Oracle misplaces computer containing personal information
Technorati Tag: Security Breach
Date Reported:
12/6/07
Organization:
Oracle Corporation
Contractor/Consultant/Branch:
None
Victims:
Employees and contractors of Lodestar (a recent Oracle acquisition)
Number Affected:
132
Types of Data:
Name, home or business address, Social Security number, and certain other earnings or expense information.
Breach Description:
Oracle Corporation recently disclosed a breach involving an "unaccounted for" computer to the New Hampshire State Attorney General, that contained sensitive personal information. The personal information belonged to employees and contractors of Lodestar, a company acquired by Oracle in the first half of 2007.
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the official New Hampshire breach notification and letter to affected persons:
We have learned that a desktop computer containing certain employee and contractor information was misplaced during a recent move.
[Evan] Good for Oracle for noticing. I have seen moves that resulting in potentially lost equipment, where nobody new anything or seemed to care.
The data on the computer related to employees and contractors of Lodestar, which Oracle Corporation ("Oracle") recently acquired.
the personal information included one or more of the following; name, home or business address, Social Security number and certain other earnings or expense information.
To date, we have uncovered no evidence indicating that the information about any of the potentially affected individuals has been used for any improper purpose.
[Evan] If these people have been identified and notified, then they ARE affected, not "potentially affected".
We continue to work with our physical security team to search for the missing computer.
[Evan] I assume Oracle has a pretty significantly-sized security presence.
Oracle is notifying potentially affected individuals
[Evan] There's "potentially" again.
we have determined that the incident may have affected personal information relating to 132 individuals
We have also engaged Kroll Inc., the world's leading risk consulting company, to provide you with access to its ID TheftSmart service…being offered at no cost to you for one year.
If you have any questions, or wish to learn more about the services available to you, please contact Letty Ledbetter, Vice President, Oracle Public Relations ( or )
we apologize for any inconvenience this incident may cause you
Commentary:
I am actually surprised that these types of breaches are not disclosed more often then they are. Large companies buy smaller ones and consolidate offices all the time. The blame (for those that like blame) probably lies with Lodestar for allowing personal information on a desktop computer and/or not encrypting it.
Past Breaches:
Unknown
Date Reported:12/6/07
Organization:
Oracle Corporation
Contractor/Consultant/Branch:
None
Victims:
Employees and contractors of Lodestar (a recent Oracle acquisition)
Number Affected:
132
Types of Data:
Name, home or business address, Social Security number, and certain other earnings or expense information.
Breach Description:
Oracle Corporation recently disclosed a breach involving an "unaccounted for" computer to the New Hampshire State Attorney General, that contained sensitive personal information. The personal information belonged to employees and contractors of Lodestar, a company acquired by Oracle in the first half of 2007.
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the official New Hampshire breach notification and letter to affected persons:
We have learned that a desktop computer containing certain employee and contractor information was misplaced during a recent move.
[Evan] Good for Oracle for noticing. I have seen moves that resulting in potentially lost equipment, where nobody new anything or seemed to care.
The data on the computer related to employees and contractors of Lodestar, which Oracle Corporation ("Oracle") recently acquired.
the personal information included one or more of the following; name, home or business address, Social Security number and certain other earnings or expense information.
To date, we have uncovered no evidence indicating that the information about any of the potentially affected individuals has been used for any improper purpose.
[Evan] If these people have been identified and notified, then they ARE affected, not "potentially affected".
We continue to work with our physical security team to search for the missing computer.
[Evan] I assume Oracle has a pretty significantly-sized security presence.
Oracle is notifying potentially affected individuals
[Evan] There's "potentially" again.
we have determined that the incident may have affected personal information relating to 132 individuals
We have also engaged Kroll Inc., the world's leading risk consulting company, to provide you with access to its ID TheftSmart service…being offered at no cost to you for one year.
If you have any questions, or wish to learn more about the services available to you, please contact Letty Ledbetter, Vice President, Oracle Public Relations ( or )
we apologize for any inconvenience this incident may cause you
Commentary:
I am actually surprised that these types of breaches are not disclosed more often then they are. Large companies buy smaller ones and consolidate offices all the time. The blame (for those that like blame) probably lies with Lodestar for allowing personal information on a desktop computer and/or not encrypting it.
Past Breaches:
Unknown
Posts Atom 1.0
Comments