The Breach Blog
Subscribers
Bookmarks
The Breach Blog
Two stolen Saks Incorporated laptops contained sensitive information
Technorati Tag: Security Breach
Date Reported:
4/30/08
Organization:
Saks Incorporated
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown*
*According to the New Hampshire State Attorney General breach notification there were 163 persons affected who reside in the state of New Hampshire
Types of Data:
Name, address, Saks Fifth Avenue credit card account number, and/or Saks Fifth Avenue/MasterCard co-branded credit card account number.
Breach Description:
"In mid-April 2008, Saks learned that four company laptops were stolen. Two of the stolen laptops contained several files that included customer names, addresses, Saks Fifth Avenue credit card account numbers, and/or Saks Fifth Avenue/MasterCard co-branded credit card account numbers."
<< MORE >>
Date Reported: 4/30/08
Organization:
Saks Incorporated
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown*
*According to the New Hampshire State Attorney General breach notification there were 163 persons affected who reside in the state of New Hampshire
Types of Data:
Name, address, Saks Fifth Avenue credit card account number, and/or Saks Fifth Avenue/MasterCard co-branded credit card account number.
Breach Description:
"In mid-April 2008, Saks learned that four company laptops were stolen. Two of the stolen laptops contained several files that included customer names, addresses, Saks Fifth Avenue credit card account numbers, and/or Saks Fifth Avenue/MasterCard co-branded credit card account numbers."
<< MORE >>
Personal Las Cruces Public Schools Special Ed information posted online
Technorati Tag: Security Breach
Date Reported:
5/7/08
Organization:
Las Cruces Public Schools ("LCPS")
Contractor/Consultant/Branch:
None
Victims:
Teachers, principals, administrators and other LCPS employees. The breach also affected students enrolled in special education programs.
Number Affected:
1,800*
*1,750 teachers, principals, administrators and other LCPS employees who had access to the SEAS system because they work with special education children or programs AND 50 students enrolled in special education programs at various LCPS schools, local charter schools, and home schools
Types of Data:
"confidential student and staff information, including some personal identifying data"
Breach Description:
"LAS CRUCES - The Las Cruces Public Schools has announced that confidential student and staff information, including some personal identifying data, was unintentionally posted on the Internet. Immediately upon learning that the data was posted, the district took steps to remove the data from the Internet site where it was found, said Superintendent Stan Rounds."
<< MORE >>
Date Reported: 5/7/08
Organization:
Las Cruces Public Schools ("LCPS")
Contractor/Consultant/Branch:
None
Victims:
Teachers, principals, administrators and other LCPS employees. The breach also affected students enrolled in special education programs.
Number Affected:
1,800*
*1,750 teachers, principals, administrators and other LCPS employees who had access to the SEAS system because they work with special education children or programs AND 50 students enrolled in special education programs at various LCPS schools, local charter schools, and home schools
Types of Data:
"confidential student and staff information, including some personal identifying data"
Breach Description:
"LAS CRUCES - The Las Cruces Public Schools has announced that confidential student and staff information, including some personal identifying data, was unintentionally posted on the Internet. Immediately upon learning that the data was posted, the district took steps to remove the data from the Internet site where it was found, said Superintendent Stan Rounds."
<< MORE >>
Confidential information sent to PinPay.net and SoftCard.biz is exposed
Technorati Tag: Security Breach
Date Reported:
4/29/08
Organization:
ACAP Security Inc.
Contractor/Consultant/Branch:
PinPay
SoftCard
Victims:
Merchants, Agents and customers
Number Affected:
Unknown
Types of Data:
Name, mailing address, phone number, email address, date of birth, city of birth, sex, and one or more of the following (chosen from drop-down):
Breach Description:
ACAP Security, and affiliated sites are actively marketing a "secure payment system that allows Internet-based businesses to accept secure PIN-debit card payments and transactions at their online store." The PinPay and SoftCard sign-up pages and account access pages are not adequately secured with encryption, potentially exposing extremely sensitive personal information.
<< MORE >>
Date Reported: 4/29/08
Organization:
ACAP Security Inc.
Contractor/Consultant/Branch:
PinPay
SoftCard
Victims:
Merchants, Agents and customers
Number Affected:
Unknown
Types of Data:
Name, mailing address, phone number, email address, date of birth, city of birth, sex, and one or more of the following (chosen from drop-down):
- Passport
- Voting ID card
- PAN card
- Driving License card
- Government issued ID card
- Social Security Card
- Military ID card
- Consular ID card
- Postal ID card
- Government Employee ID Card
- Credit Card
- Debit Card
Breach Description:
ACAP Security, and affiliated sites are actively marketing a "secure payment system that allows Internet-based businesses to accept secure PIN-debit card payments and transactions at their online store." The PinPay and SoftCard sign-up pages and account access pages are not adequately secured with encryption, potentially exposing extremely sensitive personal information.
<< MORE >>
Personal information from two Colorado mortgage companies found in dumpsters
Technorati Tag: Security Breach
Date Reported:
4/28/08
Organization:
Cove Creek Mortgage
Front Range Mortgage, LLC
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Mortgage files, tax returns, pay stubs, Social Security numbers, and other personal information
Breach Description:
"ENGLEWOOD, Colo. -- The Arapahoe County District Attorney's Office is advising anyone who has used Cove Creek Mortgage to watch out for identity theft after hundreds of mortgage files were dumped in a public trash bin over the weekend."
<< MORE >>
Date Reported: 4/28/08
Organization:
Cove Creek Mortgage
Front Range Mortgage, LLC
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Mortgage files, tax returns, pay stubs, Social Security numbers, and other personal information
Breach Description:
"ENGLEWOOD, Colo. -- The Arapahoe County District Attorney's Office is advising anyone who has used Cove Creek Mortgage to watch out for identity theft after hundreds of mortgage files were dumped in a public trash bin over the weekend."
<< MORE >>
Adobe web portal exposes educational software users
Technorati Tag: Security Breach
Date Reported:
5/1/08
Organization:
Adobe Systems Incorporated
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Name, address, home and/or cellular phone number, email address, date of birth, school name, partial or full credit card number, credit card expiration data, credit card security code, partial or full bank account number, partial or full Social Security number, school identification card, driver's license number, government identification, military identification number, and a copy of a signature.
Breach Description:
"It appears that certain personal information was stored on a server accessed via an Adobe website portal at a time when the server did not contain security or authentication procedures. The server was created to allow customers to upload information in order to enable Adobe to validate a customer's qualification to purchase certain education software."
<< MORE >>
Date Reported: 5/1/08
Organization:
Adobe Systems Incorporated
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Name, address, home and/or cellular phone number, email address, date of birth, school name, partial or full credit card number, credit card expiration data, credit card security code, partial or full bank account number, partial or full Social Security number, school identification card, driver's license number, government identification, military identification number, and a copy of a signature.
Breach Description:
"It appears that certain personal information was stored on a server accessed via an Adobe website portal at a time when the server did not contain security or authentication procedures. The server was created to allow customers to upload information in order to enable Adobe to validate a customer's qualification to purchase certain education software."
<< MORE >>
Health care practices and UCSF patient records exposed
Technorati Tag: Security Breach
Date Reported:
5/1/08
Organization:
University of California
Contractor/Consultant/Branch:
University of California at San Francisco ("UCSF")
Target America Inc.
Victims:
Patients
Number Affected:
6,313
Types of Data:
"The information included names, addresses, medical departments and some patient medical record numbers"
Breach Description:
"(05-01) 17:22 PDT San Francisco -- Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical identity theft"
<< MORE >>
Date Reported: 5/1/08
Organization:
University of California
Contractor/Consultant/Branch:
University of California at San Francisco ("UCSF")
Target America Inc.
Victims:
Patients
Number Affected:
6,313
Types of Data:
"The information included names, addresses, medical departments and some patient medical record numbers"
Breach Description:
"(05-01) 17:22 PDT San Francisco -- Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical identity theft"
<< MORE >>
Card skimming at Lunardi's Supermarket
Technorati Tag: Security Breach
Date Reported:
4/29/08
Organization:
Lunardi's
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"bank card numbers and personal identification codes"*
*bank cards include credit cards and debit cards
Breach Description:
"About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam. And that number is expected to grow, Los Gatos police Capt. Dave Gravel said."
<< MORE >>
Date Reported: 4/29/08
Organization:
Lunardi's
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"bank card numbers and personal identification codes"*
*bank cards include credit cards and debit cards
Breach Description:
"About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam. And that number is expected to grow, Los Gatos police Capt. Dave Gravel said."
<< MORE >>
Cornerstone Fitness for Women information found in discarded file cabinet
Technorati Tag: Security Breach
Date Reported:
4/30/08
Organization:
Cornerstone Fitness for Women
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Names, addresses, phone numbers and in many instances Social Security numbers copies of checks and credit card information
Breach Description:
"EDINBURG - A local company that operates several fitness centers across the region could be fined if investigators substantiate allegations it left clients' sensitive personal information in a trash bin."
<< MORE >>
Date Reported: 4/30/08
Organization:
Cornerstone Fitness for Women
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Names, addresses, phone numbers and in many instances Social Security numbers copies of checks and credit card information
Breach Description:
"EDINBURG - A local company that operates several fitness centers across the region could be fined if investigators substantiate allegations it left clients' sensitive personal information in a trash bin."
<< MORE >>
Stolen General Internal Medicine laptop exposes nearly 12,000
Technorati Tag: Security Breach
Date Reported:
4/25/08
Organization:
General Internal Medicine of Lancaster (PA)
Contractor/Consultant/Branch:
None
Victims:
Patients*
*"who visited the office of General Internal Medicine of Lancaster, 2301 Columbia Ave., from 2005 through 2007"
Number Affected:
"nearly 12,000"
Types of Data:
Names, addresses, telephone and Social Security numbers
Breach Description:
"EAST HEMPFIELD TOWNSHIP, Pa. -- A laptop stolen from a doctors office containing the social security numbers of patients and office staff was stolen recently in East Hempfield Township, Lancaster County."
<< MORE >>
Date Reported: 4/25/08
Organization:
General Internal Medicine of Lancaster (PA)
Contractor/Consultant/Branch:
None
Victims:
Patients*
*"who visited the office of General Internal Medicine of Lancaster, 2301 Columbia Ave., from 2005 through 2007"
Number Affected:
"nearly 12,000"
Types of Data:
Names, addresses, telephone and Social Security numbers
Breach Description:
"EAST HEMPFIELD TOWNSHIP, Pa. -- A laptop stolen from a doctors office containing the social security numbers of patients and office staff was stolen recently in East Hempfield Township, Lancaster County."
<< MORE >>
SCSU web server becomes spam server and exposes personal information
Technorati Tag: Security Breach
Date Reported:
4/24/08
Organization:
Southern Connecticut State University
Contractor/Consultant/Branch:
None
Victims:
Current and former students
Number Affected:
11,000
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
"Two weeks after discovering that its Web site had been used by hackers to flog fancy wedding rings, Southern Connecticut State University is notifying 11,000 current and former students that their Social Security numbers may have been compromised."
<< MORE >>
Date Reported: 4/24/08
Organization:
Southern Connecticut State University
Contractor/Consultant/Branch:
None
Victims:
Current and former students
Number Affected:
11,000
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
"Two weeks after discovering that its Web site had been used by hackers to flog fancy wedding rings, Southern Connecticut State University is notifying 11,000 current and former students that their Social Security numbers may have been compromised."
<< MORE >>
Staten Island University Hospital notifies patients of December theft
Technorati Tag: Security Breach
Date Reported:
5/1/08
Organization:
Staten Island University Hospital
Contractor/Consultant/Branch:
None
Victims:
Patients
Number Affected:
88,000
Types of Data:
"names, Social Security and health insurance numbers"
Breach Description:
"STATEN ISLAND, N.Y. -- Computer equipment stolen from an administrative office in Rosebank in December contained personal information about 88,000 patients who have been treated at Staten Island University Hospital."
<< MORE >>
Date Reported: 5/1/08
Organization:
Staten Island University Hospital
Contractor/Consultant/Branch:
None
Victims:
Patients
Number Affected:
88,000
Types of Data:
"names, Social Security and health insurance numbers"
Breach Description:
"STATEN ISLAND, N.Y. -- Computer equipment stolen from an administrative office in Rosebank in December contained personal information about 88,000 patients who have been treated at Staten Island University Hospital."
<< MORE >>
Thousands of Canadian Chrysler Financial customers at risk
Technorati Tag: Security Breach
Date Reported:
4/22/08
Organization:
Chrysler Corporation
Contractor/Consultant/Branch:
Chrysler Financial (Canada)
United Parcel Service ("UPS")
Victims:
Canadian customers
Number Affected:
"thousands"
Types of Data:
"names, addresses and social insurance numbers"
Breach Description:
"TORONTO - The lending arm of the Chrysler Corporation says the U-P-S courier service may have lost a data tape containing personal information about thousands of its Canadian customers."
<< MORE >>
Date Reported: 4/22/08
Organization:
Chrysler Corporation
Contractor/Consultant/Branch:
Chrysler Financial (Canada)
United Parcel Service ("UPS")
Victims:
Canadian customers
Number Affected:
"thousands"
Types of Data:
"names, addresses and social insurance numbers"
Breach Description:
"TORONTO - The lending arm of the Chrysler Corporation says the U-P-S courier service may have lost a data tape containing personal information about thousands of its Canadian customers."
<< MORE >>
Intrusion into UMass Amherst University Health Services network
Technorati Tag: Security Breach
Date Reported:
4/18/08
Organization:
University of Massachusetts System
Contractor/Consultant/Branch:
University of Massachusetts System at Amherst
University Health Services
Victims:
Patients
Number Affected:
Unknown
Types of Data:
"personal information" and "medical records"
Breach Description:
"Hackers breached the computer system used by UMass Amherst's Health Services, potentially gaining access to thousands of medical records."
<< MORE >>
Date Reported: 4/18/08
Organization:
University of Massachusetts System
Contractor/Consultant/Branch:
University of Massachusetts System at Amherst
University Health Services
Victims:
Patients
Number Affected:
Unknown
Types of Data:
"personal information" and "medical records"
Breach Description:
"Hackers breached the computer system used by UMass Amherst's Health Services, potentially gaining access to thousands of medical records."
<< MORE >>
CollegeInvest external hard drive goes missing
Technorati Tag: Security Breach
Date Reported:
4/25/08
Organization:
State of Colorado
Contractor/Consultant/Branch:
Department of Higher Education
CollegeInvest*
*"As a nonprofit division of the Department of Higher Education, CollegeInvest helps students and families finance college through student savings accounts, loans and scholarships."
Victims:
Customers**
**CollegeInvest Education Loan Borrowers January 2002 - August 2007:
Number Affected:
~200,000
Types of Data:
Loan, savings account and scholarship information, including names, addresses and Social Security numbers
Breach Description:
"CollegeInvest moved to a new office space the weekend of March 28th using the international moving firm Graebel. Although Graebel specializes in office relocations and has specialists in moving computer equipment, CollegeInvest discovered while unpacking at the new location that a hard drive with the personal data of some customers was missing. Despite an extensive internal investigation, the hard drive has not been found."
<< MORE >>
Date Reported: 4/25/08
Organization:
State of Colorado
Contractor/Consultant/Branch:
Department of Higher Education
CollegeInvest*
*"As a nonprofit division of the Department of Higher Education, CollegeInvest helps students and families finance college through student savings accounts, loans and scholarships."
Victims:
Customers**
**CollegeInvest Education Loan Borrowers January 2002 - August 2007:
- Student Loan Borrower
- Parent Loan Borrower
- Consolidation Loan Borrower
- Direct Portfolio College Savings - Account Owner, Beneficiary
- Stable Value Plus College Savings - Account Owner, Beneficiary & Account Successor
- Prepaid Tuition Fund - Account Owner, Beneficiary & Account Successor
- Early Achievers Scholarship Program - All Participants
- College In Colorado Scholarship Program - All Participants
- College Opportunity Fund (COF) Participants - Paper Applications Mailed In Only
Number Affected:
~200,000
Types of Data:
Loan, savings account and scholarship information, including names, addresses and Social Security numbers
Breach Description:
"CollegeInvest moved to a new office space the weekend of March 28th using the international moving firm Graebel. Although Graebel specializes in office relocations and has specialists in moving computer equipment, CollegeInvest discovered while unpacking at the new location that a hard drive with the personal data of some customers was missing. Despite an extensive internal investigation, the hard drive has not been found."
<< MORE >>
Three computers at the University of Colorado are compromised
Technorati Tag: Security Breach
Date Reported:
4/25/08
Organization:
University of Colorado
Contractor/Consultant/Branch:
University of Colorado at Boulder
Victims:
Students and instructors involved with the Division of Continuing Education and Professional Studies between 1997 and 2003.
Number Affected:
~9,500*
*According to the school's response, "approximately 9,000 students, and approximately 500 instructors"
Types of Data:
"names, Social Security numbers, addresses, grades"
Breach Description:
"The University of Colorado at Boulder has announced that it discovered three computers in the Division of Continuing Education and Professional Studies were compromised and that one of the computers contains private data (i.e. names, Social Security numbers, addresses, grades) of approximately 9,000 students, and approximately 500 instructors."
<< MORE >>
Date Reported: 4/25/08
Organization:
University of Colorado
Contractor/Consultant/Branch:
University of Colorado at Boulder
Victims:
Students and instructors involved with the Division of Continuing Education and Professional Studies between 1997 and 2003.
Number Affected:
~9,500*
*According to the school's response, "approximately 9,000 students, and approximately 500 instructors"
Types of Data:
"names, Social Security numbers, addresses, grades"
Breach Description:
"The University of Colorado at Boulder has announced that it discovered three computers in the Division of Continuing Education and Professional Studies were compromised and that one of the computers contains private data (i.e. names, Social Security numbers, addresses, grades) of approximately 9,000 students, and approximately 500 instructors."
<< MORE >>
Stolen Hong Kong Child Assessment Service flash drive
Technorati Tag: Security Breach
Date Reported:
4/25/08
Organization:
People's Republic of China
Contractor/Consultant/Branch:
The Government of Hong Kong Special Administrative Region of the People's Republic of China
Department of Health
Child Assessment Service (Tuen Mun Centre)
Victims:
Adolescent patients
Number Affected:
700
Types of Data:
"detailed records of interviews with troubled youngsters including assessments and, in some cases, their photos, identity card numbers and addresses"
Breach Description:
"The Department of Health ( DH ) is working closely with the police in the investigation of a suspected theft case involving a removable electronic storage device ( USB flash drive ) containing patients’ information."
U of Texas Health Science Center takes responsibility for mailing error
Technorati Tag: Security Breach
Date Reported:
4/23/08
Organization:
University of Texas System
Contractor/Consultant/Branch:
University of Texas Health Science Center at Tyler
The CBE Group Inc.
Victims:
Patients
Number Affected:
Unknown*
*Roughly 2,000 medical bills were mailed, but the number of patients is not reported. Some patients may have received multiple bills.
Types of Data:
Names, addresses, and Social Security numbers
Breach Description:
"Some 2,000 medical bills were mailed around East Texas last week with patients' Social Security numbers visible on the envelope after a technical glitch skewed billing at the collection agency used by the University of Texas Health Science Center at Tyler. "
Stolen account firm laptop contained personal information
Technorati Tag: Security Breach
Date Reported:
4/24/08
Organization:
Hough, MacAdam & Wartnik LLC
Contractor/Consultant/Branch:
Coos County, Oregon
South Coast Hospice & Palliative Care
Two other undisclosed organizations
Victims:
Client employees
Number Affected:
482
Types of Data:
"name, Social Security number, and other personal information"
Breach Description:
"NORTH BEND - The theft of a laptop computer owned by a local accounting firm has made nearly 500 employees of Coos County and private organizations concerned about identity theft."
<< MORE >>
Date Reported: 4/24/08
Organization:
Hough, MacAdam & Wartnik LLC
Contractor/Consultant/Branch:
Coos County, Oregon
South Coast Hospice & Palliative Care
Two other undisclosed organizations
Victims:
Client employees
Number Affected:
482
Types of Data:
"name, Social Security number, and other personal information"
Breach Description:
"NORTH BEND - The theft of a laptop computer owned by a local accounting firm has made nearly 500 employees of Coos County and private organizations concerned about identity theft."
<< MORE >>
Former Verizon Wireless employee charged with identity theft
Technorati Tag: Security Breach
Date Reported:
4/22/08
Organization:
Verizon Wireless
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Name, address, Social Security number, and/or Verizon Wireless account number
Breach Description:
A former employee of Verizon Wireless who worked in a telesales position has been charged with identity theft by the Somerset County, New Jersey Prosecutor's Office. According to Verizon Wireless, it appears that he may have taken sensitive personal information belonging to Verizon Wireless customers during his employment from November, 2003 to January, 2005.
<< MORE >>
Date Reported: 4/22/08
Organization:
Verizon Wireless
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Name, address, Social Security number, and/or Verizon Wireless account number
Breach Description:
A former employee of Verizon Wireless who worked in a telesales position has been charged with identity theft by the Somerset County, New Jersey Prosecutor's Office. According to Verizon Wireless, it appears that he may have taken sensitive personal information belonging to Verizon Wireless customers during his employment from November, 2003 to January, 2005.
<< MORE >>
Online intruder makes off with SwimwearBoutique.com customer data
Technorati Tag: Security Breach
Date Reported:
4/16/08
Organization:
Swimwear Boutique ("SWB")
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Name, address, email address, SWB account password, and credit card information
Breach Description:
SwimwearBoutique.com "recently discovered that a person may have illegally gained unauthorized access to your personal information stored in your SWB account. We believe that this person unlawfully accessed the SWB Internet site between March 26, 2008 and March 28, 2008. The information accessed varied, but could have included your name, address, email address, SWB account password, and credit card account number"
<< MORE >>
Date Reported: 4/16/08
Organization:
Swimwear Boutique ("SWB")
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Name, address, email address, SWB account password, and credit card information
Breach Description:
SwimwearBoutique.com "recently discovered that a person may have illegally gained unauthorized access to your personal information stored in your SWB account. We believe that this person unlawfully accessed the SWB Internet site between March 26, 2008 and March 28, 2008. The information accessed varied, but could have included your name, address, email address, SWB account password, and credit card account number"
<< MORE >>