GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2013 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
December 30, 2013 T-Mobile Supplier A  supplier for T-Mobile reported a breach of files stored on their servers. PII affected Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 25, 2013 Inspira Medical Center Vineland
Vineland, New Jersey
Theft of a computer may have resulted in the exposure of PHI.The computer was kept in an unsecured filing room. Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 24, 2013 Lakes Liquor
Detroit Lakes, Minnesota
Hundreds of debit and credit cards were compromised after customers used them at Lakes Liquor Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 22, 2013 Office of Dr. Rob Meaglia, DDS
Rocklin, California
Office burglary of a computer resulted in the exposure of patient information.  Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 21, 2013 Affinity Gaming
Las Vegas, Nevada
Facilities exposed to a cyber attack. Customer information associated with credit and debit cards may have been taken. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 21, 2013 DeLoach & Williamson, South Carolina Health Insurance Pool
Columbia, South Carolina
Theft of a laptop from a DeLoach & Williamson employee's car may have resulted in the exposure of PHI. Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 20, 2013 Tennova Cardiology
Nashville, Tennessee
The theft of a laptop from a transcription contractor resulted in the exposure of patient information.The laptop was not encrypted. 2,777 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 20, 2013 Discover Financial Services
Riverwoods, Illinois
An unspecified number of Discover customers had their account numbers changed and were issued a new card.   Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 20, 2013 Techmedia Network
Ogden, Utah
An unauthorized person or persons gained access to the systems. PII with  credit card numbers may have been exposed. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 20, 2013 W.J. Bradley Mortgage Capital, LLC
Centennial, Colorado
A former loan officer took files from WJB's computer systems while she was still employed.  Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 20, 2013 Walgreens
Baltimore, Maryland
Walgreens became aware of a breach involving an employee  Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 20, 2013 Washington Department of Social and Health Services (DSHS)
Tacoma, Washington
PII was accidentally mailed to old or incorrect addresses  2,600 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
December 20, 2013 StakerLaw Tax and Estate Planning Law
Camarillo, California
Home burglarized in which the firms back-up hard drive was stolen which contained the firms customer files containing sensitive PII Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 19, 2013 Target Corp.
Minneapolis, Minnesota
Target discovered that hackers may have accessed customer debit and credit card information during the Thanksgiving and Christmas shopping season. 40,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 19, 2013 China Buffet
Westerly, Rhode Island
Police arrested a Connecticut resident after discovering her involvement in a credit and debit card skimming scam. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 18, 2013 Washington Post
Washington, District Of Columbia
Hackers were able to access employee usernames and passwords through an attack on the paper's servers.  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 18, 2013 CITGO Petroleum Corporation
Houston, Texas
A folder with PII accessible on intranet to unauthorized employees. Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 17, 2013 Colorado Governor's Office of Information Technology
Denver, Colorado  GOV  PORT  
A Colorado state employee lost a flash drive that contained the information of current and former Colorado state employees. 18,800 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 17, 2013 U.S. Federal Election Commission (FEC)
Washington, District Of Columbia
Computer system was accessed by hackers located in China.   Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 17, 2013 Jonathan M. Wainwright Memorial VA Medical Center
Walla Walla, Washington
Some veterans may have had their information accidentally emailed to an external source 1,519 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
December 17, 2013 Radnor School District
Radnor, Pennsylvania
An employee performing a transfer of personnel data accidentally left the data accessible and a middle school student viewed it.  2,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 17, 2013 Comprehensive Psychological Services LLC
Columbia, South Carolina
The office theft of a laptop resulted in the exposure of PHI.  The laptop was password-protected and the patient files on it were not encrypted.  3,500 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 17, 2013 UHS-Pruitt Corporation
Norcross, Georgia
Current and former patients may have been affected by the theft of a laptop from an employee's car 1,300 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 17, 2013 UniHealth SOURCE
Austell, Georgia
The theft of an employee's laptop from his car resulted in the exposure of current and former client PHI.   2,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 16, 2013 Tennessee Department of Treasury
Nashville, Tennessee
An employee downloaded the information of Nashville teachers in order to work from a personal computer and account at home 6,300 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 16, 2013 Massachusetts Mutual Life Insurance Company
Springfield, Massachusetts  BSF  DISC  
A MassMutual account manager accidentally included information about retirement plans in an email that was sent to an individual at a MassMutual retirement services client.  Unknown California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
December 16, 2013 Colorado Health & Wellness, Inc.
Colorado Springs, Colorado
A former doctor took patient information after ending his practice at Colorado Health & Wellness, Inc. PHI & PII affected 651 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 16, 2013 Dr. Martin Luther King Jr. Health Center, Bahoo.net, Professional Transcription Company
Bronx, New York
Bahoo.net inadvertently made patient information viewable through public internet search engines.  PII & PHI affected 37,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 16, 2013 Greater Dallas Orthopaedics, PLLC
Dallas, Texas
Patients may have had their information exposed by the office theft of two computers.  5,840 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 14, 2013 Bailey's Health Center
Falls Church, Virginia
Patient information was kept on an unsecured computer server PII & PHI may have been accessed by unauthorized parties.  1,499 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 14, 2013 Lanap and Implant Center of Pennsylvania
Collegeville, Pennsylvania
Patient information had been uploaded to websites where it could be downloaded by anyone. PII & PHI were available.  11,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 13, 2013 The University of Connecticut (UConn) Health Center
Storrs, Connecticut
An employee accessed patient information without cause.  164 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
December 13, 2013 University of North Carolina - Chapel Hill
Chapel Hill, North Carolina
Electronic files that contained PII were discovered online.   6,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 12, 2013 inSync, Cottage Hospital, Cottage Health System
Santa Barbara, California
A Cottage Hospital vendor removed an electronic security device without notifying Cottage Hospital. 32,755 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 12, 2013 Boston Convention and Exhibition Center
Boston, Massachusetts
Employees and people who attended conventions during the fall may have been affected by a credit card breach.  300 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 11, 2013 University of Iowa
Iowa City, Iowa
Suspicious link in an email clicked. PII and direct deposit information  employees may have been exposed Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 11, 2013 Los Angeles Gay & Lesbian Center
Los Angeles, California
A cyber attack caused the information of clients to be affected. PII, PHI, credit card information may have been exposed. 59,000 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 10, 2013 Office of Dr. Stephen Imrie
San Jose, California
Home burglary of a password-protected laptop and other items may have exposed patient information. 8,900 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 09, 2013 Southern Illinois University (SIU) HealthCare
Springfield, Illinois
The loss or theft of a former SIU orthopedic surgeon's computer resulted in the exposure of patient information. 1,891 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 06, 2013 B&G Foods North America, Inc., Maple Grove Farms
St. Johnsbury, Vermont
Customers who made online purchases may have had their PII and payment card numbers exposed.   Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 06, 2013 Horizon Healthcare Services, Inc. (Horizon Blue Cross Blue Shield)
Newark, New Jersey
Two unencrypted laptops were stolen from employee workstations. 840,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
December 06, 2013 Houston Methodist Hospital
Houston, Texas
Theft of an encrypted laptop and files resulted in the exposure of transplant patient information.   1,300 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
December 05, 2013 JPMorgan Chase
New York, New York
Prepaid cash cards may have been accessed by hackers. 465,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 04, 2013 ADP, Facebook, Gmail, LinkedIn, Twitter, Yahoo, YouTube A breach that involved keylogging software affected at least 93,000 websites.  2,000,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 03, 2013 Chicago Public Schools
Chicago, Illinois
PII & PHI accidentally made available to the public online 2,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 03, 2013 MadeInOregon
Portland, Oregon
Website may have been accessed by unauthorized parties affecting credit card transaction information of customers  1,700 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
December 02, 2013 Board of Barbering and Cosmetology
Sacramento, California
The office burglary of a desktop computer resulted in the exposure of sensitive information. Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 29, 2013 University of Washington Medicine
Seattle, Washington
An employee opened an email attachment that contained malicious software. Any information on the computer may have been compromised.  90,000 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
November 28, 2013 Florida Digestive Health Specialists
Bradenton, Florida 
An employee was found to have improperly accessed and photographed patient records.  4,400 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 28, 2013 The Flamingo Resort and Spa
Santa Rosa, California 
                                                                                                              A virus was discovered on the payroll computer.  Employee PII may have been exposed. Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 28, 2013 Orange County Anaheim Medical Center, Kaiser Foundation Hospital
Anaheim, California 
A flash drive that contained patient information was discovered missing.  Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 27, 2013 Maricopa County Community College District
Phoenix, Arizona 
A breach may have exposed the information of current and former students, employees, and vendors.   2,490,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 27, 2013 University of Pittsburgh Medical Center
Pittsburgh, Pennsylvania 
An employee was found to have accessed patient records without legitimate cause.   1,300 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 27, 2013 California Employment Development Department
Sacramento, California 
An undisclosed number of people had theiir PII mistakenly provided to employers for whom they had never worked.  Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 26, 2013 URM Stores
Spokane, Washington 
Hacking incident occurred  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 26, 2013 Anthem Blue Cross,
California 
PII of California doctors were accidentally posted in Anthem's online provider directory.   24,500 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 25, 2013 University of California, San Francisco (UCSF)
San Francisco, California 
Car theft of a physician's laptop may have resulted in the exposure of patient information 8,294 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 25, 2013 Crown Castle International Corp
Canonsburg, Pennsylvania 
Payroll information may have been accessed by hackers.  Employee PII may have been exposed. Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 22, 2013 Redwood Memorial Hospital
Fortuna, California 
An unencrypted flash drive was discovered missing 1,039 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 21, 2013 Clarity Media Group
Denver, Colorado 
Theft of a laptop resulted in the exposure of current and former employee information.   Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 20, 2013 GitHub
San Francisco, California 
A hacker or hackers compromised some of the user accounts of GitHub.   Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 19, 2013 Sachem Central School District
Lake Ronkonkoma, New York 
Sensitive information may have been accidentally exposed through an administrative error.  15,000 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 17, 2013 CME Group, CME ClearPort
Chicago, Illinois 
A cyberattack resulted in the exposure of customer information.  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 15, 2013 Greencastle Community School Corporation
Greencastle, Indiana 
Several students found a list of student network passwords and were able to access confidential student files on the school network Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 15, 2013 Dynacare Laboratory, Froedtert Health Workforce Health, City of Milwaukee
Milwaukee, Wisconsin 
Employee's car was stolen.  The car held a flash drive with employee PII 9,414 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 15, 2013 Office of Dr. Paul G. Klein, DPM
Wayne, New Jersey 
Theft of a laptop resulted in the exposure of patient information 2,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 15, 2013 Hospital for Special Surgery
New York, New York 
Breach may have involved the theft of computer equipment & the unauthorized access of information on a computer, and/or paper records 537 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 15, 2013 Mount Sinai Medical Center
New York, New York 
The theft or loss of a portable electronic device resulted in the exposure of patient information 610 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 15, 2013 Mount Sinai Medical Center
New York, New York 
Patient records were improperly disposed 1,586 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 15, 2013 Superior HealthPlan, Inc.
Austin, Texas 
It was discovered that a computer error caused some Superior CHIP ID cards to be sent to incorrect addresses. 6,284 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 15, 2013 Group Health Cooperative
Seattle, Washington 
Identification numbers and chronic conditions were accidentally printed on the outside of letters that were mailed  1,015 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 15, 2013 Rose Medical Center
Denver, Colorado 
Patient records were improperly disposed 606 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 14, 2013 Alta Bates Summit Medical Center, AverMedia Technologies
Berkeley, California 
Two women are accused of misusing the information of people in the Bay Area for identity theft purposes and also had a payroll sheet in their possession. 115 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 13, 2013 USI Insurance Services LLC
Columbus, Ohio 
Malicious software was installed on the USI website. PII exposed. Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 12, 2013 Rotech Healthcare
Orlando, Florida 
Former employee had taken employee files when her employment ended.  Employees and their dependents may have had their PII & PHI information exposed.  Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 11, 2013 City Jeffersonville
Jeffersonville, Indiana 
PII were sent to city employees in a monthly email about vendor payments. 311 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
November 11, 2013 North Country Hospital and Health Center
Newport, Vermont 
A former employee refused to return a laptop that contained unspecified patient health information.  550 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 11, 2013 New York City Police Department
New York
A former police detective pleaded guilty to paying hackers to steal passwords associated with the email accounts of other officers.  30 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 11, 2013 St. Mary's Janesville Hospital, SSM Health Care
Janesville, Wisconsin 
Car theft of an employee's unencrypted laptop resulted in the exposure of patient information.    629 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 08, 2013 Standard Insurance Company
Portland, Oregon 
Vendors accessed a file that was inadvertently disclosed on the vendor's system.  PII could have been accessed  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 08, 2013 Baltimore County
Baltimore, Maryland 
A contractor was found to have saved the PII of county employees to computers for reasons unrelated to work.  12,000 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 08, 2013 North Carolina Department of Health and Human Services
Raleigh, North Carolina 
People who received payment from state hospitals had their information exposed online 1,300 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 08, 2013 ICS Collection Services, Inc, University of Chicago Physicians Group
Tinley Park, Illinois 
Website users were able to view sensitive information of other users.  1,344 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 08, 2013 Office of Dr. Carol Patrick, Ph.D
Lima, Ohio 
Office theft of several computers resulted in the exposure of patient information. 517 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 08, 2013 Good Samaritan Hospital
San Jose, California 
Laptop was missing contained data files related to patient pacemakers.  PII may have been exposed 3,833 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 08, 2013 Texas Health Presbyterian Dallas Hospital
Dallas, Texas 
Office theft of a computer resulted in the exposure of patient information.  PII & PHI were on the computer. 949 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 08, 2013 Ferris State University - Michigan College of Optometry
Big Rapids, Michigan 
Network compromised. A malware program could have accessed PII and a limited amount of clinical information of patients that were on the server 3,947 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 08, 2013 Comprehensive Podiatry LLC
Independence, Ohio 
The theft of a laptop resulted in the exposure of patient information 1,360 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 08, 2013 Access Counseling, LLC
Los Angeles, California 
A briefcase was stolen from an employee's car, it contained a computer with files that included PII and clinical notes related to all clients 566 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 08, 2013 BriovaRx
Chicago, Illinois 
A breach of patient records occurred that may be related to a former employee who was sued for stealing PHI and trade secrets. 1,067 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 08, 2013 Region Ten Community Services Board
Charlottesville, Virginia 
A hacker obtained the passwords to several employees' emails.  The email accounts may have contained the health information of patients. 10,228 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 08, 2013 Schuylkill Health System
Pottsville, Pennsylvania 
The theft of a laptop resulted in the exposure of patient information 2,810 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 08, 2013 Littleton Podiatry
Littleton, Colorado 
The theft of a laptop resulted in the exposure of patient information 3,512 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 08, 2013 Sierra View District Hospital
Porterville, California 
A routine security audit  revealed that an employee had inappropriately accessed protected health information.   1,009 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 07, 2013 DaVita
Denver, Colorado 
The theft of an unencrypted laptop from an employee's vehcle resulted in the exposure of patient and employee information.   11,500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 07, 2013 Department of Economic Opportunity
Tallahassee, Florida 
A glitch in the Department of Economic Opportunity's website caused SSNs of people to be exposed. 45 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
November 07, 2013 Washington State University
Pullman, Washington 
The theft of two external hard drives may have exposed the information of students, current employees and former employees.  300 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
November 04, 2013 Phoenix Medical Group
Laurel, New Jersey 
A dishonest employee accessed and misused patient information. SSNs and dates of birth were taken to file fraudulent tax returns Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
November 04, 2013 Samaritan Family Medicine Resident Clinic, Samaritan Health System
Corvallis, Oregon 
A patient discovered a stack of unshredded medical documents in a publicly accessible dumpster near the medical offices  1,222 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
November 04, 2013 University Hospitals
Cleveland, Ohio 
An unnamed contractor misplaced a hard drive after taking it for a computer system upgrade. It contained PII & PHI 7,100 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
November 04, 2013 CorporateCarOnline.com
Kirkwood, Missouri 
Hackers stole and stored information online related to customers. The online information included plain text archives of PII & credit card numbers.   850,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 31, 2013 Boone Hospital Center
Columbia, Missouri
An employee was found to have accessed PII & PHI without cause.  125 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 31, 2013 Genesis Rehabilitation Services
Kennett Square, Pennsylvania
An employee's USB drive was discovered missing.  It contained the PII of current employees, applicants, and agency employees. 33 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 30, 2013 Florida Department of Health
Orlando, Florida
Two employees accessed a database of patient names, Social Security numbers, and dates of birth for the purpose of misusing the information to file tax returns.  3,500 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 29, 2013 MongoHQ
Mountain View, California
MongoHQ's internal system was compromised.  The system allowed certain administrative users to appear as other users.  Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 28, 2013 Allina Health
Minneapolis, Minnesota
Patients were affected by a breach that involved a former employee at the Inver Grove Heights clinic.  The employee viewed patient records without permission 3,800 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 28, 2013 HealthFitness, Gerdau
Minneapolis, Minnesota
A laptop theft that exposed the information of Gerdau employees and employee dependents. Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 25, 2013 Bedford Borough Council, UK The personal information for an unknown number of individuals referred for social services is feared to be at risk after discovering the council does not log which employees access the data  Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 25, 2013 NBC Sports Group
Stamford, Connecticut
Theft of two laptops resulted in the exposure of personal information.  Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 25, 2013 Michigan State University
East Lansing, Michigan
An unauthorized user was able to modify employee banking information and may have obtained valid payroll credentials by using a phishing attack.  Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 22, 2013 AHMC Healthcare, Inc.
Alhambra, California
Office theft of two laptops resulted in the exposure of patient information from a number of facilities.   729,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 21, 2013 Court Ventures, Experian
Chicago, Illinois
The Experian subsidiary Court Ventures was found to have sold information to unauthorized parties. PII and credit card data were given to foreign criminals posing as a legitimate private investigator for over a year.   500,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 19, 2013 Hospice of the Chesapeake
Pasadena, Maryland
An employee emailed spreadsheets with sensitive patient information to a personal account in order to work from home. PII & PHI affected 500 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 18, 2013 Broward Health Medical Center
Fort Lauderdale, Florida
An employee had taken patient documents out of the medical facility. 960 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 18, 2013 BW Arthritis and Rheumatology, Good Samaritan Hospital, MedStar Health Inc, Padder Health Service, LLC
Glen Burnie, Maryland
Four people face charges related to misusing patient information for more than $750,000 of fraudulent purchases.  55 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 18, 2013 Long Island Rail Road
Long Island, New York
Ticket vending machines were discovered to have been compromised. Debit and credit cards may have been used to create fraudulent payment cards. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 17, 2013 California State University Sacramento (Sacramento State University)
Sacramento, California
Computer server hacked. It contained the Social Security numbers, driver's license numbers, and other personal information of staff members.  1,800 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 17, 2013 Datapak Services Corporation
Howell, Michigan
Online systems infected by malware. Customer names, addresses, payment card numbers, expiration dates, and CVV codes may have been accessed by an unauthorized party.  Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 17, 2013 University of Arizona
Tucson, Arizona
A breach of the university's College of Law website allowed intruders to access class rosters and applicant lists. 9,080 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 17, 2013 Ouidad
Danbury, Connecticut
Hackers were able to access Ouidad's customer database.PII, credit card numbers, credit card security codes and expiration dates were exposed.  Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 17, 2013 Eagleton School, Castro School, Munroe School
Denver, Colorado
The theft of a nurse's suitcase resulted in the exposure of student medical information.  100 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 16, 2013 Memorial Hospital of Lafayette County
Darlington, Wisconsin
Some patients had their financial statements sent to other people.  The mistake was caused by an error in the settings of an unnamed third-party billing vendor's system. 8,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 12, 2013 Gordon Supply Company
Glenside, Pennsylvania
A woman found two bags of personnel records in her backyard. 400 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 11, 2013 Google Chrome
Mountain View, California
A data management firm discovered that Chrome browser users may have had their personal information stored on the hard drives of their computers without their knowledge or consent Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 11, 2013 Hope Family Health
Westmoreland, Tennessee
Theft of an unencrypted laptop from an employee's home may have resulted in the exposure of patient information.  8,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 11, 2013 Monterey County Department of Social Services
Salinas, California
Computer was compromised. First and last names, Social Security numbers, addresses, phone numbers, and dates of birth were exposed.   Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 11, 2013 Sentara Healthcare, Sentara Virginia Beach General Hospital
Virginia Beach, Virginia
Two dishonest nurses' aides gathered information from at least 12 patients in order to file fraudulent tax refunds. 3,700 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 10, 2013 Nordstrom
Aventura, Florida
Skimmers and tiny cameras were installed to collect credit card information. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 10, 2013 Petrochem Insulation, ASRC Energy Services
San Francisco, California
Theft of a laptop from an employee's car resulted in the exposure of personnel spreadsheets with employee PII. Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 10, 2013 NHC Healthcare
Oak Ridge, Tennessee
An unencrypted backup tape was discovered missing. Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.8.3 - Physical media in transit
October 10, 2013 City of Wichita - Electronic Procurement Website
Wichita, Kansas
Hackers accessed the city of Wichita's electronic procurement website.PII and bank account information may have been exposed. Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 10, 2013 Legal Aid Society of San Mateo County
Redwood City, California
Office burglary of 10 laptops resulted in the exposure of client information. PII & PHI may have been exposed Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 09, 2013 Minnesota Counties Insurance Trust
St. Paul, Minnesota
An employee working as a child support officer is accused of making more than 4,000 queries without legitimate cause in a driver and vehicle services database  3,000 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 09, 2013 University of California San Francisco Medical Center (UCSF)
San Francisco, California
Theft of an unencrypted laptop from an employee's vehicle 3,541 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
October 09, 2013 Holy Cross Hospital
Fort Lauderdale, Florida
Patients were affected by a breach that involved a dishonest employee filing fraudulent tax returns.  PII exposed  9,900 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 09, 2013 All Source Medical Management, Scottsdale Dermatology Clinic
Scottsdale, Arizona
An employee of All Source Medical Management was arrested on suspicion of stealing the credit card information of multiple patients. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 08, 2013 Rothman Institute
Philadelphia, Pennsylvania
A former employee removed paper copies of daily patient schedules from Rothman Institute Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 08, 2013 Saint Louis University, Tenet Healthcare Corporation, SSM Health Care, Saint Louis, Missouri Employees had their direct deposit information changed after several malicious phishing emails were sent to employees. 3,000 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 07, 2013 PayJunction
Santa Barbara, California
A number of sales agents were affected when a data backup of PayJunction's internal business system was inappropriately accessed. Unknown California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
October 07, 2013 Walgreens Thieves stole a computer and paper records . The burglary occurred in Crescent's billing center.  PII and medical information were exposed.   Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 06, 2013 Anaheim, California An email with patient information was sent to an unauthorized person.  Names, dates of birth, addresses, diagnoses, and medications were exposed. 1,310 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
October 04, 2013 Adobe
San Jose, California
Hackers accessed Adobe customer information.  Adobe source code for popular products, customer encrypted passwords, customer IDs, and customer credit and debit card information were exposed.  2,900,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 03, 2013 Comcast Phone
California
Unauthorized disclosure and publication of Comcast subscribers' unlisted names, telephone numbers and addresses  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
October 03, 2013  Countess of Chester Hospital, UK Names and patient details were part of a confidential nursing report found lying on the ground outsde of a supermarket  12 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
October 02, 2013 Santa Clara Valley Medical Center
San Jose, California
The theft of an unencrypted laptop from the audiology department of Santa Clara Valley Medical Center resulted in the exposure of PII & PHI 571 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
October 02, 2013 UnityPoint Health
West Des Moines, Iowa
It was discovered that a contractor accessed UnityPoint's EMR system without a legitimate reason.  PII & PHI was accessed 1,800 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
October 01, 2013 R.T. Jones Capital Equities Management Inc.
St. Louis, Missouri
It was discovered that an unauthorized party was able to access a database that contained names, Social Security numbers, and dates of birth.  800 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 27, 2013 State Farm
Bloomington, Illinois 
A former employee at an after-hours call center was found to have misused the credit card information  598 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 27, 2013 Office of Dr. Carol Patrick
Lima, Ohio 
Office burglary resulted in the exposure of patient information Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 27, 2013 ICG America (Amazing Clubs, Games2U, Flying Noodle, Monster Brew, Texas Irons, California Reds)
Austin, Texas 
ICG America learned that its payment processing system was the target of a cyber attack Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 26, 2013 Unique Vintage
Burbank, California 
Unique Vintage's website was accessed by malware   Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 26, 2013 Holy Cross Hospital
Fort Lauderdale, Florida 
A dishonest employee improperly accessed patient information  9,900 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 25, 2013 Windhaven Investment Management
Boston, Massachusetts 
PII, investment positions, and other account information may have been accessed by an unauthorized party.  Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 25, 2013 Mercy Health Systems, Allscripts
Baltimore, Maryland 
An unencrypted hard drive was discovered missing  25 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 25, 2013 Tri-State Surgical Associates
Elkton, Maryland 
An unauthorized staff member provided a physician with the information of patients 433 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 24, 2013 Virginia Polytechnic Institute and State University (Virginia Tech) PII may have been compromised when a server was illegally accessed 145,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 23, 2013 Columbia University Medical Center
New York, New York 
                                                                                                                                           An Excel file that contained sensitive medical student information was accidentally attached to an email  407 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 20, 2013 Buckeye Check Cashing
Dublin, Ohio 
Car theft of a laptop resulted in the exposure of customer information.  PII, and bank account information were exposed. Unknown California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 19, 2013 DiscountMugs.com (BEL USA LLC)
Medley, Florida 
PII with debit and credit card numbers may have been accessed by hackers. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 18, 2013 Logan Community Resources, Inc. Breach resulted in the exposure of patient information. 2,900 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 18, 2013 Minne-Tohe Health Center/Elbowoods Memorial Health Center
New Town, North Dakota 
Breach resulted in the exposure of protected health information. 10,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 15, 2013 St. Francis Health Network, Advantage Health Solutions
Indianapolis, Indiana 
Affected by a breach, possibly a hack 2,575 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 15, 2013 International SOS
Philadelphia, Pennsylvania 
An unauthorized user or users accessed at least one U.S. system that hosts traveler information Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 15, 2013 McHenry County College, Ellucian
Crystal Lake, Illinois 
Software vendor Ellucian accidentally sent PII  to three other junior colleges. Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 13, 2013 MNsure
St. Paul, Minnesota 
An agency employee accidentally sent the information of  insurance agents to two other MNsure employees via email 2,400 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 14, 2013 21st Century Dental PHI were stolen by two men, one of them a volunteer Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 13, 2013 Argotec
Greenfield, Massachusetts 
PII and bank account information may have been exposed. Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 13, 2013
Lexis Nexis, Dun & Bradstreet, Knoll Back ground America
Hackers were able to access an undeground database of stolen consumer information Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 13, 2013 Carol Milgard Breast Center Records were mixed in with those of other patients due to a migration error  Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 13, 2013 Bel USA, LLC PII, credit or debit card numbers were accessed by third parties who compromised the firm's server Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 12, 2013 Kabam, Inc. PII may have been compromised following a security breach in connection with the site's forums Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 11, 2013 Amcal Pharmacy Hundreds of private medical records and possible credit card imprints were accidentally dumped at a recycling plant Unknown California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 11, 2013 FSV Payment Systems, Paymaster Services
Boulder, Colorado 
An unauthoried party accessed a website that contained PII and Payroll Card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 10, 2013 Outdoor Network, LLC, Boats.net, Partzilla.com
Lake Placid, Florida 
A website breach exposed PII, credit card numbers, credit card expiration dates, and CVV codes.  Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 10, 2013 University of South Florida (USF) Health
Tampa, Florida 
Police searched the car of a University custodial employee and found USF Physicians Group patient billing information 140 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 10, 2013 Kaiser Permanente PII & PHI were accidentally emailed to a third party Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 09, 2013 Pierce County Housing Authority Names and Social Security numbers were contained in a spreadsheet linked on the agency's website 979 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 07, 2013 Leading Edge Physiotherapy PII & PHI on an unencrypted external hard drive went missing in a robbery Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 07, 2013 ICS Collection Service, Inc., University of Chicago Medicine PII & PHI exposed via website 1,344 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 07, 2013 Rockland Federal Credit Union
Rockland, Massachusetts 
A breach in their computer system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 06, 2013 Georgia Department of Labor
Marrieta, Georgia 
An employee accidentally emailed a document with the PII of Cobb-Cherokee Career Center customers to 1,000 people 4,457 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
September 06, 2013 Office of Dr. Hankyu Chung
San Jose, California 
Office burglary resulted in the theft of two laptops containing PHI & PII.  Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 06, 2013 James A. Haley Veterans Hospital
Tampa, Florida 
A volunteer allegedly stole the PII of  patients and used the information to file $550,000 worth of fraudulent tax returns.   106 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 06, 2013 Illinois Department of Healthcare and Family Services
Springfield, Illinois 
Contractor sent Family Health Network ID cards to the wrong addresses Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 06, 2013 United States Postal Service At least 25 credit card numbers were captured by two employees using a phone's video recorder Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 06, 2013 Minnesota Department of Labor & Industry SSNs, dates of birth, and drivers license numbers were stolen by a former employee 355 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 06, 2013 Conexis, Commonwealth of Virginia PII were sent to 11 state human resources and payroll employees in error 13,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
September 06, 2013 Edgewood Partners Insurance Company PII with financial, bank, and PHI were contained on one of five unencrypted laptops stolen from the company's office Unknown California SB-1386 & other State derivatives, GLBA and HIPAA Security  A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 05, 2013 Medical University of South Carolina (MUSC), Blackhawk Consulting Group
Charleston, South Carolina 
PII with payment card numbers were exposed by a Blackhhawk Consulting Group hack in August 10,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 05, 2013 State Farm Insurance Customer credit card numbers may have been stolen by an employee at an after-hours call center 687 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 05, 2013 Boston Public School (BPS), Plastic Card Systems
Boston, Massachusetts 
Students across 36 schools may have had their information compromised by the loss of a flash drive. 20,000 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 05, 2013 North Texas Comprehensive Spine and Pain Center
Sherman, Texas 
A former employee stole an external hard drive that contained the medical information of patients. 3,000 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
September 03, 2013 St. Anthony
St. Louis, Missouri 
Car burglary of a laptop computer and flash drive resulted in the exposure of patient information.  2,600 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
September 03, 2013 InterContinental Mark Hopkins San Francisco
San Francisco, California 
Burglary resulted in the exposure of PII and credit and debit card numbers of guests that were on a computer hard drive that was stolen. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
September 03, 2013 Creative Banner Assemblies PII, unencrypted credit card information, and other files may have been accessed due to malicious code on the website. 232 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
September 03, 2013 Clark & Anderson, P.A. PII as well as bank account and brokerage account information, was held on a hard drive stolen from an employee's car 2,096 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 31, 2013 John F. Kennedy International Airport New York, New York Seven contract baggage handlers stealing iPads, iPhones from customer luggage. Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 30, 2013 Osprey Packs Cortez, Colorado Customer information may have been exposed when Osprey Packs' Pro Deal website was hacked Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 30, 2013 Olson & White Orthodontics O'Fallon, Missouri Office theft of several computers resulted in the exposure of PHI 10,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 30, 2013 Harbor Freight Tools Wichita Falls, Texas Credit or debit card fraud in which online and in store customers were affected 300 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 29, 2013 University of Texas, Texas Health Science Center at Houston Medical School Houston, Texas An unencrypted laptop that was housed in a locked closet was discovered missing  596 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 29, 2013 Republic Services Phoenix, Arizona An unspecified number of current and former employees were affected by the theft of a laptop stolen from an employee's home 82,160 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 29, 2013 LabMD Atlanta, Georgia An FTC complaint states that a LabMD spreadsheet with insurance billing data of customers was discovered on a public file sharing network. 9,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 29, 2013 Midwest Supplies Minneapolis, Minnesota   Customer  PII including credit card numbers may have been exposed after Midwest Supplies' website was hacked. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 28, 2013 Advocate Medical Group Park Ridge, Illinois Office theft of four unencrypted desktop computers resulted in the exposure of patient information.  4,000,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 28, 2013 Missouri Credit Union Columbia, Missouri A file with customer information was accidentally published on Missouri Credit Union's website 39,000 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 28, 2013 Advanced Data Processing Inc. (ADPI), Valparaiso Fire Department
Valparaiso, Indiana
PII was compromised by a breach. 860 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 27, 2013 Bonneville Power Administration (BPA) Portland, Oregon Employees affected by a cyber attack.  The attack appears to be related to the attack on the Department of Energy's website.   3,100 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 27, 2013 University of Mississippi Medical Center Jackson, Mississippi An employee accidentally attached a spreadsheet with sensitive information to an email that went out to students.  2,279 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
August 23, 2013 The New York Times, Melbourne IT New York, New York A domain or domains belonging to The New York Times was attacked by activist hackers  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 23, 2013 Hill Air Force Base Ogden, Utah An administrative employee sent the names and SSNs of Hill Air Force Base employees to a personal email account 500 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
August 23, 2013 Advocate Medical Group Patient PII were contained in four computers stolen from an administrative building 4,000,000 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 23, 2013 University of Mississippi Medical Center PII accidentally sent via email to 190 students 2,281 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
August 22, 2013 San Francisco State University - College of Extended Learning
San Francisco, California
A server that contained the personal information of students was breached Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 21, 2013 Hope Community Resources (HCR) Anchorage, Alaska The health information of disabled patients was accidnetally released in an email  3,700 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
August 21, 2013 Emory University Atlanta, Georgia The attack on their information technology infrastructure is similar to attacks that similar organizations have seen in the past few months. Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 16, 2013 League of Legends, Riot Games Santa Monica, California Transaction records from 2011 may have been accessed contained hashed and salted (encrypted) credit card numbers. 120,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 16, 2013 Exelixis San Francisco, California The theft of one or more pieces of company electronic equipment exposed client information. Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 16, 2013 U.S. Department of Energy Washington, District Of Columbia Hacking incident caused the personal information of current and former employees to be exposed 53,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 16, 2013 Ferris State University Big Rapids, Michigan An unauthorized person gained access to the school's computer network. PII were exposed.  58,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 15, 2013 TK Maxx, Ireland Customer credit cards were written down and later sold by an employee 20 Irish Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
August 15, 2013 Harris County Harris, Texas  The PII of current and former Harris County employees was found on electronic files in Vietnam 16,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 14, 2013 Michigan Department of Community Health, Michigan Cancer Consortium Lansing, Michigan A server that housed names, SSNs, dates of birth, cancer screening test results, and testing dates was hacked 49,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 14, 2013 Tampa General Hospital An undisclosed number of patient billing records containing PII & PHI were found in an employee's car Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 13, 2013 Caledonia Home Health and Hospice Saint Johnsbury, Vermont The home theft of an employee's Netbook resulted in the exposure of patient information.   Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
August 12, 2013 Northrop Grumman Technical Services PII & PHI may have been compromised when one of the company's databases was accessed by an unauthorized party Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2013 Bell Helicopter Email addresses and potentially expired credit card numbers of former trainees obtained from an older database Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2013 Income and Capital Growth Strategies Inc. Van Nuys, California A computer network intrustion of Information about clients and their dependents may have occured  Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2013 Smartphone Experts Inverness, Florida A hacker was able to access the computer system used to process online payments.  PII credit and debit card info. were accessed.  Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 09, 2013 Auburn University - School of Forestry and Wildlife Sciences
Auburn, Alabama
Spreadsheets with donor and alumni information were accidentally uploaded to a publicly accessible server after an administrative error Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 08, 2013 San Bernardino County Sexual Assault Services 6 computers stolen and subsequently returned by thieves once they realized which company the computers had been stolen from Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 08, 2013 US Airways Group Tempe, Arizona Dates of birth, security question answers, last four digits of credit card numbers, and frequent-flier miles may have been accessed and compromised. 7,700 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 07, 2013 M2ComSys, Cogent Healthcare, Inc. Brentwood, Tennessee It was discovered that the online system that stored the notes could be accessed Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
August 07, 2013 Retinal Consultants Medical Group Sacramento, California The theft of a laptop from the medical group's offices resulted in the exposure of patient information.    Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
August 02, 2013 Clark Memorial Hospital Jeffersonville, Indiana A third-party mailing error resulted in the exposure of patient health information.   1,087 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
August 01, 2013 Rocky Mountain Spine Clinic Patient names, surgical information, and insurance data accidentally sent to an employee's personal email address 532 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
July 31, 2013 California Correctional Health Care Services Documents including patient names, CDCR numbers, date of birth, and dental treatment plans reported missing from staff member’s possession Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 25, 2013 Stanford University The school has urged all users to change their passwords while it investigates an apparent breach. Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 22, 2013 NYC Bike Share, LLC. Personal credit card information leaked after software breach 1,174 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 22, 2013 OVH.com, France Customer information including PII and encrypted passwords exposed following an attack on the company's European database and Canadian servers Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 19, 2013 Samaritan Family Medicine Resident Clinic Several hundred medical records improperly disposed of in trash can outside medical facility Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 17, 2013 Baltimore City A box containing thousands of employee records including PII was found in the trash Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 16, 2013 Wild Wing Cafe Customer credit card numbers were stolen by unauthorized access to the payment processing system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 15, 2013 New York State Department of Health An employee working in the Medicaid program inappropriately transferred PII of Medicaid beneficiaries to his personal email account 17,743 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 12, 2013 The Leafs User accounts with user names, email addresses and clear text passwords dumped on the Internet 25 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 12, 2013 Konami Digital Entertainment Accounts were accessed compromising users' names, addresses, dates of birth, telephone numbers, email addresses and passwords 35,252 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 12, 2013 Cedars-Sinai Medical Center Employees of community physicians improperly accessed one medical record, in addition one of those people accessed additional records 14 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 11, 2013 Harris County Two electronic files were found in Vietnam containing employee records containing names, dates of birth, and Social Security numbers 16,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 11, 2013 Long Beach Memorial Medical Center Patients' PII & PHI compromised by an employee snooping 2,864 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 11, 2013 Shred-It, Texas Health Harris Methodist Hospital Fort Worth Medical records were given to a disposal company who didn't dispose of them properly and they were found in multiple public locations 277,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 11, 2013 Copenhagen Business School (CBS), Denmark Documents with students' exam answers and personal identification numbers disposed in garbage room 100 EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 08, 2013 Eddie Merlot The restaurant manager stole the identities of customers and former employees in order to take trips to Disney World 50 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 08, 2013 Internal Revenue Service (IRS) Social Security numbers, names, addresses, email addresses and organization names accidentally posted to a government website 100,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 06, 2013 South Central Los Angeles Regional Center Unknown number of names and UCIs missing after employee’s iPad left in a vehicle was stolen Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
July 06, 2013 Tampa General Hospital An employee stole patient names and Social Security numbers to file false tax returns Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 06, 2013 James A. Haley Veterans Hospital An employee stole dozens of patients names and Social Security numbers in order to file false tax returns Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
July 05, 2013 Roy’s Holdings, Inc. Malware found on a desktop computer has compromised customer payment information Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 05, 2013 Illinois Department of Healthcare and Family Services Clients in Cook Country accidentally had their ID cards sent to the wrong addresses 3,100 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 03, 2013 Hertfordshire County Council, UK Documents containing personal staff details found outside a former adult care office in Hatfield Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 02, 2013 Michigan Department of Community Health, Michigan Cancer Consortium Residents' names, dates of birth, Social Security numbers and testing results compromised by website access 50,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 01, 2013 Lincoln County Health and Human Services, Lincoln Community Health Center Paper records compromised by unauthorized access 959 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 01, 2013 Behavioral Health Network, Inc. (BHN) Medical records found in a dumpster Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
July 01, 2013 Borghitalia, Italy Administrator accounts with email addresses and clear text passwords dumped on the Internet 192 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 01, 2013 Advantage Health Solutions Members' addresses, phone numbers, prescriptions and extensive medical records were being exposed by an online portal Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
July 01, 2013 Palm Beach County Health Department Records compromised by unauthorized access to a desktop computer 877 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 30, 2013 Wedgewood Legacy Medical Medical records including patients’ PII on a lost USB drive 2,125 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 30, 2013 Montana State University Names and Social Security numbers compromised by a virus 4,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 30, 2013 Iowa Department of Human Services Employees' and former patients' SSNs, addresses and other information is on a missing computer backup tape 8,000 California SB-1386 & other State derivatives A.10.8.3 - Physical media in transit
June 29, 2013 Classic Administrative Services, Boston Teachers Union Health & Welfare Fund Names and SSNs exposed in online searches by a coding loophole 506 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 27, 2013 University of South Carolina Email addresses and Social Security numbers compromised by a stolen laptop 6,300 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 27, 2013 North Carolina Alcoholic Beverage Control Commission Malware has compromised multiple stores point-of-sale systems Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 27, 2013 Tesco, UK Current and former employees' information including copies of passports, driver's licenses and bank details in a filing cabinet found in the street 20 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 24, 2013 LifeLabs Medical Laboratory Services, Canada Patients' PII and medical information on a hard drive stolen out of a laptop sent for repair 16,100 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 24, 2013 King County Sheriff's Office A laptop containing PII  about thousands of crime victims, suspects, witnesses and even police officers' stolen from a detective's car 2,300 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 24, 2013 Foundations Recovery Network Patient information and medical records on a password-protected, stolen laptop Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 24, 2013 West Kendall Baptist Hospital An employee stole names, addresses, dates of birth and Social Security numbers to use for fraudulent tax returns Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 24, 2013 Niagara Peninsula Energy Inc., Canada The contents of a payment box, which include payment and account information, was stolen Unknown Canada PIPA & PIPEDA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 22, 2013 University of Massachusetts at Amherst (UMASS) Clients of its Center for Language, Speech and Hearing private data may have been compromised by malware 1,670 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 22, 2013 La Vie Nouvelle, France Names, email addresses and passwords dumped on the Internet 17 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 22, 2013 Florida Department of Education Participants in a teacher preparation program had their PII publicly exposed for 2 weeks  47,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 21, 2013 Sight & Sun Eyeworks of Gulf Breeze Patients' clinical and demographic information, along with Social Security numbers, were compromised 9,626 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 22, 2013 University of Hong Kong Names, addresses, email addresses, dates of birth and bank information hacked 2,300 Personal Data (Privacy) Ordinance (PCPD) A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 21, 2013 SquareDancing.com, Inc. User names and encrypted passwords dumped on the Internet 2,050 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 21, 2013 International Trade, UK Names, phone numbers, email addresses and passwords dumped on the Internet 11 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 21, 2013 Just Limited, UK Names, email addresses and passwords dumped on the Internet 13 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 21, 2013 B & B Tax & Accounting Owner obtained personal information and filed fraudulent tax returns using the business Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 21, 2013 Gap Inc., Banana Republic Confidential Gap employee records including PII were accidentally mailed to a Banana Republic customer who ordered a tie 20 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 21, 2013 L. Frazier Banks Middle School Unsecured records of former students including PII found in a closed down school building Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 20, 2013 University of Illinois The Hendrick House had a breach compromising student's names, addresses, dates of birth and Social Security numbers 2,800 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 19, 2013 Automatic Data Processing (ADP), City of Houston A software code error made by the city's payroll contractor has potentially exposed the PII of government employees 5,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 18, 2013 Morningstar, Inc. PII and passwords may have been compromised because of an illegal intrusion into the Morningstar Document Research system Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 18, 2013 Eldorado Apartments Former applicants and tenants rental applications including PII discarded in a dumpster behind the apartments Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 18, 2013 City of South Beloit The sewer billing system was accessed and there is a possibility that employee information has been compromised Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 18, 2013 Mineralogy, Australia The company's computer server was accessed and the fax machine was set up to send copies of every fax to an outside number Unknown Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 18, 2013 MadVapes LLC Shipping and billing addresses breached with the possibility of credit card data also being compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 17, 2013 Swiss Canadian Chamber of Commerce (Ontario) Inc. User names (email addresses) and SHA1 encrypted passwords dumped on the Internet 94 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 16, 2013 Axis Bank, India Financial accounts compromised by a skimming device placed on the bank ATM located in Colaba, Mumbai 37 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2013 Fayetteville VA Medical Center Patients' names, Social Security numbers, dates of birth, addresses and prescriptions found in a recycling bin 1,093 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 14, 2013 Elettronic Auto, Italy User accounts with email addresses, user names and clear text passwords dumped on the Internet 197 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2013 Convergys Corp. Staff accounts with email addresses and MD5 Encrypted passwords dumped on the Internet 24 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2013 PanShun Chamber Of Commerce, Hong Kong User accounts with email addresses and MD5 encrypted passwords dumped on the Internet 2,136 Personal Data (Privacy) Ordinance (PCPD) A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2013 SurveyPak, UK User accounts with email addresses and clear text passwords dumped on the Internet 540 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 14, 2013 Ephrata Community Hospital An employee accessed patient medical records that were not needed in order to perform their job Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 14, 2013 Pakissan User accounts and 1 Administrator account with user names, email addresses and clear text passwords dumped on the Internet 568 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 13, 2013 Brothers Tube Administrator accounts with user names, email addresses and encrypted MD5 passwords dumped on the Internet 13 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 13, 2013 CITIC Telecom International Holdings Limited, Hong Kong User accounts with user names, email addresses and MD5 Encrypted passwords dumped on the Internet 2,583 Personal Data (Privacy) Ordinance (PCPD) A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 12, 2013 Walmart Two employees using customer credit card information to make purchases in the store Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 11, 2013 Lucile Packard Children’s Hospital at Stanford Patients information compromised by a stolen password-protected laptop 12,900 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 11, 2013 South Florida State Hospital Employees stole patients' names and Social Security numbers to file fraudulent income tax returns Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 10, 2013 JT's Paperworks & Tax Services , Atlantic Multi-Services Customer information used to file fraudulent tax returns and in turn stealing millions of dollars from the federal government Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 10, 2013 Pacific Pizza Checks and credit card receipts stolen in a burglary Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 09, 2013 Emmorton Associates Patients' PII & PHI compromised by a broken into filing cabinet 75 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 07, 2013 MGF Compressors, Italy User accounts with user names and clear text passwords dumped on the Internet 726 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 07, 2013 Synermed, Inc., Inland Empire Health Plan Patients' PII & PHI on stolen unencrypted password-protected laptop 1,566 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 07, 2013 Integrity Oncology, North Atlantic Telecom Records compromised by actions involving a desktop computer 539 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 07, 2013 Sutter Health A list containing patient’s PII recovered in an unrelated investigation 4,500 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 07, 2013 Raley's Family of Fine Stores Credit card payment system may have been compromised during an attack on the computer network Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 07, 2013 City of Norwood Records compromised by lost laptop 500 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 07, 2013 Interior Health Authority, Canada Patient records accidentally left on a bus Unknown Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 07, 2013 Danish National Police (Rigspolitiet) Policemen's email account login details obtained through unspecified hack and accounts possibly compromised 10,000 EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 06, 2013 Town of Brookhaven ambulance workers and beneficiaries Social Security numbers accidentally made public on the website 78 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 06, 2013 Hetzner Online AG, Denmark Customer payment information, including credit card info. password hashes possibly including the private decryption keys compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 05, 2013 Comfort Dental Marion and Kokomo, Just the Connection Inc Records compromised by improper disposal 5,388 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 05, 2013 Health Resources of Arkansas Records compromised by theft 1,900 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 05, 2013 DIBS Payment Services A/S, Denmark All invoices containing PII over a 7 year period since introduction of new payment system available online and accessible by manipulating URL Unknown EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
June 05, 2013 Arlington Independent School District Two laptops, one encrypted and one password protected, containing current and former employee PII were stolen from an administrative building Unknown California SB-1386 & other State derivatives, FERPA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
June 05, 2013 Independence Care System Medical records compromised by a stolen laptop 2,434 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
June 04, 2013 Solomon’s Tax Services LLC Owner stole customer's information to file fraudulent tax refunds Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
June 04, 2013 Academy Studios Employees' personal information including sensitive information left in a dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
June 03, 2013 Champlain College A portable storage device containing PII provided to the college's admissions and financial aid offices was left in a computer lab on campus 14,217 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 31, 2013 Rosewood Inn of the Anasazi Credit card server compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 31, 2013 RentPath, Inc. An independent contractor sold several pieces of computer hardware containing PII of employees, former employees and applicants Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 29, 2013 Kforce Inc. An employee stole other employees' names, Social Security numbers and dates of birth to file false tax returns 75 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 29, 2013 Bon Secours Mary Immaculate Hospital Patient records compromised by two employees who were accessing files unneeded 5,000 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 29, 2013 UF Health Pediatrics Patients personal and health information compromised by an employee with ties to an identity theft ring 5,682 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 29, 2013 Just Kids During a burglary the safe was stolen containing checks and credit card information Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 28, 2013 Thunder Bay Regional Health Sciences Centre, Canada MRI scans of about 500 people were shared with a physician outside the hospital who did not have hospital privileges 500 Canada PIPA & PIPEDA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 25, 2013 Callaway Gardens Credit card security system compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2013 Jackson Health System Patients information in boxes of missing medical records 1,407 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 24, 2013 Sonoma Valley Hospital Surgery patients information accidentally uploaded by an employee to the website 1,350 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 23, 2013 Eurasian Natural Resources Corporation, UK Employee laptop stolen from home Unknown UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 22, 2013 Vendini, Inc. Tens of thousands names, addresses, email addresses and financial information including credit card numbers compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 21, 2013 SilverScript Insurance Company Paper records compromised by unauthorized access 852 California SB-1386 & other State derivatives, GLBA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 20, 2013 Erie County Department of Social Services Documents including PII & PHI carelessly disposed Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 20, 2013 Sovereign Medical Group, LLC Records compromised by the theft and hacking of a network server 27,800 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2013 City of Akron Taxpayers had their personal information hacked including their names, addresses, and social security numbers 8,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 17, 2013 Titanic Belfast Ltd., UK Limited personal data of applicants was inadvertantely released as part of the booking process for an exhibition Unknown UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 17, 2013 Clearwater Police Department The police commander searched the Florida Driver and Vehicle Information Database to obtain information about people without cause 54 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 17, 2013 Stronghold Counseling Services Inc Records on a stolen desktop computer 8,500 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 17, 2013 Valley Mental Health Records on stolen desktop computer 700 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 17, 2013 Delta Dental of Pennsylvania Paper records lost 14,829 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 17, 2013 Wood County Hospital Records stolen 2,500 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 17, 2013 King County Department of Public Health Paper records improperly disposed 750 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 16, 2013 Community Health Network An employee accessed up to 180 records including Social Security numbers, dates of birth and credit card numbers 180 California SB-1386 & other State derivatives, PCI/Visa CISP and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 16, 2013 Jackson County Civic Action Committee Inc. Records stolen from office include PII & PHI for students and families who applied for Head Start Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 15, 2013 Louisiana State University Health System Patients information accidentally disclosed by a database error 8,330 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 14, 2013 DENT Neurologic Institute (DNI) Patient PII & PHI in a spreadsheet accidentally attached to an email sent to 200 patients 10,200 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
May 13, 2013 Presbyterian Anesthesia Associates Names, contact information, dates of birth and credit card numbers compromised by hackers using a website security flaw 9,988 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 10, 2013 Indiana University Health Arnett Hospital Patients' names, dates of birth, physicians’ names, medical record numbers, diagnoses and dates of service on a stolen unencrypted laptop 10,350 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 10, 2013 Regional Medical Center at Memphis Patients' PII including Social Security numbers, phone numbers, and reason for therapy compromised by three emails 1,200 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
May 09, 2013 ElectraCard Services, EnStage Two computer systems of credit card processors were hacked in order to obtain prepaid debit card information which was used to withdrawal $2.8 million in less than 24 hours Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 09, 2013 Washington State Administrative Office of the Courts Social Security numbers and driver's license numbers may have been accessed during the data breach of its public website 160,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 08, 2013 Cooperative Educational Service Agencies (CESA) Web portal hacked compromising old data including passwords Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 06, 2013 Pasture Promise Ltd, UK User accounts with email addresses and clear text passwords dumped on the Internet 228 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 06, 2013 Unknown Organization, Raleigh Orthopaedic Clinic A company hired to convert x-ray films to electronic files never returned all of the materials and compromised the patient data 17,300 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 06, 2013 MAPCO Express Inc. Systems that transmit debit and credit card have been accessed and the financial information may have been used for fraudulent purchases Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 06, 2013 Honolulu Police Department Names, email addresses, phone numbers and passwords compromised 3,500 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 06, 2013 California Department of Public Health A reel containing birth records including names, addresses, SSNs and some medical information was found in an insecure location 2,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 05, 2013 Honolulu Police Department Administrator accounts with email addresses and clear text passwords dumped on the Internet 23 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 03, 2013 University of Rochester Medical Center Patients’ PII & PHI  on misplaced USB drive 537 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
May 02, 2013 Raceway Nearly 400 debit card numbers and their pins were skimmed from gas pumps 400 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 02, 2013 C. Marino Records, NJ Lenders Corporation A wearhouse employee sold files containing customers' information which was used to steal their identities Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
May 02, 2013 Redstone Arsenal, QinetiQ Servers were accessed and 20GB of data including employee passwords were compromised before the attackers were detected 13,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
May 01, 2013 Lakeshore Mental Health Institute Patients' records, including SSNs, names, dates of birth, and case numbers, found in an abandoned hospital building Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
May 01, 2013 Reputation.com Users' PII and hashed, salted passwords compromised Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 26, 2013 OneWest Bank Customer PII compromised Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 26, 2013 Upstate University Hospital Patients' names, dates of birth, and medical information on stolen laptop 283 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 26, 2013 Hope Hospice Patient names and other PHI in a report emailed on an unsecured channel 818 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 26, 2013 LivingSocial Inc. Customer names, emails, birthdates and hashed and salted passwords accessed by hacker 50,000,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 26, 2013 Burnett Practice, UK Email account breached and patients' email addresses and smear test results compromised 175 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
April 26, 2013 Literacy Mid-South Documents with PII found in a dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 25, 2013 Eastern Health Authority A briefcase containing client records and notes was stolen from a car 63 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 24, 2013 Government of Maharashtra, India Aadhaar applicants' biometric data lost due to a crashed hard disk 300,000 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 24, 2013 Oakland Community College Students' PII including Social Security numbers and addresses exposed by a glitch on the website 129 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 24, 2013 City of Berkeley Municipal employee SSNs had been erroneously divulged to a local media outlet 11,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 23, 2013 Hathershaw College, UK Documents including academic records and medical histories accidentally available for download on the school website Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 23, 2013 Teavana Credit and Debit cards numbers may have been accessed and compromised by an unauthorized user Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 23, 2013 Ultimate Champions Taekwondo Client folders containing credit card numbers and Social Security numbers found in a dumpster behind the studio 30 California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 23, 2013 Hertfordshire Constabulary, Cambridgeshire Constabulary, Bedfordshire Constabulary, UK Constabularies staff personal details accidentally sent to contractor G4S when they were unnecessary 1,000 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 23, 2013 BioMat USA An employee stole PII of donors to file false tax returns 130 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 22, 2013 Child and Family Services of New Hampshire Files including PII and certain health information  from home visits stolen from the office 23 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 22, 2013 Kmart An armed robber stole electronic media from the pharmacy containing PII & PHI Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 21, 2013 Brazilian Army Commission, Washington Names, email addresses, IP addresses and passwords dumped on the Internet
2,013 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2013 Privacy Corps Names, email addresses and passwords dumped on the Internet 24 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 20, 2013 NewSeaSims.com User accounts with user names, email addresses and clear text passwords dumped on the Internet 108,377 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 18, 2013 California Department of Motor Vehicles An Desert Palm employee was stealing credit card information from customers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 16, 2013 OptiNose US Inc. A laptop was stolen from a car;  Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 16, 2013 FedEx, Fannie Mae Package with password-protected thumb drive with loan customers' PII stolen from delivery cart Unknown California SB-1386 & other State derivatives, GLBA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 16, 2013 Arizona Counseling and Treatment Services, Cenpatico Behavioral Health of Arizona Patients' names, dates of birth, and medical treatment plans on stolen laptop and external hard drive 500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 16, 2013 New York State Electric & Gas, Rochester Gas and Electric, Iberdrola USA, Central Maine Power Company The PII of individuals who used a recruitment site to submit job applications compromised by unauthorized access 5,100 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 15, 2013 Linode Database including encrypted credit cards with the encrypted private key, and encrypted passwords with their salts compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 14, 2013 Restoring Family Staff accounts including email addresses and clear text passwords dumped on the Internet 324 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 14, 2013 Australia Post An employee stole mail in order to get confidential details for identity theft scams Unknown Australian Privacy Act 1988 A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 14, 2013 Sacred Art Tattoo Documents containing client's PII and credit card information found in a dumpster Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 12, 2013 Wawa Gas station attendant found in possession of a credit card skimming device Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 12, 2013 Social Security Administration Employee accessed information of recently deceased recipients of social security and used the money for fraudulent purposes Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 11, 2013 Investment Industry Regulatory Organization of Canada Investors from 32 investment firms had their personal information on a lost portable device 52,000 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 11, 2013 Chapman University Names, social security numbers, student identification numbers and dates of birth exposed on intranet Unknown California SB-1386 & other State derivatives, FERPA and HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 09, 2013 VUDU Inc. Hard drive with user data stolen during office burglary Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 09, 2013 Midwest BankCentre Personal information on more than 300 loan applicants exposed 300 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 08, 2013 Kirkwood Community College Records of online applicants for credit courses may have been acquired by hacker 125,000 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 07, 2013 Hypoparathyroidism UK Members' records with PHI, PII including clear text passwords dumped on the Internet 581 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 07, 2013 Vyoo, UK Email addresses, user names and passwords dumped on the Internet 2,011 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 06, 2013 Sony Mobile Communications AB, UK User accounts including email addresses and clear text passwords dumped on the Internet 13,044 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 06, 2013 Pembrokeshire County Council, UK Council allegedly sent 400 pages of psych records on 10 abused children to another abuse victim who had requested his own files 10 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 05, 2013 William Jennings Bryan Dorn VAMC Laptop stolen from Respiratory Therapy Dept. contained patients' PII & PHI 7,405 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 05, 2013 First National Bank of Mercersburg Hackers claim to have acquired clear-text login credentials, dates of birth, email address, SSNs and address details 3,500 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 05, 2013 GNP Consultants Files and a computer tower with PII of life insurance applicants found in a dumpster. Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 05, 2013 Harmonix, UK User information including use names and passwords were compromised Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 05, 2013 Erlanger Hospital (Erlanger Health System) Pediatric patients' records found outside hospital. 87 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 05, 2013 Olive Garden Restaurant Waiter skimmed customers' credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 04, 2013 Portal Healthcare Solutions LLC, Glens Falls Hospital Transcribed doctors' notes with PHI were vulnerable to viewing or download on unsecured server 2,360 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 04, 2013 Hospice of Alamance Caswell, LifePath Home Health Current and past patients notified after teens stole laptops and could have viewed paper records in offices 5,371 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
April 04, 2013 Adults and Children with Learning and Developmental Disabilities Inc. (ACLD) An employee stole a patient's identities and credit card numbers for fraudulent purposes 1 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 04, 2013 Alabama Division of Information Services Employee and vendor PII exposed by hackers infiltrating the state computer system Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 04, 2013 Scribd, Inc Attackers may have compromised 1% of users' PII & passwords Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 04, 2013 Royal Oldham Hospital, UK Confidential information on 16 pediatric patients found 40 miles away 16 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 03, 2013 UF & Shands Family Medicine at Main Patients notified that their PII may have been provided to tax refund fraud conspirators 14,339 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 03, 2013 Bob Roberts & Co.Inc. The office manager forged signatures on company checks to steal $933,079 from the company Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
April 02, 2013 80Tees.com Online purchasers' PII and credit card numbers exfiltrated and misused after malware inserted into system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2013 OP Productions, Australia War Z taken offline and player's PII including forum passwords compromised 600,000 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2013 Tradebe Environmental Services, LLC Laptop stolen from employee's car contained employees' payroll and tax information, including SSNs Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
April 02, 2013 Ellison Systems, Inc. (Shoplet.com) Customers' names, addresses, and credit card info accessed by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2013 Experian, Premier America Credit Union Client's login credentials misused to access credit report database Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
April 02, 2013 Royal Bolton Hospital Four pages with PII & PHI for patients found in the street. 25 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
April 01, 2013 Derbyshire Constabulary, UK 19 staff members have accessed data they were not allowed to see over the past 3 years Unknown UK Data Protection Act & EU Directive on Data Protection A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 29, 2013 ANZ Bank (Australia and New Zealand Banking Group Limited), Australia A few bank ATMs have been compromised affecting customers Unknown Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 29, 2013 Washington Department of Social and Health Services, Sunil Kakar, PsyD Contract psychologist's laptop with PII & PHI on stolen laptop 652 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 29, 2013 Landmark Medical Supplies Building's landlord tossed paperwork from the business out onto the sidewalk, complete with patients' information Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 27, 2013 Allen County Employees' information exposed 1,152 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 27, 2013 Parrish's Bar & Grill Waitress charged with stealing customers' credit and debit card information 20 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 27, 2013 Rollins, Inc. Newsletter mailing embedded Social Security numbers in mailing labels Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 27, 2013 Kelly Plaza Dental Clinic Dental patients' records found in dumpster outside evicted dental practice Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 26, 2013 HealthCare for Women Patient names, addresses, telephone numbers, dates of birth and summaries of visits compromised by hacked computer servers Unknown California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 25, 2013 OrthoCare Medical Equipment, LLC Binder containing patients' medical records was stolen 93 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 25, 2013 Oregon Health & Science University PII & PHI of surgeons of over 4,000 patients on laptop stolen from a vacation rental home 4,022 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 22, 2013 United HomeCare Services of Southwest Florida, United HomeCare Services, Inc. Stolen laptop held clients' or family members' PII, health plan numbers, services received, or health status. 13,617 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 22, 2013 Florida Department of Juvenile Justice Employee stole personal information of juveniles to file false tax returns Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 22, 2013 Texas Tech University Health Sciences Center Patients' billing statements were sent to the wrong addresses 700 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 22, 2013 Vernon Township The clerk email an attachment to several recipients that including employee SSNs and other personal information Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 22, 2013 TLO Individuals' PII were accessed by what firm believes was a fraudulent account Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 22, 2013 Blanchard’s Liquors Customers report credit card fraud after purchases at stores; firm says malware attack on POS system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 22, 2013 Dead River Company Malware may have resulted in access to employee, customer, and credit applicants' information Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 22, 2013 Granger Medical Clinic Patient appointment records slated for shredding went missing. 2,600 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 22, 2013 TD Bank Employee used 14 customers' and former co-workers' information to open credit card accounts to boost her annual bonus 14 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 22, 2013 Tallahassee Community College PII stolen as part of tax refund fraud scheme 3,300 California SB-1386 & other State derivatives, FERPA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 22, 2013 Sunshine Pharmacy Prescription labels/records with names, phone numbers and birth dates found in dumpster Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 21, 2013 Schnucks Customers at chain's stores report card fraud Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 21, 2013 Parkside Restaurant The owner fraudulently ran customer credit card numbers a second time and wrote fraudulent checks 1,488 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 21, 2013 U.S. Bank Skimmer attached to bank's ATM captured customer information that was misused Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 20, 2013 Tennis Express Database with customer CC transaction data may have been decrypted by hacker who exploited vulnerability in program provided by third party Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 20, 2013 Dell, Inc. Server stolen from premises held individuals' names, addresses, Social Security numbers, and dates of birth Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 20, 2013 United States Marine Corps Marine recruiter accused of using email and Facebook account logins for hacking into women’s computers to obtain intimate photos. 40 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 19, 2013 Lyons & Lyons P.C. Unauthorized individual accessed clients' tax filing information and used the information for tax refund fraud scheme Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 19, 2013 United States Department of Energy, Savannah River Site Employees notified of breach involving their personal information 12,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 19, 2013 Cruz Fitness Boxes of records with personal information from defunct fitness gym found in dumpster Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 17, 2013 Exiled Forums Email addresses, user names, passwords and their salts dumped on the Internet 59 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 16, 2013 U.S. General Services Administration Vulnerability in System for Award Management (SAM) enabled registered users to view other users' registration details 600,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 15, 2013 Citibank A skimmer was located on an access door that requires a Citibank ATM card to be swiped to gain access to the ATM Unknown California SB-1386 & other State derivatives, GLBA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 15, 2013 Shore Mortgage (United Shore Financial Services, LLC) Hacker accessed server with clients' PII, financial information Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 15, 2013 Salem State University HR server containing payroll information was found to have been infected 25,000 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 15, 2013 Shaw Communications, Canada Shortly after a possibly unrelated technical glitch, customer receives emails addressed to others 186 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 13, 2013 Montreal Police (SPVM), Canada Officers' PII dumped on the Internet, including photos of alleged undercover agents 5,587 Canada PIPA & PIPEDA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 13, 2013 Sinco Treuhand AG (Beda Singenberger), Zurich Financial adviser to 60 tax-dodging clients inadvertently mailed a list of his clients that came into govt hands, enabling them to identify and prosecute them 60 EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 12, 2013 Lawrence Melrose Medical Electronic Record, Inc. (Hallmark Health), Canan Avunduk, MD (Baystate Gastroenterology), Maury Goldman, MD, Hallmark Health Medical Associates, John Mudrock, MD, Womens Healthcare Associates, Main Street Family Practice Employee of a medical practice improperly accessed patient electronic medical records and registration forms for patients from six practices Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 12, 2013 Community Hospital, Crozer-Chester Medical Center Two employees sold patient information to outsiders for tax refund fraud scheme 144 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 10, 2013 Active Odds User accounts with users names, email addresses and clear text passwords dumped on the Internet 2,479 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 11, 2013 The Vons Companies, Inc. (Safeway Inc.), Smart and Final, Dwaynes Friendly Pharmacy Customers became victims of credit and debit card fraud 300 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 11, 2013 Experian, TransUnion, Equifax, AnnualCreditReport.com PII including the SSNs and credit reports for many of celebrities and govt officials acquired and dumped on the Internet Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 09, 2013 CodeUSA Software Forums and user database PII and possibly hashed and salted passwords accessed by intruders Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 08, 2013 City of Jacksonville Document with employees' names and Social Security numbers exposed on intranet Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 08, 2013 North Carolina Department of Health and Human Services, Computer Sciences Corporation (CSC) Missing flash drive contained unencrypted names, SSN, dates of birth and addresses for more than 50,000 medical providers 50,405 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 08, 2013 Alabama Department of Corrections One current and one former employee indicted for obtaining the PII of state inmates, filing false tax returns to obtain refunds, and cashing the checks Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 08, 2013 Rotol's Pizzeria Customers' credit/debit card numbers acquired by hackers and misused 75 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 08, 2013 University of Connecticut Health Center Former employee inappropriately accessed patient records with PII and other health information. 1,382 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 07, 2013 Crooked Oak Family Medicine , Lancaster General Health Upset patient grabs other patients' information and runs out of office 527 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 07, 2013 Privacy Corps User accounts including email addresses and clear text passwords dumped on the Internet 2,142 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 07, 2013 Miami Police Department Police officers misused access to Florida driver's license record database to obtain identity info which was sold to others for tax refund fraud scheme Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 07, 2013 South Florida Reception Center, Florida Department of Corrections Corrections officer sold State of Florida inmates PII to confidential FBI source for use in tax refund fraud scheme 805 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 06, 2013 Experian, Timber Blind and Shutter Client's login misused to access credit reports Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 05, 2013 Unknown Organization, Commerce Bank There was a point-of-sale breach that affected customers of Commerce Bank, who reissued their credit cards Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 05, 2013 Anglo American Platinum Limited, SA Administrator and User information including PII with clear text passwords dumped on the Internet 3,290 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 05, 2013 CC Accounting & Tax Service Stolen computers contained clients' information; dozens already victims of tax refund fraud Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 05, 2013 Frontier Natural Products Co-op Malicious file inserted on server captured customers' information during transactions on simplyorganic.com, auracacia.com, and frontiercoop.com sites Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 04, 2013 BitInstant LLC A hacker socially engineered the domain registrar using employee information to gain access and steal $12,480 USD in bitcoins Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 04, 2013 West Georgia Ambulance Lost laptop contained patient information 500 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 04, 2013 Coast Healthcare Management Stolen documents contained information on patients from multiple health plans 1,368 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 04, 2013 Intervention Services, Inc. Stolen laptop contained patients' information 1,200 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 04, 2013 Family Intervention Specialists, Inc. Unshredded personal and medical records found in dumpster after agency moved out. Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 04, 2013 Kindred Healthcare Inc. (Kindred Transitional Care and Rehabilitation) Safe with backup tapes with information on 716 patients stolen during burglary. 716 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 04, 2013 HomeCare of Mid-Missouri A laptop stolen during transport contained patients' PII and description of services provided. 4,027 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 04, 2013 Catoctin Dental/ichard B. Love, D.D.S., P.A. Dental practice notifies patients of hack even though no evidence that data were read or stolen 6,400 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 04, 2013 County of San Bernadino Department of Behavioral Health, County of San Bernardino Department of Human Services Listing of limited DBH client information was stolen from the vehicle of a Human Services employee. 683 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
March 04, 2013 Center for Pain Management (National Spine and Pain Centers) Two laptops stolen in office burglary contained patients' PII, medical history, medical diagnoses. 5,822 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
March 04, 2013 Unisys, Prudential Insurance Company of America Employee accidentally emailed document with Unisys employees' details including SSN and salary info to an employee at Unisys Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
March 04, 2013 Baymont Inn Suites Employee with history of similar crimes stole guests' names, credit card numbers and expiration dates 23 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 01, 2013 South Miami Hospital Employee improperly accessed patients' info for tax refund fraud scheme Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 01, 2013 Samaritan Hospital, Rensselaer County Correctional Facility Employees at jail under investigation for improperly accessing hospital's patient database 48 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
March 01, 2013 Fabric Depot, Inc. Customers' names, addresses, credit/debit card numbers and card verification codes accessed by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
March 01, 2013 Unknown Organization, Australian Government Department of Defence Soldiers' medical records from orthopedic practice found in the street Unknown Australian Privacy Act 1988 A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 01, 2013 St. Francis Hospital (Saint Francis Hospital), Greenstar Recycling Stack of cardiology records with patients' history discovered in a stack of wooden pallets used for recycling paper Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
March 01, 2013 Orleans County County employees had their identity information compromised 25 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 28, 2013 GE Capital Retail Bank Customers using certain retail store-branded credit cards notified their personal info compromised by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 28, 2013 Market Square Restaurant Restaurant notified by customers, bank and law enforcement of breach Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 28, 2013 Vazzy's Osteria Customers report card fraud after use at the restaurant Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 28, 2013 Florida Association Management Homeowners' names, bank accounts and routing numbers on stolen server. Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 28, 2013 Unknown Organization, First National Bank of Southern California Back-up tape containing account details and SSNs was stolen from data service provider Unknown California SB-1386 & other State derivatives, GLBA A.10.8.3 - Physical media in transit
February 27, 2013 Bank of America, Thomson Reuters, Bloomberg, ClearForest, TEKSystems Emails and salary information, many from publicly available sources, leaked on the Internet Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 27, 2013 Australia Broadcasting Corporation (ABC) Users' names, usernames, email addresses, hashed passwords, and other details dumped on the Internet 50,000 Australian Privacy Act 1988 A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 26, 2013 Government of Prince Edward Island, Canada Post-secondary students' Social Insurance Numbers clearly visible in envelope window. Unknown Canada PIPA & PIPEDA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 26, 2013 Massachusetts Mutual Life Insurance Company (MassMutual), Convey Compliance Solutions Some IRS 1099 forms containing PII and financial information sent to valid but incorrect addresses Unknown California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 25, 2013 Equinox Two employees charged with stealing and misusing customers' credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 25, 2013 Cartier North America Laptop left in taxi contained customers' names and credit card numbers 13 California SB-1386 & other State derivatives, PCI/Visa CISP A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 25, 2013 Mercedes-Benz of Walnut Creek Burglars stole records with customers' information, including Social Security numbers Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 25, 2013 London Borough of Hackney, UK Files posted online contained residents' names, addresses, email addresses, mobile phone numbers and other information 35 UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 25, 2013 City of York Council, Yorwaste, UK Documents with sensitive information on individuals either stolen or left behind in skip when council was moving offices 80 UK Data Protection Act & EU Directive on Data Protection A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 22, 2013 North Carolina Department of State Treasurer, Professional Mail Services Envelopes mailed in January partially or fully exposed the retirees' Social Security numbers 26,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 22, 2013 Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) PII on 2 casinos' patrons were on stolen devices and papers 777 Canada PIPA & PIPEDA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 22, 2013 Sprouts Farmers Markets Point of sale system at 19 of 151 stores were compromised over a 5-day period Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 22, 2013 cPanel Inc. Some users advised to change root and admit pwds after support server hacked Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 21, 2013 Benny's Pizza Pub & Patio Customers' card numbers compromised Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 21, 2013 Crescent Healthcare - A Walgreens Company Stolen computer hardware held patients' PII & PHI Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 20, 2013 Polk County Public School District 1098T tax forms with students' SSNs were sent to incorrect addresses when staff failed to separate forms before stuffing envelopes 200 California SB-1386 & other State derivatives, FERPA "A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 20, 2013 Variable Annuity Life Insurance Company (VALIC) User ID and profile created to access customer data from web site, including SSN and financial information Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 20, 2013 Hundred Bar and Kitchen, Canada Documents with servers' names with transaction and tip totals as well as credit card batch reports with last 4 digits of card numbers found in trash Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 19, 2013 Educause Name, title, e-mail address, usernames and passwords as well as hashed passwords of .edu domain holders compromised by hack Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 19, 2013 Orlando Health, Mid-Florida Urological Associates Medical assistant at group practice allegedly accessed hospital system's patient database and misused patient records to file insurance claims Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 19, 2013 SANDS Lothians, Mortonhall Crematorium, UK Unencrypted laptop containing the personal details of those affected by the scandal at Mortonhall stolen from office Unknown UK Data Protection Act & EU Directive on Data Protection A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 19, 2013  Kork & Keg Liquors Compromised POS is believed to be the cause of multiple fraudulent transactions with different credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 18, 2013 Johns Hopkins Medicine, East Baltimore Medical Center Gynecologist allegedly secretly took photographs and video of his patients Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 17, 2013 Heyman Hospice Care (Floyd Medical Center) Laptop stolen from employee's car held patients' PII as well as PII 1,819 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 15, 2013 Iron Horse Bicycle Classic Dozens of people who registered for the Iron Horse Bicycle Classic reported that their credit cards were compromised.   California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 15, 2013 Union County Public Schools Employee information, including Social Security numbers may have been accessed by hacker Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 14, 2013 Unknown Organization, Mt Rushmore Management LLC, Mt Rushmore Investment Corp., MidAmerica Financial Services, Mt Rushmore Securities LLC Clients' information, possibly including financial information, was indexed by Google from IT contractor's server Unknown California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 14, 2013 Froedtert Memorial Lutheran Hospital , Froedtert Health, Community Memorial Hospital, West Bend Surgery Center, Kettle Moraine Anesthesiology, St. Joseph's Community Hospital of West Bend PII and insurance information possibly compromised by a virus that allowed unauthorized access 43,000 California SB-1386 & other State derivatives, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 14, 2013 Massachusetts Mutual Life Insurance Company (MassMutual), Crotched Mountain Foundation Plan Employee hit reply-all and sent unauthorized individual spreadsheet with plan participants' names, addresses and Social Security numbers 917 California SB-1386 & other State derivatives, GLBA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
February 14, 2013 HDFC Bank Bank replacing some points of sale machines at merchant establishments following card 'skimming' frauds Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 14, 2013 Saskatchewan Ministry of Health, Saskatchewan Institute of Applied Science and Technology Health records of West Nile patients potentially exposed to students in source files for instructional materials 58 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 14, 2013 CollegeConfidential Site's users redirected to other sites after hack; login credentials potentially compromised Unknown California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 14, 2013 Häagen-Dazs Keylogger on cash register captured hundreds of customers' card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 12, 2013 Cavan-Monaghan Hospital, Dr. Ogbonna Anoke, Ireland Doctor took approximately 300 medical records of patients home with him and then left them behind as waste when he moved out 32 Irish Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 12, 2013 Palm Beach County Health Department, C.L. Brumback Health Center Employee charged with stealing clients' names, dates of birth, and Social Security numbers for tax refund fraud scheme 2,800 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 11, 2013 Edge Auto Sales Dealership owner charged with stealing customers' information to obtain fraudulent car loans 44 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 11, 2013 Unknown Organization, Agincourt Wallboard (Wallboard Supply Company) Administrator's credentials used to access account on payroll vendor's system to re-route employees' direct deposit payments to hacker's account 62 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 09, 2013 Island Resort & Casino Guests' and employees' credit and debit cards compromised, but casino says their system is secure Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 08, 2013 Riderwood Village Residents' physical therapy information on 5 stolen laptops 3,230 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 08, 2013 People Plus Members' PII with spouse or partner name, and emergency contact information exposed on the Internet for two weeks Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 08, 2013 Lee Miller Rehabilitation Associates Patients' protected health information on stolen server 10,480 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 08, 2013 St. Louis Housing Authority Personal income tax statements (IRS-1099 forms) were mailed to the wrong people 750 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 08, 2013 Australian Taxation Office Tax agents fell for phishing scheme that allowed criminals to obtain their login credentials to the taxpayer portal and their clients' information 20 Australian Privacy Act 1988 A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 08, 2013 Penn State Harrisburg Social Security numbers from 1999-2001 conference registrations found on malware-infected computer 808 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 07, 2013 Central Hudson Gas & Electric Customers' auto-pay bank information may have been accessed by hacker. Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 07, 2013 Unknown Organization, Schneider Electric Employees' names, addresses, and Social Security numbers visible in window of mailing sent by bulk mail vendor Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 07, 2013 Talk Fusion Customers' PII and in some cases, credit card info with CVV code, accessed by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 07, 2013 Thorlo Inc Customers' PII and credit card account numbers (including expiration dates and security codes) intercepted during e-payment transactions Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 07, 2013 CoreLogic (Credco) Fraudster obtained credentials to access credit report reseller's database of credit reports Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 07, 2013 Crafts Americana Group A server file with customers' PII and credit card numbers had been potentially accessible without authorisation. Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 07, 2013 University of Guelph, Canada Stolen hard drives contained students' names, addresses, contact information and social insurance numbers 20,000 Canada PIPA & PIPEDA A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
February 07, 2013 Stouffville District Secondary School Students' PII were inadvertently sent out as spreadsheet attachment to newsletter sent to local families 969 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
February 07, 2013 The Dalton School E-mail to alumni disclosed names of students who had been rejected or who had applications pending to elite private school Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
February 07, 2013 Zalicus Inc. Some 1099-MISC tax forms were mailed to wrong recipients Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
February 07, 2013 American HomePatient Inc, LifeGas Laptop stolen from business associate contained protected health information  1,103 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
February 05, 2013 Boca Raton Regional Hospital Employee who worked as a scheduler provided co-conspirator with patients' PII for tax refund fraud scheme Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 05, 2013 Bashas' Fine Foods, Food City Customers' payment card data exfiltrated by malware on system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 04, 2013 Federal Reserve Bank PII with IP addresses, encrypted passwords and their salts dumped on the Internet 4,000 California SB-1386 & other State derivatives, GLBA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 04, 2013 HSBC Bank Bank discovered employee had been improperly accessing customers' info for about a year Unknown California SB-1386 & other State derivatives, GLBA A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 02, 2013 Unknown Organization, River Falls Medical Clinic Employee of contracted cleaning service stole patients' files from medical clinic bins that stored documents intended to be shredded. 2,400 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 02, 2013 Pennsylvania Department of Transportation An employee made fake driver's licenses for criminals with the identities of innocent people Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 01, 2013 California Public Employees Retirement System An employee stole personal information of at least one person to open fraudulent loans Unknown California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
February 01, 2013 U.S. Department of Energy Personal information about several hundred employees and contractors accessed by hacker Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
February 01, 2013 Twitter, Inc. Usernames, email addresses, session tokens and encrypted/salted versions of passwords accessed by hacker 250,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 31, 2013 McDonalds Drive-thru window employee recruited by others to skim hundreds of customers' card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 31, 2013 The Connecticut Store (ctstore.com) Malicious code inserted in e-commerce cart software enabled access to PHI & CCNs Unknown California SB-1386 & other State derivatives, PCI/Visa CISP, HIPAA Security A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 30, 2013 The Works Bakery Cafe Customers' card numbers exfiltrated after system-wide breach affected all 7 locations Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 30, 2013 Silver Star Motors Owner investigated for cases of stealing customers' information to defraud finance companies 25 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 29, 2013 Unknown Organizations, Toojay & Gourmet Deli Man arrested for using waitress to skim dozens of customers credit card information from local restaurants Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 29, 2013 Antioch Unified School District E-mail attachment revealed names, Social Security numbers and workers compensation claim information of some employees Unknown California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 29, 2013 Stethoscope.com LLC Customers' names, postal and e-mail addresses, and credit card numbers, expiration dates, and cvv codes acquired by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 29, 2013 North Los Angeles County Regional Center Stolen laptop contained consumers' PII Unknown California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 28, 2013 Walz and Associates Law Firm Hundreds of personal documents containing PHI from the law firm of a deceased attorney were found in the open at a recycling center Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 28, 2013 UnitedHealthcare, RR Donnelley Stolen desktop computer contained PII of enrollees in Boy Scouts of America 2003 health benefit plan Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 28, 2013 Los Angeles County Department of Public Social Services Former receptionist stole 64 participants' names and Social Security numbers for tax refund fraud conspiracy 64 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 25, 2013 Cheyney University of Pennsylvania Inadvertent e-mail attachment exposed current and former students' names, addresses, and Social Security numbers 2,100 California SB-1386 & other State derivatives, FERPA A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 24, 2013 Brentwood Primary Care Clinic (Shands Jacksonville) Names and Social Security numbers of patients were illegally photographed and transmitted to another person 261 California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 24, 2013 Littleton Police Department PII of everyone who came in contact with the department between Jan. 7-14 posted on web site in public police log 130 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 24, 2013 City of Madison, Wisconsin Individuals' Social Security numbers and dates of birth exposed online for over 5 years 50 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 23, 2013 NECA-IBEW (National Electrical Contractors Association - International Brotherhood of Electrical Workers) Mailing exposed members' Social Security Numbers on envelope Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 23, 2013 Wilton Brands LLC Hacker modified shopping cart on e-commerce site and was able to access customers' info, including CCNS Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 21, 2013 Lucile Packard Children’s Hospital at Stanford, Stanford University School of Medicine Laptop stolen from physician's car held patients' PII & PHI 57,000 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 18, 2013 Montfort Hospital, Canada Lost USB held patients' unencrypted PII 25,000 Canada PIPA & PIPEDA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 17, 2013 Kutsher & Tribeca Waiter skimmed customers' credit and debit cards 120 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 17, 2013 Prospect Encrypted PII, pwds and employer details of members of the union to were e-mailed to an unknown third party's email address;  19,000 California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 16, 2013 Town of Cumberland Spreadsheet from 2008 with the names and social security numbers of employees was uploaded to the town's website 275 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 16, 2013 Utah Department of Health, Goold Health Systems Employee of contractor who processes Medicaid prescription transactions lost USB drive with patients' names, Medicaid ID No. 6,000 California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 16, 2013 Federal Networks LLC File containing employees' and contractors' PII was on a computer infected with malware Unknown California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 16, 2013 Cheshire West Chester Council, UK Confidential details of vulnerable children and others were exposed in the Open Data section of council's web site Unknown UK Data Protection Act & EU Directive on Data Protection A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 15, 2013 Minnesota Department of Public Safety Driver and Vehicle Services, Minnesota Department of Natural Resources Notified that employee improperly accessed their driver's license 5,000 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 14, 2013 Friendlys Waitress charged with skimming customers' credit card numbers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 11, 2013 Zaxby's Franchising, Inc. Malware may have exfiltrated customers' CCNs; locations identified as common points of purchase in fraud reports Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2013 Club Soda Customers' and employees' credit card numbers acquired by overseas hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2013 Florida Department of Juvenile Justice Mobile device stolen from secure office contained unencrypted youth and employee records 100,000 California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 11, 2013 Gene Anja Rosenberg Hebrew Home and Rehabilitation Center (Hebrew Health Care) Spreadsheet with employees' PII inadvertently e-mailed to the employee's personal e-mail address Unknown California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
January 11, 2013 Platinum Healthcare Employment applications with names, addresses, and phone numbers and SSNs found in trash can 30 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 11, 2013 Human Resources and Skills Development Canada Missing hard drive contained student & employee PII 583,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 11, 2013 Clark, Friel, and Joyce, P.A. Clients' names, addresses, SSNs, and bank account and financial (tax return) information on hard drive stolen in office burglary Unknown California SB-1386 & other State derivatives A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 10, 2013 Bank of India Directory of folders that included user IDs, names, date of birth, email IDs, passwords exposed in Google 42,000 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 09, 2013 KTSU (K Texas Southern University) Radio station volunteer charged with stealing radio station donors' pledge cards to misuse their credit card numbers 300 California SB-1386 & other State derivatives, PCI/Visa CISP A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 09, 2013 Mississippi State University Profiles with faculty and staff usernames, email addresses and encrypted passwords dumped on the Internet 535 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 08, 2013 Drake International Job applicants' details accessed by hackers who demanded $50,000 USD not to dump them on the Internet 300,000 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 08, 2013 Charlotte-Mecklenburg Schools Files with employees' PII were stolen from an employee's car while she stopped for lunch. 80 California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 08, 2013 City of Macon Hard drives, 2 computer servers & 2 CPUs sold on govt auction site contained PII of Macon Police officers Unknown California SB-1386 & other State derivatives A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling     
A.8.2.2 - Information security awareness, education and training
January 08, 2013 Texas Health and Human Services Commission CCNs, immunization records and other documents containing names and SSNs stolen by an employee for fraudulent purposes Unknown California SB-1386 & other State derivatives, PCI/Visa CISP, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 07, 2013 Access SecurePak, Centric Group Customers' credit and debit card numbers, cvv, and expiration dates may have been accessed by third party since August 2010 Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 07, 2013 Hacienda Mexican Restaurants Customers' CCNs hacked at two of 12 locations Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 07, 2013 Calvin L. Schuster, M.D. Computer stolen during office burglary contained 532 patients' names, dates of birth, and limited medical information 532 California SB-1386 & other State derivatives, HIPAA Security A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
January 07, 2013 Morgan Road Middle School Flash drive with students' SSN as well as gradebook were stolen from teacher's car Unknown California SB-1386 & other State derivatives, FERPA A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 07, 2013 Hollis Cobb Associates Employee at debt collection agency indicted for allegedly accessing PII for tax refund fraud scheme. 12 California SB-1386 & other State derivatives A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 04, 2013 Centers for Medicare and Medicaid Services (CMS), Healing Hearts Therapeutic Services Clinic owner pleads guilty to misusing Medicaid numbers of minor patients in order to submit false claims Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
January 04, 2013 University of North Carolina Lineberger Comprehensive Cancer Center Employees' SSNs and passport numbers on two servers accessed by hacker 3,500 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 03, 2013 GEOAmey, UK Laptop stolen in a home burglary contained employees' bank account details, addresses and phone numbers. 795 UK Data Protection Act & EU Directive on Data Protection A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 03, 2013 Mid America Health, Inc. PII and digital oral x-ray images of skilled nursing home patients were on stolen laptop Unknown California SB-1386 & other State derivatives, HIPAA Security A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 02, 2013 ShorttrackOnLine.info Names, user names and passwords dumped on the Internet 43 California SB-1386 & other State derivatives A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 02, 2013 Oldcastle APG, Inc. Laptop stolen from employee's car contained employees' names, SSNs, and bank account details 5,083 California SB-1386 & other State derivatives A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
January 01, 2013 P.E.S. Modern College of Engineering Names, email addresses and passwords (3 admin) dumped on the Internet 68 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
January 01, 2013 Dr.Mahalingam College of Engineering and Technology Passwords (1 admin), 271 user names (1 admin) and 36 email addresses (1 admin) dumped on the Internet 306 California SB-1386 & other State derivatives, FERPA A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
    ESTIMATED TOTAL (ROUGH):  114,548,408    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.