The Breach Blog, from FRSecure
The Breach Blog
Lincoln National reports breach to New Hampshire Attorney General
|
Date Reported:
7/16/10
Organization:
Lincoln National Corporation
Contractor/Consultant/Branch:
Lincoln National Life Insurance Company (same Website address)
Lincoln Life & Annuity Company of New York (same Website address)
Lincoln Financial Group (same Website address)
"a third party vendor" (undisclosed)
Location:
Undisclosed/Web-based
Victims:
"a current or former policyholder of, or someone who submitted information in connection with a life insurance application to, The Lincoln National Life Insurance Company or Lincoln Life and Annuity Company of New York (together referred to as "Lincoln")"
Number Affected:
26,840
Types of Data:
"the individual's name, address, policy number, Social Security number, driver's license number, credit or medical information"
Breach Description:
Lincoln National Corporation (or subsidiary) has notified the New Hampshire Attorney General of a breach. A shared username and password to a "secure" website used by the company to process insurance application was found to be disclosed on printed brochures and posted on three other websites.
<< MORE >>
Offsite data destruction and lack of encryption play role in South Shore Hospital breach
|
Date Reported:
7/19/10
Organization:
South Shore Hospital
Contractor/Consultant/Branch:
"a professional data management company" who has not been named.
Location:
Victims:
"patients who received medical services at South Shore Hospital – as well as employees, physicians, volunteers, donors, vendors and other business partners associated with South Shore Hospital – between January 1, 1996 and January 6, 2010"
Number Affected:
"approximately 800,000"
Types of Data:
"individuals’ full names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, protected health information including diagnoses and treatments relating to certain hospital and home health care visits, and other personal information. Bank account information and credit card numbers for a very small subset of individuals also may have been on the back-up computer files"
Breach Description:
"Back-up computer files containing personal, health and financial information of thousands affiliated with South Shore Hospital may have been lost by a professional data management company."
<< MORE >>
Employee posts sensitive Maryland Department of Human Resources data online
|
Date Reported:
7/19/10
Organization:
State of Maryland
Contractor/Consultant/Branch:
Department of Human Resources
Location:
Victims:
"clients"
Number Affected:
”nearly 3,000"
Types of Data:
"Social Security numbers and other personal information", including "names, home addresses and phone numbers"
Breach Description:
"A Maryland Department of Human Resources employee was placed on administrative leave after posting the Social Security numbers and other personal information of nearly 3,000 clients of a state agency on a third-party website, a spokeswoman for the agency said."
<< MORE >>
Buena Vista University announces breach affecting 93,000 people
|
Date Reported:
7/16/10
Organization:
Buena Vista University
Contractor/Consultant/Branch:
None
Location:
Victims:
"BVU students (applicants, former and current), parents, faculty/staff (current and former), alumni and some donor"s
Number Affected:
"about 93,000"
Types of Data:
"names, Social Security numbers and some driver’s license numbers"
Breach Description:
"Buena Vista University has had a data breach on campus. We engaged a nationally-recognized computer forensics team to conduct an investigation and learned someone gained unauthorized access to a BVU database."
<< MORE >>
29,808 Care1st members affected by lost CD
|
Date Reported:
7/6/10
Organization:
State of California
Care1st Health Plan
Contractor/Consultant/Branch:
California Department of Health Care Services (DHCS)
Location:
Sacramento, California
Victims:
Care1st members
Number Affected:
29,808
Types of Data:
"personal information, including names and addresses"
Breach Description:
"SACRAMENTO – The California Department of Health Care Services (DHCS) has reported to federal authorities that a missing compact disc (CD) delivered to the department may not have been encrypted by the sender, Care 1st Health Plan. The CD contains personal information, including names and addresses, for 29,808 Care 1st members."
<< MORE >>
Stolen Nix Check Cashing computer may have contained customer information
|
Date Reported:
6/30/10
Organization:
Nix Check Cashing
Contractor/Consultant/Branch:
None
Location:
Southern California
Victims:
Customers
Number Affected:
Undisclosed*
*In the breach notification letter there are 113 New Hampshire residents mentioned
Types of Data:
"some combination of customer name, address, phone number, Social Security Number or driver's license number"
Breach Description:
A Nix Check Cashing branch was burglarized and a computer was stolen that contained sensitive personal information belonging to their customers.
<< MORE >>
NBTY informs current and former employees of email mistake
|
Date Reported:
7/7/10
Organization:
NBTY, Inc. (formerly known as Nature's Bounty, Inc.) http://www.nbty.com
Contractor/Consultant/Branch:
None
Location:
Victims:
"some current and former NBTY employees and plan participants"
Number Affected:
Undisclosed*
*the company employs an estimated 10,800 persons (Source: LinkedIn)
Types of Data:
"personal information" "such as names, addresses, dates of birth, and Social Security numbers"
Breach Description:
"On June 15, 2010, an email containing the personal information of some current and former NBTY employees and plan participants (such as names, addresses, dates of birth, and Social Security numbers) was mistakenly sent to the incorrecnt recipient"
<< MORE >>
Employees of small Wisconsin village at risk after laptop theft
|
Date Reported:
7/8/10
Organization:
Village of Big Bend (WI)
Contractor/Consultant/Branch:
Undisclosed payroll provider
Location:
Victims:
Village employees
Number Affected:
Undisclosed
Types of Data:
"payroll information"
Breach Description:
"A laptop containing payroll information for the village's employees was stolen from the car of the village's payroll provider in Milwaukee last week, village clerk Bobbi Woppert said."
<< MORE >>
139,000 Mass. investment advisers alerted to employee "mistake"
|
Date Reported:
7/6/10
Organization:
State of Massachusetts ("Commonwealth of Massachusetts")
Contractor/Consultant/Branch:
Secretary of the Commonwealth of Massachusetts
Massachusetts Securities Division
Location:
Victims:
"state-registered investment advisers"
Number Affected:
139,000
Types of Data:
Names, addresses, Social Security numbers, dates and locations of birth, height, weight, hair color, and eye color
Breach Description:
"The Massachusetts secretary of state’s office, which is charged with enforcing financial rules for investment companies, accidentally released confidential personal information earlier this year on 139,000 investment advisers registered with the state."
<< MORE >>
As many as 53,000 people are affected by University of Hawai'i breach
|
Date Reported:
7/6/10
Organization:
The University of Hawai‘i System
Contractor/Consultant/Branch:
University of Hawai‘i at Manoa
Location:
Victims:
"UH Manoa faculty and staff members employed in 1998, and anyone who had business with the UH Manoa Parking Office between Jan. 1, 1998 and June 30, 2009"
Number Affected:
"approximately 53,000"
Types of Data:
"personal information, including names, social security numbers, addresses, driver’s license numbers, vehicle information and credit card information"
Breach Description:
"The University of Hawai‘i at Manoa today began notifying approximately 53,000 individuals listed in a system database, housed on a computer server used by the Parking Office, that a recent security breach may have exposed personal information—including approximately 40,870 Social Security numbers and 200 credit card numbers."
<< MORE >>
University of Florida breach affects adolescent girls
|
Date Reported:
7/6/10
Organization:
University of Florida
Contractor/Consultant/Branch:
Department of Epidemiology and Health Policy Research
ICF Macro
Renaissance Printing
Location:
Multiple
Victims:
"adolescent girls"
Number Affected:
2,047
Types of Data:
"Social Security or Medicaid identification numbers"
Breach Description:
"GAINESVILLE, Fla. — University of Florida officials have notified 2,047 people that their Social Security or Medicaid identification numbers were included on address labels affixed to letters inviting them to participate in a research study."
<< MORE >>
Extent of Camille's Sidewalk Cafe credit and debit card breach is unclear
|
Date Reported:
7/2/10
Organization:
Beautiful Brands International
Contractor/Consultant/Branch:
Camilles Sidewalk Café*
*and potentially others
Location:
Multiple
Victims:
Customers
Number Affected:
Undisclosed
Types of Data:
Credit and debit card information
Breach Description:
"WEST LAFAYETTE, Ind. (WLFI) - A local security breach with credit and debit cards has been linked to a national company." Beautiful Brands International has reportedly been contacting various subsidiary restaurants informing them of the breach.
<< MORE >>
American Airlines parent company reports breach involving stolen hard drive
|
Date Reported:
7/2/10
Organization:
AMR Corporation
Contractor/Consultant/Branch:
American Airlines
Location:
Victims:
"retirees, former employees, and a limited number of current employees”
Number Affected:
"approximately 79,000"
Types of Data:
"names, addresses, dates of birth, Social Security numbers, and possibly other personal information, as well as a limited amount of bank account information"
Breach Description:
"CHICAGO, July 2 (Reuters) - AMR Corp (AMR.N), parent of American Airlines, on Friday said a hard drive containing personal information on 79,000 retirees, former employees, and current employees has been stolen from the company's pension department."
<< MORE >>
CDs lost enroute to Lincoln Medical and Health Center affect 130,495 patients
|
Date Reported:
6/29/10
Organization:
The City of New York
Contractor/Consultant/Branch:
The New York City Health and Hospitals Corporation (HHC)
Lincoln Medical and Mental Health Center
Siemens Medical Solutions USA
FedEx
Location:
Bronx, New York
Victims:
Patients
Number Affected:
130,495
Types of Data:
"some protected health and personal information of patients including name, address, social security number, medical record number, patient number, health plan information, date of birth, dates of admission and discharge, diagnostic and procedural codes and descriptions, and possibly a driver's license number if provided."
Breach Description:
"Sometime between March 16 and 24, 2010, a weekly shipment of seven duplicate compact disks (CDs) in the custody of FedEx, were lost while being transported to Lincoln Hospital." The CDs contained unencrypted sensitive personal information belonging to patients of Lincoln Hospital.
<< MORE >>
A second breach reported from Jewish Hospital and St. Mary's HealthCare
|
Date Reported:
6/30/10
Organization:
Jewish Hospital & St. Mary's HealthCare
Contractor/Consultant/Branch:
Women’s Center at Sts. Mary & Elizabeth Hospital
Location:
Victims:
Patients
Number Affected:
77
Types of Data:
"Patient names, details on medical exams and even biopsy images"
Breach Description:
"On April 21, patients of Sts. Mary & Elizabeth Hospital Women's Center got a letter telling them a computer hard drive had been stolen from a locked area."
<< MORE >>
WellPoint web vulnerability may affect more than 470,000 people
|
Date Reported:
6/23/10
Organization:
WellPoint, Inc.
Contractor/Consultant/Branch:
Anthem Blue Cross and Blue Shield
Location:
Undisclosed
Victims:
Members and insurance applicants
Number Affected:
"at least 470,000"
Types of Data:
"personal health and financial information, as well as some Social Security numbers"
Breach Description:
"Anthem Blue Cross in California, a unit of WellPoint Inc., during the week of June 21 began notifying about 230,000 members and insurance applicants that a Web site used to apply for individual health policies was breached. Now, Indianapolis-based WellPoint, which operates Blues plans in 14 states, is notifying many more across the nation, with at least 470,000 potentially affected individuals identified."
<< MORE >>
ZeuS Trojan infection prompts University of Oklahoma to act
|
Date Reported:
6/24/10
Organization:
University of Oklahoma
Contractor/Consultant/Branch:
None
Location:
Victims:
Students
Number Affected:
Undisclosed
Types of Data:
"names and Social Security numbers"
Breach Description:
"NORMAN, Okla. -- The University of Oklahoma is warning students about a security breach that may put their personal information at risk." A laptop was found to be infected with a Trojan that could have led to the disclosure of sensitive information.
<< MORE >>
FIU notifies students and faculty of insecure database containing personal information
|
Date Reported:
6/22/10
Organization:
Florida International University ("FIU")
Contractor/Consultant/Branch:
College of Education
Location:
Victims:
Students and faculty members
Number Affected:
"19,407 students and 88 faculty members"
Types of Data:
"personal data (such) as GPAs, test scores, and Social Security numbers"
Breach Description:
"College of Education students and faculty members whose names were found in an unsecure database last month are being notified this week that some of their information may have been accessible to the public."
<< MORE >>
Sony notifies Attorney General of credit card breach
|
Date Reported:
6/21/10
Organization:
Sony Electronics Inc.
Contractor/Consultant/Branch:
TeleTech Holdings ("TeleTech")
Location:
Undisclosed
Victims:
Customers who used a credit card when calling the Sony Style Telesales Department between May 23rd and June 3rd, 2010.
Number Affected:
Undisclosed
Types of Data:
"certain credit card information"
Breach Description:
"TeleTech Holdings (TeleTech), a third party service provider that managed customer telesales for Sony, notified Sony that unauthorized copies were made of certain credit card information and emailed to an account outside of the TeleTech network."
<< MORE >>
More than 700 upscale hotel guests affected by credit card breach
|
Date Reported:
6/23/10
Organization:
Destination Hotels & Resorts
Contractor/Consultant/Branch:
The Driskill Hotel
Location:
Victims:
Hotel guests
Number Affected:
"more than 700"
Types of Data:
"credit card data"
Breach Description:
"Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests' credit card information, Texas police officials told ABC News today "
<< MORE >>
Our Feeds
-
Entries Atom 1.0
-
Comments Atom 1.0
-
Entries RSS 2.0
-
Comments RSS 2.0
-
Podcasts RSS 2.0
Bookmarks
