Cornerstone Fitness for Women information found in discarded file cabinet
Technorati Tag: Security Breach
Date Reported:
4/30/08
Organization:
Cornerstone Fitness for Women
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Names, addresses, phone numbers and in many instances Social Security numbers copies of checks and credit card information
Breach Description:
"EDINBURG - A local company that operates several fitness centers across the region could be fined if investigators substantiate allegations it left clients' sensitive personal information in a trash bin."
Reference URL:
KRGV-TV Newschannel 5
The Monitor
The Brownsville Herald
Report Credit:
KRGV-TV Newschannel 5
Response:
From the online sources cited above:
EDINBURG - A local company that operates several fitness centers across the region could be fined if investigators substantiate allegations it left clients' sensitive personal information in a trash bin.
This story came to our attention after NEWSCHANNEL 5's Lisa Cortez received a phone call from a complete stranger on her cell phone.
He had Lisa's contract from Cornerstone Fitness.
He knew not only her phone number, but also her address, employer, and a copy of a check used to pay her account.
He also had about 30 other contracts.
It has everything you would want to know about them. I think those people deserve to know about it, " said Zumwalt. (Sammy Zumwalt, the person that called Ms. Cortez)
All contracts list names, addresses and phone numbers. Some of them list social security numbers and have copies of checks and credit cards.
Zumwalt says his friend found a filing cabinet in a dumpster behind the former Cornerstone Fitness Center for Women in Edinburg.
The center shut down several months ago.
[Evan] This isn't the first time that we have read about an organization vacating a location and leaving sensitive information behind (unsecured). Just in the past few months there was Affordable Realty in March, and Union Mortgage and First Magnus in February.
The paperwork was in Zumwalt's room for several weeks.
Recently, he decided to go through the stack of papers and came across the sensitive information.
Zumwalt turned the contracts over to NEWSCHANNEL 5.
[Evan] Why NEWSCHANNEL 5 and not the police or the Texas Attorney General? Do you think somebody wanted their 15 minutes of fame?
"At this point, we don't know what happened. This is not our usual practice. We are investigating it. We've been in the business for 10 years and this is the first time we hear of something like this. " (Joseph De la garza, one of the fitness club's owners)
NEWSCHANNEL 5 sorted through the contracts and contacted several members from the pile.
Cornerstone tells NEWSCHANNEL 5 they carefully guard all sensitive client information.
State Sen. Juan "Chuy" Hinojosa, D-McAllen, urged Texas Attorney General Greg Abbott to investigate, according to Jerry Strickland, a spokesman for the attorney general's office.
[Evan] I guess this is one good thing about reporting it to the media instead of the authorities. Mr. Hinojosa sees it on TV and pushes for an investigation.
"A lot of businesses are being very careless in the way they handle personal information," Hinojosa said. "Businesses (are required) to shred all information they no longer need."
[Evan] Oh yes, very true.
Victim Reaction:
"I mean, I don't even know how to explain how I feel, because I am so in shock," said one woman after we read her social security number.
Denise Grant told NEWSCHANNEL 5, "You never realize how important this information is until you have to try to prove that you are who you say you are." (a woman who claims to have been an victim of identity theft before)
Commentary:
Well, we all know (or should know) that this type of breach is nothing new, but I am keyed in on what Mr. Hinojosa stated, "A lot of businesses are being very careless in the way they handle personal information".
What will urge businesses to be more careful and secure personal information better? More laws? More costly fines? More laws mean more compliance. More compliance means more cost to companies. More cost to companies means more expensive goods and services. Seems that the same argument holds true for fines.
Maybe we should stop using a single identifier for all things personal (i.e. Social Security numbers). Do you think that the credit bureaus and the rest of the financial industry would go for such a radical idea? Do you know how the credit bureaus make money (I won't go into this now)? This would be a tough battle to fight.
An easy to implement solution does not exist. We have walked so far down this road that I think we may have gotten a little lost.
I have ranted long enough. On to the next breach, right?
Past Breaches:
Unknown
Date Reported:4/30/08
Organization:
Cornerstone Fitness for Women
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Names, addresses, phone numbers and in many instances Social Security numbers copies of checks and credit card information
Breach Description:
"EDINBURG - A local company that operates several fitness centers across the region could be fined if investigators substantiate allegations it left clients' sensitive personal information in a trash bin."
Reference URL:
KRGV-TV Newschannel 5
The Monitor
The Brownsville Herald
Report Credit:
KRGV-TV Newschannel 5
Response:
From the online sources cited above:
EDINBURG - A local company that operates several fitness centers across the region could be fined if investigators substantiate allegations it left clients' sensitive personal information in a trash bin.
This story came to our attention after NEWSCHANNEL 5's Lisa Cortez received a phone call from a complete stranger on her cell phone.
He had Lisa's contract from Cornerstone Fitness.
He knew not only her phone number, but also her address, employer, and a copy of a check used to pay her account.
He also had about 30 other contracts.
It has everything you would want to know about them. I think those people deserve to know about it, " said Zumwalt. (Sammy Zumwalt, the person that called Ms. Cortez)
All contracts list names, addresses and phone numbers. Some of them list social security numbers and have copies of checks and credit cards.
Zumwalt says his friend found a filing cabinet in a dumpster behind the former Cornerstone Fitness Center for Women in Edinburg.
The center shut down several months ago.
[Evan] This isn't the first time that we have read about an organization vacating a location and leaving sensitive information behind (unsecured). Just in the past few months there was Affordable Realty in March, and Union Mortgage and First Magnus in February.
The paperwork was in Zumwalt's room for several weeks.
Recently, he decided to go through the stack of papers and came across the sensitive information.
Zumwalt turned the contracts over to NEWSCHANNEL 5.
[Evan] Why NEWSCHANNEL 5 and not the police or the Texas Attorney General? Do you think somebody wanted their 15 minutes of fame?
"At this point, we don't know what happened. This is not our usual practice. We are investigating it. We've been in the business for 10 years and this is the first time we hear of something like this. " (Joseph De la garza, one of the fitness club's owners)
NEWSCHANNEL 5 sorted through the contracts and contacted several members from the pile.
Cornerstone tells NEWSCHANNEL 5 they carefully guard all sensitive client information.
State Sen. Juan "Chuy" Hinojosa, D-McAllen, urged Texas Attorney General Greg Abbott to investigate, according to Jerry Strickland, a spokesman for the attorney general's office.
[Evan] I guess this is one good thing about reporting it to the media instead of the authorities. Mr. Hinojosa sees it on TV and pushes for an investigation.
"A lot of businesses are being very careless in the way they handle personal information," Hinojosa said. "Businesses (are required) to shred all information they no longer need."
[Evan] Oh yes, very true.
Victim Reaction:
"I mean, I don't even know how to explain how I feel, because I am so in shock," said one woman after we read her social security number.
Denise Grant told NEWSCHANNEL 5, "You never realize how important this information is until you have to try to prove that you are who you say you are." (a woman who claims to have been an victim of identity theft before)
Commentary:
Well, we all know (or should know) that this type of breach is nothing new, but I am keyed in on what Mr. Hinojosa stated, "A lot of businesses are being very careless in the way they handle personal information".
What will urge businesses to be more careful and secure personal information better? More laws? More costly fines? More laws mean more compliance. More compliance means more cost to companies. More cost to companies means more expensive goods and services. Seems that the same argument holds true for fines.
Maybe we should stop using a single identifier for all things personal (i.e. Social Security numbers). Do you think that the credit bureaus and the rest of the financial industry would go for such a radical idea? Do you know how the credit bureaus make money (I won't go into this now)? This would be a tough battle to fight.
An easy to implement solution does not exist. We have walked so far down this road that I think we may have gotten a little lost.
I have ranted long enough. On to the next breach, right?
Past Breaches:
Unknown
Posts Atom 1.0
Comments