The Breach Blog Week in Review 9/29-10/5
Technorati Tag: Security Breach 
Seven breaches were reported on the The Breach Blog this past week compared to five during the week prior (9/22-9/28).This "Week in Review" will also close out the month of September in which there were a total of forty-four (44) breaches reported.
Gap Inc.
No more than fifteen minutes had passed since I posted last week’s "Week in Review" when I received information about this week’s most significant breach in terms of numbers. 800,000 Gap Inc. job applicants were affected by a breach of confidentiality. I get miffed by most breaches, but this one does something more for me. This is another case of a stolen, unencrypted laptop, but what takes to another level is the fact that a vendor is also to blame and Gap Inc.’s lack of disclosure. Gap Inc. refuses to name the vendor responsible. If I were a victim, I would demand additional details! I would be surprised if this doesn’t end up in court which is sad because I am not normally a big fan of that.
More Breaches
A couple of days passed without receiving reports of any significant breaches. I was thinking "good times!", but then I received a report on Monday about The Venetian Resort Hotel Casino. It is unknown how many people were affected by this breach. This breach was a result of a "now-former" employee who uploaded confidential information to a personal file storage web site. There was a very good lesson to be learned from this one.
Another Monday post was the Fidelity Information Services (FIS)/Fidelity National Financial (FNF) breach. This was more bad news for a company that already received significant bad press for the July Certegy/FIS breach affecting 8.5 million customers. The breach this week affected FIS/FNF employees, so I am sure there is some sentiment out there saying "they got what they deserved", but that is wrong. The employees affected by this breach are people, and these are not the people to blame for the theft that occurred earlier this year.
I reported two breaches on the blog on Tuesday. Invision HR Staffing Group vacated a strip mall in Georgia and someone decided that it would be alright to toss the confidential files they didn’t need into the dumpster. Thankfully a Good Samaritan called the police.
A computer from The Nature Conservancy was "hacked", presumably by some form of malware and sending confidential HR data to the "hacker". 14,000 current and former employees were reported to have been affected.
Two more breaches on Wednesday. A computer used by the Regional FirstCare Clinic in Athens, Georgia for backup purposes was supposedly stolen, but nobody appeared to have noticed its disappearance for some amount of time. This breach affected roughly 1,440 patients. Wednesday also brought sad news of a breach involving a reported 450,000 State of Massachusetts licensed professionals. This breach occurred as a result of disks sent to third-parties that inadvertently contained Social Security number.
Summary
Anytime there is even one breach to report it means that someone’s life has been impacted by a failure of information security. It wasn’t the worst of weeks, but it certainly wasn’t the best either. September closed out with an estimated one billion dollar price tag.
Stats for the week:
Number of breaches: 7
Number of victims: 1,265,441 (three breaches unknown)
Average number of victims/breach: 316,360
Total cost: $ 44,290,400*
Most popular breach type: Stolen Laptop (3)
Stats for last week:
Number of breaches: 5
Number of victims: 6,200 (one breach unknown)
Average number of victims/breach: 1,550
Total cost: $868,000*
Most popular breach type: Stolen Laptop (2)
Stats for September:
Number of breaches: 40
Number of victims: 7,937,782 (thirteen breaches unknown)
Average number of victims/breach: 293,992
Total Cost: $ 1,111,289,480*
Most popular breach type: Stolen Laptop (10)
*based on the number of victims multiplied by the average cost of $140 per lost or stolen record. (source Ponemon Institute's 2006 Cost of Data Breach Study)
Seven breaches were reported on the The Breach Blog this past week compared to five during the week prior (9/22-9/28).This "Week in Review" will also close out the month of September in which there were a total of forty-four (44) breaches reported.
Gap Inc.
No more than fifteen minutes had passed since I posted last week’s "Week in Review" when I received information about this week’s most significant breach in terms of numbers. 800,000 Gap Inc. job applicants were affected by a breach of confidentiality. I get miffed by most breaches, but this one does something more for me. This is another case of a stolen, unencrypted laptop, but what takes to another level is the fact that a vendor is also to blame and Gap Inc.’s lack of disclosure. Gap Inc. refuses to name the vendor responsible. If I were a victim, I would demand additional details! I would be surprised if this doesn’t end up in court which is sad because I am not normally a big fan of that.
More Breaches
A couple of days passed without receiving reports of any significant breaches. I was thinking "good times!", but then I received a report on Monday about The Venetian Resort Hotel Casino. It is unknown how many people were affected by this breach. This breach was a result of a "now-former" employee who uploaded confidential information to a personal file storage web site. There was a very good lesson to be learned from this one.
Another Monday post was the Fidelity Information Services (FIS)/Fidelity National Financial (FNF) breach. This was more bad news for a company that already received significant bad press for the July Certegy/FIS breach affecting 8.5 million customers. The breach this week affected FIS/FNF employees, so I am sure there is some sentiment out there saying "they got what they deserved", but that is wrong. The employees affected by this breach are people, and these are not the people to blame for the theft that occurred earlier this year.
I reported two breaches on the blog on Tuesday. Invision HR Staffing Group vacated a strip mall in Georgia and someone decided that it would be alright to toss the confidential files they didn’t need into the dumpster. Thankfully a Good Samaritan called the police.
A computer from The Nature Conservancy was "hacked", presumably by some form of malware and sending confidential HR data to the "hacker". 14,000 current and former employees were reported to have been affected.
Two more breaches on Wednesday. A computer used by the Regional FirstCare Clinic in Athens, Georgia for backup purposes was supposedly stolen, but nobody appeared to have noticed its disappearance for some amount of time. This breach affected roughly 1,440 patients. Wednesday also brought sad news of a breach involving a reported 450,000 State of Massachusetts licensed professionals. This breach occurred as a result of disks sent to third-parties that inadvertently contained Social Security number.
Summary
Anytime there is even one breach to report it means that someone’s life has been impacted by a failure of information security. It wasn’t the worst of weeks, but it certainly wasn’t the best either. September closed out with an estimated one billion dollar price tag.
Stats for the week:
Number of breaches: 7
Number of victims: 1,265,441 (three breaches unknown)
Average number of victims/breach: 316,360
Total cost: $ 44,290,400*
Most popular breach type: Stolen Laptop (3)
Stats for last week:
Number of breaches: 5
Number of victims: 6,200 (one breach unknown)
Average number of victims/breach: 1,550
Total cost: $868,000*
Most popular breach type: Stolen Laptop (2)
Stats for September:
Number of breaches: 40
Number of victims: 7,937,782 (thirteen breaches unknown)
Average number of victims/breach: 293,992
Total Cost: $ 1,111,289,480*
Most popular breach type: Stolen Laptop (10)
*based on the number of victims multiplied by the average cost of $140 per lost or stolen record. (source Ponemon Institute's 2006 Cost of Data Breach Study)
Posts Atom 1.0
Comments