GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2012 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
December 28, 2012 Gibson General Hospital Patients notified that their PII and/or clinical information may have been on laptop stolen from employee's home. 29,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 28, 2012 New York University (NYU) Langone Medical Center Missing USB drive contained names, dates of birth, and medical information on epilepsy patients 453 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 28, 2012 United States Army PII of employees who worked at or visited Fort Monmouth accessed by hacker 36,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 28, 2012 Kentucky Cabinet for Health and Family Services, Carewise Health, Hewlett-Packard Enterprise Services Employee fell for a telephone computer scam, resulting in unauthorized remote access of laptop and database containing SSN and health info on Medicaid patients. 1,090 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 28, 2012 East San Gabriel Valley Regional Occupational Program E-mail attachment contained students' name, date of birth, Social Security numbers, attendance and program information Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
December 28, 2012 Penn State Altoona A server that held students' SSNs was found to be infected with malware that could have exfiltrated the data 1,406 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 27, 2012 Hospice of North Idaho Hospice pays HHS $50,000 to settle charges after laptop with patients' data was stolen from employee's car in 2010 441 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 26, 2012 United States Postal Service Employee stole thousands of pieces of mail in order to obtain credit cards for fraudulent purchases Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 22, 2012 California Department of Health Care Services Medi-Cal cards which include the recipient's name, date of birth and gender were mailed to the wrong families 2,643 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 22, 2012 United States Marine Corps PII stolen by a Marine and used for fraudulent purposes 100 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 22, 2012 Capital One Bank USA Customers' card numbers acquired by skimmer Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 22, 2012 M&T Bank Customers' card numbers acquired by skimmer Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2012 Human Resources and Skills Development, Canada Lost USB key held social insurance numbers, medical records, and other information 5,000 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 21, 2012 Montana State University Failure to restore encryption on network storage device after troubleshooting it exposed student PII Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2012 Mt. Diablo Unified School District , Berkeley Unified School District Computer with current and former employees' unencrypted names, SSNs, dates of birth and addresses stolen in office burglary 18,127 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 21, 2012 Bally Technologies, Skagit Valley Casino Resort Equipment stolen from employee's home office contained casino customers' PII and bank account information Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 21, 2012 Navy Federal Credit Union Customers' card numbers skimmed Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2012 CCS Medical Employee may have accessed and disclosed PII and insurance information for tax refund fraud scheme Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 21, 2012 Omnicell, Inc., University of Michigan Health System, Sentara Healthcare, South Jersey Healthcare Patients from three hospitals notified that equipment containing their PII & PHI was on unencrypted device stolen from employee's car 68,552 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 20, 2012 Sunview Vineyards of California, Inc. Stolen laptop contained Excel spreadsheet with workers’ PII Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 19, 2012 Grand Teton Storage, The Children's Center Boxes of medical records containing PII & PHI dumped in public space, unshredded, by storage firm whose bill hadn't been paid Unknown California SB-1386 & other State derivatives, HIPAA Security, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 19, 2012 Restaurant Depot, Jetro Cash & Carry Customers' credit and debit card info exfiltrated from payment system and misused Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 19, 2012 First Data Corporation Employee obtained PII including SSNs from company database for an identity theft scheme Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 19, 2012 Bank of Prairie du Sac Card numbers and PINS of customers of other banks captured by ATM skimmer and misused Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 18, 2012 Unknown Organization, Irvine Scientific Sales Former contractor claims to have customer credit card information but won't return it or identify it Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 18, 2012 Western University of Health Sciences Students' financial aid reports containing names, Social Security numbers, and direct deposit bank account information were exposed Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 18, 2012 Unknown Organization, SunTrust Bank, First Marblehead Temporary employee at vendor stole PII of private students Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 18, 2012 Long Island Head Injury Association Former manager stole 20 clients' names and Social Security numbers for tax refund fraud scheme 20 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 17, 2012 Humana Inc Box with insureds' files containing PII & PHI lost during a move  Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
December 17, 2012 CruiseOne Login credentials to booking system acquired and misused by unauthorized individual who was able to access and decrypt credit card information Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 17, 2012 Highland Heights Police Department Former police chief used credit cards belonging to the police authority and other officers for more than $127,000 in fraudulent purchases Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 17, 2012 Devon County Council, UK Council fined £90,000 after social worker accidentally included another family's adoption panel report that had been used as a report template in mail sent to second family 22 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 17, 2012 Lifeline, UK Documents containing names of people who called for counseling found on roads and pavement Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 17, 2012 Byron Community Primary School, Australia Student records and accounts seized and held for a $5,000 ransom Unknown Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 16, 2012 Yahoo Full backup files for a Yahoo domain and full access to 12 databases exposed by a Reflected-XSS vulnerability Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 14, 2012 Valpak Former independent contractor who was indicted for mail fraud had former employees' PII in his possession Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 13, 2012 Yolo Federal Credit Union Customers' debit card numbers skimmed Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 13, 2012 Bharat Sanchar Nigam Limited, India Database user names and passwords dumped on the Internet 30 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 13, 2012 Higher Learning Child Development Center Records containing PII and medical information improperly disposed of when daycare business closed Unknown California SB-1386 & other State derivatives, HIPAA Security, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 12, 2012 Coastal Behavioral Healthcare, Inc. Patients notified after patients' names and identifying information was found in defendant's car during traffic stop 4,907 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 11, 2012 Chase Bank Three arrested for using skimmers on bank's ATM Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 10, 2012 West Pittsburgh Partnership Documents with PII were found in a box next to a dumpster near a previous office Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 09, 2012 Miami Family Medical Centre, Australia Seven years' worth of patient data encrypted by a hacker and held for ransom Unknown Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 07, 2012 Carolinas Medical Center-Randolph , Carolinas HealthCare System Patients notified after hacker obtained provider's e-mails 6,300 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 07, 2012 Pepperdine University Unencrypted PII of students, faculty and staff was on laptop stolen from an employee's car 8,300 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 07, 2012 United States Secret Service Employees' PII, medical info, bank account numbers were on two backup tapes left on a train by a contractor's employee Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 06, 2012 California Department of Health Care Services, Medi-Cal Names, SSNs and In-Home Supportive Service providers' information accidentally posted on the Internet 14,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 06, 2012 Unknown Organization, First United Bank, First Texoma National Bank Credit and debit card numbers of Durant, Oklahoma residents misused in possible skimming case Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 06, 2012 Rock Bottom Auto Sales Documents, including credit applications containing driver's license and SSNs, found in 8 trash bags alongside a road Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 06, 2012 LexisNexis Risk Solutions Technical error resulted in consumers' SSNs and driver's license numbers being included in full reports to other consumers Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 06, 2012 El Chicano Mexican Restaurant & Cantina Customers' credit and debit card numbers stolen from point of sale system and used for fraudulent purchases Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 05, 2012 Terrace View Rehabilition Center A cerified nursing assistant stole credit cards, jewelry, identification cards and other account information from multiple clients and used them for fraudulent purchases
Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 05, 2012 Eastway Tenant Parking Garage CCNs and personal information stolen from customers by using skimmers and was then used for fraudulent purchases Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 04, 2012 Louisiana State University Health System Hospital employee obtained financial information on patients' and sold this information to others to create fake checks and credit cards 416 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 04, 2012 Wichita Clinic PA Two individuals indicted for using patients' medical records to commit identity theft and tax fraud Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 03, 2012 Rosenthal Collins Group Clients' PII including passwords to web application accessed by hacker Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 03, 2012 Brigham & Women's Hospital Patients notified that their PII & PHI may have been on stolen computer 615 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 03, 2012 Robbins Eye Center Records compromised by a stolen desktop computer 1,749 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 03, 2012 James M. McGee, D.M.D., P.C. Dental patients' paper records stolen 1,306 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 03, 2012 iPromo Old customer PII including passwords and masked and plain-text credit card data accessed by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 02, 2012 Acer India Account and client credentials along with other information acquired and dumped on the Internet 15,000 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 30, 2012 Jackson Health System, Jackson North Medical Center Volunteer used smartphone to photograph patients' face sheets; the stolen informati= on was used to file fraudulent tax returns 566 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 29, 2012 Advanced Data Processing , Inc (ADPI-Intermedix) Employee stole ambulance patients' PII and provided them to tax refund fraud conspirators Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 29, 2012 Western Conne= cticut State University Student records including Social Security numbers exposed to unauthorized access = by a vulnerability for over 3 years 235,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 29, 2012 Florida Hospi= tal Tampa, Crothall Healthcare Contract worker stole patients' names and Social Security numbers to use to file fraudulent tax returns 45 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 29, 2012 St. Catherine= Medical Center Medical and employee records in defunct hospital accessible by public auction attendees & medical records found on some of the auctioned computers<= /td> Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 29, 2012 Soundental As= sociates P.C. Patients’ PII & PHI on back-up media cartridges stolen from an employees' car Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 29, 2012 Vidant Pungo = Hospital Radiology films along with PII accidentally thrown in garbage sent to local landfil= l 1,100 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 29, 2012 KIND, UK A stolen computer from a charity office contained contact information of families served by the charity Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 29, 2012 Cuyahoga Coun= ty Board of Developmental Disabilities PII compromised by being on a password protected laptop stolen from a car 613 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 28, 2012 El Centro Reg= ional Medical Center A third party hired to digitize x-rays stole the x-rays in order to extract= the silver Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 27, 2012 Anchor Bank, Stanley-Boyd School District Hackers diverted a school districts' payroll checks for employees by hacking the bank's system and accessing financial information 150 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 27, 2012 Pulaski Bank<= /td> Documents containing PII were stolen from an employees car Unknown California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 26, 2012 E.J. Phair Br= ewing Company Customers' credit card information stolen from the online payment system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 26, 2012 Pinnacle Foods Group LLC PII, credit card numbers on stolen unencrypted laptop 1,818 California SB-1386 & other State derivatives, PCI/Visa CISP A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 26, 2012 University of Arkansas for Medical Sciences A fired doctor kept copies of patients' files containing PII & PHI for = over a year after her termination for litigation purposes 1,500 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 23, 2012 Civil Service= Sports Council, UK Members' PII have been stolen from a central computer database and some used for f= raud 130,000 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 22, 2012 Nassau County= Police Department Inadequately shredded police documents found in Macy's Thanksgiving Day Parade confett= i Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 21, 2012 Oak River Ins= urance Company An employee disclosed worker compensation forms to outsiders investigating suppliers of medical services 2,700 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 21, 2012 Scripps Colle= ge Personal information on students was stolen from an employee's car 940 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 19, 2012 Casa Grande M= exican Grill Customers rep= ort card fraud after using cards at restaurant 20 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 17, 2012 Experience Li= fe International, Inc. Email addresses, user names and passwords dumped on the Internet 65 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 16, 2012 Alere Home Mo= nitoring A laptop stolen from an employees car contained PII & PHI on clients 116,506 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 16, 2012 Nationwide Mu= tual Insurance, Allied Insurance Customers' PII and address of employer acquired by hacker 1,100,000 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 16, 2012 RxAmerica (CVS Caremark) An unencrypted laptop computer was stolen from the covered entity’s unlocked testing office contained pharmacy patients' files 955 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 16, 2012 Continuum Home Infusion, University of Virginia Medical Center A missing Palm handheld device may contain names, addresses, Social Security numbers, and medical information on clients 1,846 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 16, 2012 CHRISTUS St. = John Hospital A missing unencrypted flash drive contained PII & PHI on an unspecified number of patients Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 16, 2012 Quanterion So= lutions, Inc., Surgical Associates of Utica, PC Records compr= omised by stolen network server 1,017 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 16, 2012 First Step Counseling, Inc. Files comprom= ised by unauthorized access/disclosure 638 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 15, 2012 Landmark Medi= cal Center Laptop stolen from Landmark Medical Center contained some patient information but not medical or Social Security numbers Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 15, 2012 Sourcefire, Inc. Employees’ Social Security numbers on stolen password-protected laptop Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 15, 2012 University of= New South Wales Canberra, Australia Student PII dumped on the Internet 22,562 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 15, 2012 VyStar Credit= Union, Citibank Citibank customers' info stolen by employee 185 California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 14, 2012 Alabama Administrative Office of Courts, CyberBest Technology Inc. Two employees indicted for stealing programming code for Namemaster database = and hundreds of thousands of court records Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 13, 2012 Sprechman &am= p; Associates Former employee may have viewed consumers' PII Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 13, 2012 Adobe Systems= , Inc. Users of Connectusers.com forum had PII including MD5 hashed passwords acquired= and dumped on Internet 150,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 13, 2012 NASA PII of NASA employees, contractors and others on stolen unencrypted password protected laptop 10,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 13, 2012 Chicago Board= of Election Commissioners PII for applicants for board jobs exposed on the Internet, but dispute over another 1.7 million voters' data 1,700,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 13, 2012 Johns Hopkins Hospital, Highlandtown Community Health Center Employees stole patient and physician data for use in a fraud conspiracy Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 11, 2012 spcaLA PII dumped on the Internet 21 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 11, 2012 Amazon PII including credit card numbers dumped on the Internet (DISPUTED) 622 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 09, 2012 HSBC Holdings= plc, UK UK clients' names, addresses and account balances on a list handed over to t= ax authorities by a whistleblower 4,388 UK Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 08, 2012 Organizing for America Hundreds of voters' personal information piled on street corner in plain sight Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 08, 2012 Twitter, Inc.= User credenti= als compromised by a third party tool Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 07, 2012 Pizza Hut Inc, Australia Customers' contact information including names and email addresses compromised by unauthorized access 60,000 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 06, 2012 National Weather Service User names du= mped on the Internet 44 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 06, 2012 University of Colorado Health at Memorial Hospital Laboratory reports containing a certain amount of health information for patients discovered missing. 6,400 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 06, 2012 GoTickets, In= c. Names and cre= dit card numbers acquired in hack Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 06, 2012 Dodo Power & Gas, Australia Script problem + URL manipulation exposed customer names, addresses, power usage details and account numbers 500 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 06, 2012 Alexander J. Tikhtman, M.D., Baptist Neurology Consultants Patients had information on a lost device 2,376 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 06, 2012 United Kingdom Ministry of Defence Passwords, email addresses and user names dumped on the Internet 3,485 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 06, 2012 The Asian Ban= ker User names, MD5 encrypted passwords and other PII dumped on the Internet 3,597 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 05, 2012 Women & Infants Hospital Patients' names, ultrasound images, dates of birth and in some cases Social Security numbers on missing backup tapes 14,004 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
November 05, 2012 Telecom Itali= a User credentials including Social Security numbers and passwords compromised a= nd partially exposed on the Internet 30,000 Italian Privacy Law & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 05, 2012 Salinas Valle= y State Prison A database containing staff PII was exposed to all staff members through the intranet server Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 02, 2012 Illinois Depa= rtment of Healthcare and Family Services Residents' names, Social Security numbers, Medicaid recipient numbers and dates of b= irth in stolen briefcase 508 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 02, 2012 Cornell Unive= rsity Names and Social Security numbers exposed in public server file 2,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 01, 2012 Solent NHS Tr= ust, UK A folder containing confidential patient information was left at a market s= tall Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 01, 2012 Cypress Cove Apartments Boxes of leasing agreements containing PII found discarded outside of complex's storage units Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 31, 2012 Mastercard, F= irst Niagara Financial Group Debit card numbers compromised by a security breach in the merchant network Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 29, 2012 Kaiser Perman= ente Patients' information including names and Social Security numbers mistakenly emaile= d to an unintended recipient Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 28, 2012 Oil City Hosp= itality Group, Canada Past and present employee's PII including Social Security numbers, dates of bi= rth and addresses on stolen USB drive 2,000 Canada PIPA &= amp; PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 28, 2012 Olympic Healt= hcare, Inc. Employee stole insured's information for tax refund fraud scheme 32 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 27, 2012 Hillsborough = Area Regional Transit Authority Employees' Social Security numbers and bank information may have been compromised by= an IT systems employee Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 26, 2012 South Carolina Department of Revenue SSNs and credit card numbers with businesses tax information in hacked databas= e 4,457,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 26, 2012 U.S. Departme= nt of State Employee accessed database to obtain PII on those whose credit cards had been stol= en by a co-conspirator. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 25, 2012 Merrimack Cou= nty Savings Bank Names, user names, encrypted passwords and their salts dumped on the Internet 11 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 25, 2012 Waipahu Aloha Clubhouse, Hawaii Department of Health Members' PII on hacked computer 600 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 25, 2012 Duquesne Ligh= t Employee "mishandled" 20,000 customers' names, addresses, Social Security numbers and, in some cases, credit and debit card numbers 20,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 24, 2012 Loyola Univer= sity Faculty and staff's PII and contributions to their retirement accounts were disca= rded instead of shredded Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 24, 2012  Philip = P. Corneliuson, D.D.S., Inc. Medical records and insurance information, including Social Security numbers, on a stolen computer Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 24, 2012 Aultman Health Foundation, Aultman Hospital The gift shops customers' credit card and debit card numbers were compromised= by hack Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 24, 2012 L.A. Care Hea= lth Plan Mailing error exposed members' name, member ID number, and date of birth to other members Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 24, 2012 Vermont State Employees Credit Union Members PII and transaction records were on unencrypted computer tapes that were thrown into a landfill by human error Unknown California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 24, 2012 Barnes & = Noble, Inc. PIN pads replaced at 63 stores to steal card info Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 23, 2012 Delta School District, Canada Students’ PII & PHI exposed due to programming error Unknown Canada PIPA &= amp; PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 21, 2012 Dorsey Alston= LLC Documents containing tax ID numbers and copies of personal checks with bank account numbers on them found in dumpster
Unknown California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 20, 2012 Monsour Medic= al Center Patient records, doctors’ personnel files, and medical student evaluations all fo= und in hospital abandoned six years ago Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 19, 2012 Advance Auto = Parts, Inc. Customers' credit card numbers compromised by skimming at two locations 500 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 18, 2012 Network Housi= ng Group, UK Members of staff received an email attachment disclosing employees' PII. Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 18, 2012 Blount Memori= al Hospital Patients' PII on laptop stolen from an employee's home 27,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 17, 2012 Valley Plastic Surgery, P.C Patients' information was on a stolen portable electronic device 4,873 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 17, 2012 Colon & D= igestive Health Specialists, Ecco Health, LLC Patients' medical PII & PHI on a missing USB drive 5,713 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 16, 2012 Southern Environmental Law Center PHI and credit card information including addresses, phone numbers and client files compromised by unauthorized access Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 16, 2012 University of= Georgia Current and former employees' names, SSNs and other sensitive data was compromise= d by unauthorized server access 8,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 14, 2012 Preston Unive= rsity Email addresses and 78 passwords (3 encrypted) dumped on the Internet 736 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 13, 2012 TD Bank, N.A.= Clients' personal information, account information and Social Security numbers on = lost unencrypted backup data tapes 267,000 California SB-1386 & other State derivatives, GLBA A.10.8.3 - Physical media in transit
October 13, 2012 City of Burli= ngton, Bank of America Employee direct deposit and customer autopay data stolen as well as $480,000 from city's bank account Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 12, 2012 Dronet, Italy= Encrypted passwords and 16 user names dumped on the Internet 43 Italian Privacy Law & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 12, 2012 AutoCarry Documents containing personal information including addresses and credit card numbe= rs stolen during burglary 100 California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 11, 2012 Little Caesars Enterprises Inc. Customers' credit card numbers compromised by malicious software affecting online payment processing system 250 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 10, 2012 Litton & Giddings Radiological Associates, P.C., PST Services, Inc. Patients' PII & PHI on improperly disposed documents 13,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 8, 2012 Northwest Flo= rida State College Student PII, employee bank account routing and account numbers compromised by computer system breach 279,000 California SB-1386 & other State derivatives, FERPA, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 4, 2012 Calgary Board= of Education, Canada Partial credit card numbers, other PII was published accidentally on the website<= /td> Unknown Canada PIPA &= amp; PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 3, 2012 Enfield Counc= il, UK Dozens of social service documents with sensitive personal information left behi= nd in abandoned civic centre Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 2, 2012 Broadway Boul= evard, UK Files containing job applicants' PII with a photocopied photograph were found behind the building Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 2, 2012 Nemacolin Woo= dlands Resort Credit Card numbers, expiration dates and CSC numbers compromised by a breached point of sale system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 2, 2012 Town of Chapel Hill Insurance forms including PHI & PII accidentally attached Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 1, 2012 Transportation Investment Corporation, Kelly Temporary Services, Canada Drivers signing up for stickers to use the Port Mann Bridge had their payment information stolen by an employee hired under a false identity 350 Canada PIPA &= amp; PIPEDA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 1, 2012 Sierra Plastic Surgery Patients' information compromised by unauthorized access of a network server 800 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 Case Western = Reserve University Users' PII dumped on the Internet 270 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 University of= Arizona Names, user names and passwords dumped on the Internet 101 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 Ohio State Un= iversity Names, addresses, phone numbers, email addresses and passwords dumped on the Internet 637 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 University of= Rome PII  dumped on the Internet 695 Italian Privacy Law & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 Assiom Forex,= Italy Email addresses, passwords and user names dumped on the Internet 94 Italian Privacy Law & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 University of Michigan PII dumped on the Internet
7,982 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 Johns Hopkins University PII dumped on the Internet 8,708 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 1, 2012 Stanford Univ= ersity PII dumped on the Internet 370 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 28, 2012 United States Army, BrightLine Social Security numbers of decorated soldiers in a database publicly posted online 31 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 28, 2012 University of Chicago Social Security numbers belonging to employees printed on the outside of postcards mailed to employees 9,100 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 27, 2012 Apollo Elementary School Teachers names, addresses, birthdates and Social Security numbers on paperwork were found in suitcase in motel  90 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 27, 2012 Medical Solutions Management, Inc. Patients' records stolen and used for Medicare fraud by company owner 1,000 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 26, 2012 American Heart Association, Inc (AHA) Password protected laptops containing personal information of local donors stolen from office Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 25, 2012 City Of Tulsa PII belonging to those who reported a crime or submitted an employment application were compromised by unauthorized server access Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 24, 2012 University of Technology, Sydney, Australia Database containing staff names, email addresses, user names and passwords dumped on the Internet Unknown Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 24, 2012 University of California, Santa Barbara Names, phone numbers, email addresses, user names, passwords and pin numbers dumped on the Internet 11 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 23, 2012 Crossfire Elite, Inc User names with encrypted passwords dumped on the Internet 192 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 23, 2012 Windham Town Hall Personal and confidential information about town employees, including SSNs and bank account numbers on stolen password protected laptop Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 22, 2012 Kus Demos, India PII with encrypted passwords dumped on the Internet 26 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 21, 2012 Transcend Capital Clients’ PII and cash positions compromised by unauthorized server access 236 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 21, 2012 Inderjith Swarnalatha MD Patient information on stolen laptop Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 20, 2012 Lana Medical Care Patients records affected by stolen laptop 500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 20, 2012 University of Miami Health System Records affected by unauthorized access to documents to other employees 64,846 California SB-1386 & other State derivatives, HIPAA Security "A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 19, 2012 United States Navy PII including security questions with answers of current and former personnel were dumped on the Internet 200,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 17, 2012 St. Therese Medical Group Patients’ & Providers PII, PHI and account balances on stolen laptop Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 17, 2012 Northstar Healthcare Patients' names, email addresses and HIV/AIDS statuses exposed in an email by not using the BCC field 170 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 14, 2012 Feinstein Institute for Medical Research PII & PHI relating to the potential participation in a research study on stolen password protected laptop 13,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 14, 2012 Six Pack Charlies Credit card numbers stolen from web-based credit card system 200 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 14, 2012 Charlote Clark-Neitzel, MD Records affected by a stolen laptop 942 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 14, 2012 British Columbia Ministry of Health, University of Victoria, University of British Columbia, Canada Improper use of personal health data for university research Unknown Canada PIPA & PIPEDA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 13, 2012 Alabama Department of Corrections Inmates personal information stolen by a state employee and used for identity theft Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 13, 2012 Ankur Civic Centre, India Computers containing tax payer data stolen 6 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 13, 2012 University of New Mexico Cancer Center Names, addresses, telephone numbers, dates of birth and Social Security numbers compromised 2,365 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 12, 2012 Sheffield City Council, UK Documents containing patients' PII as well as medical records and care plans found in the street 3 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 12, 2012 Lucille Hendricks Elementary Students' names, SSNs, dates of birth, addresses and telephone numbers found on folders in a dumpster 20 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 11, 2012 Tricounty Behavioral Health Clinic Records affected by stolen laptop 4,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 11, 2012 Scottish Borders Council, UK Files containing confidential information including salary and bank account details found in recycling bin 676 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 10, 2012 Janmar Lighting, Inc. Passwords, user names and email addresses dumped on the Internet 1,240 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 09, 2012 Dominos Pizza, India Names, phone numbers, email addresses, passwords and addresses dumped on the Internet 37,187 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 07, 2012 Mcxchakraa, India Email addresses, user names and passwords dumped on the Internet 443 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 07, 2012 University of Miami Health System PII, insurance policy numbers, reasons for visits stolen by two employees and possibly sold 760,000 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 06, 2012 Cumberland County Sheriff’s Office 180 arrestee Social Security numbers accidentally distributed to public and media outlets 180 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 06, 2012 Association of Irish Festival Events, Ireland Email addresses and passwords (2 admin) dumped on the Internet 285 Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 06, 2012 Weigel Broadcasting Co. Names, email addresses and passwords dumped on the Internet 997 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 05, 2012 IEEE User names and passwords publicly available on FTP server 100,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 05, 2012 PMorgan Chase, Tiffany & Co. Tiffany & Co. employees' PII and banking account information exposed by unauthorized access to JPMorgan Chase Bank’s servers Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 05, 2012 Cat100, India Email addresses, phone numbers and passwords dumped on the Internet 2,173 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 04, 2012 Bitfloor Inc. $250,000 worth of BitCoins were stolen with private encryption keys from an unencrypted backup 24,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 04, 2012 Churchill Downs Incorporated Account holders names, email addresses, dates of birth and hashed Social Security numbers compromised Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 04, 2012 Brown University Email addresses and MD5 encrypted passwords dumped on the Internet 379 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 01, 2012 Faulkner Chiropractic and Acupuncture Patients' information used to open separate lines of credit totaling to $210, 800 48 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 31, 2012 Temple Community Hospital Names, patients' hospital account numbers, CT scans and the reason for the scans on stolen computer 600 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 28, 2012 Arizona Oncology Patients' information stolen and used for identity theft 15 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 13, 2012 Stanford University Medical Center Patients' medical and personal data including Social Security numbers on stolen desktop computer 2,603 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 31, 2012 Hand2Hand Recruitment Services Ltd, UK Email addresses, names, passwords, addresses, phone numbers dumped on the Internet 67 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 30, 2012 Harris County Hospital District PII & PHI stolen by former employee 3,000 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 30, 2012 Police.uk, UK User names, email addresses, IP addresses, phone numbers, names and passwords dumped on the Internet 1,293 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 28, 2012 Cancer Care Group PII & PHI on a stolen laptop 55,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 23, 2012 Mutual Enterprises LLP User names and passwords (1 encrypted) dumped on the Internet 47 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 19, 2012 Advanced Micro Devices, Inc. (AMD) Blog users' details (usernames, PHPass-hashed passwords, e-mail addresses) disclosed online 189 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 18, 2012 The Production Managers Association User names and passwords (1 admin) with email addresses dumped on the Internet 187 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 17, 2012 University of Texas MD Anderson Cancer Center Patient PII & PHI on lost unencrypted USB Drive 2,200 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 15, 2012 Access Group Solutions, Australia E-mail addresses and passwords dumped on the Internet 46 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 14, 2012 The National Council of Investigation and Security Services Admin names, email addresses and passwords dumped on the Internet 253 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 13, 2012 Walgreen Co. Records compromised by stolen papers 1,240 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 13, 2012 Choices, Inc., Midtown Mental Health Center Patients affected by hacking incident 890 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 13, 2012 Kindred Healthcare Inc. PII, PHI and bank account information on backup tapes in stolen safe 1,504 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 13, 2012 NYU School of Medicine Faculty Group Practice Patients affected by stolen desktop computer 8,488 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 13, 2012 Dr. Jeffery Paul Edelstein, MD.,LTD. Patients affected by stolen network server 4,800 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 13, 2012 Choices, Inc., Diversified Support Services Patients affecting by hacking incident 505 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 13, 2012 Ripefruit, Australia User names and passwords (20 encrypted) with email addresses dumped on the Internet 26 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2012 Blizzard Entertainment Unknown number of PII, passwords and other authentification information compromised by unauthorized internal network access Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 05, 2012 Secretaría del Medio Ambiente del Distrito Federal User names and passwords (1 admin) with names, email addresses and phone numbers dumped on the Internet 24 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 03, 2012 General Motors Names and Social Security numbers taken by a retiring employee 883 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 03, 2012 Pamlico Medical Equipment, LLC PII, PHI and billing information on lost USB drive 2,917 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 01, 2012 Western Health Patients personal information accessed by an employee 1,034 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 01, 2012 Hartford Hospital PII & PHI on stolen unencrypted laptop 9,558 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 01, 2012 Facebook Inc. Email addresses and passwords dumped on the Internet 3,093 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 01, 2012 Queens College Admin user names and SHA1 encrypted passwords (1 decrypted) with email addresses dumped on the Internet 15 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 01, 2012 Marquette University Names, addresses, email addresses and passwords dumped on the Internet 15 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 01, 2012 GC Lounge, Australia Email addresses and passwords dumped on the Internet 506 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 31, 2012 Oregon Health & Science University PII & PHI on stolen USB drive 14,495 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 31, 2012 University of Alaska Anchorage Boxes of records including names, Social Security numbers and financial account numbers left in an abandoned building Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 31, 2012 Environmental Protection Agency (EPA) Social Security numbers, bank routing numbers and addresses compromised by a virus 7,800 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 30, 2012 Facebook Inc. Email addresses and passwords dumped on the Internet 23 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 27, 2012 Sharon L. Rogers, Ph.D., ABPP Patients' data on stolen laptop 585 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 26, 2012 Wisconsin Department of Revenue Social Security numbers and tax identification numbers accidentally posted on the Internet 110,795 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 25, 2012 Lancashire Gaelic Athletic Association County Board, UK User names and passwords dumped on the Internet 18 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 23, 2012 Southern Illinois Healthcare Hospital Unknown number of patient information stolen and used for identity theft Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 21, 2012 Office of the Assistant Secretary of Defense for Public Affairs IP addresses, MD5 encrypted passwords, email addresses and phone numbers, address dumped on the Internet 44 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 21, 2012 London2012Rentals.com, UK Email addresses, user names and passwords dumped on the Internet 5,101 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 20, 2012 Beth Israel Deaconess Medical Center Patients medical information and administrative employee records compromised by stolen physician's personal laptop 4,130 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 20, 2012 OregonWines.com User names and passwords (1 admin) with 1 admin name dumped on the Internet 1,313 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 20, 2012 The Surgeons of Lake County, LLC PII, credit card numbers and certain medical information compromised by an unauthorized user obtaining server access 7,067 California SB-1386 & other State derivatives, PCI/Visa CISP, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 19, 2012 OANDA Corporation PII with bank account numbers with balances and other financial information compromised Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 19, 2012 Australian Government Department of Defence PII accidentally emailed to around 400 former personnel 2,500 Australian Privacy Act 1988 A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
July 19, 2012 Net Communications PII with addresses, user names and passwords dumped on the Internet 69 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 18, 2012 Yale University Email addresses, user names and passwords dumped on the Internet 1,241 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 18, 2012 ITWallStreet.com PII and salary information dumped on the Internet 50,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 16, 2012 Patterson Dental, River Arch Dental, Hamner Square Dental PII and dental information on USB drive lost in the mail 3,645 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
July 16, 2012 New York State Comptrollers Office Social Security numbers compromised by accidental posting on the Internet 319 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 16, 2012 ASUSTeK Computer Inc. Admin user names and encrypted passwords dumped on the Internet 23 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 16, 2012 Elections Ontario, Canada Voters PIIs compromised by disappearance of two USB memory drives 2,400,000 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 15, 2012 High Tech Crime Solutions Inc. Private messages including names, phone numbers dumped on the Internet after site hacked with SQL injection 32,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 13, 2012 Nvidia User names, email addresses and hashed passwords dumped on the Internet 400,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 12, 2012 Billabong International, Australia Email addresses and passwords compromised, 1,435 dumped on the Internet 35,000 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 12, 2012 Puerta Grande Credit card numbers compromised and used for fraudulent purchases 100 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 12, 2012 Australian Department of Broadband, Communications and the Digital Economy Subscribers' user names, email addresses, memorable phrases and encrypted passwords on DVD and lost in Australian mail Unknown Australian Privacy Act 1988 A.10.8.3 - Physical media in transit
July 11, 2012 Best Buy User accounts accessed by credentials obtained elsewhere Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 11, 2012 Yahoo Email addresses and passwords dumped on the Internet 453,492 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 10, 2012 Phandroid Hashed passwords, user names, email addresses and IP addresses compromised when database accessed Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 10, 2012 Formspring Password hashes dumped on the Internet 420,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 09, 2012 Acronis Customers' email addresses compromised by a technical issue that allowed them to be indexed by a search engine Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 08, 2012 Sport Southwest, UK Email addresses, user names and passwords dumped on the Internet 28 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 06, 2012 Australia Post, AusCERT Subscribers' PII including user names, email addresses, encrypted passwords stored on DVD lost in the postal system 8,000 Australian Privacy Act 1988 A.10.8.3 - Physical media in transit
July 04, 2012 Scottish Architects, UK User names and passwords (1 admin) dumped on the Internet 18 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 04, 2012 Pathways Platform, LLC. Phone numbers, addresses, names, user names and passwords dumped on the Internet 1,514 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 03, 2012 Olympic College Credit card numbers were compromised and credit card companies have reported suspicious activity 16 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 03, 2012 Miami Northwestern Senior High School Manila folders containing student records with Social Security numbers and health information found in dumpsters Unknown California SB-1386 & other State derivatives, FERPA and HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 02, 2012 Telstra Names, addresses, dates of birth and driver's license details dumped on the Internet 734,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 27, 2012 Exxon Mobil Email addresses and encrypted passwords dumped on the Internet 317 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 25, 2012 Future Publishing Limited (TechRadar), UK Usernames, email addresses, encrypted passwords and dates of birth exposed due to hacked registration database Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 24, 2012 U.S. Commodity Futures Trading Commission Employee Social Security numbers, names and other personal information exposed due to compromised account via phishing 700 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 23, 2012 Association of Irish Festival Events, Ireland User names, email addresses and passwords dumped on the Internet 1,920 Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 23, 2012 AT&T Thousands of names, email addresses, addresses, mobile numbers dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 22, 2012 G4S, UK Email addresses and encrypted passwords dumped on the Internet 287 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2012 School of Bhagavad Gita, India PII, PHI and admin passwords dumped on the Internet 1,726 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2012 School of Bhagavad Gita, India PII & PHI including admin passwords dumped on the Internet 1,726 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2012 Paperman, India User IDs, email addresses and passwords dumped on the Internet 182 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 20, 2012 Wales Directory, UK Names, email addresses, user names and passwords dumped on the Internet 150 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 17, 2012 Kayak Customer addresses, phone numbers, email addresses and credit card expiration dates compromised due to a website search Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 16, 2012 Ultimate Home Design Email addresses with user names and passwords dumped on the Internet 454 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 15, 2012 Five Guys Credit card numbers compromised and used for transactions 1,701 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 15, 2012 Atkinson & Company, LLP, Public Employees Retirement Association of New Mexico PII, financial account numbers compromised with stolen computer 100,000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 15, 2012 Unknown Organization, Delta Dental of Illinois Social Security numbers, dates of birth as well as claims information and X-rays were lost during shipping 650 California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
June 15, 2012 California Education Alliance Mostly encrypted names, addresses, email addresses and phone numbers dumped on the Internet 81 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 15, 2012 HV Aluminium, Australia Names, email addresses and passwords dumped on the Internet 27 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2012 CustomCoD Email addresses, IP addresses, user names and encrypted passwords dumped on the Internet 150,005 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2012 Sea of Stories PII and passwords dumped on the Internet 700 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2012 Roseway Hospital, Canada Medical records inappropriately accessed by hospital employee 707 Canada PIPA & PIPEDA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 13, 2012 Rune Word Entertainment, Inc. Names, email addresses and encrypted passwords dumped on the Internet 192 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 13, 2012 Memorial Sloan-Kettering Cancer Center Patients PII compromised by Powerpoint presentation on the Internet 881 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 12, 2012 Kandula Sreenivasa Reddy Memorial College of Engineering, India User names, email addresses and passwords dumped on the Internet 455 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 12, 2012 Freedom4Travel Email addresses and passwords dumped on the Internet 340 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 12, 2012 Bethpage Federal Credit Union Consumer VISA debit card accounts including PII exposed on the Internet 86,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2012 University of North Florida Names and Social Security numbers compromised by breached database 23,246 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2012 Sikkim Manipal University Names, email addresses, user names and passwords dumped on the Internet 10 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2012 Massachusetts Institute of Technology (MIT) Email addresses and passwords dumped on the Internet 18 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2012 Clarksville-Montgomery County Schools SSNs, DOBs, school identification numbers and email passwords compromised, dumped on the Internet 110,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2012 Eugene School District 4J Student names, addresses, dates of birth and Social Security numbers compromised 16,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 11, 2012 Glasgow City Council, UK Records lost in laptop theft including names, addresses, and bank account information 37,835 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 10, 2012 U.S. Land and Home, LLC Names, addresses, phone numbers, email addresses, IP addresses, and passwords dumped on the Internet 193 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 10, 2012 Channel V India User names, email addresses and passwords dumped on the Internet 9,762 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 09, 2012 Robot Coupe USA, Inc User names and passwords, addresses and phone numbers, email addresses and names dumped on the Internet 259 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 09, 2012 Intel, Inc. Email addresses, names, passwords, phone numbers, and user names dumped on the Internet 7,959 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 08, 2012 American Students' Fund Names, email addresses, user names and passwords dumped on the Internet 20 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 08, 2012 Mitchell Branch Library Unknown number of individuals information lost on stolen laptop Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 07, 2012 As Red As User names and passwords with 34 email addresses dumped on the Internet 90 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 07, 2012 Wounded Warrior Project Admin and 14 privileged accounts, emails and passwords leaked in hack 22 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 06, 2012 Fashion Scrubs Credit card numbers, names, and addresses dumped on the Internet 29 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 06, 2012 Craft ACT: Craft and Design Centre, Australia Email addresses and encrypted passwords dumped on the Internet 803 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 06, 2012 University of Virginia Transcripts, some containing SSNs and other personal details exposed due to human error 300 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 06, 2012 LinkedIn Corporation LinkedIn password hashes acquired and published online 6,458,020 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 03, 2012 Holy Family University Administration login credentials dumped on the Internet 12 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 02, 2012 Maximus Canada, Maximus Records including names, addresses, birth dates, health information and social insurance numbers opened improperly by contractor 43 Canada PIPA & PIPEDA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 02, 2012 Service de police de la Ville de Montréal, Canada PII and transaction details dumped on the Internet with tables structure 162 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2012 Toronto Police Email addresses, phone numbers, user names and passwords dumped on the Internet 7,585 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2012 Health Council of Canada Usernames, email addresses, and passwords dumped on the Internet 116 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2012 Charlie Norwood VA Medical Center Limited protected health information of veterans on stolen laptop 824 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 01, 2012 Masons of California Personal details including names, addresses, phone numbers, and emails dumped on the Internet 4,056 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2012 Heartland Payment Systems, Penn Station Inc. Franchises debit and credit card numbers as well as names compromised by a point-of-sale system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 01, 2012 MOAB Training International, Inc Emails, user names, and passwords dumped on the Internet 1,763 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 31, 2012 Mount Sinai Medical Center Patient IDs stolen from hospital 340 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 31, 2012 United States Navy Email addresses and passwords leaked in data dump 36 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 31, 2012 Formula One, Canada Email addresses, names, and phone numbers leaked after Anonymous hack 131 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 31, 2012 American Advertising Federation Members' names, e-mail addresses and contact details dumped on the Internet 555 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 30, 2012 Nigerian Society of Chemical Engineers Names, addresses, phone numbers, academic degrees, title or position, and dates of birth dumped on the Internet 19 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 29, 2012 Pizza GoGo PII with admin usernames dumped on the Internet 209 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 29, 2012 Ronin Concepts Security Elite Ltd, UK Email addresses, names and telephone numbers of contacts with 8 admin email addresses and logins compromised 1,260 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 29, 2012 American Pharmacists Association Email addresses, personal account information and patient records dumped on the Internet 16,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 29, 2012 Alaska Structures Unknown number of user names and passwords compromised due to website hack Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 28, 2012 Greystone Telecom, TalkTalk, UK Customer PII accidentally exposed on the Web due to server misconfiguration Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 27, 2012 GameReplays, UK Forum users' IDs, email addresses, and encrypted passwords dumped on the Internet 10,104 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 26, 2012 Gridiron Strategies Email addresses and passwords dumped on the Internet 2,109 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 26, 2012 Direct TV Email addresses, usernames (with some names), and passwords dumped on the Internet 32 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2012 LEGO Australia Children's, parents' PII and credit card numbers transmitted insecurely after SSL certificate misconfiguration following web site update 1,591 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2012 Sierra County Email addresses and passwords (some decrypted) dumped on the Internet 15 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2012 Endicott Auxiliary Police, Owego Police Department Login names with plain-text passwords acquired; only a few dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2012 T&M Protection Resources Usernames and passwords dumped on the Internet 10 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2012 University of Nebraska Breach of NeSIS database that holds PII and financial aid information for current and former NU students 654,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2012 Serco Inc, Federal Retirement Thrift Investment Board Thrift Savings Plan members had their SSN and other details accessed by hacker 123,201 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 25, 2012 Duane Reade Employees at two NYC stores skimmed customers' credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 25, 2012 Phoebe Putney Memorial Hospital Former employee stole patient identity info for tax fraud scheme Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 24, 2012 ECS Tuning Customer info including credit/debit card numbers acquired by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2012 Altrec, Inc. AmEx notified company that cards used on their e-commerce site had been compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2012 Stanford University Contact/donors list with names, company, contact details and any notes dumped on the Internet 1,593 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2012 Unknown Organization, Holroyd Howe Independent Ltd, UK Employee of data processor erroneously provided a document with all employees' pay slips to a former employee Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 24, 2012 Unknown Organization, Telstra Third party server hosting BigPond Games, GameArena and Games Shop hacked 35,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2012 Sears Portrait Studio Customer information records, including last 4 digits of credit card numbers and photos found in a box in a dumpster Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 23, 2012 EMCshoppe, UK Email addresses, passwords (hashed), and IP addresses dumped on the Internet 521 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2012 U.S. Office of Personnel Management Userids and plain-text passwords dumped on the Internet 37 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2012 Aarcee, India Email addresses with plain-text passwords dumped on the Internet 156 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2012 Glade County Florida Sheriff's Department. Administration account logins plus information on prisoners dumped on the Internet 10 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2012 Physicians Automated Laboratory Patients had their PII stolen: including names, addresses, phone numbers, birth dates, and lab work. 745 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 22, 2012 Unknown Organization, WHMCS Hackers socially engineer web host to obtain firm's admin credentials; obtain 500,000 passwords and credit cards 500,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 22, 2012 University of California Los Angeles Health System Audit report containing patients' names and billing codes for ER visits exposed on the Internet Unknown California SB-1386 & other State derivatives, FERPA and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 22, 2012 Eastern Buffet Employees copied at least 30 customers' credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 21, 2012 Pembridge Palliative Care Unit, Central London Community Healthcare, UK Trust fined £90,000 for misdirected faxes containing medical and sensitive info on 59 patients 59 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 20, 2012 Comcast Email addresses and plain-text passwords with ID numbers dumped on the Internet 294 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 20, 2012 National Endowment for the Arts Names, email addresses and passwords dumped on the Internet 13 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 20, 2012 South Dakota Usernames, UIDs, plain-text passwords and email addresses dumped on the Internet 11 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 19, 2012 Iwacu Online Usernames, first names, email addresses and passwords dumped on the Internet 948 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 19, 2012 w3 Schools, India Email addresses and passwords, some with usernames, dumped on the Internet 528 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 18, 2012 University of Louisiana - Monroe Individuals' private info exposed when employee's email account was hacked 121 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 18, 2012 Reading Hospital Employee copied sensitive patient information and used it for training purposes 12 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 18, 2012 UnitedHealthcare Employee accessed PII and Medicare Health Insurance Claim Numbers Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 18, 2012 Our Lady of the Lake Regional Medical Center Laptop containing some health information for former Intensive Care Unit patients discovered missing 17,130 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 17, 2012 Africa Files Usernames, email addresses and passwords with 2 admin logins with plain-text passwords dumped on the Internet 100 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2012 Association of British Columbia Land Surveyors Names, postal and email addresses, phone numbers and passwords dumped on the Internet 444 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2012 Learning Disabilities Resource Community, Canada Names, usernames, email addresses and passwords dumped on the Internet 132 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2012 CPPS.me (Club Penguin Private Server) Usernames, email addresses and passwords dumped on the Internet 2,755 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2012 Chrome Crazy Customers' billing and shipping details, order details, type of motorcycle owned, and email addresses dumped on the Internet 219 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2012 Experian Credit reports accessed by unauthorized individual who was able to successfully authenticate Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 16, 2012 London Borough of Barnet, UK Council fined £70,000 after theft of highly sensitive papers from social worker's home 15 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 16, 2012 Priority Investigations, UK Employee usernames, email addresses and passwords dumped on the Internet 29 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 15, 2012 L-3 Communications Missing thumb drive contained info on current and former employees as well as job applicants Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 15, 2012 DJArts Names and passwords dumped on the Internet 4,586 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 15, 2012 Howard University Hospital Employee charged with selling patients' info Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 14, 2012 University of New Brunswick, Canada PII with plain-text passwords and web sites dumped on the Internet Unknown Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 14, 2012 Prosthodontic Associates Centre for Excellence PII with passwords dumped on the Internet 972 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 14, 2012 Northwest Memorial Hospital Employee charged with stealing and misusing patients' info to pay her own bills 50 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 13, 2012 University of New Mexico, US Usernames, email addresses and passwords dumped on the Internet 81 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 12, 2012 LA Fitness, Fitness 1 Old gym memberships from Fitness 1 with PII found unshredded in dumpster; membership contracts had been sold to LA Fitness Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 11, 2012 York County PII of prospective county job applicants and some vendors on server that was hacked 17,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 11, 2012 Stanford University, Harvard University, University of Massachusetts at Amherst (UMASS) Usernames, email addresses and passwords dumped on the Internet Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 11, 2012 Iowa Department of Human Services Unshredded records mistakenly returned to a fire-destroyed building were found blowing around area Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 11, 2012 Hewlett Packard, United States Postal Service, California Department of Social Services - In-Home Supportive Services Providers' SSN and wages and recipients' ID numbers data lost in damaged mailing 701,000 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
May 10, 2012 University of Maine, University of Arkansas, The University of Rochester CCNs and SSNs compromised by hackers 4,617 California SB-1386 & other State derivatives, FERPA, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 10, 2012 Solidlight Limited, Nigeria Email addresses and plain-text passwords dumped on the Internet 35 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 10, 2012 Friendping.com Passwords and email addresses dumped on the Internet 647 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 10, 2012 Express Voyage Usernames, plain-text passwords and job roles dumped on the Internet 50 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 10, 2012 Roy E. Gondo, M.D. Breach involving stolen laptop containing electronic medical records of patients 2,100 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 10, 2012 Neighborhood Christian Clinic Lost device contained data on 9,565 patients 9,565 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 09, 2012 InfoLink, ServerPronto, CloudPronto Admin, clients' PII, payment methods (card type + last 4 digits), passwords, and encrypted card numbers compromised 1,926 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 09, 2012 Elections New Brunswick CDs with registered voters' phone numbers, dates of birth and driver’s licence information given to political parties in error 553,000 Canada PIPA & PIPEDA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 09, 2012 Tarpon Springs High School Guidance counselor sent out mass e-mail to senior class with attachments containing every student's Social Security number 400 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 08, 2012 Plaxo, Inc. Third-party gained access to the company’s API connection to Google’s address book and calendar Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 08, 2012 Her Majesty’s Courts and Tribunals Service, UK Building contractor employee walked into judge's office and stole his personal mobile phone and hard drive with details on 50 cases Unknown UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 08, 2012 IntraCare North Hospital Intake coordinator misused patients' info for tax refunds fraud; had binder with info on patients 741 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 07, 2012 First Data Information about merchants was shared outside company in evaluating fraud risk effectiveness options 108,500 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 07, 2012 Crowne Plaza Columbus, Ohio Malware may have exfiltrated hotel guests' credit card information, including PII Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 07, 2012 Demon Thesis Usernames, email addresses, and MD5 passwords dumped on the Internet 203 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 06, 2012 HolidayPorch Users' email addresses and plain-text passwords dumped on the Internet 98 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 05, 2012 United States Naval Research Laboratory Names, usernames, email addresses and passwords dumped on the Internet 30 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 05, 2012 The Complete Pianist Names, passwords, and email addresses dumped on the Internet 16 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 04, 2012 Boca Ski Club Admin logins with customers' PII compromised 39 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 04, 2012 Irish Prison Service, Ireland Lists containing personal information of prison staff were found in the cell of a convicted IRA killer. 20 Irish Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 04, 2012 Kingston Council, UK Mailing error combined and exposed renters' statements  100 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 04, 2012 Emerson (Funai Corporation) Employees' names, email addresses and passwords dumped on the Internet 18 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 02, 2012 Bimbo Bakeries USA Laptop stolen from employee's car contained associates' names and Social Security numbers Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 02, 2012 Florida Department of Children and Families Child care workers notified that their info was stored online without any protection 100,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 02, 2012 Valencia Self Storage Two charged with retrieving and re-assembling shredded documents to steal bank account and routing numbers Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 02, 2012 Incorporating Services, Ltd., Rackspace Malware compromised hosted server: SSN, credit card payment info impacted Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 30, 2012 Volunteer State Community College Students, former students and faculty had PII exposed on an insecure secondary server since 2008 14,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 30, 2012 Accurate Accounting Tax Service Canvas bag full of payroll files found in yard behind firm's business Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 28, 2012 eUKhost, UK Hackers access billing system Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 28, 2012 Lake County Sheriff's Office All files on internal network accessed by hackers and dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 28, 2012 Columbia University Names, addresses, Social Security numbers and bank account numbers were exposed on the Internet for 2 years 3,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 27, 2012 International Police Association - International Administration Center, UK Site defaced but hackers also claim to have acquired "sensitive" information Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 27, 2012 Three Rivers Park District Reservation system hacked; usernames and passwords accessed 82,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 27, 2012 McDonald's, Taco Bell, Wrigley Field, RL Restaurant Employees used skimmers to steal customers' card data Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 27, 2012 Minnesota Department of Public Safety Driver and Vehicle Services Personal information of Minnesota drivers leaked when employee gave login to friend who worked for car repossession firm 3,700 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 27, 2012 Islington Council, UK Council unintentionally provided 10 thugs with call logs containing the PII of callers who had complained about them 51 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 26, 2012 Cryptic Studios Hacker accessed account names, handles, and encrypted passwords, at least some of which were decrypted Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 26, 2012 University of Pittsburgh Hackers threaten to dump 200 gb of student, faculty, and alumni info if school does not accede to their demands Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 26, 2012 Two Plus Two E-mail addresses and encrypted passwords may have been acquired by hacker who indicated ability to decrypt passwords Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 26, 2012 Choice Hotels International Unencrypted PII for some guests' reservations may have been printed on mailing envelopes sent to guests by hotels or marketing agents Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 26, 2012 North East School of the Arts External hard drive containing PII of student applicants was stolen from a teacher's car 1,253 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 25, 2012 Rent-A-Center Computer stolen during burglary contained customers' personal information on rental applications Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 25, 2012 University of Alabama Birmingham PII of some former students -- including SSNs and some academic records exposed on the Internet 8,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 25, 2012 State of Texas File produced in litigation discovery erroneously contained registered voters' full Social Security numbers 6,500,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 25, 2012 Sheppard Air Force Base Documents with patients' PII and PHI found in a former AF member's home 721 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 24, 2012 Oregon State Hospital Printed documents containing protected patient information stolen from chief of psychiatry's car 618 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 22, 2012 f1-racers.net Redacted names, e-mail addresses and passport numbers dumped on the Internet 72 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 22, 2012 St. Mary's Hospital, Naugatuck Valley Community College Instructor used unredacted patients' x-rays as part of his course presentations without patient consent Unknown California SB-1386 & other State derivatives, FERPA, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 21, 2012 Gloria G. Traje-Quitoriano, MD Laptop stolen from car contained patients' information Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 20, 2012 La Nueva Casa de Amigos Eye Clinic (University of Houston College of Optometry) Patients notified that their personal and medical data were on a clinic computer database accessed by overseas hacker 7,000 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2012 Nissan Motor Co., Japan Employees', contractors' and suppliers' user IDs and hashed passwords accessed and downloaded from a database. Unknown Japan Privacy Act A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2012 Indie Research LLC (Bullmarket.com) Users' PII & credit card information and/or login information that was on file as of June 2005 was accessed by unauthorized third parties Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2012 Desert AIDS Project Receptionist's computer stolen during office burglary contained spreadsheet with AIDS clients' names, assigned staff PII. 2,200 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 20, 2012 University of Arkansas for Medical Sciences Doctor forgot to de-identify patients' data before sending it out for financial analysis 7,000 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 20, 2012 PricewaterhouseCoopers, Under Armour Inc. Unencrypted thumb drive containing employees' names, Social Security numbers and salary info lost in the mail by auditor Unknown California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
April 19, 2012 The Commercial Bank Former bank vice president stole family members' and bank customers' identity info for use in fraud scheme Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 19, 2012 Rex D. Smith, DPM Computer stolen during office burglary contained patients' SSN and dates of birth Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 19, 2012 CIGNA HealthCare Corp. Employee emailed list with insureds' names and SSN to her home and to her son's email acct Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 19, 2012 South Carolina Department of Health and Human Services Employee working in the Medicaid program inappropriately transferred personal information of Medicaid beneficiaries to his personal email account 228,435 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 18, 2012 Emory University Hospital, Emory University Hospital Midtown (Emory Crawford Long Hospital) , Emory Clinic Ambulatory Surgery Center 10 backup discs with data on patients, including SSNs and PHI missing from storage 315,000 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 18, 2012 Brecon Beacons National Park Authority, UK Two incidents involving web exposure of e-mail addresses, phone numbers, and signatures Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 17, 2012 William F. DeLuca Jr., M.D. Stolen laptop contained information on 577 patients 577 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 17, 2012 CaremarkPCS Health, L.L.C., Tufts Associated Health Maintenance Organization , Tufts Insurance Company Unknown breach affecting 3,482 insured members' information 3,482 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 17, 2012 California State University - San Marcos Candidate for student body president may have stolen 700 students' userids and passwords in election voting 700 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 17, 2012 Ruby's Diner Malware inserted on system exfiltrated customers' credit and debit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 17, 2012 Virginia Military Institute E-mail attachment error exposed 258 students' GPA's to class president, who, not realizing error, forwarded it on to all 258 seniors 258 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 17, 2012 Toshiba Information Systems (UK) Ltd Web design error exposed competition entrants' PII via url manipulation 20 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 17, 2012 Leicestershire County Council, UK Briefcase stolen from social worker's home contained sensitive details on child protection cases 18 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 16, 2012 Unknown Organizations, Morton Helicopter, LLC IT consultant whose firm worked for various firms in FL allegedly stole some of their employees' identify info for credit card fraud. He also allegedly stole PII off FAA pilots' licenses provided to his father's business 39 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 15, 2012 Berrien County Sheriff's Department Databases with usernames and plain-text passwords, e-mail addresses and IP addresses dumped on the Internet;  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 14, 2012 The Head Injury Association Former manager stole the identities of head-injured patients to use in tax refund fraud scheme 56 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 14, 2012 Texas A&M University PII of alumni were in a file inadvertently attached to an e-mail to one alumnus 4,000 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 13, 2012 State University of New York - Brockport Debit and credit cards used on campus compromised after malware inserted in system 200 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 13, 2012 Unknown Organization, National Financial Services, LLC (Fidelity Investments), MML Investors Services, LLC, Massachusetts Mutual Life Insurance Company (MassMutual) Misdirected electronic file disclosed MMLIS client info to another Fidelity client Unknown California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 13, 2012 Home Depot USA Employee accessed employees' human resources info for fraudulent purposes Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 13, 2012 American Stock Transfer & Trust Company, LLC, Mesa Royalty Trust Mailing error exposed beneficiaries' tax information statements to each other Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 12, 2012 Nippon Express Information on 900 employees found in possession of nurse arraigned in another breach case 900 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 12, 2012 The Taco Stand 80-90 reports by customers of card fraud Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2012 Desmond Hotel Guests' names, credit card and debit card numbers, and card expiration dates acquired by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 12, 2012 Perry Dental Stolen computer equipment contained patient insurance information Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 12, 2012 Unknown Organization, Triangle Tax Services Tax preparer accused of stealing identity info of hundreds of people for tax refund fraud Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 12, 2012 Associated Surveyors Cartons of financial and tax documents found in an abandoned storage unit Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 12, 2012 Memorial Healthcare System Patients notified that their info may have been accessed by employees for tax refund fraud scheme 9,500 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 12, 2012 Housatonic Community College Faculty, students, and staff notified that malware infection of two computers resulted in potential exfiltration of personal information 87,667 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 11, 2012 Indiana University Medical Group Personal documents that contained prescriptions for powerful pain medication and patient information found in a dumpster 470 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 11, 2012 South London Healthcare NHS Trust, UK PII & PHI relating to maternity patients and children on memory sticks lost in two separate incidents 630 UK Data Protection Act & EU Directive on Data Protection A.10.8.3 - Physical media in transit
April 11, 2012 Hertfordshire County Council, UK Lost attendance and pupil support documents contained personal and some medical information on students Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 11, 2012 North Shore University Hospital Man found in possession of people's information 900 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 10, 2012 X-Rite Incorporated Names, contact details, and credit card information of customers acquired by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 10, 2012 Unknown Organization, Lewis-Clark State College , ACEware Systems, Inc. Intruder gained access to Workforce Training Center registration records server that contained Social Security and credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 10, 2012 Thomas Jefferson University Hospitals Law enforcement alerts hospital to stolen radiology registration documents containing patient information 600 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 10, 2012 Seton Health Plan (Seton Healthcare Family), HealthLOGIX Computer error sends member cards with dates of birth to wrong members 555 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 09, 2012 Ernst & Young, Cisco Laptop stolen from service provider's home contained employee info Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 08, 2012 Contempo Enterprises, LLC Login credentials plus names, email addresses, customer order data dumped on the Internet 330 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 08, 2012 Wilson County School District PII of students who met with graduation coaches not properly redacted from meeting materials Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 07, 2012 Aviva, UK Thousands of policyholders received confidential details about other policyholders' pension plans due to mailing error Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 06, 2012 ESL Monkeys, UK Names, e-mail addresses and messages dumped on the Internet with 58 usernames, IP addresses, passwords and e-mail addresses Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 06, 2012 Virgin Atlantic , Big Pictures Employee may have passed on celebrities' flight details to a paparazzi agency 70 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 06, 2012 University of California Riverside E-mail addresses and passwords dumped on the Internet 40 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 06, 2012 Vietnam Semiconductor Manufacturing Joint-Stock Co E-mail and IP addresses, and plain-text passwords dumped on the Internet with members' full names and other PII 44 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 06, 2012 Eurofound European Monitoring Centre on Change, Ireland E-mail addresses dumped on the Internet (see Curator's Note) 914 Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 05, 2012 Experian, Crown Financial Group Client's login misused to access credit reports Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 05, 2012 Union Bank, N.A Former contractor kept proprietary bank data in his possession upon his departure from the bank Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 05, 2012 Vote Sex! Usernames, e-mail addresses and passwords dumped on the Internet 35,959 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 04, 2012 Case Western Reserve University Stolen university laptops contained 600 alumni's names and Social Security numbers 600 California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 04, 2012 Mosler Automotive Usernames with hashed passwords dumped on the Internet 218 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 06, 2012 Massachusetts Registry of Motor Vehicles Thieves stole bags of documents containing registration transactions from state courier truck Unknown California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
April 04, 2012 Utah Department of Health Social Security numbers among data acquired by hackers 780,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 04, 2012 Hosting Trade Usernames with passwords dumped on the Internet 797 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 04, 2012 World of Warcraft Latino America (WoWLatinoAmerica) Usernames, e-mail addresses and passwords dumped on the Internet 256 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 04, 2012 Baylor Law School E-mail attachment exposed accepted applicants' information, including GPAs, ethnicity and scholarship amounts, to each other 442 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 03, 2012 Abundant Organics, Australia 4 admin userids/passwords plus customers' PII dumped on the Internet 92 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 03, 2012 State Farm Insurance Employee allegedly used customer information inappropriately Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 03, 2012 Manhattan Prep (MG Prep) Customers' credit card numbers were accessed and decrypted by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 03, 2012 Unknown Organization, Victoria Fire Department, Canada A master key stolen from the fire department allowed a burglar to steal computers with patient information from medical offices Unknown Canada PIPA & PIPEDA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 03, 2012 StandardAero Stolen computer contained customers' registration forms for events, which included their credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 02, 2012 BJ's Wholesale Club Members' PII were accessed by someone who created false profiles for fraudulent purchases Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2012 Applegate Valley Family Medicine Stolen laptop contained patients' information 2,300 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 02, 2012 Thai4promotion.com Plain-text passwords, logins, some with names, and e-mail addresses dumped on the Internet 4,577 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2012 Xbox Resource E-mail addresses, usernames, and passwords dumped on the Internet 1,630 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2012 Glenwood IGA Customers become victims of fraudulent card charges 300 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 01, 2012 DarkCPPS (Club Penguin Private Server) Usernames, passwords, e-mail addresses, and IP addresses dumped on the Internet 180 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 01, 2012 Bethesda Softworks, Bethesda Blog (BethBlog) Admins', usernames, passwords, and e-mail addresses dumped on the Internet 3,647 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 01, 2012 OneHitPlay.com Usernames, plain-text passwords, and e-mail addresses dumped on the Internet 687 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 31, 2012 Devon County Council , Opus Trust Marketing, UK Thousands of workers' pay details sent to others due to printing error Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 31, 2012 Public Broadcasting System Press usernames, plain-text passwords, and email addresses dumped on the Internet 1,871 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 30, 2012 United Health Group Plan Unauthorized employee access to database containing PII & PHI Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 30, 2012 Opening Ceremony Online LLC Online customers' PII with credit card expiration dates and credit card security codes acquired by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 30, 2012 Global Payments, Inc. Credit cards containing card numbers and Track2 data "exported" but cardholder names, addresses and social security numbers were not obtained 1,500,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 30, 2012 Savvyinsider.com Usernames, e-mail addresses and passwords dumped on the Internet 24 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 30, 2012 Eclipse AeroSpace Some of the company's databases dumped on the Internet, including some PII Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 29, 2012 St. Joseph's Medical Center, HealthCare Clinical Laboratory Patient Service Center Two boxes containing completed lab requisition forms with patient information stolen during burglary Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 29, 2012 Pono Products (reuseit.com) Customers may have had their login, password, and credit card number acquired by hack of e-commerce site 1,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 29, 2012 Go-Kart Records Usernames, e-mail addresses, and passwords dumped on the Internet 227 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 29, 2012 IBM, California Department of Child Support Services, FedEx Backup cartridges lost in transit contained personal information on child support cases 800,000 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
March 29, 2012 San Francisco Head Start/Early Head Start Over several months, unauthorized person(s) accessed database with PII & PHI relevant to the Head Start program Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 29, 2012 Grant Income Tax Bookkeeping and Check Cash Owner allegedly used the names and Social Security numbers of at least 10 individuals to file returns for fraudulent refunds Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 29, 2012 Greenville County School District Employees' information was accidentally left in a file cabinet that was shipped to a prison 100 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 28, 2012 Sacramento Area Fire Fighters, Local 522, Sacramento Central Labor Council, Capitol Mailing, Inc. Spreadsheet with PII used to produce mailing also inadvertently contained SSNs, which then showed up on outside of mailings Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 28, 2012 Capital Area Community Action Agency Files with clients' information such as Social Security numbers missing from limited-access file cabinet 100 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 28, 2012 Douglas County Probation Office Stolen car contained sensitive documents for homicide trials, including personal information for police officers Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 28, 2012 Hawaii Community Federal Credit Union Employees improperly accessed names, addresses, and last 4 digits of Social Security numbers of several hundred members Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 27, 2012 WorldPass Hacker may have been in system stealing customer credit card numbers for 20 months before breach was detected Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 27, 2012 Pharmacyrepublic Limited, UK Stolen Patient Medication Record (PMR) system contained limited information on medications dispensed to patients at a pharmacy 2,000 UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 27, 2012 Affordable Medical and Surgical Services Abortion records from defunct clinic discarded by former physician in recycling bin at elementary school 1,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 26, 2012 Atlanta Women’s Health Group Laptops containing doctors' personal information stolen, possibly as part of harassment over political issue Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 26, 2012 Waveny Wholesale Customers' names, e-mail addresses, phone numbers, postal addresses, and I.P. addresses dumped on the Internet 2,167 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 25, 2012 MilitarySingles.com Names, usernames, e-mail addresses, IP addresses, location, and passwords dumped on the Internet - DISPUTED INCIDENT 163,792 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 23, 2012 Duke University Health System Patients' info exposed in billing statement attached to documents submitted to support patients' Chapter 13 bankruptcy claims Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 23, 2012 H&R Block Manager arrested for using tax clients' identity info for fraudulent tax refunds Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 23, 2012 Skeptical Science, Australia Entire user database dumped on the Internet   Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 23, 2012 Vector Inc., Japan Names, addresses and credit card numbers of customers may have been stolen 261,161 Japan Privacy Act A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 23, 2012 Suddenlink Communications, AAT Communications Firm notified by law enforcement that former employee had obtained and had been misusing information on those employed in May - July 2006 Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 23, 2012 Northrop Grumman Systems and Software Engineering Services Names, addresses, telephone numbers, job titles, and e-mail addresses dumped on the Internet 31 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 23, 2012 65th Battalion, Reserve Defence Force, Ireland Reservists' information on laptop stolen from officer's home Unknown Irish Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 22, 2012 Ledgands, UK Names, plain-text passwords, and e-mail addresses dumped on the Internet 13 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 22, 2012 MiniMins.com, Denmark Email addresses, passwords, and usernames dumped on the Internet 80,461 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 21, 2012 Comfort Inn & Suites 500 credit card receipts stolen 500 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 21, 2012 Kaiser Permanente PII was found on a non-Kaiser external hard drive sold in a second-hand shop Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 21, 2012 Wayne County Unintended e-mail attachment contained employees' names, employee PII 1,300 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 20, 2012 Sailboat Owners, Inc. Malware uploaded to web site may have stolen unencrypted names credit card numbers with CVV codes and expiration dates 2,258 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 20, 2012 Pharmapoli, Greece Names and passwords with e-mail addresses, dumped on the Internet 95 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 19, 2012 Georgetown University Hospital Patients notified of missing USB drive 1,549 California SB-1386 & other State derivatives, FERPA A.10.8.3 - Physical media in transit
March 19, 2012 CardioNet, Inc. Stolen laptop contained patients' information 1,300 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 19, 2012 Indiana Internal Medicine Consultants Stolen laptop contained patients' information 20,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 19, 2012 BDO USA, LLP, Rubio's Restaurants, Inc. CD with partial equity roll containing PII & PHI of worker's compensation claimants stolen from auditor's car Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 19, 2012 Adult Insider Network E-mail addresses, password and usernames dumped on the Internet 10,704 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 18, 2012 National Capital Planning Commission Names, e-mail addresses, telephone numbers, passwords, and job titles dumped on the Internet 21 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 18, 2012 Kitchener-Waterloo Oktoberfest E-mail addresses, names, and IP addresses dumped on Internet with four admin usernames and plain-text passwords 820 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 17, 2012 Kennedy Space Center (NASA) Laptop stolen from employee's car contained PII of employees and student co-ops 2,300 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 17, 2012 Georgia Obstetrical and Gynecological Society Information on members and their families was on stolen computer 1,000 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 16, 2012 University of Tampa PII of staff and students exposed on the Internet 29,540 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 16, 2012 Arizona Sports Fans E-mail addresses with password and usernames dumped on the Internet 8,855 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 16, 2012 Certified General Accountants Association of British Columbia, Canada Email sent to 2,300 students contained spreadsheet with personal data of about 4,600 students 4,600 Canada PIPA & PIPEDA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 16, 2012 Christian Teen Forums, Canada Forum users' e-mail addresses, passwords dumped on the Internet 18,075 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 15, 2012 Washington University Employee copied files with personal info onto external hard drive; matter referred to law enforcement 4,100 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 15, 2012 Georgia Health Sciences University Laptop stolen from nurse's home held patients' PII & PHI 513 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 15, 2012 vBCoderz Email addresses, usernames, and password dumped on the Internet 1,290 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 15, 2012 Edmund Optics Hacker able to access customers' credit card information by exploiting vulnerability in Cold Fusion 8 Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 14, 2012 Humboldt State University Students' names, addresses, and Social Security numbers erroneously attached to an email responding to a data request 5,700 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 14, 2012 Forte Interactive, Children's Service Council of Palm Beach County, Ocean Reef Community Association System upgrade left names, Social Security numbers, dates of birth, and other information exposed on the Internet for two months Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 14, 2012 Brigham Young University File with students' names, e-mail addresses, phone numbers and student ID numbers attached to e-mail sent to 1,300 students 1,300 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 13, 2012 Citibank, N.A. Third party obtained customers' Account Online logins and was able to access certain acct info Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 12, 2012 TransUnion LLC, Manufacturers Life Insurance Company (ManuLife) Compromised client login used to access credit reports Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 09, 2012 Bad Boy Tires Names, email and postal addresses, plaintext passwords, and phone numbers dumped on the Internet 111 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 09, 2012 Texas - DSM E-mail addresses, password and usernames dumped on the Internet 647 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 09, 2012 David Turner, M.D. Psychiatric patients' information was on laptop stolen from psychiatrist's office 480 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 09, 2012 Kelly Services Firm notified that former employee had retained names and Social Security numbers of temporary employees Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 09, 2012 King Edward VI College, UK Student hacked school's IT system and accessed confidential student and staff data Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 09, 2012 LifeSize Communications Stolen computer contained personal information, including employees' names and Social Security numbers Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 09, 2012 Enable Scotland (Leading the Way), UK PII & PHI relating to individuals health were on two unencrypted memory sticks stolen from employee's home 101 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 09, 2012 Gaming Perfection E-mail addresses, password and usernames dumped on the Internet 1,784 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 09, 2012 McDonald's Employee was part of ring that skimmed 282 customers' credit card numbers 282 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 08, 2012 New York Ironworks Usernames, hashed and corresponding plain-text passwords and e-mail addresses dumped on the Internet 434 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 08, 2012 British Pregnancy Advisory Service (BPAS), UK Names, addresses and phone numbers of 10,000 web site visitors acquired by hacker who threatened to leak them on the Internet 10,000 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 07, 2012 Hampshire County Council, UK Intranet users' details (username, plaintext password) obtained and posted online 2,803 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 07, 2012 Lindenwood University Students who were suspended in the fall 2011 semester had their PII leaked from a Twitter account. 184 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 07, 2012 University of California at Los Angeles (UCLA) Details for database users, staffers obtained and posted online 168 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 07, 2012 Pacific Gas and Electric Company (PG&E) Customers notified after payments box was stolen; approximately 100 may have had payments stolen 6,000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 06, 2012 McGill University, Canada Donors' names, addresses, phone numbers and amount donated to university dumped on the Internet Unknown Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 06, 2012 Minuteman Civil Defense Corps, Declaration Alliance Names, e-mail addresses, plaintext passwords and telephone numbers dumped on the Internet 30 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 06, 2012 Belfast City Council, UK Councillors’ bank details, home addresses, personal phone numbers, car registrations and national insurance numbers revealed in response to public records request 51 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 06, 2012 Gila County Health and Emergency Services Documents with sensitive personal and medical information on low-income pregnant women dumped unshredded in a public space Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 06, 2012 Allphones, Australia Employees' and users' e-mail PII acquired and/or dumped on the Internet Unknown Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 06, 2012 Panda Security, Spain E-mail addresses and passwords dumped on the Internet 113 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 05, 2012 HMP Castle Huntly, UK Records with dozens of prisoners' details disposed of without shredding and found missing when wardens went to retrieve them Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 05, 2012 Digital Playground, Inc. Customers' e-mail PII plus credit card numbers with expiry dates, cvv, and billing addresses all in plaintext reportedly acquired by hackers 72,794 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 05, 2012 Town of Plainfield Admin usernames with plaintext passwords as well as PII of town and state employees dumped on the Internet 250 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 05, 2012 Kern Medical Center Patients' records stolen after they were left in a physician's car 1,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 05, 2012 Anna Jaques Hospital, Lowell General Hospital, Saints Medical Center Stolen X-rays contained limited patient information Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection"
March 05, 2012 Australian Government Department of Defence Soldiers' medical information, disciplinary records and psychological reports exposed online for months 80 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 04, 2012 Epson Admin and user logins and plaintext passwords dumped on the Internet 66 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 04, 2012 Cambridge Eastern Education and Development Society (CEEDS) E-mail addresses plus admin login with password dumped on the Internet 13 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 04, 2012 Jobs in De Regio (jobsinderegio.nl) Employers' and job-seekers' e-mail addresses with plaintext passwords dumped on the Internet 874 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 03, 2012 University of Washington Logins and encrypted passwords dumped on the Internet 56 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 02, 2012 Kern Medical Center Patients' records stolen after they were left in a physician's car 1,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 02, 2012 Jeremiah J. Twomey M.D Hard drive stolen in office burglary contained patients' PII & PHI Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 02, 2012 Hackensack University Medical Center Employee stole patients' patient PII & PHI 445 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 02, 2012 Loyalist Certification Services Exams, Canada E-mail addresses and passwords dumped on the Internet 202 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 01, 2012 Arthur House Dental Care, UK Unencrypted memory stick containing personal and limited sensitive personal data relating to patients and employees turned in to ICO Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 01, 2012 Durham University, UK Names, addresses and dates of birth of former students and staff exposed in training materials posted on the Internet 177 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 01, 2012 Community Integrated Care, UK Stolen laptop contained info on employees as well as limited sensitive personal data relating to 20 young service users, including PII & PHI 40 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 28, 2012 Greenbanks Homecare, UK Documents containing PII of vulnerable and elderly people’s home care found strewn in alley behind abandoned office Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 25, 2012 Wallace Community College Usernames, e-mail addresses, and passwords dumped on the Internet 284 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 24, 2012 Lake Central Clark Middle School Teachers' usernames, e-mail addresses, and passwords dumped on the Internet 31 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 24, 2012 Grimmer Middle School Teachers' usernames, e-mail addresses, and passwords dumped on the Internet 54 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 23, 2012 Active Community Team, UK Burgled laptop contained confidential files on each of charity's clients Unknown UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 23, 2012 Sociedade Brasileira de Planejamento Energético E-mail addresses and encrypted passwords dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 22, 2012 Burger King Customers had their credit card information skimmed by employee 30 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 22, 2012 Accucom Corporation Outsider was able to charge customers' payment cards $1.00 using company's credentials Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 22, 2012 University of Florida Individuals owed a check or refund had their Social Security numbers exposed on website 719 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 21, 2012 Hagerty Insurance Agency, LLC Web site change exposed customers' PII Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 20, 2012 Ochsner Medical Center (Ochsner Health System) An external hard drive containing patients' PII & PHI reported missing Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
February 20, 2012 Mo Money Taxes Thousands of documents containing personal information found in dumpsters Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 20, 2012 Streetfightversand, Germany PII in various databases dumped on the Internet 427 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 19, 2012 LABusinessConnect.com, AdultStaffing.com Usernames, e-mail addresses, and passwords dumped on the Internet 686 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 18, 2012 Go4Less, Ireland Customers’ PII were publicly available for a short time on the Internet Unknown Irish Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 17, 2012 City of Springfield PII among data reportedly acquired by hackers 6,071 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 17, 2012 Islamic Finder Usernames, names, passwords, and e-mail addresses dumped on the Internet 279 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 16, 2012 Horry Telephone Cooperative Automated payment records being processed by third party vendor vulnerable after system infected by Win32Zbot Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 16, 2012 Central Connecticut State University SSNs of current and former faculty, staff, and student workers exposed to computer used for payroll infected with Z-bot 18,275 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 16, 2012 D.R. Horton Inc., DHI Mortgage PII and financial data such as income, assets and liabilities was exposed due to unknown external sources Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 16, 2012 Drago's Seafood Restaurant Waiter skimmed and misused customers' credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 15, 2012 Queen of the Valley, Mission Hospital Patients' personal health records may have been searchable on the Internet 31,800 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 15, 2012 Doshi Diagnostic Center Unshredded patient files with PII strewn in street after trash bags opened Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 15, 2012 University of North Carolina at Charlotte Human error exposes data to the Internet. Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 14, 2012 Valley National Bank, American Stock Transfer & Trust Company, LLC Mailing error exposed shareholders' 1099 forms to others Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 14, 2012 Capital Health, Hants Community Hospital Patients' records were accessed inappropriately by former clerk 120 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 14, 2012 Solitude Mountain Resort Customers' credit card numbers acquired by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 13, 2012 Unknown Organization, Alicare, National Retirement Fund Mailing vendor printed Social Security numbers on mailing labels by mistake Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 13, 2012 T-Mobile, UK E-mail addresses and passwords from The Big Dance database dumped on the Internet with data on "secret organizers." Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 13, 2012 Gossip Girl Usernames, passwords, e-mail addresses, and IP addresses dumped on the Internet 2,480 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 13, 2012 MyHeadlinez, Holland Admin logins plus subscribers' e-mail addresses, usernames, and encrypted passwords dumped on the Internet 184 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 13, 2012 Combined Systems Admin logins, customer data, and e-mails dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 13, 2012 Philips Electronics, Holland Several customer-related databases dumped on the Internet 7,070 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 13, 2012 Microsoft Store India, Quasar Media Customers' names, e-mail addresses, usernames, and plain-text passwords acquired by hackers Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 11, 2012 MAP Medal of Honor Mapping Usernames, passwords, and e-mail addresses dumped on the Internet; private messages also acquired 3,033 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 11, 2012 City of Rye City employees' Social Security numbers accidentally disclosed in response to a Freedom of Information request Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 11, 2012 Manwin Holding SARL (Brazzers) User records with PII from porn site obtained via inactive forum and published online 350,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 10, 2012 Intel, Inc. Users' credit card information, Social Security numbers, e-mails, passwords and other details allegedly acquired by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 10, 2012 Lakeview Medical Center Laptop stolen from nurse's car contained patients' PII & PHI 500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 10, 2012 Turning Point Two incidents involving loss of service users' files during office relocation. Unknown California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
February 10, 2012 Fairbridge, UK Unencrypted laptop left on bus contained PII  325 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 10, 2012 Craven District Council, UK Stolen laptop contained child swimming lesson details on children 2,300 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 10, 2012 Eircom, Ireland Personal info of customers and employees was on three unencrypted laptops stolen in two incidents 7,531 Irish Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 10, 2012 Brighton and Hove City Council A contract worker had his unencrypted personal laptop stolen during a burglary; it contained PII relating to up to seven families. Unknown UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 10, 2012 Basingstoke and Deane Borough Council, UK Council signed undertaking after four separate breaches in a two-month period involving accidental disclosure of PII Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 10, 2012 Cambridgeshire and Peterborough NHS Foundation Trust , Paston Ridings Primary School, UK Name, address, date of birth, NHS number, school and registered GP of children lost in internal post 47 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 09, 2012 Alabama Department of Public Safety Spreadsheets with information on sex offenders and limited information on the victims were dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2012 Fun Publications (Transformers Collectors' Club) Compromise of e-commerce site resulted in card fraud Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2012 Taurus International Manufacturing Inc. Admin logins with plain-text passwords plus names, addresses, e-mail addresses, telephone numbers Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2012 Unknown Organization, St. Elizabeth’s Medical Center Files containing patient information found on the ground outside a Charlestown office complex Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 09, 2012 City of Mobile, Alabama Offenders' PII and criminal offense acquired by hacker; 500 redacted entries dumped on the Internet 46,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2012 Action for Children, Victoria House Children’s Centre, UK Memory stick stolen from staff contained unencrypted sensitive information on 45 families Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 09, 2012 Economic Development Association Scotland Usernames and passwords dumped on the Internet 648 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2012 Andy Catering Equipment Ltd, UK Customers' first and last names, e-mail and postal addresses, phone numbers, dates of birth, and plain-text passwords 307 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 08, 2012 Internet Marketing Strategies (Internet Marketing Tools) Usernames, passwords, and e-mail addresses dumped on the Internet 5,860 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 08, 2012 Indianapolis Super Bowl (indianapolissuperbowl.com) Admin accounts and other user PII dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 08, 2012 Koninklijke KPN N.V, Holland Customer records with username, password, phone number, address, and bank account info acquired by hacker Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 08, 2012 Unknown Organization, Cardinal Fitness Dumpster containing full credit card numbers with signature, address, and phone numbers found outside a closed fitness center Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 08, 2012 Eaton Vance Management Employees' Social Security numbers may have been visible in window of mailing Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 07, 2012 David Yurman (Yurman Design, Inc.) Forms containing Social Security numbers mailed to the wrong addresses Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 06, 2012 Wisconsin Chiefs of Police Association Logins/passwords as well as e-mail addresses dumped on the Internet 540 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 05, 2012 Dallas Police Department PII dumped on the Internet 23 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 05, 2012 West Virginia Chiefs of Police Association PII of current and former police chiefs in West Virginia dumped on the Internet 156 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 04, 2012 North Cumbria University Hospitals NHS Trust, UK Patient information left/lost on a train Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 03, 2012 American Third Position Hundreds of members' or purchasers' PII dumped on the Internet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 03, 2012 Patriot Self Storage (CubeSmart Management, LLC) Missing customer lease files contain names PII Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 03, 2012 Motorola Mobility Inc. Refurbished Xoom tablets contained previous owners' personal data 100 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 03, 2012 Unknown Organization, E*Trade Securities Ltd, UK Clients' files with account application information missing from storage 608 UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 03, 2012 Triumph LLC Laptop stolen during office burglary contained PII & PHI status for patients 2,070 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 03, 2012 Workplace Health, Safety & Compensation Commission Employee accessed the records of injured workers without a justifiable work purpose over a three-year period 12 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 03, 2012 Grampian Police (www.police.co.uk) Names, usernames, and plain-text passwords dumped on the Internet 17 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 02, 2012 Unknown Organization, Basildon Council , Thurrock Council, Medway Council, Diagnostic Health Solutions, UK PII & PHI of employees were published on the internet after breach involving contractor Unknown UK Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 02, 2012 East Lothian Council, UK Lost memory stick contained personal details of young children attending schools in the Dunbar area 1,075 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 02, 2012 Security Savings Systems Inc., Derry Township Mailing error exposed taxpayers' Social Security numbers to other taxpayers 2,038 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 02, 2012 Staples Business Depot Employee skimmed and sold customers' credit card numbers 50 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 02, 2012 Netfleet Domain Names, Australia Customers' personal details and encrypted credit card numbers with expiration dates may have been accessed by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2012 Syracuse Police Department Police officers' usernames and plain-text passwords dumped on the Internet 39 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2012 Metro Community Provider Network Patients' PII & PHI accessed by hacker after employee responds to phishing attempt 2,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2012 Walking On Air, UK Podiatry patients' personal and medical details on stolen laptop 1,500 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 01, 2012 Texas Police Association Police officers' names, usernames, plain-text passwords, agencies and addresses (some home addresses) dumped on the Internet 787 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2012 Obiblio, Denmark E-mail addresses and hashed passwords dumped on the Internet 4,933 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2012 Flores Mexican Restaurant Credit card numbers exfiltrated by virus incurred fraudulent charges Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2012 Greene County County's web portal for the public hacked; residents' email addresses, user names and passwords accessed 250 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 31, 2012 Smile Designs Patients had data on stolen computer Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 31, 2012 Foundation Medical Partners Unauthorized access or disclosure of patients' records 771 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 31, 2012 Molina Healthcare of California Unauthorized access/disclosure of patients' information 11,081 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 31, 2012 Concentra Inc Stolen laptop contained names, SSNs and pre-employment work-fitness test results of patients 870 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 31, 2012 Salt Lake City Police Department Contact details, crime tips by citizens, and other personal information acquired by hackers;  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 31, 2012 Indiana University Health Goshen Job applicants and patients notified that PII and insurance info may have been accessed after virus was discovered on system 12,800 California SB-1386 & other State derivatives, HIPAA Security, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 30, 2012 Trymedia (TM Acquisition, LLC) Digital game purchasers notified network intruder intercepted and acquired PII & CCNs 12,456 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 29, 2012 FitnessBuildsHealth.com Usernames, e-mail addresses, and encrypted passwords dumped on the Internet 12,222 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 29, 2012 Jefferson Davis Community College Usernames and encrypted passwords dumped on Internet 5,815 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 28, 2012 Universal Music Portugal E-mail addresses and clear-text passwords dumped on Internet 160 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 27, 2012 BMW Motorcycle Owners of America Usernames, encrypted passwords (some plain-text) and e-mail addresses dumped on Internet 2,061 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 27, 2012 University of Miami Miller School of Medicine Patients notified that flash drive stolen from pathologist's car 1,219 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 27, 2012 Millard High School Student used an application on his cell phone to hack into the school's computer network Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 27, 2012 University System of Maryland Social Security numbers and some credit card numbers of prospective students on a public server 8,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 27, 2012 Windstream Man stole “numerous” customer accounts for more than a year Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 26, 2012 Towers Watson, Sequoia Hospital Current and former hospital employees names and Social Security numbers posted on website 391 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 25, 2012 East Baton Rouge Acceleration Academy Identity information on students found in possession of another student who may have used data for tax refund fraud 187 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 25, 2012 Alabama Book Store, Inc. PII & credit card information and/or cryptographically scrambled passwords exposed Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 25, 2012 fashionbootsite.com E-mail addresses and hashed passwords dumped on Internet 392 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 25, 2012 U.S. Department of Veterans Affairs SSNs of living veterans was mistakenly released to Ancestry.com as part of a response to a Freedom of Information Act request 2,257 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 25, 2012 Unknown Organization, LearnDell (Dell) Data backup file held by vendor accessed by an intruder included user names, email addresses and passwords Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 24, 2012 Metropolitan Life Insurance Company (MetLife) Personal info on former and current customers exposed on the Internet in a spreadsheet that contained Social Security numbers Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 24, 2012 Preferred Skin Solutions Over 400 clients' records (but no financial info) on laptop stolen from office Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 23, 2012 New York State Electric & Gas, Rochester Gas and Electric, Unknown Organization Employee of software consultant permitted unauthorized access to customers' PII compromised 1,800,000 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 23, 2012 Euronet Worldwide Inc. A hacker acquired a “small portion” of payment firm's European EFT business according to SEC filing Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 23, 2012 Ernst & Young, Regions Financial Corporation Employees' 401k data on flash drive lost in the mail; decryption code was in the same mailing but remained in package Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 23, 2012 Oldendorf Medical Services Laptops stolen in office burglary contained some clinical and demographic information as well as some Social Security numbers 640 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 21, 2012 Ward’s Nursery & Garden Center Fraudulent purchases made with information from dozens of locals’ credit and debit cards Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 21, 2012 Dreamhost Unauthorized access to a database server exposes unencrypted customer passwords including FTP/shell and email accounts Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 20, 2012 Kansas Department on Aging PII & PHI compromised 7,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 19, 2012 Muskogee Regional Medical Center Missing binder contained patients' PII & PHI  844 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 19, 2012 Indiana University Names, email addresses, birth dates and nutritional data exposed due to hacked database 650,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 18, 2012 Titus Regional Medial Center "Curious" nurse snooped in patients' files 105 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 18, 2012 Ayuda Medical Case Management Boxes full of personal medical records including PII in a trash can 2,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 16, 2012 Video Games Plus Names, dates of birth, e-mail addresses, phone numbers, and hashed passwords dumped on Internet 124,410 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 16, 2012 T-Mobile Employees' names, e-mail addresses, phone numbers, and clear-text passwords dumped on the Internet 44 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 16, 2012 Pakistan Horticulural Export & Development Board, Pakistan E-mail addresses, hashed passwords, and usernames dumped on the Internet 5,294 Electronic Data Protection Act 2005 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 15, 2012 Catalog Retail Marketing International (CRMI Solutions) Call center employee pleads guilty to stealing and misusing customers' credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 15, 2012 Zappos E-mail addresses, billing and shipping addresses, phone numbers, the last four digits from credit cards, passwords and more illegally accessed 24,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 14, 2012 Family Chiropractic Center Patients' files stolen during office break-in 450 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 13, 2012 The College Board, Tai'an Education Bureau, China Spreadsheet with registrants' including 1 New Hampshire resident's PII exposed on the Internet,  430 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 13, 2012 CoveritLive Site forces password reset after hack  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 13, 2012 Japan Aerospace Exploration Agency (JAXA), Tsukuba Space Center (TKSC), Japan PII stolen from virus-infected computer after employee involved in H-II Transfer Vehicle project opens malicious e-mail attachment Unknown Japan Privacy Act A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 13, 2012 Namesco Limited, UK Customers' account administration e-mail, account names, dates of birth, contact numbers, postal addresses, passwords, and credit card details may have been accessed by hacker Unknown UK Data Protection Act & EU Directive on Data Protection, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 13, 2012 City College of San Francisco Banking information and other data from students and administrators were exfiltrated overseas by numerous viruses that were on systems for over a decade Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 12, 2012 Grindr Hacker able to view every member's personal data, photos, pseudonyms and passwords Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 12, 2012 Unknown Organization, Chesapeake Wound Care Center Podiatrist used names and identity information of approximately 200 nursing home patients as part of Medicare fraud scheme 200 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 12, 2012 FileDen Usernames, hashed passwords, and e-mail addresses acquired and dumped by hacker 4,504 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 12, 2012 MDwise Inc PII & PHI of members of the Healthy Indiana Plan, Care Select and Hoosier Healthwise health programs exposed on the Internet after an upgrade 2,700 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 12, 2012 ANZ Bank (Australia and New Zealand Banking Group Limited), Australia Customers' online bank statements viewed by other customers after bank reinstated online statements following a fix for a previously detected vulnerability 60 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2012 Vermont Department of Taxes People accessed personal tax data inadvertently displayed from Property Transfer Tax Returns on a vendor portion of the state's web site, including SSNs of individuals  1,332 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2012 University of Victoria PII of employees, bank account information and latest payroll information were in burgled safe and electronic devices 11,000 Canada PIPA & PIPEDA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 11, 2012 Galaxy Media Group, Pakistan E-mail addresses and clear-text passwords acquired and dumped by hacker 5,450 Electronic Data Protection Act 2005 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 Future Expert Institute & Associates, Pakistan Subscribers' PII & some bank account information acquired and dumped by hacker 10 Electronic Data Protection Act 2005 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 Le Muse Società Cooperativa, Italy Usernames, encrypted passwords and decrypted passwords acquired and dumped by hacker 109 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 Islamic Network, UK Usernames, clear-text passwords, and e-mail addresses acquired and dumped by hacker 10 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 B-K Lighting Customers' PII acquired and dumped by hacker 3,410 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 First e-School (FirstObject Technologies Ltd) E-mail addresses, clear-text passwords, and country of origin acquired and dumped by hacker 125 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 Brighton and Sussex University Hospitals NHS Trust , Brighton General Hospital, Sussex Health Informatics Service, UK Hard drives containing patient information that were being decommissioned were stolen from a locked store at the hospital; some wound up for sale on eBay Unknown UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 10, 2012 Bar-Ilan University, Israel Names, e-mail addresses, and SHA1 passwords acquired and dumped by hacker 36 The Privacy Protection Act (PPA) & Basic Law: Human Dignity and Liberty A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 Nefesh B’Nefesh (NBN), Israel Names, postal addresses, SHA1 passwords, and e-mail addresses acquired and dumped by hacker along with database of e-mails. 594 The Privacy Protection Act (PPA) & Basic Law: Human Dignity and Liberty A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 Israel Institute of Technology PII acquired and dumped by hacker 160 The Privacy Protection Act (PPA) & Basic Law: Human Dignity and Liberty A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 10, 2012 United Beauty Products Ltd, UK Customers' e-mail addresses and clear-text passwords acquired and dumped by hacker 5,208 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 09, 2012 wow-gold.de (World of Warcraft), Denmark PII and some bank account information acquired and dumped by hacker 173 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 09, 2012 Isaac Miller Elementary School Boxes filled with student PII, including financial information thrown out by cleaning crew Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 08, 2012 Hydrogen Software Usernames and hashed passwords acquired and dumped by hacker 201 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 06, 2012 Ohio State Univ. Medical Center Patients and students notified that a hacker might have accessed their PII & PHI 180 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 06, 2012 Planet Smoothie Employee stole customers' credit card numbers 130 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 06, 2012 Waterloo Region District School Board, Canada Nine laptops stolen in a burglary contained personal information Unknown Canada PIPA & PIPEDA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 05, 2012 Spotsylvania County Schools Employees who had opted to get 2009 or 2010 W-2 forms electronically had their W-2 data exposed online and indexed by Google Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 05, 2012 Pure Med Spa, Brite Smile Brite Skin Patients' records from defunct businesses found near a dumpster, unshredded Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 04, 2012 Staffing Solutions, Tempo Real Estate Corporation Employment agency's files, including PII and medical records, disposed of by cleaning crew of landlord Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 04, 2012 New York Police Department (NYPD) Dozens of sensitive files tossed in garbage outside the 40th Precinct Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 03, 2012 Virtual Jerusalem Names, usernames, e-mail addresses, and hashed passwords acquired and dumped by hacker 214 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2012 Korea Investors Service Databases with usernames and clear-text passwords or usernames plus e-mail addresses dumped on the web with some admin logins 315 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2012 Moodie Report, UK Names and usernames, with encrypted and decrypted passwords dumped on the web 12 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2012 Fitch Ratings, Fitch Ratings,Canada Usernames, first and last names, plain-text passwords and e-mail addressed dumped on the web 920 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2012 Dagong Global Credit Rating Co., LTD, Canada Usernames, e-mail addresses, hashed passwords with corresponding decrypted passwords plus some admin logins dumped on web 214 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2012 Thor Steinar , Local 1488, American Nazi Party, NPD Spender, Aryan Books, Arenal de Sevilla, Nationales Versandhaus, ErikandSons.de, Denmark Contact details of customers were dumped by hackers in Operation Blitzkrieg; some e-mail databases also dumped Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2012 Wells Fargo, Connecticut Department of Social Services Bank allegedly revealed state employees' PII to each other when they mailed them copies of subpoenas they had received 130 California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 02, 2012 Credit Mutuel-CIC, France Bank customers' PII and gold purchase transactions reportedly viewable by reporters working for bank-owned newspapers  Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
    ESTIMATED TOTAL (ROUGH):  63,200,011    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.