The Breach Blog, from FRSecure
The Breach Blog
Littleton Regional Hospital employee fired for inappropriate information access
|
Date Reported:
6/29/10
Organization:
Littleton Regional Hospital
Contractor/Consultant/Branch:
None
Location:
Victims:
Patients
Number Affected:
"several"
Types of Data:
Personal demographic and diagnostic information, including:
- Name, Address, and Phone Number,
- Date of Birth and Age,
- Insurance Information,
- Primary Care Provider and Referring Physician names,
- Medical History and Allergies,
- Date, Time, Type, Provider name and Reason for visit, and;
- Provider notes regarding the visit in question
Littleton Regional Hospital has notified the New Hampshire Attorney General of a breach concerning unauthorized employee access to personal health information belonging to patients who visited the hospital during "the spring months of 2010".
<< MORE >>
Laptop lost during airport layover affects more than 32,000 employee candidates
|
Date Reported:
7/27/10
Organization:
CoreLogic
Contractor/Consultant/Branch:
First Advantage
First Advantage Tax Consulting Services ("TCS")
Location:
An undisclosed airport
Victims:
Job applicants from TCS clients
Number Affected:
32,842
Types of Data:
Personal information including "names and Social Security numbers"
Breach Description:
"Through its lawyers, Indianapolis-based First Advantage Tax Consulting Services (TCS) has notified the New Hampshire Attorney General’s Office that on June 10, a laptop containing sensitive personal information was lost during an airport layover. "
<< MORE >>
Cooper University Hospital flash drive with personal info goes missing
|
Date Reported:
7/27/10
Organization:
Cooper University Hospital
Contractor/Consultant/Branch:
None
Location:
Victims:
"graduate medical education residents and fellows for the current and prior academic years"
Number Affected:
Undisclosed
Types of Data:
Personal information including "Social Security numbers, addresses, and phone numbers"
Breach Description:
"A thumb drive that contained personal data about current and past graduate medical education residents and fellows at Cooper University Hospital has gone missing. Hospital sources tell Action News the thumb drive went missing on July 8th."
<< MORE >>
Who is to blame in Regeneron / Ceridian breach?
|
Date Reported:
7/26/10
Organization:
Regeneron Pharmaceuticals, Inc.
Contractor/Consultant/Branch:
Ceridian Corporation
Location:
Undisclosed/Web-based
Victims:
Current and former employees
Number Affected:
Undisclosed
Types of Data:
"names and bank account numbers"
Breach Description:
Regeneron has notified the New Hampshire Attorney General of a breach concerning unauthorized access to their payroll provider's (Ceridian Corporation) system. Once access was gained to the system, the "hackers" attempted to redirect employee paychecks to fraudulent accounts.
<< MORE >>
Thomas Jefferson Hospitals notifies 21,000 patients of stolen laptop
|
Date Reported:
7/23/10
Organization:
Jefferson Health System
Contractor/Consultant/Branch:
Thomas Jefferson University Hospitals
Location:
Victims:
Patients who "received inpatient care at Thomas Jefferson University Hospitals in 2008 between March 9 and June 9 and between August 1 and November 1"
Number Affected:
"approximately 21,000"
Types of Data:
"name, birth date, gender, ethnicity, diagnosis, social security number, insurance information, hospital account number and other internal and administrative coding"
Breach Description:
"Thomas Jefferson University Hospitals has notified approximately 21,000 patients that there was a theft of a laptop computer containing personal information."
<< MORE >>
Resnick Investment Advisors is victim of unauthorized intrusion
|
Date Reported:
7/21/10
Organization:
Resnick Investment Advisors, LLC
Contractor/Consultant/Branch:
None
Location:
Victims:
Clients
Number Affected:
Undisclosed
Types of Data:
Account information
Breach Description:
Resnick Investment Advisors, LLC has notified the New Hampshire Attorney General of an "electronic intrusion" of their computer network that could have exposed client account information to an unauthorized third party. The alleged incident took place sometime in June, 2010.
<< MORE >>
Lincoln National reports breach to New Hampshire Attorney General
|
Date Reported:
7/16/10
Organization:
Lincoln National Corporation
Contractor/Consultant/Branch:
Lincoln National Life Insurance Company (same Website address)
Lincoln Life & Annuity Company of New York (same Website address)
Lincoln Financial Group (same Website address)
"a third party vendor" (undisclosed)
Location:
Undisclosed/Web-based
Victims:
"a current or former policyholder of, or someone who submitted information in connection with a life insurance application to, The Lincoln National Life Insurance Company or Lincoln Life and Annuity Company of New York (together referred to as "Lincoln")"
Number Affected:
26,840
Types of Data:
"the individual's name, address, policy number, Social Security number, driver's license number, credit or medical information"
Breach Description:
Lincoln National Corporation (or subsidiary) has notified the New Hampshire Attorney General of a breach. A shared username and password to a "secure" website used by the company to process insurance application was found to be disclosed on printed brochures and posted on three other websites.
<< MORE >>
Offsite data destruction and lack of encryption play role in South Shore Hospital breach
|
Date Reported:
7/19/10
Organization:
South Shore Hospital
Contractor/Consultant/Branch:
"a professional data management company" who has not been named.
Location:
Victims:
"patients who received medical services at South Shore Hospital – as well as employees, physicians, volunteers, donors, vendors and other business partners associated with South Shore Hospital – between January 1, 1996 and January 6, 2010"
Number Affected:
"approximately 800,000"
Types of Data:
"individuals’ full names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, protected health information including diagnoses and treatments relating to certain hospital and home health care visits, and other personal information. Bank account information and credit card numbers for a very small subset of individuals also may have been on the back-up computer files"
Breach Description:
"Back-up computer files containing personal, health and financial information of thousands affiliated with South Shore Hospital may have been lost by a professional data management company."
<< MORE >>
Employee posts sensitive Maryland Department of Human Resources data online
|
Date Reported:
7/19/10
Organization:
State of Maryland
Contractor/Consultant/Branch:
Department of Human Resources
Location:
Victims:
"clients"
Number Affected:
”nearly 3,000"
Types of Data:
"Social Security numbers and other personal information", including "names, home addresses and phone numbers"
Breach Description:
"A Maryland Department of Human Resources employee was placed on administrative leave after posting the Social Security numbers and other personal information of nearly 3,000 clients of a state agency on a third-party website, a spokeswoman for the agency said."
<< MORE >>
Buena Vista University announces breach affecting 93,000 people
|
Date Reported:
7/16/10
Organization:
Buena Vista University
Contractor/Consultant/Branch:
None
Location:
Victims:
"BVU students (applicants, former and current), parents, faculty/staff (current and former), alumni and some donor"s
Number Affected:
"about 93,000"
Types of Data:
"names, Social Security numbers and some driver’s license numbers"
Breach Description:
"Buena Vista University has had a data breach on campus. We engaged a nationally-recognized computer forensics team to conduct an investigation and learned someone gained unauthorized access to a BVU database."
<< MORE >>
29,808 Care1st members affected by lost CD
|
Date Reported:
7/6/10
Organization:
State of California
Care1st Health Plan
Contractor/Consultant/Branch:
California Department of Health Care Services (DHCS)
Location:
Sacramento, California
Victims:
Care1st members
Number Affected:
29,808
Types of Data:
"personal information, including names and addresses"
Breach Description:
"SACRAMENTO – The California Department of Health Care Services (DHCS) has reported to federal authorities that a missing compact disc (CD) delivered to the department may not have been encrypted by the sender, Care 1st Health Plan. The CD contains personal information, including names and addresses, for 29,808 Care 1st members."
<< MORE >>
Stolen Nix Check Cashing computer may have contained customer information
|
Date Reported:
6/30/10
Organization:
Nix Check Cashing
Contractor/Consultant/Branch:
None
Location:
Southern California
Victims:
Customers
Number Affected:
Undisclosed*
*In the breach notification letter there are 113 New Hampshire residents mentioned
Types of Data:
"some combination of customer name, address, phone number, Social Security Number or driver's license number"
Breach Description:
A Nix Check Cashing branch was burglarized and a computer was stolen that contained sensitive personal information belonging to their customers.
<< MORE >>
NBTY informs current and former employees of email mistake
|
Date Reported:
7/7/10
Organization:
NBTY, Inc. (formerly known as Nature's Bounty, Inc.) http://www.nbty.com
Contractor/Consultant/Branch:
None
Location:
Victims:
"some current and former NBTY employees and plan participants"
Number Affected:
Undisclosed*
*the company employs an estimated 10,800 persons (Source: LinkedIn)
Types of Data:
"personal information" "such as names, addresses, dates of birth, and Social Security numbers"
Breach Description:
"On June 15, 2010, an email containing the personal information of some current and former NBTY employees and plan participants (such as names, addresses, dates of birth, and Social Security numbers) was mistakenly sent to the incorrecnt recipient"
<< MORE >>
Employees of small Wisconsin village at risk after laptop theft
|
Date Reported:
7/8/10
Organization:
Village of Big Bend (WI)
Contractor/Consultant/Branch:
Undisclosed payroll provider
Location:
Victims:
Village employees
Number Affected:
Undisclosed
Types of Data:
"payroll information"
Breach Description:
"A laptop containing payroll information for the village's employees was stolen from the car of the village's payroll provider in Milwaukee last week, village clerk Bobbi Woppert said."
<< MORE >>
139,000 Mass. investment advisers alerted to employee "mistake"
|
Date Reported:
7/6/10
Organization:
State of Massachusetts ("Commonwealth of Massachusetts")
Contractor/Consultant/Branch:
Secretary of the Commonwealth of Massachusetts
Massachusetts Securities Division
Location:
Victims:
"state-registered investment advisers"
Number Affected:
139,000
Types of Data:
Names, addresses, Social Security numbers, dates and locations of birth, height, weight, hair color, and eye color
Breach Description:
"The Massachusetts secretary of state’s office, which is charged with enforcing financial rules for investment companies, accidentally released confidential personal information earlier this year on 139,000 investment advisers registered with the state."
<< MORE >>
As many as 53,000 people are affected by University of Hawai'i breach
|
Date Reported:
7/6/10
Organization:
The University of Hawai‘i System
Contractor/Consultant/Branch:
University of Hawai‘i at Manoa
Location:
Victims:
"UH Manoa faculty and staff members employed in 1998, and anyone who had business with the UH Manoa Parking Office between Jan. 1, 1998 and June 30, 2009"
Number Affected:
"approximately 53,000"
Types of Data:
"personal information, including names, social security numbers, addresses, driver’s license numbers, vehicle information and credit card information"
Breach Description:
"The University of Hawai‘i at Manoa today began notifying approximately 53,000 individuals listed in a system database, housed on a computer server used by the Parking Office, that a recent security breach may have exposed personal information—including approximately 40,870 Social Security numbers and 200 credit card numbers."
<< MORE >>
University of Florida breach affects adolescent girls
|
Date Reported:
7/6/10
Organization:
University of Florida
Contractor/Consultant/Branch:
Department of Epidemiology and Health Policy Research
ICF Macro
Renaissance Printing
Location:
Multiple
Victims:
"adolescent girls"
Number Affected:
2,047
Types of Data:
"Social Security or Medicaid identification numbers"
Breach Description:
"GAINESVILLE, Fla. — University of Florida officials have notified 2,047 people that their Social Security or Medicaid identification numbers were included on address labels affixed to letters inviting them to participate in a research study."
<< MORE >>
Extent of Camille's Sidewalk Cafe credit and debit card breach is unclear
|
Date Reported:
7/2/10
Organization:
Beautiful Brands International
Contractor/Consultant/Branch:
Camilles Sidewalk Café*
*and potentially others
Location:
Multiple
Victims:
Customers
Number Affected:
Undisclosed
Types of Data:
Credit and debit card information
Breach Description:
"WEST LAFAYETTE, Ind. (WLFI) - A local security breach with credit and debit cards has been linked to a national company." Beautiful Brands International has reportedly been contacting various subsidiary restaurants informing them of the breach.
<< MORE >>
American Airlines parent company reports breach involving stolen hard drive
|
Date Reported:
7/2/10
Organization:
AMR Corporation
Contractor/Consultant/Branch:
American Airlines
Location:
Victims:
"retirees, former employees, and a limited number of current employees”
Number Affected:
"approximately 79,000"
Types of Data:
"names, addresses, dates of birth, Social Security numbers, and possibly other personal information, as well as a limited amount of bank account information"
Breach Description:
"CHICAGO, July 2 (Reuters) - AMR Corp (AMR.N), parent of American Airlines, on Friday said a hard drive containing personal information on 79,000 retirees, former employees, and current employees has been stolen from the company's pension department."
<< MORE >>
CDs lost enroute to Lincoln Medical and Health Center affect 130,495 patients
|
Date Reported:
6/29/10
Organization:
The City of New York
Contractor/Consultant/Branch:
The New York City Health and Hospitals Corporation (HHC)
Lincoln Medical and Mental Health Center
Siemens Medical Solutions USA
FedEx
Location:
Bronx, New York
Victims:
Patients
Number Affected:
130,495
Types of Data:
"some protected health and personal information of patients including name, address, social security number, medical record number, patient number, health plan information, date of birth, dates of admission and discharge, diagnostic and procedural codes and descriptions, and possibly a driver's license number if provided."
Breach Description:
"Sometime between March 16 and 24, 2010, a weekly shipment of seven duplicate compact disks (CDs) in the custody of FedEx, were lost while being transported to Lincoln Hospital." The CDs contained unencrypted sensitive personal information belonging to patients of Lincoln Hospital.
<< MORE >>
Our Feeds
-
Entries Atom 1.0
-
Comments Atom 1.0
-
Entries RSS 2.0
-
Comments RSS 2.0
-
Podcasts RSS 2.0
Bookmarks
