PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
| December 31, 2011 |
California Statewide Law Enforcement Association |
PII as well as dozens of full credit card numbers with expiration dates and e-mail spools dumped by hackers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 30, 2011 |
United Airlines |
PII of people available to individual who logged in to mobile web site |
20 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 28, 2011 |
Care2 |
Members notified of forced password reset after hacker accesses "limited number" of users' logins |
17,900,617 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 28, 2011 |
Loma Linda University Medical Center |
Social Security and driver's license numbers and patients' medical records stolen by employee |
1,336 |
California SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 27, 2011 |
Promo-Web.org (Promo Web) |
Forum usernames, clear-text passwords, and e-mail addresses dumped by hacker |
2,784 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 27, 2011 |
Welcome Financial Services , Cattles Group, UK |
Backup tapes or disks with PII of loan customers as well as data on some employees reported missing |
1,400,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| December 26, 2011 |
Club Penguin Private Servers |
Usernames, e-mail addresses, IP addresses, and easily decrypted MD5 passwords posted to web by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 26, 2011 |
Tianya |
Forum members' usernames and clear-text passwords leaked online by hackers |
40,000,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 25, 2011 |
Taishin International Bank |
PII including cash card number, national health insurance card, of applicants for cash cards leaked to a criminal ring |
20,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 23, 2011 |
New York City Office of the Public Advocate |
Thousands of PII acquired and dumped by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 23, 2011 |
Virginia Department of General Services |
Database with Social Security numbers available on the web for over 10 years |
639 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 22, 2011 |
Oregon Department of Human Services |
Laptop stolen from office contained fingerprints and other personal information |
3,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 22, 2011 |
7k7k |
Data for game site users reportedly leaked by hackers |
20,000,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 22, 2011 |
Edinburgh City Council, UK |
Debt advice records accessed by hackers |
8,745 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 21, 2011 |
Trion Worlds |
Usernames, encrypted passwords, birthdates, email, billing addresses, and partial credit card info acquired by hackers |
3,300,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 21, 2011 |
Sociedad Española de Farmacia Hospitalaria, Spain |
Usernames and plain-text passwords acquired and dumped by hacker |
2,071 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 21, 2011 |
Pearl River Resort |
Breach in card processing system suspected after reports of card fraud linked to gaming resort |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 20, 2011 |
Aegis Science Corporation |
Laptop and external hard drive stolen from an employee’s car contained PII of those undergoing drug testing and those doing the testing |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 20, 2011 |
MyVetDirect.com, Butler Schein Animal Health (Henry Schein) |
Customers' PII, CCNs and delivery information involved in web site security breach |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 17, 2011 |
Ministro per la pubblica amministrazione e l’innovazione (Minister for Public Administration and Innovation), Italy |
Administrative usernames and encrypted passwords as well as other PII dumped by hacker |
9,195 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 16, 2011 |
Open Road Audi Brooklyn |
Employee used info stolen from UJA-Federation of NY and his employer to commit fraudulent financial transactions; |
900 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
JPMorgan Chase (Chase Bank) |
At least three employees stole customer account info and/or allowed fraudulent transfers to occur |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
UJA-Federation of New York |
Employee snapped pictures of checks given collecting PII and account numbers of her victims that she then sold to others in a large fraud ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
AKAM Associates Inc. |
Employee allegedly stole identity and account info of people making payments to the property management firm |
12 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
Hawaii Department of Taxation |
Audit revealed employees may have been improperly accessing tax database going back to 2008 |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 15, 2011 |
British Columbia Transplant (BC Transplant) |
Bag containing potential organ recipients' and staff PII was stolen from employee's unattended car |
500 |
Canada PIPA & PIPEDA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 15, 2011 |
Harold’s New York Deli |
Owner convicted for his role in a larger credit card fraud ring |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 15, 2011 |
Government of Newfoundland and Labrador Motor Registration Division |
Government employee may have inappropriately accessed PII |
Unknown |
Canada PIPA & PIPEDA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 14, 2011 |
Pleasure Beach |
E-mail addresses and MD5 passwords dumped by hacker |
6,321 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 14, 2011 |
SpecialForces.com |
CCNs as well as plain-text usernames, decrypted passwords, and 40,854 e-mail addresses acquired and leaked |
36,368 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 14, 2011 |
Se7ensins.com |
Usernames, plain-text passwords and e-mail addresses dumped by hacker |
14,993 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 14, 2011 |
Paul C. Brown, M.D., P.S. |
Burglars stole office equipment and CDs containing patients' PII & PHI |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 12, 2011 |
Bolton Council, UK |
Children's files stolen from employee's car |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 11, 2011 |
University of Mississippi Medical Center |
Patients' medical record numbers and PII' sensitive information on stolen researcher's laptop |
1,475 |
California SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 11, 2011 |
Coalition of Law Enforcement and Retail (CLEAR) |
Law enforcement and retail organization members' PII hacked and dumped on the Internet along with some private messages (PMs) |
2,430 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 10, 2011 |
Gene S. J. Liaw, M.D. |
Patients' PII & PHI on missing USB drive |
1,105 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 09, 2011 |
Stone Oak Urgent Care Family Practice |
Patients PII & PHI on stolen computers from physician's office |
3,079 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 09, 2011 |
Unknown Organization |
PII of financial accounts acquired by hacker; almost 50 dumped on Internet |
3,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 09, 2011 |
Jumpers Junction Restaurant Sports Pub |
Dozens of customers' cards compromised by hack |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 09, 2011 |
Mr. Janitor , Eagle Harbor Country Club, Selva Marina Country Club |
Owner of janitorial service charged with stealing country club members' personal info and checks |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 08, 2011 |
Camden Council, UK |
Dozens of licensing applications containing PII viewable on the Internet |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 08, 2011 |
Unknown Organization, Subway Restaurants |
Romanian hackers compromise POS systems at 150 Subway stores plus 50 other unnamed merchants |
80,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 08, 2011 |
Automatic Data Processing (ADP), A. W. Hastings Co. |
Laptop stolen from contractor's home held employees' data including names, addresses, and Social Security numbers. |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 07, 2011 |
Guide Publishing Group (GuideYou.com) |
Almost a year after code insertion, firm discovers that database with customers'PII & CCNs compromised |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 07, 2011 |
Bruce W. Carter Department of Veterans Affairs Medical Center |
Employee charged with selling ID of disabled patients |
22 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 06, 2011 |
Alan M Casson Associates |
Two unencrypted laptops and back up media containing PII on patients stolen during office burglary |
8,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 06, 2011 |
Powys County Council, UK |
Council fined by ICO following two shared printer-related breaches exposing sensitive child protection cases |
2 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 06, 2011 |
Richard Dominic Preston |
Stolen laptop contained documents relating to barrister's cases plus e-mail correspondence |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 05, 2011 |
Metabasis Therapeutics |
Employee stole co-workers' and their dependents' personal information, which he used to obtain credit cards |
90 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 04, 2011 |
Red River College |
Campus crime reports on more than 100 victims were dumped in a recycling bin |
100 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 04, 2011 |
Yahama Motor Racing, Yamaha Factory Racing, Italy |
Usernames, e-mail addresses, and plain-text passwords acquired by hacker and dumped on Internet |
10,147 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 03, 2011 |
State of Tennessee |
Mailing error exposed employees' insurance certificate data to the wrong parties |
1,770 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| December 03, 2011 |
Napsu |
Travel site usernames, e-mail addresses, and plain-text passwords acquired by hacker and leaked on Internet |
16,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 02, 2011 |
Pulaski County Special School District |
Laptop with employees' name and Social Security numbers stolen from former employee's home |
1,100 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 02, 2011 |
South Central Strategic Health Authority |
E-mail containing sensitive personnel data relating to pathology staff mistakenly sent to a clinical reference group |
1,822 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| December 02, 2011 |
University of Kansas |
Documents containing personal information of current and former student housing residents stolen from office |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 02, 2011 |
Contra Costa County |
Names of resident debtors of the county health department were included in a public document that was uploaded to the Internet |
5,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 02, 2011 |
Blanca Games |
Ultimate Bet player records obtained and leaked online |
3,500,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 01, 2011 |
Portal Mercosur |
Names, usernames, plain-text passwords, and e-mail addresses of trade organization's site acquired and dumped by hacker |
3,163 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 01, 2011 |
Unknown Organization, Trilegiant Corporation |
Call center employee caught taking screenshots of customers' names and card numbers with his cellphone camera |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 30, 2011 |
African Imports, KY, US |
Customers' PII and credit card numbers acquired by hacker and posted online with server admin's username and password |
1,193 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
Ekatra Books |
Users' e-mail addresses and plain-text passwords acquired and posted online by hacker |
1,100 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
The College of New Jersey |
Vulnerability in Campus Student Employment System may have exposed student job applicants' information |
12,815 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
Songs Fever |
PII including hashed passwords and userids acquired and posted by hacker, who also claims to have acquired credit card numbers |
1,344 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
Relay Specialties, Inc. |
Database with e-mail addresses, most with plain-text passwords, posted on Internet |
2,744 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 29, 2011 |
Evidalia.es, Spain |
Users' first names, nationality, e-mail addresses, plain-text passwords, and usernames acquired and posted by hacker |
42 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 28, 2011 |
Telford & Wrekin Council, Moorfield Primary School, UK |
Employee dumped files in public bin that included PII of every student at a primary school who had a school meal |
58 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 28, 2011 |
United Nations |
Usernames, passwords, and e-mail addresses from "old server" acquired and posted by hacker |
850 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 28, 2011 |
Flin Flon Clinic |
Partially burned medical records were found blowing near a highway and gravel pit |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 28, 2011 |
Worcestershire County Council, UK |
Council fined for e-mailing sensitive info on a large number of vulnerable people to unintended recipients |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 28, 2011 |
North Somerset Council |
Council fined for repeated e-mail errors by an employee involving sensitive and confidential information |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 28, 2011 |
Vagus Cosmetics |
Patient database with patients' personal information acquired and dumped by hacker |
2,555 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 27, 2011 |
Unknown Organization, 101Domain.com |
Phishing attempt on vendor resulted in a number of customers' accounts being at risk of compromise of personal and payment info |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.10.8.4 - Electronic messaging
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 27, 2011 |
Carbajal Realty |
Renters' payment records and information dumped online |
625 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 25, 2011 |
Nexon Korea Corp |
Million players of Maple Story had their PII acquired by hacker |
13,200,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 24, 2011 |
Lumen Christi College |
Names, usernames, department, position, and plain-text passwords dumped on web by hacker |
15 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Naijaloaded, Nigeria |
Users' names, passwords and location information acquired by hacker |
243,089 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Restaurant Depot, Jetro Cash & Carry |
Malware inserted in system exfiltrated customers' magstripe data to servers in Russia |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Save Mart Supermarkets , Lucky Supermarkets |
Supermarket chain notifies customers after skimmers were found in self-checkout terminals at 23 stores |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Club Penguin Private Servers |
Usernames, e-mail addresses, passwords and IP dumped on web by hacker |
309 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Math2020.com |
Usernames, e-mail addresses, and plain-text passwords dumped on web by hacker |
99 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
New Jersey Motor Vehicles Commission |
Two employees sold PII; two other businessmen charged as part of the ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 23, 2011 |
MassBay Community College |
Failure to enable PeopleSoft when database launched in 2002 allowed employees to view PII of anyone in the database |
400 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
EMR4Doctors.com, Sitka Wellness Center |
EMR vendor exposed patients' info on internet |
566 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
Globeclassroom.ca, Globe and Mail, Canada |
Names, e-mail addresses, clear-text passwords, job title, school, and school contact details dumped on web by hacker |
1,409 |
Canada PIPA & PIPEDA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
HostBooter.com |
Usernames, passwords, e-mail addresses, DNS, IP addresses, and Serial numbers dumped on web by hacker |
713 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
NTR , Netherlands |
Names, dates of birth and e-mail addresses of 13,000 children using Sinterklaas web site downloaded by hacker |
13,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
Virtual Radiologic Professionals (vRad) |
Laptop stolen from employee's car contained physician and patient info, including SSNs, bank account numbers or credit card numbers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 21, 2011 |
Jewish Community Services of South Florida |
Employee sold Holocaust survivors' identity info to a confidential police informant |
32 |
EU Directive on Data Protection
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 21, 2011 |
Wine Library |
Customers' stored credit card data acquired and misused by hacker |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 21, 2011 |
Blairsville High School |
Students repeatedly accessed database with teachers' names, Social Security numbers, and salaries |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 21, 2011 |
London Borough of Southwark Council, UK |
Computer and papers containing peoples’ PII left behind after office move discovered when building was sold 1.5 years later and new landlord cleaned out building |
7,200 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 21, 2011 |
Central Essex Community Services, UK |
A book containing information about the general health of mothers and their babies was taken from a locked office. |
498 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 18, 2011 |
Daisy’s Florist |
Owner arrested for skimming customers' card numbers for fraudulent use |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 18, 2011 |
Asia-Pacific Economic Cooperation |
Honolulu’s APEC Host Committee computers containing host members' Social Security numbers and dates of birth hacked |
40 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 18, 2011 |
Unknown Organization, Lebanon Internal Medicine Associates, P. C. |
Patients' PII & PHI were on a flooded computer that was improperly discarded by a restoration contractor |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 18, 2011 |
Parkland Memorial Hospital (Parkland Health Hospital System) |
Employee accessed and copied patient information, allegedly to use for his own healthcare agency |
1,311 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 17, 2011 |
Smith and Wollensky, Capital Grille, Wolfgang's Steakhouse, Morton’s, Bicycle Club, JoJo |
Waiters at high-end steakhouses recruited to skim high-limit credit cards |
50 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 17, 2011 |
Ohio Rehabilitation Services Commission |
Confidential client files from state agency thrown in dumpster by employee. |
50 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 17, 2011 |
Sawicki & Phelps, P.A. |
Employee donated old papers to an elementary school for scrap paper, not realizing they contained confidential client data |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 17, 2011 |
Medcenter One |
Laptop with limited patient information stolen from employee's car; |
650 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 16, 2011 |
Netcar Finland Oy, Finland |
Usernames, passwords, and e-mail addresses leaked for netcar.fi car retail site |
12,109 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 16, 2011 |
McDonald's |
Drive-thru window employee confessed she was recruited to skim and sell over 100 customers' credit/debit card numbers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 16, 2011 |
Union Bank Trust Co, Bright Directions Program (Illinois Treasurer's Office) |
SSNs of people enrolled in a college savings program appeared on the outside of envelopes mailed to participants |
36,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 15, 2011 |
CEFCU |
Stolen laptop contained credit union members' names and account numbers |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 15, 2011 |
Pennsylvania Public School Employees Retirement System |
Pension fund members' names and SSNs exposed on Internet |
2,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 14, 2011 |
Unknown Organization, YMCA of Metro Atlanta |
Stolen computer may expose YMCA members' personal information and encrypted bank account and debit/credit card numbers) |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 14, 2011 |
Stephen F. Austin Hotel |
Employee skimmed guests' credit or debit cards left in their hotel rooms |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 14, 2011 |
Clayton County Police Department |
Police officer left memo pad with identifiable info on traffic stops and crime victims in his personal car that he sold |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 14, 2011 |
Smokers Choice |
Smoke shop customers reported their card number stolen |
200 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 13, 2011 |
FindFriendz.com, India |
Usernames and clear-text passwords acquired by hacker and posted on Internet |
57,721 |
The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 13, 2011 |
Providence Night Life |
Usernames, clear-text passwords, and e-mail addresses leaked on Internet |
50,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 12, 2011 |
Zapateria Orinoco |
Customers’ e-mail addresses, clear-text passwords, security questions and security answers posted by hacker |
487 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 12, 2011 |
University of California at Los Angeles (UCLA |
Applicants to Dept. of Psychology had first and last names, gender, date of birth and full mailing address in data dump by hacker, with 40 dept. usernames and passwords |
40 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 12, 2011 |
AdventSource |
Ministry site users' PII and encoded credit card numbers and passwords posted on Internet |
2,500 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2011 |
Transcend Capital |
Stolen laptop contained customers’ names, account numbers, and in some cases, Social Security numbers. |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 11, 2011 |
University of Texas - Pan American (UTPA) |
Spreadsheet containing PII and GPA of 19,276 students accessible on the Internet |
19,276 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2011 |
Mu Explicito |
Usernames, e-mail addresses and clear-text passwords from online gaming site posted on Internet with site administrator's password |
36 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2011 |
Microsoft, Unknown Organization |
Working MSN and Hotmail e-mail addresses and passwords found in phishing attempt attachment |
47,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 11, 2011 |
Virginia Commonwealth University |
Notified after database containing PII and various programmatic or departmental information accessed by intruder |
178,567 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 10, 2011 |
Steam (Valve, Inc.) |
Database containing PII and encrypted credit card information accessed by hacker(s). |
35,000,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 10, 2011 |
LivingSocial Inc. |
Stolen laptop contained hundreds of current and former employees' names, dates of birth, and addresses |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 10, 2011 |
Brownsville School District |
PII and estimated monthly salary exposed on the internet for 5 months |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 10, 2011 |
Wakulla County School District |
Students' FCAT scores and SSNs exposed on the Internet |
2,400 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 09, 2011 |
Habitat for Humanity of Delaware County ReStore |
Credit card transactions captured and exfiltrated to a server in Poland |
444 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 07, 2011 |
Unknown Organization, iQor, Inc. |
Contractor's employee stole PII and used them to open credit card accounts |
100 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 07, 2011 |
Computershare Inc |
Firm alleges former employee illegally accessed a protected computer and downloaded both proprietary information and shareholder information |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 06, 2011 |
Adidas AG (adidas.com, reebok.com, miCoach.com, adidas-group.com) |
E-mail addresses and passwords acquired and dumped by hackers |
500,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 05, 2011 |
Work Efficiency Institute, Student Alliance Osku, WinNova Länsirannikon koulutus Ltd, Aducate - Centre for Training and Development (University of Eastern Finland) |
Social security numbers, home addresses, telephone numbers and email addresses hacked and posted online |
16,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 05, 2011 |
Unknown Organization |
E-mail addresses and clear-text passwords posted in data dump |
1,272 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 05, 2011 |
Waseela Marriage Center |
Usernames, MD5 hashed passwords and e-mail addresses from marriage-making site dumped by hacker |
98 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 04, 2011 |
Washington South Supervisory Union |
Compromise of financial computer system put members' financial information at risk |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 04, 2011 |
Sociedad Española de Farmacia Hospitalaria, Spain |
Usernames and clear-text passwords, with some e-mail addresses, exposed by hacker |
1,826 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 04, 2011 |
St. Joseph Medical Center |
X-rays with PII & PHI stolen |
5,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 04, 2011 |
Jackson Hewitt |
Hundreds of completed tax returns found outside an abandoned office. |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 04, 2011 |
University of California Los Angeles Health System |
Patients' names, medical record numbers, addresses, and some medical info on hard drive stolen in home burglary |
16,288 |
California SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 03, 2011 |
U.S. Department of Veterans Affairs |
Log book with personal and medical info stolen from a VA physician's car. |
377 |
California SB-1386 & other State derivatives, HIPAA Security |
.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 03, 2011 |
U.S. Department of Veterans Affairs |
10-12 sheets of paper with lists of in-patient Veterans with full PII & PHI were found in a cybercafe in a veterans' residential treatment program |
219 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 03, 2011 |
Rochdale Metropolitan Borough Council, UK |
Employee lost memory stick containing the details of over 18,000 residents, |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 03, 2011 |
ConsumerJournalWeekly.com |
Spread sheet of insurance leads with PII exposed on web in .txt file |
6,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 03, 2011 |
Top of the Line Marketing |
Employee provided 1,200 individuals' names, Social Security numbers and birth dates to someone who used them for card fraud |
1,200 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 02, 2011 |
Amsterdam Hospitality Group |
Auditor for the firm stole customer information and sold it to another party who used it to purchase airline tickets |
237 |
EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 02, 2011 |
Timothy Mathis, M.D. |
Patients' records stored in old building were destroyed in fire; some found on street |
4,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 02, 2011 |
University of Alabama |
E-mail gaffe exposes students' failing grades to each other |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 02, 2011 |
Maloney Properties |
Stolen laptop contained residents' housing data, including Social Security numbers |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 01, 2011 |
Metrolux 14 Theatres |
Cases of card fraud linked to breach at the theatre's system |
1,180 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 01, 2011 |
Premier Imaging LLC, High Point Regional Health System, Premier Medical Plaza |
Employee fired after taking patients' files home for reasons that are unknown at this time |
551 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 31, 2011 |
BanglaTV.ca |
Usernames and clear-text passwords acquired and dumped by hackers |
1,517 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information" |
| October 31, 2011 |
Hi5ads.com (KathmanduInfosys Educational Consultancy) |
Usernames, clear-text passwords, e-mail addresses, phone numbers, and names acquired and dumped by hackers |
5,067 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 31, 2011 |
Warren County Community College |
PII of former and current students and applicants may have been on stolen laptop |
5,461 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 31, 2011 |
British Columbia Ministry of Children and Family Development, Canada |
Documents containing PII & PHI found in a dumpster behind an apartment complex |
Unknown |
Canada PIPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 29, 2011 |
Archangel Security Agency Ltd, Ireland |
Personal details of individuals in a security training program were found strewn on grounds of industrial estate |
30 |
Irish Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 28, 2011 |
BrickWire LLC, Lawrence Memorial Hospital, Mid Continent Credit Services, Inc. (Blue Sky Credit) |
Online payment system exposed patients' credit card numbers and PII |
10,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 28, 2011 |
United States Air Force, Japan |
Service members' medical records were found at a service member’s home on Yokota Air Base |
593 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 28, 2011 |
Unknown Organization, Newcastle Youth Offending Team, Newcastle upon Tyne City Council, UK |
Personal data on laptop stolen from contractor's home |
110 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 28, 2011 |
Hong Kong Labour Department, HK |
Personal data of 56 people who applied for employee compensation was lost |
56 |
Personal Data (Privacy) Ordinance (PCPD) |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 27, 2011 |
James A. Haley Veterans Hospital |
Missing camera contained before and after pictures of breast cancer surgery patients with their SSNs |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 27, 2011 |
Muir Orthopaedic Specialists |
Stolen binder had patient labels including patients' date of birth |
1,800 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 27, 2011 |
Mama’s Boy Italian Ristorante |
Customers' credit and debit card numbers captured during transmission and misused |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 27, 2011 |
Eaton Group, Jani-King |
Court documents with personal and financial information found strewn in street |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 27, 2011 |
Vancouver Coastal Health Authority |
Patients' names, medical record numbers, dates of birth and diagnoses on laptop and USB lost or stolen at airport |
450 |
Canada PIPA & PIPEDA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 27, 2011 |
University Hospitals Coventry & Warwickshire NHS Trust, UK |
Patients' sensitive personal data found in public bin outside residential apartment complex |
18 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 26, 2011 |
Indalex Inc. (Sapa AB) |
Bankrupt firm abandoned building with employee records containing Social Security numbers |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 26, 2011 |
Indigo Joe's |
Personal information on hundreds of people from pub that went out of business found at trash storage company |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 25, 2011 |
United States Department of Education |
"Glitch" exposed Direct Loan Program applicants' Social Security numbers and financial information to each other |
5,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 25, 2011 |
Regions Bank, Ocala Police Department |
Police officer looked up PII of drivers for co-conspirator to open bank accounts to cash fraudulent tax return checks |
149 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 25, 2011 |
Bloggtoppen.se, Unknown Organization |
Usernames and passwords of users of at least 58 web sites acquired by hackers |
180,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 24, 2011 |
Cheaptickets.nl, Netherlands |
Database with 715000 customers, 1200000 tickets, 80000 passport numbers leaked |
715,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 24, 2011 |
Emory Healthcare |
Patients notified as patients PII were used to file fraudulent tax returns |
7,300 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 24, 2011 |
Ministry of Labor and Social Welfare, Israel |
Employee with access to the Population Registry stole the details of residents and then passed them to someone else; eventually publicly available |
9,000,000 |
Israel Privacy Law |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 23, 2011 |
Hazleton Community Ambulance Association |
Hundreds of old sheets with personal information of employees and former patients found in a dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 22, 2011 |
Boston Police Patrolmen’s Association, International Association of Chief of Police, Matrix Group International, Baldwin County Sheriff's Office |
Personal data from law enforcement-related web sites and their host acquired and posted by hacker groups |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 22, 2011 |
Unknown Organization, Unknown Organization, Worker Benefit Plans (Concordia Plan Services), The Lutheran Church-Missouri Synod |
Box of microfilm containing plan enrollment information from the 1960s and 1970s sent by vendor to subcontractor lost by delivery service |
Unknown |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| October 20, 2011 |
Wells Fargo |
Printer malfunction resulted in customers receiving parts of other customers' bank statements, including account numbers, balance, and transaction history |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 20, 2011 |
Edge Hill University |
Students’ PII and student network passwords included in e-mail to 53 other students by mistake |
798 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 19, 2011 |
Well United Methodist Church |
Church volunteers' SSNs and birthdates stolen by volunteer/former inmate |
40 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 18, 2011 |
Aaron's, Inc. |
Customers' names and Social Security numbers were on a stolen computer |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 18, 2011 |
Lord of the Rings Online Forum, Turbine, Inc., UK |
Forum database hacked, users' passwords acquired |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 17, 2011 |
Metropolitan Police Service, UK |
Online disclosure log for freedom of information requests failed to redact personal information in cases |
105 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 16, 2011 |
Ashley D. Bell Law Office |
Old client files containing sensitive information found in a newspaper's dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 15, 2011 |
Unknown Organization, United Healthcare, Futurity First Insurance Group, Mutual of Omaha Insurance , United of Omaha Life Insurance Company, United Health Group Health Plan, American Continental Insurance Company |
Hard driven stolen from repair vendor contained enrollee's personal and health information |
7,602 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 15, 2011 |
Thomas Jefferson University Hospitals, Lankenau Medical Center, Grand View Hospital |
Patients' x-ray films were stolen by men posing as employees of recycling firm |
3,000 |
California SB-1386 & other State derivatives, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 15, 2011 |
San Antonio Independent School District |
Students' PII and the reasons the district considered them potential dropouts exposed on the Internet |
360 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
Avia Dental Plan |
Stolen password enabled acquisition of members' PII and credit card information |
2,500 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
Unknown Organization, Securities and Exchange Commission, Financial Tracking Technologies LLC |
SEC staffers notified that their personal brokerage account information may have been compromised by unauthorized subcontractor(s) |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 14, 2011 |
Praxis Care Isle of Man, Department of Social Care |
Memory stick containing confidential information on disabled clients and staff lost by employee |
107 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 14, 2011 |
Social Security Administration |
Living Americans' names, birthdates and Social Security numbers exposed in Death Master Files |
31,931 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
NEA Baptist Clinic |
Hack of clinic's web site compromised usernames, passwords, and in some cases additional details |
3,116 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
Chili’s Grill Bar Restaurant |
Restaurant customers' credit card numbers hacked and misused |
Unknown |
UK Data Protection Act & EU Directive on Data Protection, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 13, 2011 |
Spectrum Health Services Inc. |
Stolen hard drive contained patients PII |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 11, 2011 |
Sony Online Entertainment, Sony Corporation |
PlayStation Network and Sony Online Entertainment usernames and passwords compromised via brute force attack |
93,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 11, 2011 |
Chilliwack General Hospital |
Internal records with names, ages, admission dates, attending physician and diagnoses for patients found on a street. |
27 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 10, 2011 |
Henry Ford Health System |
Stolen computer contained patients' name, physician’s name, medical record number, and results of a genotype test |
520 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 10, 2011 |
Baxter, Baker, Sidle, Conn Jones, St. Joseph Medical Center, Preferred Professional Insurance Co. |
Backup drive containing records of 161 patients suing for malpractice left on a train |
161 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| October 08, 2011 |
Troy School District |
Hacker obtained usernames and decrypted passwords from district's systems |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 07, 2011 |
Adult Pediatric Dermatology (APDerm) |
Patients' records on flash drive stolen from employee's car |
2,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 07, 2011 |
Nemours Childrens Clinic |
Backup tapes with 1.6 million individuals' patient billing and employee payroll data missing |
1,600,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| October 07, 2011 |
University of Georgia |
Personal data on faculty and staff including SSNs & DOBs available on university web site for years |
18,931 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 07, 2011 |
First State Superannuation, FSS Trustee Corporation, Pillar Administration |
URL manipulation exposed clients' name, address, date of birth, next of kin and superannuation payments. |
568 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 07, 2011 |
Air Pacific Limited |
Employee allegedly downloaded corporate and employee data including individual pilot and flight attendant salaries, and employee contracts |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 07, 2011 |
College of the Holy Cross |
Personal information of individuals compromised when employee fell for phishing attempt |
493 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 07, 2011 |
Public Service Enterprise Group (PSEG) |
Laptop stolen from employee’s home contained employees' Social Security numbers |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 06, 2011 |
Indiana University School of Optometry |
Patients' information exposed on the Internet |
757 |
California SB-1386 & other State derivatives, FERPA, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 06, 2011 |
United States Postal Service, AdvancePierre Foods |
Employee 401k data sent by mail on unencrypted flash drive was lost in the mail |
Unknown |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| October 05, 2011 |
Elections Alberta |
Binders containing voter registrant information lost by enumerators |
Unknown |
Canada PIPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 04, 2011 |
London Care PLC |
Personal details of home care patients, including keycode access to many of their doors, found in school car park |
50 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 04, 2011 |
Poole NHS Trust, UK |
Two diaries stolen from nurse's car contained details on 240 midwifery patients |
240 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 05, 2011 |
Association of School and College Leaders |
A laptop containing members' personal information stolen from an employee's home |
100 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 03, 2011 |
Estate of James C. Graham M.D. |
File cabinets with deceased doctor's patient records stolen in burglary at unoccupied property |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 03, 2011 |
Surrey and Sussex Healthcare NHS Trust, UK |
Confidential patient records on lost memory stick |
800 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 30, 2011 |
Unknown Organization, Blue Cross of Northeastern Pennsylvania, Penn Foster |
Documents and laptop stolen from employee's home contained PII & PHI of Penn Foster employees |
500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 30, 2011 |
Betfair, UK |
Payment card details of most customers as well as PII with bank account details acquired by hacker |
3,150,000 |
UK Data Protection Act & EU Directive on Data Protection, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 29, 2011 |
Unknown Organization, Florida Hospital |
Employees accessed records of car accident victims for attorney referral service |
2,252 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 28, 2011 |
Science Applications International Corp (SAIC), Tricare Management Activity |
Backup tapes stolen from car containing patients' PII & PHI |
4,900,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| September 28, 2011 |
Summit Medical Group , Fountain City Family Physicians , Emory Family Practice, Dr. Kenneth Reese |
Patients' PII & PHI in documents stolen from an employee's car |
750 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 27, 2011 |
Tyrolean Regional Health Insurance (TIROLER GEBIETSKRANKENKASSE) (TGKK), Austria |
Insured' names, addresses and insurance numbers leaked by hackers |
600,475 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 27, 2011 |
DeKalb County Sheriff’s Office |
Jail technician used inmates' SSNs for tax refund fraud |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 27, 2011 |
Fairview Health Services, Accretive Health, North Memorial Hospital |
Laptop stolen from employee's car contained patients' information |
16,800 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 24, 2011 |
UKChatterbox |
Chatroom users' passwords possibly acquired by hackers |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 23, 2011 |
United States Postal Service, US Steel, Carnegie Pension Fund, Benefits Administration Services |
CD with PIIs of U.S. Steel retirees and dependents sent by their benefits administrator lost in the mail |
4,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| September 22, 2011 |
University of Texas at San Antonio |
Students' and prospective students' PII accessed by employees after configuration error made data available on intranet |
688 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 21, 2011 |
Saint John Regional Hospital, Horizon Health |
Memory stick with pediatric patients' information missing |
1,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 21, 2011 |
Hana SK Card |
Telemarketing employee leaked customers' information including names, addresses and resident registration numbers |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 20, 2011 |
Blackpool Coastal Housing |
Tenants' PII and confidential care plans transferred to employee's home computer where they were accessible to others |
80 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 20, 2011 |
ProMedica |
Patients' applications for financial assistance sent to other patients due to mail sorting machine error |
14 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 19, 2011 |
Florida International University |
Emoticon discovered in internal database suggested that database with students' PII with GPAs might have been accessed by hacker |
19,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 16, 2011 |
California State Assembly |
Employees' personal information may have been acquired by hacker |
50 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 16, 2011 |
Guilford County Tax Department |
Taxpayers' PII and images of checks paid were accessible on internet |
1,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 16, 2011 |
Good Samaritan Hospital |
Barrels of x-ray films stolen by person impersonating disposal vendor |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security & FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 16, 2011 |
Connecticut Department of Revenue Services |
Employee accessed taxpayers' returns without legitimate business purpose |
15 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 15, 2011 |
Brandywyne Healthcare Center |
Licensed practical nurse stole patients' information for use in tax fraud scheme |
83 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 15, 2011 |
Royal Liverpool University Hospital, Royal Liverpool and Broadgreen University Hospitals NHS Trust, UK |
Ward handover sheets with patients' names and medical information found on public street |
22 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 15, 2011 |
Royal Liverpool University Hospital, Royal Liverpool and Broadgreen University Hospitals NHS Trust, UK |
Bag stolen from staff member's car contained sensitive information on patients |
27 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 15, 2011 |
Montgomery County Department of Job and Family Services |
PII of individuals seeking agency assistance were on lost thumb drive |
1,200 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 14, 2011 |
Eastern and Coastal Kent Primary Care Trust, UK |
CD holding the PII and GP practice codes left in filing cabinet sent to a landfill |
1,600,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 14, 2011 |
Bright House Networks |
Customer names, addresses, phone numbers and account numbers exposed in unauthorized access |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 14, 2011 |
United States Postal Service, United States Army |
CD containing the PII of Non-Appropriated Fund retiree records was lost in the mail |
25,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| September 13, 2011 |
McDonalds |
Employee skims credit card numbers of people who used the drive-through lane of the store |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 13, 2011 |
Intelligence and National Security Alliance (INSA) |
Members PII acquired by hackers and exposed on internet |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 13, 2011 |
Northern Ireland Police Fund, Royal Ulster Constabulary, UK |
Former reservists had PII potentially exposed when they were sent a gratuity payment in envelopes with a clear window |
6,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 12, 2011 |
Vacationland Vendors, Wilderness Resort, Wilderness at the Smokies |
Point of Sale breach at resort arcades exposes debit and credit card numbers |
40,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 11, 2011 |
Linux Foundation |
Usernames, passwords, email addresses as well as other information compromised due to hack |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 10, 2011 |
Tampa Signal |
Thousands of customers who purchased ADT systems had their personal information stolen by employee and sold to tax fraud ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 09, 2011 |
Oregon Department of Transportation |
File with individuals' names and encoded SSNs on an ftp server indexed by search engine |
62 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 09, 2011 |
Bonney Lake Medical Center |
Computers stolen from offices contained patients' PII & PHI. |
2,370 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 09, 2011 |
Unknown Organization, Walsall Council, UK |
Hundreds of residents’ postal vote statements containing names, addresses, dates of birth and signatures dumped in a skip |
951 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 09, 2011 |
Methodist Hospital (Methodist Health System) |
Employee stole patients' names and Social Security numbers to use in payday loan fraud |
50 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 09, 2011 |
Indiana University School of Medicine |
Laptop stolen from researcher's car contained patients' PII & PHI |
3,192 |
California SB-1386 & other State derivatives, FERPA, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 08, 2011 |
Beaumont Independent School District |
Students' PII including grade and scores on the Texas Assessment of Knowledge and Skills exposed on the web |
15,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 08, 2011 |
Multi-Specialty Collection Services, Stanford Hospital and Clinics |
Emergency Room patients PII & PHI posted online |
20,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 08, 2011 |
Unknown Organization, MyJob.ie, Ireland |
Security breach exposed users' passwords and information |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 08, 2011 |
North Bay Regional Health Centre |
Employee improperly accessed patients' records since 2004 |
5,800 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 07, 2011 |
Electronic Data Systems (EDS) |
Former employee stole identity info as part of tax refund fraud ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 07, 2011 |
London Ambulance Service, UK |
Personal laptop stolen from a staff member's home contained patients PII |
2,664 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 07, 2011 |
University Hospital of South Manchester NHS Foundation Trust, UK |
Patients' name, age, occupation and surgical details on thumb drive lost by student |
87 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 07, 2011 |
Treatment Services Northwest |
Stolen computer contained protected health information on patients |
1,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 03, 2011 |
Nordstrom |
Customers' online accounts accessed; 17 used for fraudulent purchases |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 02, 2011 |
Scottish Children’s Reporter Administration (SCRA), UK |
Children's case files with sensitive information left in file cabinet sold to secondhand store |
9 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 02, 2011 |
Texas Police Chiefs Association |
Email accounts of members acquired by hacker and contents posted online |
25 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 01, 2011 |
Federal Correctional Institution |
Contract employee obtained the PII of inmates, other persons and used for a Medicaid fraud scheme |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 01, 2011 |
Graduate University for Advanced Studies (SOKENDAI), Japan |
Personal information of students, graduates and applicants exposed on the web |
Unknown |
Japan Privacy Act |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 01, 2011 |
El Paso Independent School District |
Hackers accessed PII of district employees and students |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 01, 2011 |
Birdville Independent School District |
Two students hacked into their school district's server and accessed a file with student PII |
14,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 31, 2011 |
Edinburgh Royal Infirmary, UK |
PII of patients, including names, addresses, dates of birth and some medical files stolen from emergency room reception desk |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 31, 2011 |
TD Bank, AmeriHealth Administrators |
AmeriHealth employee accessed PII & bank account numbers for confederate who created counterfeit checks presented to an accomplice inside TD Bank |
86 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 26, 2011 |
SWGalaxies (LFNetwork) |
Fans' email addresses and plain-text passwords acquired and leaked by hacker |
23,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 26, 2011 |
Michigan Secretary of State, North Macomb PLUS, Southwest Macomb PLUS |
Documents containing PII of drivers license and state identification applications were stolen from offices |
14,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 28, 2011 |
Borlas.net |
Hackers leak the names, passwords, emails and phone numbers of registered users |
14,800 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 26, 2011 |
Unknown Organization, Canada Post (Post Office Canada), Waterloo Region District School Board |
Two microfilm rolls with former students' PII lost in the post |
2,279 |
Canada PIPA & PIPEDA |
A.10.8.3 - Physical media in transit |
| August 26, 2011 |
Living Healthy Community Clinic, University of Wisconsin-Oshkosh College of Nursing |
PII as well as some health records of patients exposed by virus |
3,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 25, 2011 |
Shark Club, Moxie’s Canada |
PII and payroll information for dozens of staff found in dumpster |
Unknown |
Canada PIPA & PIPEDA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 24, 2011 |
Hays, Royal Bank of Scotland (RBS), UK |
Email error disclosed contractors' pay rates to contractors working for Royal Bank of Scotland |
3,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| August 22, 2011 |
ShoWorks, Inc. (Allianceforbiz.com) |
Log-in credentials and personal information acquired by hacker and exposed online |
20,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 22, 2011 |
Texas Health Partners, Texas Health Presbyterian Hospital Flower Mound |
Stolen laptop contained personal, medical, and insurance information on patients |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 22, 2011 |
Louisiana Department of Children and Family Services |
Copies of assistance applicants' PIIs found blowing down the street |
67 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 19, 2011 |
Vanguard Defense Industries |
Defense contractor's personal e-mail account hacked, revealing PII |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 18, 2011 |
Chocolate Emporium |
Employee copied entire customer database to Dropbox, including credit card numbers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 17, 2011 |
Fort Dodge Correctional Facility |
Employees' PII were in desk drawer accessible to inmates for 3-4 months |
23 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 17, 2011 |
Bay Area Rapid Transit (BART) Police Officers Association |
Hack exposes personal details of BART police officers |
100 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 16, 2011 |
Purdue University |
Former students' and faculty members' SSNs at risk from hack |
7,093 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 14, 2011 |
Bay Area Rapid Transit (BART) |
Employees' and customers' PIIs including unencrypted passwords acquired and posted by hackers |
2,450 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 13, 2011 |
St. Francis Hospital |
Doctor lost unencrypted flash drive with maternity patients' names and medical details |
574 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 12, 2011 |
Office of the Telecommunications Authority, Hong Kong |
Personal data of more than 500 people on stolen laptop |
500 |
Personal Data (Privacy) Ordinance (PCPD) |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 12, 2011 |
Midland Regional Hospital, Roscommon County Hospital, Ireland |
Files with patients' PII & PHI found outside another hospital |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 12, 2011 |
Reznick Group, AssureCare Risk Management, Inc, Colonial Healthcare, Inc. |
Breach at former benefits administrator exposed employees' and dependents' PII |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 11, 2011 |
TGI Fridays |
Employee skimmed and sold customers' credit card numbers |
73 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 10, 2011 |
The Knoll at Thackley, ADL plc, UK |
Unknown number of medical files and records were found dumped in the grounds of the abandoned nursing home |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 10, 2011 |
University of Wisconsin - Milwaukee |
Malware infected computer expose PII |
75,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2011 |
Yale University |
PII of faculty, staff, students, and alumni in 1999 file indexed by Google |
43,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2011 |
North Carolina State University, Ashley Chapel Elementary School, Gardners Elementary School, Wells Elementary School |
PII of elementary students exposed on Internet by university server |
1,800 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2011 |
North Carolina State University |
School childrens' data including SSNs exposed on the web |
1,800 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 08, 2011 |
Thirty-One Gifts, LLC |
Missing laptop with consultants' bank account information discovered during investigation of fraudulent wire transfers |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 08, 2011 |
Unknown Organization, Thompson Dunavant, PLC |
Laptop stolen from auditor contained clients' employees' PII |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 08, 2011 |
Sikorsky Aircraft Corporation |
Employees' PII were in files on server accessed by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 08, 2011 |
California State Polytechnic University |
Staff member places files containing faculty members PII on a network share |
38 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 05, 2011 |
Unknown Organization, Citi Cards Japan (Citigroup) |
PII of customers sold to a third party by employee of contractor |
92,408 |
Japan Privacy Act |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 05, 2011 |
Harley Street Clinic, HCA International Limited, UK |
Two unencrypted laptops with patient information stolen from hospital |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 05, 2011 |
Brigham and Women’s/Faulkner Hospital |
Hard drive left in cab by doctor contained medical information on patients |
638 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 04, 2011 |
Dialogic Inc. |
During a break-in, equipment with employees' names and SSNs was stolen |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 04, 2011 |
Unknown Organization, Lewisham Homes Limited, Wandle Housing Association Ltd, UK |
PII of tenants copied onto contractor's flash drive that was lost in a pub |
26,200 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| August 03, 2011 |
Parenthesis Family Advocates, Franklin County Children Services |
PII & PHI found near recycling bin |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 02, 2011 |
Hershey |
Hacker accesses PII on server |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 01, 2011 |
News International Group Limited, UK |
PII of thousands of people acquired and posted online having participated in polls and competitions on The Sun newspaper website |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 01, 2011 |
Idaho State University, Pocatello Family Medicine |
Failure to restore firewall after maintenance left patient information exposed for 9 months |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 01, 2011 |
Mills-Peninsula Medical Center |
Mailroom employee took home mail with patients' PII & PHI for a 1-year period |
1,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 25, 2011 |
GIS, Austria |
Data files containing sensitive bank account information, acquired by hackers |
214,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 21, 2011 |
City Newsstand Inc. |
Customers' credit and debit card captured during transmission |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 20, 2011 |
Swedish Medical Center |
Employees' names and Social Security Numbers exposed on the Internet |
19,799 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 19, 2011 |
Mountain Mike’s Pizza |
Customers experienced card fraud after POS system hacked |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 18, 2011 |
Beth Israel Deaconess Medical Center |
Patients notified that their PII, PHI may have been transmitted by virus after vendor forgets to restore security controls following maintenance |
2,021 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 18, 2011 |
Unknown Organization, JL Audio, Inc. |
Customers' PII including plain text passwords acquired and posted by hacker |
4,827 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 18, 2011 |
REWE Group, Germany |
Tens of thousands customers' PII obtained from two online stores |
Unknown |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 17, 2011 |
Unknown Organization, Federal Emergency Management Agency, Williams Chevrolet Inc. Customers |
Documents found in abandoned storage rental unit included FEMA assistance applications and car lease applications |
340 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 17, 2011 |
Haartman Hospital, Finland |
Employee accessed patients' records without authorization |
188 |
EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 16, 2011 |
Margarita's Mexican Restaurant |
Hundreds of customers' card numbers misused or put up for sale on underground market |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2011 |
Meath Council, Ireland |
Planning applicants' PII posted online |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2011 |
Kirklees Council |
Laptop stolen from employee's home contained PII & PHI |
25 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 15, 2011 |
The Kitchen Place |
Customers' records including credit card numbers and bank account information as well as employee payroll records exposed during bankruptcy sale |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 15, 2011 |
DeKalb Medical Center |
Stolen patient information may have been used in tax refund fraud scheme |
7,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 15, 2011 |
UPromise Investments, CollegeChoice529 Direct Savings Plan |
Employee accessed depositors' names, SSNs, birthdays and other contact information |
300 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 13, 2011 |
Estée Lauder |
Stolen laptop contained current and former employees' and contractors' names and SSNs |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 13, 2011 |
Lincoln National Life Insurance Company, Lincoln Life Annuity Company of New York, Lincoln Financial Group |
Email attachment exposed individuals' names and SSNs |
705 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| July 13, 2011 |
Sønderborg Municipality, Denmark |
Confidential details on 156 employees' work injuries leaked on website |
156 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 11, 2011 |
AssureCare, Lansing Community College |
Health and dental plan members' names, addresses and SSNs on compromised server |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 11, 2011 |
Toshiba Corporation |
Admins',users' and more than two dozen resellers' PII including plain text passwords acquired and posted by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 11, 2011 |
Colorado Springs Hospital, Memorial Health System |
City nurse fired for allegedly accessing patients' records via Physician Link without cause |
2,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 11, 2011 |
Booz Allen Hamilton |
Hackers breach military PII including encrypted passwords and an assortment of data related to other companies and government networks including source code |
90,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 08, 2011 |
Jeannette Hospital, Excela Health |
Stolen computer contained patients' PII & PHI |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| July 08, 2011 |
All Pets Club |
Customers at two of four pet shops report card fraud after transactions |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 08, 2011 |
German Federal Police (Bundespolizei) |
GPS location coordinates, license plate numbers, and telephone numbers of suspects, as well as police officers' usernames and passwords acquired and dumped by hackers |
Unknown |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 07, 2011 |
Stevens Institute of Technology |
Users' full names, usernames, plaintext passwords and email addresses exposed by hacker |
31 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 06, 2011 |
Hurley Medical Center |
Laptop containing patients' PII & PHI missing or stolen |
1,938 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 06, 2011 |
Troy Regional Medical Center |
Files containing patients' PII & PHI removed from the hospital and used in tax refund fraud scheme |
880 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 04, 2011 |
Clark College |
Students' PII compromised by hacker |
250 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 04, 2011 |
IRC Federal |
E-mail addresses and passwords, private e-mails, and login information for an FBI contractor acquired and posted by hackers |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 01, 2011 |
Unknown Organization, Spain & Spain, Irene Makridis |
Client records from defunct law firm discarded without shredding by owner of building |
Unknown |
EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 30, 2011 |
Department of Health Care Policy & Financing |
A disk containing medicaid applicant PII has been lost in transit between two state agencies. |
3,590 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| June 30, 2011 |
Smashing Tomato |
Restaurant customers' card numbers acquired during transmission to card processor |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 30, 2011 |
PhyData LLC, Advanced Diagnostic Imaging, Premier Radiology, Anesthesia Services Associates |
Laptop with patients' PII and medical record numbers stolen from car parked at shopping mall |
1,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 28, 2011 |
Plymouth State University |
Missing backup drive contains names and SSNs of students |
1,509 |
California SB-1386 & other State derivatives, FERPA |
A.10.8.3 - Physical media in transit |
| June 27, 2011 |
NHS Jobs, UK |
Jobs.nhs.uk site leaks candidate details to newly registered users |
69 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 27, 2011 |
Gannett Government Media Corporation |
PII of subscribers to DefenseNews acquired by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 27, 2011 |
Sosasta, INDIA |
Users' email addresses and plaintext passwords indexed by Google |
300,000 |
The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 24, 2011 |
New York State Department of Taxation and Finance, Morgan Stanley Smith Barney , United States Postal Service |
Clients’ PII including account and tax identification numbers on two CDs that are missing after being mailed to the state's office |
34,000 |
California SB-1386 & other State derivatives, GLBA |
A.10.8.3 - Physical media in transit |
| June 24, 2011 |
California Department of Health Care Services, California Department of Public Health, California Department of Health Services |
Personal and workers' compensation information of approximately current and former state employees copied to a drive by an employee and removed from offices |
9,000 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 24, 2011 |
Accendo Insurance Company, RxAmerica (CVS Caremark) |
Mailing error exposes members' medication name, date of birth, and member ID in envelope window |
175,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 23, 2011 |
Arizona Department of Public Safety |
Internal memos as well as PII including passwords belonging to Arizona law enforcement accessed by hackers |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 23, 2011 |
NATO e-Bookshop, Unknown Organization |
Usernames, passwords, addresses and email addresses may have been acquired by hacker |
12,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 20, 2011 |
Mt. Gox Japan |
Bitcoin exchange database containing username, email and password hashes stolen from auditor by hackers |
61,020 |
Japan Privacy Act |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 20, 2011 |
DropBox |
User accounts accessed by others after code update disabled authentication |
100 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 20, 2011 |
Staples Business Depot |
Inadequately wiping of devices being re-sold left sensitive information including PII, Employment history, academic transcripts, and personal investment info exposed |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 20, 2011 |
Foothills Nephrology |
Patients' names, dates of birth, and clinical information on laptop stolen from physician's car |
1,280 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 19, 2011 |
InfraGard Connecticut |
Users' accounts reportedly compromised by hackers |
1,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 19, 2011 |
Centaur Hotels, S. Naidu Pvt. Ltd |
Guests' PII exposed on web |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 17, 2011 |
SEGA |
Hackers acquire users' names, emails addresses, dates of birth and encrypted passwords |
1,290,755 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 17, 2011 |
Blue Cross Blue Shield Florida |
Members' explanation of benefits forms sent to incorrect addresses |
3,500 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 17, 2011 |
Victoria Hospital, London Health Sciences Center |
Handwritten notes with patients' names, treatments, and health card numbers found exposed on grounds of hospital |
13 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 16, 2011 |
Area Agency on Aging, Inc |
Consumers' health information 35,000 personal representatives' contact information on stolen laptop |
78,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 16, 2011 |
BioWare, Electronic Arts (EA) |
User account names, passwords, email addresses, and birth dates accessed by hacker |
18,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 16, 2011 |
Harrisburg Project, Illinois State Board of Education |
Records for students and staff including PII were on laptops stolen from van |
10,454 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 16, 2011 |
WriterSpace.com |
Members' email addresses and passwords acquired and posted by hackers |
12,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 16, 2011 |
Apple, Inc. |
Retail store employee accessed customer credit card information without authorization |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 15, 2011 |
Automatic Data Processing (ADP), Workscape, Inc., FedEx SmartPost |
Hack of legacy platform compromised client's data |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 14, 2011 |
Unknown Organization, Platte Valley Medical Center, St. Anthony North Hospital, St. Anthony Central Hospital, Porter Adventist Hospital, Boulder Community Hospital |
Nurse improperly accessed hundreds of patients' files to steal SSNss and other sensitive information for fraudulent purposes |
273 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 14, 2011 |
Saint Louis University |
Dozens of documents with former students' names, addresses and Social Security numbers found behind university building |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 14, 2011 |
London Health Programmes, NHS North Central London |
Patients' medical details, PII on missing or stolen laptop |
8,630,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 13, 2011 |
Unknown Organization, Sutter Gould Medical Foundation |
Patients' records with patient PII & PHI information sent to dump in error by contractor |
1,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 13, 2011 |
Jackson Memorial Hospital, Jackson Health System |
Employee accessed patients' financial information without authorization |
1,800 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 13, 2011 |
Bethesda Softworks |
Usernames, email addresses and passwords acquired by hacker |
200,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 11, 2011 |
Penn State Altoona |
Virus may have exfiltrated alumni, faculty, and staff SSNs |
12,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 11, 2011 |
Southern California Medical-Legal Consultants |
Workers’ compensation applicants’ names and Social Security Numbers were exposed on internet |
300,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 10, 2011 |
T&T Supermarket, Inc. |
PII of customers and some job applicants acquired by hackers |
58,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 10, 2011 |
Pfizer |
Laptop stolen from employee's car contained PII on employees, health care professionals, service providers, and customers. |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 10, 2011 |
Lafrance Hospitality Corporation, White's of Westport, Bittersweet Farm Restaurant & Tavern |
Restaurant patrons' credit and debit card numbers breached and misused |
100 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 10, 2011 |
Texas Department of Assistive and Rehabilitative Services, Texas Rehabilitation Commission, Texas Commission for the Blind, Texas Commission for the Deaf and Hard of Hearing |
Current and former employees notified that their names and Social Security numbers were exposed on the internet |
4,900 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 10, 2011 |
Dr. Morgan Camp M.D. & Associates |
Stolen computer contained patients' credit card information and personal information |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 10, 2011 |
Codemasters |
Thousands of PII, passwords, IP addresses, XBox gamer tags, and biographies accessed by hackers |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 10, 2011 |
Surbiton Children’s Centre Nursery |
Teacher's bag containing flash drive and documents with students' educational information stolen |
21 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 09, 2011 |
Citigroup, Citibank, N.A. |
Customers' names, contact information, email addresses, and credit card account numbers accessed by hacker |
360,083 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 08, 2011 |
Denver Players, Denver Sugar |
Stolen files belonging to escort service contained clients' PII, credit card receipts, and appointment schedule |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 08, 2011 |
Burke County District Attorney's Office, Patton Cleaning Co. Inc. |
Night cleaner allegedly copied sensitive criminal case documents and traded them to someone for drugs |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 08, 2011 |
Dumfries and Galloway Council, UK |
Employees' confidential information including PII erroneously provided in response to a FOI request; winds up on a web site |
900 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 08, 2011 |
Conservative Party of Canada |
Donors' names, addresses, email addresses, and partial credit card information acquired by hacker |
Unknown |
Canada PIPA & PIPEDA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 07, 2011 |
Granville County Schools |
Employees' Social Security Numbers and payroll information on laptops stolen from district's finance department office |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 06, 2011 |
Victor Victoria’s Restaurant, Renteria Catering |
Owners used customer credit card numbers for fraudulent purposes |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 06, 2011 |
Scotiabank |
CDs containing customers' PII and numbers for registered accounts lost internally |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.10.8.3 - Physical media in transit |
| June 06, 2011 |
Surrey County Council, UK |
Email errors exposed personal and medical information of hundreds of individuals |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| June 05, 2011 |
Imaging Center of Garland |
Patients' x-rays were improperly disposed |
1,031 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 04, 2011 |
Sony Europe |
PIIs and website urls hacked and posted to Pastebin |
120 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 03, 2011 |
Trinity Medical Center, Montclair Baptist Medical Center |
Patients' names, dates of birth, social security numbers, and some medical information stolen by woman visiting patient |
4,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 03, 2011 |
Jean Coutu |
Patient PHI & PII found in the street |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 03, 2011 |
HealthCare Partners |
Patients' personal, medical, and insurance information on 19 stolen computers |
15,727 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 03, 2011 |
University of Mary Washington |
Students' names, dates of birth, and Social Security Numbers viewable by others logged into EagleNet portal |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2011 |
San Francisco Public Utilities Commission |
PII may have been exposed on infected server |
180,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2011 |
InfraGard, Unveillance |
PII acquired and posted publicly plus one company's emails |
180 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2011 |
Sony Pictures, Sony BMG Belgium, Sony BMG Netherlands |
Users' passwords, email addresses, home addresses, dates of birth, as well as administrator login passwords acquired by hackers |
1,000,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2011 |
Ravenel Elementary School |
Students' and parents' names and Medicaid numbers on stolen thumb drive |
15 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 02, 2011 |
Wake Forest University Baptist Medical Center |
Boxes of patients' records with PHI & PII found in employee's home and storage locations |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 02, 2011 |
Royal Bolton Hospital, UK |
Patients' records containing PII & PHI were found in a dumpster at McDonald's |
19 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 01, 2011 |
Center for Arthritis and Rheumatic Diseases |
Patients' protected health information was on stolen documents |
8,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 01, 2011 |
Union Security Insurance Company |
Members notified of "Unauthorized Access/Disclosure" of protected health information |
850 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 01, 2011 |
Moorgate Primary Care, Prestwich Primary Care, NHS Bury Trust, Direct Assist, UK |
Nurse provided accident victims' contact information to employee of personal injury firm |
189 |
UK Data Protection Act & EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 01, 2011 |
LibriVox |
Entire database acquired by hacker, including private emails |
26,677 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 27, 2011 |
Tax Matters, Inc. |
Clients' PII and financial information discarded unshredded in dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 27, 2011 |
Provena Covenant Medical Center |
Employee stole and misused patients' and co-workers' information |
100 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 27, 2011 |
Spartanburg Regional Medical Center |
Patients' PII and medical billing codes on laptop stolen from employee's car. |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 27, 2011 |
San Juan Unified School District |
Employees' PII exposed on web |
4,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 27, 2011 |
Loyola University Medical Center |
Stolen flash drive contained transplant patients' PII |
100 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 27, 2011 |
LA Boxing |
Customer records containing PII, CCNs, and bank account numbers left in dumpster |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 27, 2011 |
Asperger’s Children and Carers Together, UK |
Medication information as well as children’s PII on laptop stolen from employee's home |
80 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 25, 2011 |
Bank of America |
Employee leaked customers' PII and account details to others who used them fraudulently |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 24, 2011 |
Memphis City Schools |
PII of students possibly hacked and used in tax return fraud by 2 women |
350 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 24, 2011 |
Sony Ericsson Mobile Communications AB |
Email addresses, passwords and names of users acquired and exposed by hackers |
2,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 23, 2011 |
Eagle Ridge Resort & Spa |
Guests' CCNs, expiration dates, and security codes may have been accessed by hacker |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 23, 2011 |
Global Financial Aid Services |
Students' PII, account numbers on unencrypted laptop stolen at convention |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 23, 2011 |
Sony BMG Greece |
Usernames, email addresses, phone numbers and password hashes acquired by hacker |
8,500 |
Law 2472/1997 on the Protection of Individuals with regard to the Processing of Personal Data
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 20, 2011 |
Transpro, HarborOne Credit Union |
Credit union customers' PII and account numbers were on checks in stolen courier's bag |
800 |
California SB-1386 & other State derivatives, GLBA |
A.10.8.3 - Physical media in transit |
| May 19, 2011 |
Leading Investment & Securities Co. |
Customers' PII acquired by hacker in extortion attempt |
12,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 18, 2011 |
National Business Center, Securities and Exchange Commission |
Employees' SSNs and other payroll information exposed when sent via unencrypted email |
4,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| May 17, 2011 |
Unknown Organization, The Smile Center, Delta Dental of Minnesota |
Patients' PII and limited dental claims data on stolen laptop |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 17, 2011 |
Regions Bank |
PIIs used to set up 184 bank accounts for fraudulent purposes by insider |
149 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 17, 2011 |
Massachusetts Department of Workforce Development |
PII and some employer bank account information may have been transmitted after 1,500 computers were infected with a computer virus |
210,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 16, 2011 |
Dr. Burnham & Associates Medical Clinic, Central Alberta Pain & Rehabilitation Institute (Alberta Health Services) |
Patients' PII, health care numbers and prescription information were on a drive stolen from clinic |
1,000 |
Canada PIPEDA & PIPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| May 14, 2011 |
Chartered Institute of Public Relations, UK |
‘Hard copy’ applications including PII and potential payment information lost on public transport |
30 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 13, 2011 |
Anthem Blue Cross of California |
SSNs of Medicare Supplement members exposed in envelope windows |
37,900 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 13, 2011 |
Square Enix, Japan |
PII of customers plus CVs of job applicants downloaded by hackers |
25,000 |
Japan Privacy Act |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 12, 2011 |
Dominos Pizza, KB Pizza |
Hundreds of employee files containing SSNs, driver’s license numbers and copies of birth certificates found in dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 12, 2011 |
Honda Canada |
Customers' PII and some internal Financial Services Account numbers accessed by hacker |
280,000 |
Canada PIPEDA & PIPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 10, 2011 |
Indiana Regional Medical Center |
Names and some medical information on patients taken by an employee as part of a legal dispute |
1,368 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 10, 2011 |
Unknown Organization, Dunes Family Health Care |
External drive stolen from office contained patients' PII & PHI |
16,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| May 09, 2011 |
Reid Hospital |
Laptop stolen from employee's home contained patients' names and Social Security numbers or Medicare numbers |
22,001 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 09, 2011 |
Unknown Organization, Assurant Employee Benefits |
Customers' names, addresses, dates of birth and SSNs exposed to another Assurant client |
1,007 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 08, 2011 |
Huntington National Bank |
Ex-employees sued for allegedly downloading and taking mortgage loan customers' PII including bank account numbers |
2,000 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 07, 2011 |
Jeffry Barnes, DDS |
Records with names, SSNs, prescription records and medical history found in recycling center |
60 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 05, 2011 |
Park Avenue Obstetrics & Gynecology, PC |
PHI of patients on stolen device |
635 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 05, 2011 |
Methodist Charlton Medical Center |
Palliative care patients' PII & PHI on laptop from office |
1,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| May 05, 2011 |
Central Oregon Community College |
Students' email addresses and ID numbers hacked |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 05, 2011 |
Lockerman Family Chiropractic |
Doctor misused patient information to open lines of credit |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 04, 2011 |
Michaels Stores, Inc. |
PIN pad tampering at stores results in dozens of cases of card fraud |
|
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 04, 2011 |
Victorian Institute of Forensic Medicine |
Forensic technician leaked autopsy reports and photographs of victims' remains to pub mates |
77 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 04, 2011 |
Baker Moving and Storage, Rodney Johnson |
20 boxes of documents containing personal, financial, and medical information fell off truck and scattered in wind |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| May 03, 2011 |
Speare Memorial Hospital |
Patients' PII & PHI on laptop stolen from employee vehicle |
5,994 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 03, 2011 |
FIS |
Prepaid accounts at risk and 3 individual cardholders’ information may have been disclosed |
7,170 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 02, 2011 |
Woman To Woman Healthcare |
Employee stole patient identity information for fraudulent purposes |
26 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 02, 2011 |
Sony Online Entertainment, Sony Corporation |
Customer PII including credit or debit card numbers and expiration dates including bank account numbers accessed by hacker |
24,600,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 02, 2011 |
X Factor |
Applicants' names, dates of birth, email addresses, zip code, phone numbers accessed |
250,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 01, 2011 |
Edalji & Komer MD |
Patients had PHI on stolen laptop |
563 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 01, 2011 |
Keith & Fisher, DDS, PA |
Patients notified of security breach involving PHI following hack |
6,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 29, 2011 |
Brian J. Daniels, D.D.S, PC, Paul R. Daniels, D.D.S., PC |
Stolen portable device contained PHI on patients |
10,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 29, 2011 |
Trinity College Dublin, Ireland |
Student & staff PII exposed on intranet |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 28, 2011 |
UNESCO, France |
Job applications including employment and salary history accesible on the web by url manipulation |
Thousands |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 28, 2011 |
Seattle Public Schools, Ballard High School, Ingraham High School, Chief Sealth |
Teacher login passwords stolen, grades changed at three high schools |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 28, 2011 |
United States Department of Defense |
PII and medical PHI of Guantanamo detainees revealed in data dump by Wikileaks |
1,367 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 27, 2011 |
Dslreports.com |
Email addresses and passwords compromised due to SQL injection attack |
8,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 27, 2011 |
New York Yankees |
Season ticket holders had their PII exposed in an email attachment |
17,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| April 26, 2011 |
Sony Corporation |
PII with purchase history and possibly credit cards compromised |
77,000,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 18, 2011 |
Eastern Illinois University |
Employee records with incompletely shredded names and Social Security Numbers dumped by side of road |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 18, 2011 |
European Space Agency (ESA), France |
Website hacked |
Unknown |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 23, 2011 |
The Texas State Comptroller's office |
PII inadvertently posted on a publicly accessible Web site for nearly a year |
3,200,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 22, 2011 |
U.S. District Court - Middle District of Alabama |
Confidential information from sealed court files, including PII was publicly accessible in PACER case entries online |
40 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 22, 2011 |
Schield Family Companies, Peachtree Doors and Windows Inc., Weather Shield, Vetter, Crestline |
Employees notified that their PII may have been acquired |
12,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 21, 2011 |
Qdoba Mexican Grill |
Customers' CCNs acquired and misused possibly by hackers |
18 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 21, 2011 |
Freehold Community School |
Students' PII on laptop stolen from car |
90 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 21, 2011 |
Company One |
Customers' credit card numbers stolen by hackers |
359,661 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 20, 2011 |
Netflix, Inc. |
Call center employee accessed customers' names and credit card information without authorization |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 20, 2011 |
Blockbuster Video |
Employee and applicants' records containing names, contact details, Social Security and personnel matters found discarded |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 18, 2011 |
Middlesex London Health Unit, H.A. Leeper Speech and Hearing Clinic, University of Western Ontario - Elborn College |
Memory stick containing PII & PHI of kids seen at speech and hearing clinic missing |
4,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 18, 2011 |
ABM Industries |
Names and Social Security numbers of current and former employees on stolen computer |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 18, 2011 |
Southwest Ambulance |
Employee took patient records with names, financial and medical information for training purposes |
581 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 18, 2011 |
Ashampoo |
Hackers gained access to its customer database |
14,000,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 18, 2011 |
Brighton and Sussex University Hospitals NHS Trust , University College London Hospitals NHS Foundation Trust, University College London Hospitals, UK |
Unencrypted flash drive with 750 patients' urology images and diagnoses left in a computer |
750 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 14, 2011 |
Edmonton Public School Board, Canada |
Flash drive with 7,000 employee resumes and personnel information lost by technician |
7,000 |
Canada PIPA & PIPEDA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 13, 2011 |
Marsh U.S. Consumer, IEEE |
Mailing error exposed members' names and life insurance member numbers to others |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| April 13, 2011 |
Moises M. Soulas Jr, M.D. |
Patient files stolen from doctor's garage contained personal and medical information |
100 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 13, 2011 |
Fairview Health Services, Fairview Southdale Hospital |
Box with patients' insurance billing records, including PII and diagnoses lost prior to or during move |
1,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| April 13, 2011 |
AllianceBernstein Holding LP |
Employee downloaded client files and transactions before resigning |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 13, 2011 |
Albright College |
PII of alumni, students, applicants and family members on two computers stolen from office |
10,000 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 12, 2011 |
UMass Memorial Healthcare |
Configuration error exposes employees' pay stub data and bank account numbers to other employees |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 12, 2011 |
Lancaster County School District |
Students' and employees' PII including DOB and SSNs, may have been acquired by hacker |
27,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 12, 2011 |
Infogroup |
Customer credit card payment transactions may have been compromised by virus |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 11, 2011 |
Andrew J. Ranucci, DMD, PC |
PII & PHI discarded without shredding |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 11, 2011 |
Unknown Organization, NHS Liverpool Community Health, UK |
Medical histories of children and birth mothers lost during office move |
31 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| April 11, 2011 |
National University of Ireland, Galway (NUI Galway), Ireland |
Student mobile phone numbers, ID numbers and email addresses accessed by hacker |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 11, 2011 |
Texas Comptroller of Public Accounts |
Teachers' and employees' Social Security numbers and other personal information exposed on the Internet |
3,500,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 11, 2011 |
Devon County Council, UK |
Names of special needs students exposed online |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 11, 2011 |
Hyundai Capital, South Korea |
Unprecedented systematic accessing of customer financial information by hackers |
420,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 09, 2011 |
Phoenix Ireland, Scottish Provident Ireland |
Customers' and applicants' names, addresses and bank account details on lost tape |
50,000 |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| April 08, 2011 |
Rojone Pty Ltd. |
Database of 629 Government Customer Credit Cards stolen |
629 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 08, 2011 |
Aiken County Veteran's Affairs, Charlie Norwood VA Medical Center |
Medical center appointment lists with names, dates of birth, and Social Security numbers were discarded without shredding |
2,717 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 08, 2011 |
The Children's Hospital of Philadelphia, Family Planning Council, Planned Parenthood Southeastern Pennsylvania, Planned Parenthood Association of Bucks County, Spectrum Health Services Inc., Public Health Management Corporation |
Patients' personal insurance and PHI on stolen thumb drive |
70,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 07, 2011 |
Unknown Organization, Merlin Information Services |
Compromised customer login used to access names, addresses, phone numbers and Social Security numbers |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 07, 2011 |
Godalming College, UK |
Email error exposed students' learning and sensitive medical details to student group |
328 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| April 07, 2011 |
Broward County School District, Linda Green, M.D., Linda Groene, M.D. |
Employees stole and sold personal information of patients and teachers as part of ID theft ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 06, 2011 |
The Hartford insurance company |
Hacked |
300 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 05, 2011 |
US Airways |
Employee accessed and transferred confidential database containing pilots' PII |
3,000 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 01, 2011 |
Belfast Trust, Belvoir Park |
Patients' x-rays files vandalized after being left behind during relocation |
20,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| April 01, 2011 |
GoGrid LLC |
Customers' names, addresses, credit card numbers and card expiration dates viewable by intruder |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 01, 2011 |
Warrington Hospital , Warrington and Halton Hospitals NHS, UK |
Stolen laptop used for audiological diagnostic purposes contained 110 patients PII & PHI |
110 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 01, 2011 |
Epsilon |
Names and e-mail addresses may have fallen into the wrong hands after someone broke into computer systems |
Millions |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 24, 2011 |
BP |
Lost laptop contains PII gulf oil spill claimants |
13,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 23, 2011 |
InfoSpherix, Maine Department of Conservation (Bureau of Parks and Lands) |
CCNs and expiration dates accessed after malware infection of online site to purchase park passes |
970 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 23, 2011 |
Spectrum Housing |
Employees' PII sent to member of the public in error |
200 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| March 22, 2011 |
Texas Education Agency, Laredo Independent School District, University of Texas at Dallas (Education Research Center) |
Disk with students' records with SSNs missing after arrival at state office building |
24,903 |
California SB-1386 & other State derivatives, FERPA |
A.10.8.3 - Physical media in transit |
| March 17, 2011 |
City of Cleveland Council |
Completed job applications for municipal judge containing PII were found in a dumpster |
10 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| March 16, 2011 |
Nation's Giant Hamburgers |
Credit cards and identities stolen due to credit card machines being compromised |
200 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 16, 2011 |
Walnut Township School District |
Administrators, teachers and school staff payroll files hacked |
80 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 14, 2011 |
University of York |
Students' PII exposed on the Internet without login required |
17,094 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 11, 2011 |
Virginia Polytechnic Institute and State University |
Employees' SSNs and financial info sent overseas by Zeus virus |
370 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 10, 2011 |
Ortho Montana, PSC |
Missing laptop contained patients' personal and protected health information |
37,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 10, 2011 |
TD Bank |
Employee arrested for selling customer bank account numbers |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 10, 2011 |
University of Massachusetts at Amherst (UMASS) |
Patient’s names, health insurer names, medical record numbers and on infected server |
942 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 09, 2011 |
Midlands Technical College |
Flash drive containing personal information taken from a human resources office |
500 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 09, 2011 |
Eastern Michigan University |
Students' PII misused by student employees in a tax refund scheme |
64 |
California SB-1386 & other State derivatives, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 08, 2011 |
Western Michigan University |
Backup hard drive containing faculty and student PII gone missing |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 05, 2011 |
Blue Cross Blue Shield Florida |
Explanation of benefits forms mailed to members' former addresses |
7,400 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| March 04, 2011 |
Ambassador Hotel Group |
Hotel guests’ names, dates of birth, mobile numbers, and other information indexed by Google |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 04, 2011 |
Alaska Department of Education and Early Development |
Students PII and other information missing on stolen computer hard drive |
89,519 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 04, 2011 |
University of South Carolina - Sumter |
Personal details, including SSN, exposed on Internet |
31,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 03, 2011 |
Missouri State University |
College of Education students had names and SSN indexed by Google |
6,030 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 24, 2011 |
Henry Ford Health System |
Flash drive with names, medical record numbers and test results lost |
2,777 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 23, 2011 |
Disability, Housing and Community Service |
PII stolen from laptop at home |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 22, 2011 |
Identity and Passport Service, UK |
Passport renewal applications lost during processing exposing PII |
21 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 22, 2011 |
Chapman University, Brandman University |
PII exposed in file placed in a nonsecure folder |
13,000 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 21, 2011 |
Plan Personnel |
PII & PHI found in parking lot. |
37 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 20, 2011 |
Emory Healthcare |
PII & PHI stolen by hackers |
2,400 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 19, 2011 |
eFinancialCareers, Dice Holdings, Inc |
Career site's database hacked exposing user's information |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 16, 2011 |
Charleston Area Medical Center's Research Institute, XForia |
PII & PHI exposed in database |
3,655 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 15, 2011 |
Day's Jewelers |
Thousands of credit cards exposed by hackers |
2,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 15, 2011 |
Lush Australia |
Website Hacked - Credit card details obtained |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 09, 2011 |
HBGary Federal |
Website Hacked - PII details obtained |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 09, 2011 |
Oregon Department of Corrections |
Employees SSNs and payroll information lost on portable thumb drive |
550 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 04, 2011 |
Medi-Cal |
SSNs and other PII emailed to personal computer |
2,400 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| January 31, 2011 |
HuskyDirect.com |
Website hacked, CCNs compromised |
18,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 29, 2011 |
University of Iowa Hospitals and Clinics |
Medical records for hospitalized football players improperly accessed |
13 |
California SB-1386 & other State derivatives, FERPA, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 19, 2011 |
South Carolina State Employee Insurance Program |
Hacked |
5,600 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 19, 2011 |
Wandsworth Council, UK |
System glitch in the register led to the unwanted disclosure of Wandsworth residents’ PII |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 19, 2011 |
Hull and East Yorkshire Hospitals NHS Trust, UK |
Lost laptop exposes PII, PHI |
1,147 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 15, 2011 |
DBS Bank |
Bank executive sells customers' confidential details to several buyers |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 14, 2011 |
Police Force, NHS trusts and Local councils in Yorkshire, UK |
Criminal records and PHI accessed inappropriately |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 13, 2011 |
St. Vincent Hospital |
PII, PHI exposed due to email hack |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 13, 2011 |
Kadlec Regional Medical Center |
Servers containing PII, PHI hacked |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 11, 2011 |
PenFed |
Laptop infected with malware compromising database containing PII, CCNs of certain members. |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 10, 2011 |
Fine Gael, IRL |
Website hacked and database downloaded including PII |
2,000 |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 08, 2011 |
Washington St. Employment Security Dept |
PII of employees stolen from employee's car |
1,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 08, 2011 |
Tulane University |
Laptop with unencrypted PII for every employee receiving a W-2 stolen from employee's car |
10,684 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 05, 2011 |
The Scottish Court Service, UK |
Documents containing sensitive personal details accidentally disposed of at a local recycling bank |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 04, 2011 |
Gary C. Spinks, DMD, PC |
PII, PHI may have been accessed by hacker |
1,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 04, 2011 |
PinnacleHealth System, Gair Medical Transcription Services |
PII, PHI exposed on web for over two years |
1,086 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 03, 2011 |
Half Hitch Tackle |
Customers report fraudulent card use following system security breach by hackers, CCNs impacted |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
|
|
ESTIMATED TOTAL (ROUGH): |
295,959,962 |
|
|
|
|
|
|
|
|
