph Medical Center, Preferred Professional Insurance Co. Backup drive containing records of 161 patients suing for malpractice left on a train 161 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
October 08, 2011 Troy School District Hacker obtained usernames and decrypted passwords from district's systems Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 07, 2011 Adult Pediatric Dermatology (APDerm) Patients' records on flash drive stolen from employee's car 2,200 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 07, 2011 Nemours Childrens Clinic Backup tapes with 1.6 million individuals' patient billing and employee payroll data missing 1,600,000 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
October 07, 2011 University of Georgia Personal data on faculty and staff including SSNs & DOBs available on university web site for years 18,931 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 07, 2011 First State Superannuation, FSS Trustee Corporation, Pillar Administration URL manipulation exposed clients' name, address, date of birth, next of kin and superannuation payments. 568 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 07, 2011 Air Pacific Limited Employee allegedly downloaded corporate and employee data including individual pilot and flight attendant salaries, and employee contracts Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 07, 2011 College of the Holy Cross Personal information of individuals compromised when employee fell for phishing attempt 493 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 07, 2011 Public Service Enterprise Group (PSEG) Laptop stolen from employee’s home contained employees' Social Security numbers Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 06, 2011 Indiana University School of Optometry Patients' information exposed on the Internet 757 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 06, 2011 United States Postal Service, AdvancePierre Foods Employee 401k data sent by mail on unencrypted flash drive was lost in the mail Unknown California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
October 05, 2011 Elections Alberta Binders containing voter registrant information lost by enumerators Unknown Canada PIPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 04, 2011 London Care PLC Personal details of home care patients, including keycode access to many of their doors, found in school car park 50 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 04, 2011 Poole NHS Trust, UK Two diaries stolen from nurse's car contained details on 240 midwifery patients 240 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 05, 2011 Association of School and College Leaders A laptop containing members' personal information stolen from an employee's home 100 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 03, 2011 Estate of James C. Graham M.D. File cabinets with deceased doctor's patient records stolen in burglary at unoccupied property Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 03, 2011 Surrey and Sussex Healthcare NHS Trust, UK Confidential patient records on lost memory stick 800 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 30, 2011 Unknown Organization, Blue Cross of Northeastern Pennsylvania, Penn Foster Documents and laptop stolen from employee's home contained PII & PHI of Penn Foster employees 500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 30, 2011 Betfair, UK Payment card details of most customers as well as PII with bank account details acquired by hacker 3,150,000 UK Data Protection Act & EU Directive on Data Protection, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 29, 2011 Unknown Organization, Florida Hospital Employees accessed records of car accident victims for attorney referral service 2,252 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 28, 2011 Science Applications International Corp (SAIC), Tricare Management Activity Backup tapes stolen from car containing patients' PII & PHI 4,900,000 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
September 28, 2011 Summit Medical Group , Fountain City Family Physicians , Emory Family Practice, Dr. Kenneth Reese Patients' PII & PHI in documents stolen from an employee's car 750 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 27, 2011 Tyrolean Regional Health Insurance (TIROLER GEBIETSKRANKENKASSE) (TGKK), Austria Insured' names, addresses and insurance numbers leaked by hackers 600,475 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 27, 2011 DeKalb County Sheriff’s Office Jail technician used inmates' SSNs for tax refund fraud Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 27, 2011 Fairview Health Services, Accretive Health, North Memorial Hospital Laptop stolen from employee's car contained patients' information 16,800 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 24, 2011 UKChatterbox Chatroom users' passwords possibly acquired by hackers Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 23, 2011 United States Postal Service, US Steel, Carnegie Pension Fund, Benefits Administration Services CD with PIIs of U.S. Steel retirees and dependents sent by their benefits administrator lost in the mail 4,000 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
September 22, 2011 University of Texas at San Antonio Students' and prospective students' PII accessed by employees after configuration error made data available on intranet 688 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 21, 2011 Saint John Regional Hospital, Horizon Health Memory stick with pediatric patients' information missing 1,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 21, 2011 Hana SK Card Telemarketing employee leaked customers' information including names, addresses and resident registration numbers Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 20, 2011 Blackpool Coastal Housing Tenants' PII and confidential care plans transferred to employee's home computer where they were accessible to others 80 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 20, 2011 ProMedica Patients' applications for financial assistance sent to other patients due to mail sorting machine error 14 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 19, 2011 Florida International University Emoticon discovered in internal database suggested that database with students' PII with GPAs might have been accessed by hacker 19,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 16, 2011 California State Assembly Employees' personal information may have been acquired by hacker 50 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 16, 2011 Guilford County Tax Department Taxpayers' PII and images of checks paid were accessible on internet 1,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 16, 2011 Good Samaritan Hospital Barrels of x-ray films stolen by person impersonating disposal vendor Unknown California SB-1386 & other State derivatives, HIPAA Security & FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 16, 2011 Connecticut Department of Revenue Services Employee accessed taxpayers' returns without legitimate business purpose 15 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 15, 2011 Brandywyne Healthcare Center Licensed practical nurse stole patients' information for use in tax fraud scheme 83 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 15, 2011 Royal Liverpool University Hospital, Royal Liverpool and Broadgreen University Hospitals NHS Trust, UK Ward handover sheets with patients' names and medical information found on public street 22 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 15, 2011 Royal Liverpool University Hospital, Royal Liverpool and Broadgreen University Hospitals NHS Trust, UK Bag stolen from staff member's car contained sensitive information on patients 27 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 15, 2011 Montgomery County Department of Job and Family Services PII of individuals seeking agency assistance were on lost thumb drive 1,200 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 14, 2011 Eastern and Coastal Kent Primary Care Trust, UK CD holding the PII and GP practice codes left in filing cabinet sent to a landfill 1,600,000 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 14, 2011 Bright House Networks Customer names, addresses, phone numbers and account numbers exposed in unauthorized access Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 14, 2011 United States Postal Service, United States Army CD containing the PII of Non-Appropriated Fund retiree records was lost in the mail 25,000 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
September 13, 2011 McDonalds Employee skims credit card numbers of people who used the drive-through lane of the store Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 13, 2011 Intelligence and National Security Alliance (INSA) Members PII acquired by hackers and exposed on internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 13, 2011 Northern Ireland Police Fund, Royal Ulster Constabulary, UK Former reservists had PII potentially exposed when they were sent a gratuity payment in envelopes with a clear window 6,000 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 12, 2011 Vacationland Vendors, Wilderness Resort, Wilderness at the Smokies Point of Sale breach at resort arcades exposes debit and credit card numbers 40,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 11, 2011 Linux Foundation Usernames, passwords, email addresses as well as other information compromised due to hack Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 10, 2011 Tampa Signal Thousands of customers who purchased ADT systems had their personal information stolen by employee and sold to tax fraud ring Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 09, 2011 Oregon Department of Transportation File with individuals' names and encoded SSNs on an ftp server indexed by search engine 62 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 09, 2011 Bonney Lake Medical Center Computers stolen from offices contained patients' PII & PHI. 2,370 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 09, 2011 Unknown Organization, Walsall Council, UK Hundreds of residents’ postal vote statements containing names, addresses, dates of birth and signatures dumped in a skip 951 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 09, 2011 Methodist Hospital (Methodist Health System) Employee stole patients' names and Social Security numbers to use in payday loan fraud 50 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 09, 2011 Indiana University School of Medicine Laptop stolen from researcher's car contained patients' PII & PHI 3,192 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 08, 2011 Beaumont Independent School District Students' PII including grade and scores on the Texas Assessment of Knowledge and Skills exposed on the web 15,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 08, 2011 Multi-Specialty Collection Services, Stanford Hospital and Clinics Emergency Room patients PII & PHI posted online 20,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 08, 2011 Unknown Organization, MyJob.ie, Ireland Security breach exposed users' passwords and information Unknown Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 08, 2011 North Bay Regional Health Centre Employee improperly accessed patients' records since 2004 5,800 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 07, 2011 Electronic Data Systems (EDS) Former employee stole identity info as part of tax refund fraud ring Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 07, 2011 London Ambulance Service, UK Personal laptop stolen from a staff member's home contained patients PII 2,664 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 07, 2011 University Hospital of South Manchester NHS Foundation Trust, UK Patients' name, age, occupation and surgical details on thumb drive lost by student 87 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 07, 2011 Treatment Services Northwest Stolen computer contained protected health information on patients 1,200 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 03, 2011 Nordstrom Customers' online accounts accessed; 17 used for fraudulent purchases Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 02, 2011 Scottish Children’s Reporter Administration (SCRA), UK Children's case files with sensitive information left in file cabinet sold to secondhand store 9 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
September 02, 2011 Texas Police Chiefs Association Email accounts of members acquired by hacker and contents posted online 25 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 01, 2011 Federal Correctional Institution Contract employee obtained the PII of inmates, other persons and used for a Medicaid fraud scheme Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 01, 2011 Graduate University for Advanced Studies (SOKENDAI), Japan Personal information of students, graduates and applicants exposed on the web Unknown Japan Privacy Act A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 01, 2011 El Paso Independent School District Hackers accessed PII of district employees and students Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 01, 2011 Birdville Independent School District Two students hacked into their school district's server and accessed a file with student PII 14,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 31, 2011 Edinburgh Royal Infirmary, UK PII of patients, including names, addresses, dates of birth and some medical files stolen from emergency room reception desk Unknown UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 31, 2011 TD Bank, AmeriHealth Administrators AmeriHealth employee accessed PII & bank account numbers for confederate who created counterfeit checks presented to an accomplice inside TD Bank 86 California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 26, 2011 SWGalaxies (LFNetwork) Fans' email addresses and plain-text passwords acquired and leaked by hacker 23,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 26, 2011 Michigan Secretary of State, North Macomb PLUS, Southwest Macomb PLUS Documents containing PII of drivers license and state identification applications were stolen from offices 14,000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 28, 2011 Borlas.net Hackers leak the names, passwords, emails and phone numbers of registered users 14,800 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 26, 2011 Unknown Organization, Canada Post (Post Office Canada), Waterloo Region District School Board Two microfilm rolls with former students' PII lost in the post 2,279 Canada PIPA & PIPEDA A.10.8.3 - Physical media in transit
August 26, 2011 Living Healthy Community Clinic, University of Wisconsin-Oshkosh College of Nursing PII as well as some health records of patients exposed by virus 3,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 25, 2011 Shark Club, Moxie’s Canada PII and payroll information for dozens of staff found in dumpster Unknown Canada PIPA & PIPEDA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 24, 2011 Hays, Royal Bank of Scotland (RBS), UK Email error disclosed contractors' pay rates to contractors working for Royal Bank of Scotland 3,000 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
August 22, 2011 ShoWorks, Inc. (Allianceforbiz.com) Log-in credentials and personal information acquired by hacker and exposed online 20,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 22, 2011 Texas Health Partners, Texas Health Presbyterian Hospital Flower Mound Stolen laptop contained personal, medical, and insurance information on patients Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 22, 2011 Louisiana Department of Children and Family Services Copies of assistance applicants' PIIs found blowing down the street 67 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 19, 2011 Vanguard Defense Industries Defense contractor's personal e-mail account hacked, revealing PII Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 18, 2011 Chocolate Emporium Employee copied entire customer database to Dropbox, including credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 17, 2011 Fort Dodge Correctional Facility Employees' PII were in desk drawer accessible to inmates for 3-4 months 23 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 17, 2011 Bay Area Rapid Transit (BART) Police Officers Association Hack exposes personal details of BART police officers 100 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 16, 2011 Purdue University Former students' and faculty members' SSNs at risk from hack 7,093 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 14, 2011 Bay Area Rapid Transit (BART) Employees' and customers' PIIs including unencrypted passwords acquired and posted by hackers 2,450 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 13, 2011 St. Francis Hospital Doctor lost unencrypted flash drive with maternity patients' names and medical details 574 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 12, 2011 Office of the Telecommunications Authority, Hong Kong Personal data of more than 500 people on stolen laptop 500 Personal Data (Privacy) Ordinance (PCPD) A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 12, 2011 Midland Regional Hospital, Roscommon County Hospital, Ireland Files with patients' PII & PHI found outside another hospital Unknown Irish Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 12, 2011 Reznick Group, AssureCare Risk Management, Inc, Colonial Healthcare, Inc. Breach at former benefits administrator exposed employees' and dependents' PII Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 11, 2011 TGI Fridays Employee skimmed and sold customers' credit card numbers 73 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 10, 2011 The Knoll at Thackley, ADL plc, UK Unknown number of medical files and records were found dumped in the grounds of the abandoned nursing home Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 10, 2011 University of Wisconsin - Milwaukee Malware infected computer expose PII 75,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2011 Yale University PII of faculty, staff, students, and alumni in 1999 file indexed by Google 43,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2011 North Carolina State University, Ashley Chapel Elementary School, Gardners Elementary School, Wells Elementary School PII of elementary students exposed on Internet by university server 1,800 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2011 North Carolina State University School childrens' data including SSNs exposed on the web 1,800 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 08, 2011 Thirty-One Gifts, LLC Missing laptop with consultants' bank account information discovered during investigation of fraudulent wire transfers Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 08, 2011 Unknown Organization, Thompson Dunavant, PLC Laptop stolen from auditor contained clients' employees' PII Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 08, 2011 Sikorsky Aircraft Corporation Employees' PII were in files on server accessed by hacker Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 08, 2011 California State Polytechnic University Staff member places files containing faculty members PII on a network share 38 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 05, 2011 Unknown Organization, Citi Cards Japan (Citigroup) PII of customers sold to a third party by employee of contractor 92,408 Japan Privacy Act A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 05, 2011 Harley Street Clinic, HCA International Limited, UK Two unencrypted laptops with patient information stolen from hospital Unknown UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 05, 2011 Brigham and Women’s/Faulkner Hospital Hard drive left in cab by doctor contained medical information on patients 638 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 04, 2011 Dialogic Inc. During a break-in, equipment with employees' names and SSNs was stolen Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 04, 2011 Unknown Organization, Lewisham Homes Limited, Wandle Housing Association Ltd, UK PII of tenants copied onto contractor's flash drive that was lost in a pub 26,200 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
August 03, 2011 Parenthesis Family Advocates, Franklin County Children Services PII & PHI found near recycling bin Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
August 02, 2011 Hershey Hacker accesses PII on server Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 01, 2011 News International Group Limited, UK PII of thousands of people acquired and posted online having participated in polls and competitions on The Sun newspaper website Unknown UK Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 01, 2011 Idaho State University, Pocatello Family Medicine Failure to restore firewall after maintenance left patient information exposed for 9 months Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 01, 2011 Mills-Peninsula Medical Center Mailroom employee took home mail with patients' PII & PHI for a 1-year period 1,500 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 25, 2011 GIS, Austria Data files containing sensitive bank account information, acquired by hackers 214,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 21, 2011 City Newsstand Inc. Customers' credit and debit card captured during transmission Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 20, 2011 Swedish Medical Center Employees' names and Social Security Numbers exposed on the Internet 19,799 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 19, 2011 Mountain Mike’s Pizza Customers experienced card fraud after POS system hacked Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 18, 2011 Beth Israel Deaconess Medical Center Patients notified that their PII, PHI may have been transmitted by virus after vendor forgets to restore security controls following maintenance 2,021 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 18, 2011 Unknown Organization, JL Audio, Inc. Customers' PII including plain text passwords acquired and posted by hacker 4,827 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 18, 2011 REWE Group, Germany Tens of thousands customers' PII obtained from two online stores Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 17, 2011 Unknown Organization, Federal Emergency Management Agency, Williams Chevrolet Inc. Customers Documents found in abandoned storage rental unit included FEMA assistance applications and car lease applications 340 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 17, 2011 Haartman Hospital, Finland Employee accessed patients' records without authorization 188 EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 16, 2011 Margarita's Mexican Restaurant Hundreds of customers' card numbers misused or put up for sale on underground market Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 16, 2011 Meath Council, Ireland Planning applicants' PII posted online Unknown Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 16, 2011 Kirklees Council Laptop stolen from employee's home contained PII & PHI 25 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 15, 2011 The Kitchen Place Customers' records including credit card numbers and bank account information as well as employee payroll records exposed during bankruptcy sale Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 15, 2011 DeKalb Medical Center Stolen patient information may have been used in tax refund fraud scheme 7,500 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 15, 2011 UPromise Investments, CollegeChoice529 Direct Savings Plan Employee accessed depositors' names, SSNs, birthdays and other contact information 300 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 13, 2011 Estée Lauder Stolen laptop contained current and former employees' and contractors' names and SSNs Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 13, 2011 Lincoln National Life Insurance Company, Lincoln Life Annuity Company of New York, Lincoln Financial Group Email attachment exposed individuals' names and SSNs 705 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
July 13, 2011 Sønderborg Municipality, Denmark Confidential details on 156 employees' work injuries leaked on website 156 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 11, 2011 AssureCare, Lansing Community College Health and dental plan members' names, addresses and SSNs on compromised server Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 11, 2011 Toshiba Corporation Admins',users' and more than two dozen resellers' PII including plain text passwords acquired and posted by hacker Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 11, 2011 Colorado Springs Hospital, Memorial Health System City nurse fired for allegedly accessing patients' records via Physician Link without cause 2,500 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 11, 2011 Booz Allen Hamilton Hackers breach military PII including encrypted passwords and an assortment of data related to other companies and government networks including source code 90,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 08, 2011 Jeannette Hospital, Excela Health Stolen computer contained patients' PII & PHI Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
July 08, 2011 All Pets Club Customers at two of four pet shops report card fraud after transactions Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 08, 2011 German Federal Police (Bundespolizei) GPS location coordinates, license plate numbers, and telephone numbers of suspects, as well as police officers' usernames and passwords acquired and dumped by hackers Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 07, 2011 Stevens Institute of Technology Users' full names, usernames, plaintext passwords and email addresses exposed by hacker 31 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 06, 2011 Hurley Medical Center Laptop containing patients' PII & PHI missing or stolen 1,938 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 06, 2011 Troy Regional Medical Center Files containing patients' PII & PHI removed from the hospital and used in tax refund fraud scheme 880 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 04, 2011 Clark College Students' PII compromised by hacker 250 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 04, 2011 IRC Federal E-mail addresses and passwords, private e-mails, and login information for an FBI contractor acquired and posted by hackers Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 01, 2011 Unknown Organization, Spain & Spain, Irene Makridis Client records from defunct law firm discarded without shredding by owner of building Unknown EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 30, 2011 Department of Health Care Policy & Financing A disk containing medicaid applicant PII has been lost in transit between two state agencies. 3,590 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
June 30, 2011 Smashing Tomato Restaurant customers' card numbers acquired during transmission to card processor Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 30, 2011 PhyData LLC, Advanced Diagnostic Imaging, Premier Radiology, Anesthesia Services Associates Laptop with patients' PII and medical record numbers stolen from car parked at shopping mall 1,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 28, 2011 Plymouth State University Missing backup drive contains names and SSNs of students 1,509 California SB-1386 & other State derivatives, FERPA A.10.8.3 - Physical media in transit
June 27, 2011 NHS Jobs, UK Jobs.nhs.uk site leaks candidate details to newly registered users 69 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 27, 2011 Gannett Government Media Corporation PII of subscribers to DefenseNews acquired by hacker Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 27, 2011 Sosasta, INDIA Users' email addresses and plaintext passwords indexed by Google 300,000 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 24, 2011 New York State Department of Taxation and Finance, Morgan Stanley Smith Barney , United States Postal Service Clients’ PII including account and tax identification numbers on two CDs that are missing after being mailed to the state's office 34,000 California SB-1386 & other State derivatives, GLBA A.10.8.3 - Physical media in transit
June 24, 2011 California Department of Health Care Services, California Department of Public Health, California Department of Health Services Personal and workers' compensation information of approximately current and former state employees copied to a drive by an employee and removed from offices 9,000 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 24, 2011 Accendo Insurance Company, RxAmerica (CVS Caremark) Mailing error exposes members' medication name, date of birth, and member ID in envelope window 175,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 23, 2011 Arizona Department of Public Safety Internal memos as well as PII including passwords belonging to Arizona law enforcement accessed by hackers Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 23, 2011 NATO e-Bookshop, Unknown Organization Usernames, passwords, addresses and email addresses may have been acquired by hacker 12,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2011 Mt. Gox Japan Bitcoin exchange database containing username, email and password hashes stolen from auditor by hackers 61,020 Japan Privacy Act A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2011 DropBox User accounts accessed by others after code update disabled authentication 100 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2011 Staples Business Depot Inadequately wiping of devices being re-sold left sensitive information including PII, Employment history, academic transcripts, and personal investment info exposed Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 20, 2011 Foothills Nephrology Patients' names, dates of birth, and clinical information on laptop stolen from physician's car 1,280 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 19, 2011 InfraGard Connecticut Users' accounts reportedly compromised by hackers 1,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 19, 2011 Centaur Hotels, S. Naidu Pvt. Ltd Guests' PII exposed on web Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 17, 2011 SEGA Hackers acquire users' names, emails addresses, dates of birth and encrypted passwords 1,290,755 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 17, 2011 Blue Cross Blue Shield Florida Members' explanation of benefits forms sent to incorrect addresses 3,500 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 17, 2011 Victoria Hospital, London Health Sciences Center Handwritten notes with patients' names, treatments, and health card numbers found exposed on grounds of hospital 13 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 16, 2011 Area Agency on Aging, Inc Consumers' health information 35,000 personal representatives' contact information on stolen laptop 78,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 16, 2011 BioWare, Electronic Arts (EA) User account names, passwords, email addresses, and birth dates accessed by hacker 18,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 16, 2011 Harrisburg Project, Illinois State Board of Education Records for students and staff including PII were on laptops stolen from van 10,454 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 16, 2011 WriterSpace.com Members' email addresses and passwords acquired and posted by hackers 12,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 16, 2011 Apple, Inc. Retail store employee accessed customer credit card information without authorization Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 15, 2011 Automatic Data Processing (ADP), Workscape, Inc., FedEx SmartPost Hack of legacy platform compromised client's data Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2011 Unknown Organization, Platte Valley Medical Center, St. Anthony North Hospital, St. Anthony Central Hospital, Porter Adventist Hospital, Boulder Community Hospital Nurse improperly accessed hundreds of patients' files to steal SSNss and other sensitive information for fraudulent purposes 273 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 14, 2011 Saint Louis University Dozens of documents with former students' names, addresses and Social Security numbers found behind university building Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 14, 2011 London Health Programmes, NHS North Central London Patients' medical details, PII on missing or stolen laptop 8,630,000 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 13, 2011 Unknown Organization, Sutter Gould Medical Foundation Patients' records with patient PII & PHI information sent to dump in error by contractor 1,200 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 13, 2011 Jackson Memorial Hospital, Jackson Health System Employee accessed patients' financial information without authorization 1,800 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 13, 2011 Bethesda Softworks Usernames, email addresses and passwords acquired by hacker 200,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2011 Penn State Altoona Virus may have exfiltrated alumni, faculty, and staff SSNs 12,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2011 Southern California Medical-Legal Consultants Workers’ compensation applicants’ names and Social Security Numbers were exposed on internet 300,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2011 T&T Supermarket, Inc. PII of customers and some job applicants acquired by hackers 58,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2011 Pfizer Laptop stolen from employee's car contained PII on employees, health care professionals, service providers, and customers. Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 10, 2011 Lafrance Hospitality Corporation, White's of Westport, Bittersweet Farm Restaurant & Tavern Restaurant patrons' credit and debit card numbers breached and misused 100 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2011 Texas Department of Assistive and Rehabilitative Services, Texas Rehabilitation Commission, Texas Commission for the Blind, Texas Commission for the Deaf and Hard of Hearing Current and former employees notified that their names and Social Security numbers were exposed on the internet 4,900 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2011 Dr. Morgan Camp M.D. & Associates Stolen computer contained patients' credit card information and personal information Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 10, 2011 Codemasters Thousands of PII, passwords, IP addresses, XBox gamer tags, and biographies accessed by hackers Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2011 Surbiton Children’s Centre Nursery Teacher's bag containing flash drive and documents with students' educational information stolen 21 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 09, 2011 Citigroup, Citibank, N.A. Customers' names, contact information, email addresses, and credit card account numbers accessed by hacker 360,083 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 08, 2011 Denver Players, Denver Sugar Stolen files belonging to escort service contained clients' PII, credit card receipts, and appointment schedule Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 08, 2011 Burke County District Attorney's Office, Patton Cleaning Co. Inc. Night cleaner allegedly copied sensitive criminal case documents and traded them to someone for drugs Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 08, 2011 Dumfries and Galloway Council, UK Employees' confidential information including PII erroneously provided in response to a FOI request; winds up on a web site 900 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 08, 2011 Conservative Party of Canada Donors' names, addresses, email addresses, and partial credit card information acquired by hacker Unknown Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 07, 2011 Granville County Schools Employees' Social Security Numbers and payroll information on laptops stolen from district's finance department office Unknown California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 06, 2011 Victor Victoria’s Restaurant, Renteria Catering Owners used customer credit card numbers for fraudulent purposes Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 06, 2011 Scotiabank CDs containing customers' PII and numbers for registered accounts lost internally Unknown California SB-1386 & other State derivatives, GLBA A.10.8.3 - Physical media in transit
June 06, 2011 Surrey County Council, UK Email errors exposed personal and medical information of hundreds of individuals Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
June 05, 2011 Imaging Center of Garland Patients' x-rays were improperly disposed 1,031 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 04, 2011 Sony Europe PIIs and website urls hacked and posted to Pastebin 120 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 03, 2011 Trinity Medical Center, Montclair Baptist Medical Center Patients' names, dates of birth, social security numbers, and some medical information stolen by woman visiting patient 4,500 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 03, 2011 Jean Coutu Patient PHI & PII found in the street Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 03, 2011 HealthCare Partners Patients' personal, medical, and insurance information on 19 stolen computers 15,727 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 03, 2011 University of Mary Washington Students' names, dates of birth, and Social Security Numbers viewable by others logged into EagleNet portal Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 02, 2011 San Francisco Public Utilities Commission PII may have been exposed on infected server 180,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 02, 2011 InfraGard, Unveillance PII acquired and posted publicly plus one company's emails 180 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 02, 2011 Sony Pictures, Sony BMG Belgium, Sony BMG Netherlands Users' passwords, email addresses, home addresses, dates of birth, as well as administrator login passwords acquired by hackers 1,000,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 02, 2011 Ravenel Elementary School Students' and parents' names and Medicaid numbers on stolen thumb drive 15 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 02, 2011 Wake Forest University Baptist Medical Center Boxes of patients' records with PHI & PII found in employee's home and storage locations Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 02, 2011 Royal Bolton Hospital, UK Patients' records containing PII & PHI were found in a dumpster at McDonald's 19 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
June 01, 2011 Center for Arthritis and Rheumatic Diseases Patients' protected health information was on stolen documents 8,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 01, 2011 Union Security Insurance Company Members notified of "Unauthorized Access/Disclosure" of protected health information 850 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2011 Moorgate Primary Care, Prestwich Primary Care, NHS Bury Trust, Direct Assist, UK Nurse provided accident victims' contact information to employee of personal injury firm 189 UK Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 01, 2011 LibriVox Entire database acquired by hacker, including private emails 26,677 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 27, 2011 Tax Matters, Inc. Clients' PII and financial information discarded unshredded in dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 27, 2011 Provena Covenant Medical Center Employee stole and misused patients' and co-workers' information 100 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 27, 2011 Spartanburg Regional Medical Center Patients' PII and medical billing codes on laptop stolen from employee's car. Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 27, 2011 San Juan Unified School District Employees' PII exposed on web 4,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 27, 2011 Loyola University Medical Center Stolen flash drive contained transplant patients' PII 100 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 27, 2011 LA Boxing Customer records containing PII, CCNs, and bank account numbers left in dumpster Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 27, 2011 Asperger’s Children and Carers Together, UK Medication information as well as children’s PII on laptop stolen from employee's home 80 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 25, 2011 Bank of America Employee leaked customers' PII and account details to others who used them fraudulently Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 24, 2011 Memphis City Schools PII of students possibly hacked and used in tax return fraud by 2 women 350 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2011 Sony Ericsson Mobile Communications AB Email addresses, passwords and names of users acquired and exposed by hackers 2,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2011 Eagle Ridge Resort & Spa Guests' CCNs, expiration dates, and security codes may have been accessed by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2011 Global Financial Aid Services Students' PII, account numbers on unencrypted laptop stolen at convention Unknown California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 23, 2011 Sony BMG Greece Usernames, email addresses, phone numbers and password hashes acquired by hacker 8,500 Law 2472/1997 on the Protection of Individuals with regard to the Processing of Personal Data
EU Directive on Data Protection
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 20, 2011 Transpro, HarborOne Credit Union Credit union customers' PII and account numbers were on checks in stolen courier's bag 800 California SB-1386 & other State derivatives, GLBA A.10.8.3 - Physical media in transit
May 19, 2011 Leading Investment & Securities Co. Customers' PII acquired by hacker in extortion attempt 12,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 18, 2011 National Business Center, Securities and Exchange Commission Employees' SSNs and other payroll information exposed when sent via unencrypted email 4,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 17, 2011 Unknown Organization, The Smile Center, Delta Dental of Minnesota Patients' PII and limited dental claims data on stolen laptop Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 17, 2011 Regions Bank PIIs used to set up 184 bank accounts for fraudulent purposes by insider 149 California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 17, 2011 Massachusetts Department of Workforce Development PII and some employer bank account information may have been transmitted after 1,500 computers were infected with a computer virus 210,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 16, 2011 Dr. Burnham & Associates Medical Clinic, Central Alberta Pain & Rehabilitation Institute (Alberta Health Services) Patients' PII, health care numbers and prescription information were on a drive stolen from clinic 1,000 Canada PIPEDA & PIPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 14, 2011 Chartered Institute of Public Relations, UK ‘Hard copy’ applications including PII and potential payment information lost on public transport 30 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 13, 2011 Anthem Blue Cross of California SSNs of Medicare Supplement members exposed in envelope windows 37,900 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 13, 2011 Square Enix, Japan PII of customers plus CVs of job applicants downloaded by hackers 25,000 Japan Privacy Act A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 12, 2011 Dominos Pizza, KB Pizza Hundreds of employee files containing SSNs, driver’s license numbers and copies of birth certificates found in dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 12, 2011 Honda Canada Customers' PII and some internal Financial Services Account numbers accessed by hacker 280,000 Canada PIPEDA & PIPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 10, 2011 Indiana Regional Medical Center Names and some medical information on patients taken by an employee as part of a legal dispute 1,368 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 10, 2011 Unknown Organization, Dunes Family Health Care External drive stolen from office contained patients' PII & PHI 16,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 09, 2011 Reid Hospital Laptop stolen from employee's home contained patients' names and Social Security numbers or Medicare numbers 22,001 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 09, 2011 Unknown Organization, Assurant Employee Benefits Customers' names, addresses, dates of birth and SSNs exposed to another Assurant client 1,007 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 08, 2011 Huntington National Bank Ex-employees sued for allegedly downloading and taking mortgage loan customers' PII including bank account numbers 2,000 California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 07, 2011 Jeffry Barnes, DDS Records with names, SSNs, prescription records and medical history found in recycling center 60 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
May 05, 2011 Park Avenue Obstetrics & Gynecology, PC PHI of patients on stolen device 635 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 05, 2011 Methodist Charlton Medical Center Palliative care patients' PII & PHI on laptop from office 1,500 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 05, 2011 Central Oregon Community College Students' email addresses and ID numbers hacked Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 05, 2011 Lockerman Family Chiropractic Doctor misused patient information to open lines of credit Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 04, 2011 Michaels Stores, Inc. PIN pad tampering at stores results in dozens of cases of card fraud
California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 04, 2011 Victorian Institute of Forensic Medicine Forensic technician leaked autopsy reports and photographs of victims' remains to pub mates 77 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 04, 2011 Baker Moving and Storage, Rodney Johnson 20 boxes of documents containing personal, financial, and medical information fell off truck and scattered in wind Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
May 03, 2011 Speare Memorial Hospital Patients' PII & PHI on laptop stolen from employee vehicle 5,994 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 03, 2011 FIS Prepaid accounts at risk and 3 individual cardholders’ information may have been disclosed 7,170 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 02, 2011 Woman To Woman Healthcare Employee stole patient identity information for fraudulent purposes 26 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 02, 2011 Sony Online Entertainment, Sony Corporation Customer PII including credit or debit card numbers and expiration dates including bank account numbers accessed by hacker 24,600,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 02, 2011 X Factor Applicants' names, dates of birth, email addresses, zip code, phone numbers accessed 250,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 01, 2011 Edalji & Komer MD Patients had PHI on stolen laptop 563 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 01, 2011 Keith & Fisher, DDS, PA Patients notified of security breach involving PHI following hack 6,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 29, 2011 Brian J. Daniels, D.D.S, PC, Paul R. Daniels, D.D.S., PC Stolen portable device contained PHI on patients 10,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 29, 2011 Trinity College Dublin, Ireland Student & staff PII exposed on intranet Unknown Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 28, 2011 UNESCO, France Job applications including employment and salary history accesible on the web by url manipulation Thousands EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 28, 2011 Seattle Public Schools, Ballard High School, Ingraham High School, Chief Sealth Teacher login passwords stolen, grades changed at three high schools Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 28, 2011 United States Department of Defense PII and medical PHI of Guantanamo detainees revealed in data dump by Wikileaks 1,367 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 27, 2011 Dslreports.com Email addresses and passwords compromised due to SQL injection attack 8,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 27, 2011 New York Yankees Season ticket holders had their PII exposed in an email attachment 17,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 26, 2011 Sony Corporation PII with purchase history and possibly credit cards compromised 77,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 18, 2011 Eastern Illinois University Employee records with incompletely shredded names and Social Security Numbers dumped by side of road Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 18, 2011 European Space Agency (ESA), France Website hacked Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 23, 2011 The Texas State Comptroller's office PII inadvertently posted on a publicly accessible Web site for nearly a year 3,200,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 22, 2011 U.S. District Court - Middle District of Alabama Confidential information from sealed court files, including PII was publicly accessible in PACER case entries online 40 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 22, 2011 Schield Family Companies, Peachtree Doors and Windows Inc., Weather Shield, Vetter, Crestline Employees notified that their PII may have been acquired 12,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 21, 2011 Qdoba Mexican Grill Customers' CCNs acquired and misused possibly by hackers 18 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 21, 2011 Freehold Community School Students' PII on laptop stolen from car 90 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 21, 2011 Company One Customers' credit card numbers stolen by hackers 359,661 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2011 Netflix, Inc. Call center employee accessed customers' names and credit card information without authorization Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 20, 2011 Blockbuster Video Employee and applicants' records containing names, contact details, Social Security and personnel matters found discarded Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 18, 2011 Middlesex London Health Unit, H.A. Leeper Speech and Hearing Clinic, University of Western Ontario - Elborn College Memory stick containing PII & PHI of kids seen at speech and hearing clinic missing 4,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 18, 2011 ABM Industries Names and Social Security numbers of current and former employees on stolen computer Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 18, 2011 Southwest Ambulance Employee took patient records with names, financial and medical information for training purposes 581 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 18, 2011 Ashampoo Hackers gained access to its customer database 14,000,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 18, 2011 Brighton and Sussex University Hospitals NHS Trust , University College London Hospitals NHS Foundation Trust, University College London Hospitals, UK Unencrypted flash drive with 750 patients' urology images and diagnoses left in a computer 750 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 14, 2011 Edmonton Public School Board, Canada Flash drive with 7,000 employee resumes and personnel information lost by technician 7,000 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 13, 2011 Marsh U.S. Consumer, IEEE Mailing error exposed members' names and life insurance member numbers to others Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 13, 2011 Moises M. Soulas Jr, M.D. Patient files stolen from doctor's garage contained personal and medical information 100 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 13, 2011 Fairview Health Services, Fairview Southdale Hospital Box with patients' insurance billing records, including PII and diagnoses lost prior to or during move 1,200 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
April 13, 2011 AllianceBernstein Holding LP Employee downloaded client files and transactions before resigning Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 13, 2011 Albright College PII of alumni, students, applicants and family members on two computers stolen from office 10,000 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 12, 2011 UMass Memorial Healthcare Configuration error exposes employees' pay stub data and bank account numbers to other employees Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2011 Lancaster County School District Students' and employees' PII including DOB and SSNs, may have been acquired by hacker 27,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2011 Infogroup Customer credit card payment transactions may have been compromised by virus Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2011 Andrew J. Ranucci, DMD, PC PII & PHI discarded without shredding Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 11, 2011 Unknown Organization, NHS Liverpool Community Health, UK Medical histories of children and birth mothers lost during office move 31 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
April 11, 2011 National University of Ireland, Galway (NUI Galway), Ireland Student mobile phone numbers, ID numbers and email addresses accessed by hacker Unknown Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2011 Texas Comptroller of Public Accounts Teachers' and employees' Social Security numbers and other personal information exposed on the Internet 3,500,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2011 Devon County Council, UK Names of special needs students exposed online Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2011 Hyundai Capital, South Korea Unprecedented systematic accessing of customer financial information by hackers 420,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 09, 2011 Phoenix Ireland, Scottish Provident Ireland Customers' and applicants' names, addresses and bank account details on lost tape 50,000 Irish Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
April 08, 2011 Rojone Pty Ltd. Database of 629 Government Customer Credit Cards stolen 629 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 08, 2011 Aiken County Veteran's Affairs, Charlie Norwood VA Medical Center Medical center appointment lists with names, dates of birth, and Social Security numbers were discarded without shredding 2,717 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
April 08, 2011 The Children's Hospital of Philadelphia, Family Planning Council, Planned Parenthood Southeastern Pennsylvania, Planned Parenthood Association of Bucks County, Spectrum Health Services Inc., Public Health Management Corporation Patients' personal insurance and PHI on stolen thumb drive 70,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 07, 2011 Unknown Organization, Merlin Information Services Compromised customer login used to access names, addresses, phone numbers and Social Security numbers Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 07, 2011 Godalming College, UK Email error exposed students' learning and sensitive medical details to student group 328 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 07, 2011 Broward County School District, Linda Green, M.D., Linda Groene, M.D. Employees stole and sold personal information of patients and teachers as part of ID theft ring Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 06, 2011 The Hartford insurance company Hacked 300 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 05, 2011 US Airways Employee accessed and transferred confidential database containing pilots' PII 3,000 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 01, 2011 Belfast Trust, Belvoir Park Patients' x-rays files vandalized after being left behind during relocation 20,000 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
April 01, 2011 GoGrid LLC Customers' names, addresses, credit card numbers and card expiration dates viewable by intruder Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 01, 2011 Warrington Hospital , Warrington and Halton Hospitals NHS, UK Stolen laptop used for audiological diagnostic purposes contained 110 patients PII & PHI 110 UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 01, 2011 Epsilon Names and e-mail addresses may have fallen into the wrong hands after someone broke into computer systems Millions California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 24, 2011 BP Lost laptop contains PII gulf oil spill claimants 13,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 23, 2011 InfoSpherix, Maine Department of Conservation (Bureau of Parks and Lands) CCNs and expiration dates accessed after malware infection of online site to purchase park passes 970 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 23, 2011 Spectrum Housing Employees' PII sent to member of the public in error 200 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 22, 2011 Texas Education Agency, Laredo Independent School District, University of Texas at Dallas (Education Research Center) Disk with students' records with SSNs missing after arrival at state office building 24,903 California SB-1386 & other State derivatives, FERPA A.10.8.3 - Physical media in transit
March 17, 2011 City of Cleveland Council Completed job applications for municipal judge containing PII were found in a dumpster 10 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
March 16, 2011 Nation's Giant Hamburgers Credit cards and identities stolen due to credit card machines being compromised 200 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 16, 2011 Walnut Township School District Administrators, teachers and school staff payroll files hacked 80 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 14, 2011 University of York Students' PII exposed on the Internet without login required 17,094 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 11, 2011 Virginia Polytechnic Institute and State University Employees' SSNs and financial info sent overseas by Zeus virus 370 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 10, 2011 Ortho Montana, PSC Missing laptop contained patients' personal and protected health information 37,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 10, 2011 TD Bank Employee arrested for selling customer bank account numbers Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 10, 2011 University of Massachusetts at Amherst (UMASS) Patient’s names, health insurer names, medical record numbers and on infected server 942 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 09, 2011 Midlands Technical College Flash drive containing personal information taken from a human resources office 500 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 09, 2011 Eastern Michigan University Students' PII misused by student employees in a tax refund scheme 64 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 08, 2011 Western Michigan University Backup hard drive containing faculty and student PII gone missing Unknown California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 05, 2011 Blue Cross Blue Shield Florida Explanation of benefits forms mailed to members' former addresses 7,400 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 04, 2011 Ambassador Hotel Group Hotel guests’ names, dates of birth, mobile numbers, and other information indexed by Google Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 04, 2011 Alaska Department of Education and Early Development Students PII and other information missing on stolen computer hard drive 89,519 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 04, 2011 University of South Carolina - Sumter Personal details, including SSN, exposed on Internet 31,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 03, 2011 Missouri State University College of Education students had names and SSN indexed by Google 6,030 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 24, 2011 Henry Ford Health System Flash drive with names, medical record numbers and test results lost 2,777 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 23, 2011 Disability, Housing and Community Service PII stolen from laptop at home Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 22, 2011 Identity and Passport Service, UK Passport renewal applications lost during processing exposing PII 21 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 22, 2011 Chapman University, Brandman University PII exposed in file placed in a nonsecure folder 13,000 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 21, 2011 Plan Personnel PII & PHI found in parking lot. 37 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
February 20, 2011 Emory Healthcare PII & PHI stolen by hackers 2,400 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 19, 2011 eFinancialCareers, Dice Holdings, Inc Career site's database hacked exposing user's information Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 16, 2011 Charleston Area Medical Center's Research Institute, XForia PII & PHI exposed in database 3,655 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 15, 2011 Day's Jewelers Thousands of credit cards exposed by hackers 2,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 15, 2011 Lush Australia Website Hacked - Credit card details obtained Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2011 HBGary Federal Website Hacked - PII details obtained Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2011 Oregon Department of Corrections Employees SSNs and payroll information lost on portable thumb drive 550 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 04, 2011 Medi-Cal SSNs and other PII emailed to personal computer 2,400 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 31, 2011 HuskyDirect.com Website hacked, CCNs compromised 18,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 29, 2011 University of Iowa Hospitals and Clinics Medical records for hospitalized football players improperly accessed 13 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 19, 2011 South Carolina State Employee Insurance Program Hacked 5,600 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 19, 2011 Wandsworth Council, UK System glitch in the register led to the unwanted disclosure of Wandsworth residents’ PII Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 19, 2011 Hull and East Yorkshire Hospitals NHS Trust, UK Lost laptop exposes PII, PHI 1,147 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 15, 2011 DBS Bank Bank executive sells customers' confidential details to several buyers Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 14, 2011 Police Force, NHS trusts and Local councils in Yorkshire, UK Criminal records and PHI accessed inappropriately Unknown UK Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 13, 2011 St. Vincent Hospital PII, PHI exposed due to email hack Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 13, 2011 Kadlec Regional Medical Center Servers containing PII, PHI hacked Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2011 PenFed Laptop infected with malware compromising database containing PII, CCNs of certain members. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2011 Fine Gael, IRL Website hacked and database downloaded including PII 2,000 Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 08, 2011 Washington St. Employment Security Dept PII of employees stolen from employee's car 1,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 08, 2011 Tulane University Laptop with unencrypted PII for every employee receiving a W-2 stolen from employee's car 10,684 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 05, 2011 The Scottish Court Service, UK Documents containing sensitive personal details accidentally disposed of at a local recycling bank Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
January 04, 2011 Gary C. Spinks, DMD, PC PII, PHI may have been accessed by hacker 1,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 04, 2011 PinnacleHealth System, Gair Medical Transcription Services PII, PHI exposed on web for over two years 1,086 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2011 Half Hitch Tackle Customers report fraudulent card use following system security breach by hackers, CCNs impacted Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information


ESTIMATED TOTAL (ROUGH): 295,959,962

GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.