PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
Dec 28, 2007
|
United
States Airforce
|
Laptop
missing/stolen from home of military band member
|
2,800 |
California
SB-1386 &
other State derivatives
|
A.7.2.2 -
Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.9.2.5 - Security of equipment off-premises A.11.7.1 - Mobile computing
and communications A.11.7.2 - Teleworking
|
Dec 28, 2007
|
Davidson
County (Tennessee) Election
Commission
|
Laptops
stolen from offices
|
337,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 28, 2007
|
Minnesota
Dept.of
Commerce/Promissor Corporation
|
Laptop
stolen from employee
|
219 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 21, 2007
|
Franklin
County Municipal Court (Ohio)
|
Exposed
Online
|
270 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 21, 2007
|
Skipton
Financial Services/Moore
Stephens Consulting
|
Laptop
stolen from consultants locker
|
14,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec, 20, 2007
|
Greenville
County School District S.C.
|
Hacked
|
Hundreds
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec, 20, 2007
|
Dormitory
Authority of the State of New
York/UPS
|
Data tapes
missing possibly stolen
|
800 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Dec 19, 2007
|
Pennsylvania
Department of Aging
|
Laptop
stolen from home, contains PHI
|
21,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 18, 2007
|
HM Revenue
& Customs (HMRC) UK
|
Data
cartridge lost
|
6,500 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3 -
Physical media in transit
|
Dec 17, 2007
|
Royal
Bolton Hospital
|
Laptop
stolen from departmental office, contains PHI
|
350 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 17, 2007
|
W est Penn
Allegheny Health System
|
Lapop
stolen from nurse's home contains
PII & PHI
|
42,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 14, 2007
|
Deloitte
& Touche'
|
Contractor's
laptop stolen. Data was password protected but not encrypted
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 11, 2007
|
Iowa Dept.
of Natural Resources
|
Thumb drive
missing
|
7,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Dec 10, 2007
|
Cameron
County, Texas
|
Auditor
sends unauthorised email containing PII including employee salaries to
newsreporter
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Dec 10, 2007
|
Sutter
Lakeside Hospital
|
Laptop
stolen from contractor's home
|
45,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 10, 2007
|
Tricare
Europe/ Electronic Data
Systems
|
Undisclosed
|
4,700
Families
|
California
SB-1386 &
other State derivatives
|
|
Dec 07, 2007
|
Citizens
Advice
|
Laptop
stolen from staff member's car, data compromised includes bank account
numbers
|
60,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 06, 2007
|
Oak Ridge
National Laboratory
|
Hacked -
phony emails containing malicious code in attachments
|
12,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 05, 2007
|
Forrester
Research
|
Laptop
stolen from employee's home
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Dec 05, 2007
|
Memorial
Blood Centers
|
Laptop
stolen from offices
|
268,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Dec 04, 2007
|
Duke
University
|
Hacked
|
1,400 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 04, 2007
|
Indianapolis
Power & Light
|
Data
exposed online through website, some as long as 4 years
|
3,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Dec 04, 2007
|
Passport
Canada
|
Exposed
Online
|
Undisclosed
|
PIPA,
PIPEDA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 30, 2007
|
Prescription
Advantage
|
Data found
with ID thief, includes PHI
|
15,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Nov 26, 2007
|
Provincial
Health Laboratory
|
Computer
unplugged and taken to home of consultant exposing PII and PHI
|
Undisclosed
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Nov 26, 2007
|
Allied
Irish Bank
|
"Technical
problem" in the issuing of international payment advice notices, exposes
PII including account numbers
|
15,000 |
UK/IRELAND
Data Protection Act & EU Directive on Data Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Nov 21, 2007
|
University
of Florida
|
Exposed
Online
|
415 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 20, 2007
|
HM Revenue
and Customs HMRC UK
|
CD
containing child benefit records lost in transit
|
25,000,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3 -
Physical media in transit
|
Nov 17, 2007
|
Batelle
& Batelle LLC/Ohio Masonic
Home & Others
|
Laptop
stolen from employee's car
|
1,200 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Nov 16, 2007
|
U.S. Dept.
of Veteran Affairs
|
Ex-employee
found with data on his home computer after using credit card issued with one
of the stolen ids
|
185,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Nov 16, 2007
|
Service
Canada
|
Laptop
stolen from employee's home
|
1,600 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Nov 16, 2007
|
Kansas
State University
|
Exposed
Online
|
128 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 16, 2007
|
A.J .
Falciani Realty Company
|
Computers
stolen in burglary
|
1,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 15, 2007
|
Roudebush
VA Medical Centre
|
2 computers
and laptop stolen
|
12,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 13, 2007
|
Glenrose
Rehabilitation Hospital
|
Memory
stick in purse stolen from office, PHI included
|
270 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 13, 2007
|
Commerce
Bancorp
|
Ex-employee
gives out information on bank customers which included account numbers
|
Undisclosed
|
California
SB-1386 & other State derivatives, GLBA
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Nov 13, 2007
|
The Foreign
& Commonwealth Office U
|
KData
exposed online through website
|
50,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 07, 2007
|
Carolinas
Medical Centre
|
Laptop
misplaced by ambulance crew, contains PHI
|
28,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Nov 06, 2007
|
Butte
Community Bank
|
Laptop
containing customers PII including account numbers stolen from bank
|
Undisclosed
|
California
SB-1386 & other State derivatives, GLBA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Nov 06, 2007
|
Montana
State University
|
3 separate
incidents - Spreadsheets exposed online, data storage device stolen
|
326 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Nov 06, 2007
|
Alabama
Dept. of Public Health
|
Information
in letters wrongly sent to customers
|
1,554
families
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Nov 05, 2007
|
HM Revenue
and Customs
HMRC/Standard Life UK
|
CD missing
in transit, contains data on pension holders
|
15,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3 -
Physical media in transit
|
Nov 01, 2007
|
City
University of New York
|
Laptop
stolen from school's financial aid office
|
20,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 30, 2007
|
Hartford
Financial Services Group
|
3 backup
tapes misplaced
|
230,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Oct 30, 2007
|
University
of Nevada, Reno
|
Professor
loses flash drive
|
16,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3 -
Physical media in transit
|
Oct 29, 2007
|
United
States Postal Service
|
Laptop
stolen
|
3,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 28, 2007
|
Art.com
|
W ebsite
hacked, CCNs compromised
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 25, 2007
|
University
of Akron
|
Microfilm
lost
|
1,200 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3 -
Physical media in transit
|
Oct 24, 2007
|
Not Your
Average Joe
|
Undisclosed
breach compromises data that includes CCNs
|
Thousands
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
|
Oct 23, 2007
|
Bates
College
|
Documents
exposed online
|
500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 23, 2007
|
Dixie State
College
|
Server
hacked
|
11,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 23, 2007
|
Blockbuster
|
Membership
forms with PII that includes
CCNs found in trash
|
400 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Oct 23, 2007
|
W est
Viginia Public Employees
Insurance Agency/UPS
|
Computer
tape lost in transit
|
200,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Oct 18, 2007
|
University
of Cincinnati
|
Employees
loses thumb drive, possibly stolen
|
7,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.8.3 -
Physical media in transit
|
Oct 17, 2007
|
Louisiana
Office of Student Financial As
|
Backups
lost in transit, possibly stolen
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Oct 17, 2007
|
Home
Depot
|
Laptop
stolen from car
|
10,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 16, 2007
|
Administaff
Inc.
|
Laptop
stolen
|
159,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 15, 2007
|
Transportation
Security Administration
|
Laptops
stolen from contractor
|
3,930 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 13, 2007
|
Montana
State University
|
Hacker
compromises PIIs including CCNs
|
1,400 |
California
SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 12, 2007
|
King County
Transportation Department
|
Laptop
stolen from home
|
1,400 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 10, 2007
|
Pfizer /W
heels Inc.
|
Data
exposed online through website
|
1,800 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 08, 2007
|
Semtech/Unnamed
vendor
|
Laptop
stolen from vendor's premises
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 08, 2007
|
Carnegie
Mellon University
|
2 laptops
stolen from Professor's home
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 08, 2007
|
University
of Iowa
|
Laptop
stolen from home
|
184 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 05, 2007
|
HM Customs
and Revenue UK
|
Employee's
laptop stolen from car
|
400 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Oct 05, 2007
|
Kartenhaus
|
CCNs
exposed online
|
66,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 04, 2007
|
MacEwan
College
|
Personal
credit details exposed online
|
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Oct 04, 2007
|
Massachussetts
Division of
Professional Licensure
|
Inadvertent
exposure of SSNs on disks posted to agencies
|
450,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Oct 02, 2007
|
Athens
Regional Health Services
|
Computer
stolen from offices. Data compromised includes PHI
|
1,441 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Oct 02, 2007
|
The Nature
Conservancy
|
PII
including bank account details compromised by hacker
|
14,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 28, 2007
|
Gap
Inc.
|
Third party
vendor has laptop stolen from offices, contains PII of job applicants
|
800,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 24, 2007
|
Utah
Department of W orkforce Services
|
Laptop
stolen
|
2,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 21, 2007
|
ABN AMRO
Mortgage Group
|
PII exposed
online by Peer-to-Peer
(P-2-P) file sharing software by former employee
|
5,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
A.8.2.2 - Information Security awareness education &
training
|
Sept 21, 2007
|
City of
Columbus Ohio
|
Computers
stolen from warehouse
|
3,500 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 19, 2007
|
University
of Michigan
|
8,585 data
tapes stolen from locked room, no sign of forced entry
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept, 16, 2007
|
St.
Edmundsbury Borough Council (UK)
|
Laptop
stolen from council worker's home, contains bank and insurance account
details
|
1,380 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 14, 2007
|
Tennessee
Tech University
|
E-mails
sent to wrong recipients, exposing account information and other PII
|
3,100 |
California
SB-1386 & other State derivatives, FERPA
|
A.8.2.2 -
Information security awareness education &
training
A.10.8.4 - Electronic messaging
|
Sept 14, 2007
|
TD
Ameritrade Holding Corp.
|
Hacked
|
6,300,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 12, 2007
|
Tenncare/Americhoice
Inc./UPS
|
Unencrypted
CD lost in transit by courier
|
67,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Sept 11, 2007
|
Gander
Mountain
|
Computer
stolen or lost at ''undisclosed'' location. Includes CCNs
|
112,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 11, 2007
|
Pennsylvania
Public W elfare Dept.
|
2
workstations stolen during break-in, contains PHI
|
300,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 10, 2007
|
Purdue
University
|
PII
inadvertently exposed online
|
111 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 07, 2007
|
McKesson
|
2 computers
stolen, may contain PHI
|
Thousands
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Sept 06, 2007
|
De Anza
College, California
|
Instructor's
laptop stolen from home
|
4,375 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Sept 06, 2007
|
University
of South California
|
PII
inadvertently exposed online
|
1,482 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Sept 04, 2007
|
Pfizer
Inc.
|
Employee
removes confidential information which consists of PII, PHI, CCNs, bank
account info.
|
34,000 |
California
SB-1386 & other State derivatives, HIPAA, PCI/Visa CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Sept 01, 2007
|
John
Hopkins Hospital
|
Desktop
stolen, may also contain PHI
|
5,783 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 31, 2007
|
The
Hospital For Sick Children
|
Doctor
loses external hard drive which contains PHI at airport
|
3,300 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3 -
Physical media in transit
|
August 30, 2007
|
AT&T
|
Laptop
stolen from car of employee of professional services firm
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
August 30, 2007
|
Maryland
Dept. of Environment
|
Laptop
stolen
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
August 28, 2007
|
Connecticut
Dept. of Revenue Services
|
Laptop
stolen
|
106,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
August 26, 2007
|
American
Ex-Prisoners of W ar
|
Hard
drives, mail, paper files stolen during burglary
|
35,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 23, 2007
|
Loomis
Chaffee School
|
Computer
stolen during break-in
|
Hundreds
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 23, 2007
|
New York
City Financial Information
Services Agency
|
Laptop
stolen from IT consultant in restaurant
|
280,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
August 22, 2007
|
California
Public Employees' Retirement
|
SSNs
inadvertently printed on brochures distributed to retirees
|
445,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
August 21, 2007
|
W est
Virginia Board of Barbers and
Cosmetologists
|
Safe stolen
from offices
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 21, 2007
|
W alter
Reed Army Institute of Research
|
Unshredded
documents found in trash bin
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
August 16, 2007
|
Toshiba
General Hospital, Japan
|
Laptop
stolen from hospital
|
51,156 |
Japan
PIPA,
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 15, 2007
|
Sky Lakes
Medical Centre/Verus Inc.
|
Exposed
PII, PHI online during maintenance
|
30,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 15, 2007
|
Idaho Army
National Guard
|
Thumb drive
stolen from employee's car
|
3,400 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
August 13, 2007
|
Pfizer
Inc.
|
2 laptops
stolen from locked car
|
950 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
August 11, 2007
|
Providence
Alaska Medical Centre
|
Laptop
stolen, contains PHI
|
250 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
August 10, 2007
|
Unnamed
Legacy Health Systems Practi
|
Employee
allegedly steals PII, PHI, CCNs
|
747 |
California
SB-1386 & other State derivatives, HIPAA, PCI/Visa CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
August 10, 2007
|
Tele2
|
Hacked
|
60,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 10, 2007
|
Loyola
University
|
Hard drive
improperly discarded
|
5,800 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.6 -
Secure disposal or re-use of equipment. A.10.7.2 - Disposal of media
|
August 08, 2007
|
Yale
University
|
Computers
stolen from Dean's office
|
10,200 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 07, 2007
|
Electronic
Data Systems Corp.
|
Employees
steals data during period of employment and sells PII and possible PHI for
use in fraudulent federal tax returns.
|
498 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
August 07, 2007
|
Merryll
Lynch
|
'A computer
device apparently was stolen from corporate offices in New Jersey''
|
33,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 07, 2007
|
First
Response Finance UK
|
'Server
equipment'' stolen during break-in
|
Thousands
|
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 06, 2007
|
Verisign
|
Laptop
stolen from employee's car
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
August 04, 2007
|
Kellogg
Community Federal Credit Unio
|
nComputer
stolen during break-in
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 03, 2007
|
W abash
Valley Correctional Facility
|
Exposed
online. Data file inadvertently moved from private drive to a publicly
accessible drive
|
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
August 03, 2007
|
Capital
Health
|
4 computers
containing PII, PHI stolen.
|
20,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 02, 2007
|
E.On/Mountjoy
& Bressler
|
Laptop
stolen from accounting firm containing PII of E.On empoloyees
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
August 02, 2007
|
University
of Toledo
|
2 hard
drives stolen from premises
|
199 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 28, 2007
|
Yuba County
Child support Services ( C
|
Laptop
missing/stolen
|
70,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 27, 2007
|
City of
Virginia Beach
|
Former
employee found with PIIs
|
2,000 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
July 27, 2007
|
City
Harvest
|
"Improper
access of systems'' PIIs, CCNs compromised
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 27, 2007
|
American
Education Services/Vista Fina
|
Laptop
stolen
|
5,184 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 26, 2007
|
Aflac
|
Laptop
stolen
|
152,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
July 26, 2007
|
United
States Marine Corps/Penn State University
|
Exposed
online
|
10,554 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 26, 2007
|
Newcastle
City Council UK
|
CCNs
exposed online on insecure server that was publicly accessible
|
54,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 24, 2007
|
St Vincent
Hospital
|
SSNs
exposed online, no PHI
|
51,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 21, 2007
|
University
of Michigan
|
Hacked
|
5,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 20, 2007
|
SAIC
|
Military
contractor exposes unencrypted data online which includes PHI
|
580,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 19, 2007
|
Texas
Secretary of State
|
Exposed
online
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 19, 2007
|
Jackson
Local Schools Ohio
|
Exposed
online
|
1,800 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 19, 2007
|
Cricket
Communications
|
Documents
containing CCNs stolen from store
|
300 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 18, 2007
|
Connecticut
General Assembly
Transportation Committee
|
Exposed
online
|
300 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 17, 2007
|
Kingston
Technological Company Inc.
|
Undisclosed
breach compromises data that includes CCNs
|
27,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 17, 2007
|
Louisiana
Board of Regents
|
Exposed
online for two years
|
80,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 17, 2007
|
W estern
Union
|
Hacked,
data includes PII and CCN
|
20,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 13, 2007
|
Metropolitan
St. Louis Sewer District
|
Disgruntled
employee downloads file onto home computer
|
1,600 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
July 12, 2007
|
City of
Encinitas
|
Data
including CCNs inadvertently exposed online for 3 mths
|
1,200 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
July 11, 2007
|
Disney
Movie Club/Alta Resources
|
Contractor
steals and sells data
|
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
July 09, 2007
|
Cuyahoga
County Dept of Development
|
Memory
stick in stolen car
|
3,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
July 09, 2007
|
Resona Bank
Japan
|
Documents
lost from offices
|
980,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 07, 2007
|
Securitas
Security Services USA Inc.
|
Laptops
stolen from offices
|
100,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 05, 2007
|
Highland
University
|
Burglary at
offices compromises data which includes CCNs
|
420 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
July 03,2007
|
Fidelity
National Information Services
|
Employee
steals information from financial processing company. Data includes
CCNs
|
2,300,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
June 29, 2007
|
Harrison
County Schools (West Virginia
|
Computers
stolen
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 27, 2007
|
University
of California Davis
|
Hacked
|
1,120 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 27, 2007
|
Bowling
Green State University
|
Flash drive
missing
|
199 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 27, 2007
|
Milwaukee
PC
|
Data
including CCNs may have been exposed online
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 25, 2007
|
Ohio Bureau
of W orkers Compensation
|
Laptop
stolen from bureau auditor's home
|
439 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 23, 2007
|
W
inn-Dixie
|
Documents
containing PII & PHI inadvertently left in closed down pharmacy
premises
|
Thousands
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
June 22, 2007
|
Texas First
Bank
|
SSNs &
Account nos. on laptop stolen from car
|
4,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 21, 2007
|
American
Airline
|
Pilots and
CEO info exposed online
|
300 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 21, 2007
|
Tokyo
University Hospital, Tokyo
|
Documents
go missing from nurse's station
|
120 |
Unknown
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 18, 2007
|
Parisexposed.com
|
Exposed
online
|
750 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 18, 2007
|
Texas
A&M Corpu Christi
|
Professor
loses data on disk while on vacation
|
8,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 15, 2007
|
State of
Ohio
|
Backup
device stolen from car
|
64,467 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
June 14, 2007
|
Georgia
Tech (University)
|
Exposed
online
|
23,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 14, 2007
|
Coastal
Community Credit Union
|
Backup
tapes stolen in transit
|
120,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.8.3 -
Physical media in transit
|
June 14, 2007
|
City of
Lynchburg
|
Data
including PHI exposed online
|
1,200 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 13, 2007
|
Moorepay
Ltd/Eden Project Cornwall, U
|
KLaptop
stolen from employees car
|
500 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 11, 2007
|
Grand
Valley State University
|
Flash drive
stolen from campus
|
3,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 11, 2007
|
Pfizer
|
File
sharing software compromises data
|
17,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 09, 2007
|
Concord
Hospital
|
Exposed
online
|
9,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 09, 2007
|
Concordia
Hospital
|
Hard drive
stolen from hospital may include
PHI
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
June 08, 2007
|
University
of Iowa
|
W ebsite
security breach
|
1,100 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 08, 2007
|
University
of Virginia
|
Hacked
|
5,735 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 07, 2007
|
Dearfield
Medical Building
|
Box of
unshredded documents found in bin
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
June 06, 2007
|
Cedarburg
High School
|
Students
hack school system
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 04,2007
|
Stephens
Hospital
|
Exposed
online, no PHI
|
550 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 03, 2007
|
Gadsen
Community State College
|
Documents
found littering driveway
|
400 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
June 01, 2007
|
NorthW
estern University
|
Exposed
online
|
4,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 01, 2007
|
Bank of
Scotland
|
Financial
details lost in post
|
62,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3 -
Physical media in transit
|
June 01, 2007
|
Jax Federal
Credit Union
|
Exposed
online
|
7,500 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
June 01, 2007
|
Fresno
County California
|
Computer
disk missing in transit
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
May 31, 2007
|
Priority
One Credit Union
|
PII exposed
on mailed letters
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 30, 2007
|
Saskatoon
Health Region
|
Cards
containing PIIs inadvertently given to charity. No PHI
|
2,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 26, 2007
|
Cover
Tennessee Health Insurance
|
Computer
glitch exposes applicants data online
|
279 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 25, 2007
|
Booker T. W
ashington Community
Center, Auburn
|
Laptop
stolen from center containing data that includes PHI, recovered from culprit
at pawn shop
|
Undisclosed
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 25, 2007
|
North
Carolina Department of
Transportation
|
Hacked
|
25,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 24, 2007
|
W aco
Independent School District
|
2 students
hack into server
|
17,400 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 23, 2007
|
Check Into
Cash
|
Documents
found in local bin
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 22, 2007
|
University
of Colorado, Boulder
|
Hacked-
Antivirus software not patched
|
45,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 22, 2007
|
University
of Pittsburgh Medical Center
|
SSNs
exposed through envelope window
|
6,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 21, 2007
|
Columbia
Bank NJ
|
Hacked
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 20, 2007
|
Northwestern
University
|
Laptop
stolen
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
May 19, 2007
|
Yuma
Elementary School District
|
Briefcase
containing documents stolen from employees car
|
91 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
May 19, 2007
|
W ylie
Police Department
|
Laptops
stolen from offices
|
229,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 19, 2007
|
Illinois
Department of Financial and
Professional Regulation.
|
Hacked
|
300,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 19, 2007
|
Stony Brook
University
|
Inadvertently
exposed online as it was vulnerable to search engine Google
|
90,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 17, 2007
|
Alcatel-Lucent
|
Disk lost
in transit
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
May 17, 2007
|
Georgia
Department of Human Resourc
|
Records
improperly discarded
|
140,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 15, 2007
|
IBM
|
Unencrypted
tapes lost in transit
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
May 14, 2007
|
Community
College of Southern Nevada
|
Hacked
|
197,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 12, 2007
|
Goshen
College
|
Hacked
|
7,300 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 11, 2007
|
UCI Medical
Centre
|
Files of
patients PII and medical record numbers stored in off-site location
missing
|
287 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 10, 2007
|
Highland
Hospital
|
Laptop
stolen from offices and sold but recovered on ebay contained no PHI
|
13,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 09, 2007
|
SEB
|
Hacked
systems contained credit and debit card numbers
|
10,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 09, 2007
|
Standard
Life UK
|
Policy
documents sent to wrong customers
|
300 |
UK Data
Protection Act
& EU Directive on Data
Privacy
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 08, 2007
|
University
of Missouri
|
Hacked
|
22,396 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 07, 2007
|
State
Department of Administration India
|
Inadvertently
exposed online
|
Dozens
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 05, 2007
|
Marks &
Spencer UK
|
Laptop
stolen from printing firm
|
26,000 |
UK Data
Protection Act
& E2
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 04, 2007
|
US
Transportation Security Administrati
|
Hard drive
missing from controlled area at ooffices
|
100,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 03, 2007
|
Louisiana
State University
|
Laptop
stolen from employee's home
|
750 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
May 03, 2007
|
Montgomery
College
|
List of
students with PII infromation inadvertently posted on shared network
drive
|
Hundreds
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
May 03, 2007
|
Department
of Natural Resources
|
Employee
loses memory stick after downloading information to work from home
|
1,433 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
May 02, 2007
|
Royal
Cornwall Hospitals NHS Trust
|
Computer
stolen from offices, contains no
PHI
|
10,000 |
UK Data
Protection Act
& EU Directive on Data
Privacy
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
May 01, 2007
|
W eston
Travel and Insurance Agencies
|
Unshredded
customer applications containing PII and CCNs found in dumpster
|
Hundreds
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 01, 2007
|
Champaign
Fraternal Order of Police
|
Officers
PII found on computer donated to charity
|
139 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
May 01, 2007
|
JP Morgan
Chase
|
Computer
tape lost in transit
|
47,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.8.3 -
Physical media in transit
|
April 29, 2007
|
University
of New Mexico
|
Laptop
stolen from office
|
3,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
April 27, 2007
|
Couriers on
Demand
|
Inadvertently
posted PII on website
|
Hundreds
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 27, 2007
|
Caterpillar
Inc.
|
Laptop
stolen from consultant working with company
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
April 26, 2007
|
Ceridian
Corp./Innovation Interactive
|
Former
employee inadvertently exposes data on personal website after mistakenly
leaving the company with the data
|
150 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 24, 2007
|
Purdue
University
|
Inadvertently
exposed PII online
|
175 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 24, 2007
|
Baltimore
County Dept. of Health
|
Laptop
stolen from offices
|
6,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
April 24, 2007
|
Neiman
Marcus Group
|
Computer
equipment stolen from company's pension consultant
|
160,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
April 23, 2007
|
Federal
Emergency Management Agenc
|
SSNs
printed on outer labels of reappointment letters
|
2,300 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
April 20, 2007
|
United
States Dept. of Agriculture
|
Inadvertently
posted on website
|
63,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 20, 2007
|
Los Alamos
National Laboratory
|
Subcontractor
inadvertently posted employees PII online
|
550 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 19, 2007
|
New Mexico
University
|
Inadvertently
exposed PII online for nearly 2 hours
|
5,600 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 18, 2007
|
University
of California San Francisco
|
Computer
file server stolen data include
PHI
|
3,000 |
California
SB-1386 & other State derivatives, FERPA, HIPAA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
April 18, 2007
|
Ohio State
University
|
Two laptops
stolen from Professors home
|
3,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
April 17, 2007
|
CVS
Corp
|
PII, PHI,
CCNs dumped in garbage container
|
1,000 |
California
SB-1386 & other State derivatives, HIPAA, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
April 17, 2007
|
Ohio State
University
|
Hacked
|
14,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 12, 2007
|
Bank of
America
|
Laptop
stolen from employee during break- in, data included some bank's employee
PII
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
April 12, 2007
|
Fulton
County, Georgia
|
Voter
registration cards recovered from dumpster
|
75,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
April 12, 2007
|
University
of Pittsburgh Medical Centre
|
'Inadvertently''
posted PII and PHI on website
|
80 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 12, 2007
|
Black Hills
State University
|
SSNs
inadvertently posted on website
|
56 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 11, 2007
|
New
Horizons Community Credit Union/
|
Laptop
stolen from consultant containing protected loan account information
|
9,000 |
California
SB-1386 & other State derivatives, GLBA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
April 11, 2007
|
ChildNet
|
Laptop
stolen from HQ possibly by former employee
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
April 07, 2007
|
Georgia
Dept. Of Community Health/ Affiliated Computer Services
|
CD lost in
transit containing PII but no PHI
|
2,900,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
April 09, 2007
|
Turbo
Tax
|
W ebsite
flaw exposes tax returns online
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
April 08, 2007
|
Rogers
Communications Inc. Canada
|
Order forms
with PII and CCNs found strewn all over parking lot
|
Hundreds
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
April 06, 2007
|
Chicago
Public Schools
|
Two laptops
stolen from HQ
|
40,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
April 06, 2007
|
Hortica
|
Backup
tapes lost during transit
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
April 05, 2007
|
Mercer
Human Resources
Consulting/DCH Health System
|
Encrypted
disc and hard copies lost during transit
|
6,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
April 04, 2007
|
University
of California San Francisco
|
Possibly
hacked
|
46,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 30, 2007
|
University
of Montana - W estern
|
Computer
disk stolen from office
|
400-500
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 30, 2007
|
Navy
Station San Diego
|
Laptops
missing. Presumed stolen from offices
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 30, 2007
|
LA County
Child Support Services
|
Laptops
missing. Presumed stolen from offices
|
1,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 29. 2007
|
RadioShack
|
Employees
payment slips with CCNs &
other PII found in dumpster
|
Thousands
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
March 27, 2007
|
Nottinghamshire
Healthcare UK
|
Laptop
stolen from offices
|
11,500 |
UK Data
Protection Act
& EU Directive on Data
Privacy
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 27, 2007
|
St. Mary
Parish Schools
|
Search
engine exposes data online
|
380 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 27, 2007
|
Halifax
Bank of Scotland HBOS Scotlan
|
Briefcase
containing documents stolen dfrom employees car
|
13,000 |
UK Data
Protection Act
& EU Directive on Data
Privacy
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
March 26, 2007
|
U.S. Army
Training and Doctrine Comm
|
Laptop
stolen from employee's vehicle
|
16,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 24, 2007
|
Group
Health Co-operative Health
Care System,
|
2 laptops
missing contain PII, but no PHI
|
31,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 23, 2007
|
Swedish
Urology Group
|
Hard drives
stolen from offices, may include
PHI
|
Hundreds
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 21, 2007
|
HSBC
Australia
|
Hardcopies
of data with PII including financial data found on train
|
100 |
Australian
Privacy Act, UK Data Protection Act
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
March 20, 2007
|
Tax Service
Plus
|
Backup
computer stolen from offices by intruder. Data included CCNs and other
PII
|
4,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 16, 2007
|
Springfield
Ohio City Schools
|
Laptop
stolen from auditor's car
|
1,950 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 14, 2007
|
W ellpoint
& Empire Blue Cross and Blue
|
Unencrypted
compact disc containing data that includes medical info. missing or
stolen
|
75,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3 -
Physical media in transit
|
March 12, 2007
|
Dai Nippon
Printing Company, Tokyo
|
Former
employee steals data by copying data onto floppy disks that includes
CCNs
|
9,000,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
March 10, 2007
|
University
of Idaho
|
PII
inadvertently exposed online
|
2,700 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 9, 2007
|
California
National Guard
|
Hard drive
stolen from physically secure room
|
1,300 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 7, 2007
|
United
States Census Bureau
|
PII
inadvertently posted on public available website
|
302
Households
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 7, 2007
|
Los Rios
Community College
|
Database
exposed online by aggressive search engine
|
2,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 3, 2007
|
Johnny's
Selected Seeds
|
W ebsite
hacked, CCNs compromised
|
11,500 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 2, 2007
|
Metropolitan
State College of Denver
|
Computer
stolen from campus office
|
988 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
March 1, 2007
|
W esterly
hospital
|
PII and
medical records posted online by unknown culprit
|
2,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
March 1, 2007
|
The
Hospital For Sick Children
|
Laptop
stolen from a physician's car
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
March 1, 2007
|
Tokyo
University of Science
|
Bag
containing a disk was stolen on lecturers train ride home
|
8,800 |
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Feb 24, 2007
|
Japan Post,
Japan
|
Bag
containing data stolen from car
|
290,000 |
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking
|
Feb 23, 2007
|
National
Australia Bank Australia
|
W rongly
addressed bank details sent to customers
|
397 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Feb 23, 2007
|
W
orcestershire County Council
|
Laptop
containing bank details and other PII
stolen in street robbery
|
19,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Feb 23, 2007
|
Rabun
Apparel Inc.
|
Inadvertently
exposed PII online
|
1,006 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 22, 2007
|
Speedmark,
Texas
|
Computer
stolen from office
|
35,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Feb 21, 2007
|
Georgia
Tech University
|
Hacked and
illegal access gained to PII and purchasing card information
|
3,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 20, 2007
|
Companies
Registrations Office Ireland
|
W ebsite
hacked since December 2006, Defaced, Data on companies may have been accessed
through this site
|
Unknown
|
UK/Irish
Data Protection
Act
& EU Directive on Data
Privacy
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 20, 2007
|
Back &
Joint Institute Texas
|
Medical
records found dumped in trash bin
|
Hundreds
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Feb 19, 2007
|
Stop &
Shop
|
Credit
& debit card readers tampered with
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Feb 19, 2007
|
Seton
Family of Hospitals
|
Laptop
stolen from office
|
7,800 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Feb 19, 2007
|
Clarksville
Montgomery County Middle
& High Schools
|
Inadvertently
exposed PII on website
|
633 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 17, 2007
|
State of
Connecticut
|
Inadvertently
exposed PII on website for 3 years
|
1,753 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 15, 2007
|
City
College of Francisco
|
PII
inadvertently exposed online for 7 years
|
11,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 15, 2007
|
Iowa Dept.
of Education
|
Hacked
|
160,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 14, 2007
|
Kaiser
Permanente
|
Stolen
laptop containing data that includes
PHI
|
22,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Feb 11, 2007
|
W ashington
DC Metropolitan Police
|
Inadvertently
released info to unauthorized advisory officials
|
2,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Feb 10, 2007
|
Dept. of W
ork and Pensions UK
|
Letters
containing PII sent to wrong recipients
|
26,000 |
UK Data
Protection Act
& EU Directive on Data
Privacy
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Feb 10, 2007
|
State of
Indiana
|
Hacked and
programming error allows intruder to view unsuppressed credit card
numbers
|
5,600 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 9, 2007
|
East
Carolina University
|
Programming
error exposes PII including
CCNs online
|
65,000 |
California
SB-1386 & other State derivatives, FERPA, PCI/VISA CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 8, 2007
|
Piper
Jaffray
|
Carelessly
expose SSNs by printing on the outside of the envelope in letters sent to
employees
|
Over
1000
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Feb 8, 2007
|
St. Mary's
Hospital
|
Laptop
stolen, no PHI
|
130,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Feb 7, 2007
|
Central
Connecticut State University
|
Malfunctioning
machine exposes SSNs in address windows of envelopes
|
750 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Feb 7, 2007
|
University
of Nebraska, Lincoln
|
Employee
inadvertently posts PII on website for two years
|
72 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 7, 2007
|
John
Hopkins University Hospital
|
Backup
tapes misplaced by contractor
|
52,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Feb 6, 2007
|
Metro
Credit Services
|
Records
obtained by defunct bill collector company containing PHI and PII found in
trash bin
|
Thousands
|
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
|
Feb 6, 2007
|
New York
Dept. of Labour
|
Documents
stolen from tax auditor's home
|
537 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Feb 3, 2007
|
CTS Tax
Service
|
Computer
stolen from office
|
800 |
GLB Act,
California SB-
1386 & other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Feb 2, 2007
|
Birmingham
Veterans Medical Centre
|
Employee's
portable hard drive containing
PII missing presumed stolen
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.8.3 -
Physical media in transit
|
Feb 2, 2007
|
New York
Dept. of State
|
Inadvertently
exposed PII on website
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 2, 2007
|
University
of Missouri
|
Hacked
|
1,220 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Feb 2, 2007
|
W isconsin
Legislative Human Resource
|
Report
stolen from employees car outside a gym
|
150 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Feb 2, 2007
|
San
Francisco Indian Consulate
|
Sensitive
documents dumped in recycling centre yard
|
Thousands
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.7.2 - Disposal of media
|
Feb 1, 2007
|
Massachusetts
Dept. of Industrial Accid
|
Former
contractor allegedly accessed workers compensation database to steal PII eto
commit fraud
|
1,200 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Jan 29 2007
|
Vermont
Agency of Human Services
|
Hacked
computer containing financial data
|
70,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Jan 29 2007
|
Halifax
Bank of Scotland HBOS Scotlan
|
W oman
inadvertently sent bank statements of 7p50p00 customgers
|
75,000 |
UK Data
Protection Act
& EU Directive on Data
Privacy
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging
|
Jan 28 2007
|
Salina
Regional Center
|
offices
|
1,100 |
other State
derivatives,
|
A.9.1.2 -
Physical entry controls
|
Jan 26 2007
|
Eastern
Illinois University
|
Computer
stolen from offices
|
1,400 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 26 2007
|
Chase
Bank/Bank One
|
Used desk
purchased at furniture shop contained spreadsheet with PII of former
employees
|
4,100 |
GLB Act,
California SB-
1386 & other State derivatives, FACT Act
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
|
Jan 26 2007
|
Anthem Blue
Cross Blue Shield
|
Cassettes
containing customer info stolen from lock box
|
50,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 26 2007
|
Vanguard
University
|
Two
computers stolen
|
5,105 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 26 2007
|
Indiana
Dept. of Transportation
|
Exposed on
internal network drive
|
4,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Jan 25 2007
|
W ahiawa W
omen Infants & Children
(Dept. of Health)
|
ID theft
possibly involving employee
|
11,500 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.2.3 - Disciplinary process
A.8.3.1 - Termination responsibilities
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
Jan 25 2007
|
Ohio Board
of Nursing
|
PIIs
exposed online
|
3,031 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Jan 24 2007
|
Rutgers
University
|
Laptop
stolen from office
|
200 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 23 2007
|
Clay High
School
|
Student
hacks school computers
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Jan 23 2007
|
Xerox W
ilsonville
|
Laptop
stolen from managers car
|
297 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Jan 22 2007
|
Chicago
Board of Election
|
100 cds
with the voters info wrongly distributed to aldermen & ward committee
men, 6 discs are completely missing
|
1,300,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
A.10.8.4 - Electronic Messaging
|
Jan 20 2007
|
Greenville
County School District S.C.
|
Boxes
containing PII of teachers over a period of years left behind during
renovation
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling A.9.2.5 - Security of equipment
off-premises A.10.8.3 - Physical media in transit
|
Jan 19 2007
|
IRS/Kansas
City Govt
|
26 computer
tapes containing taxpayer info.missing
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.9.1.2 - Physical entry controls
|
Jan 18 2007
|
KB Home
Charleston
|
Computer
stolen
|
2,700 |
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 17 2007
|
The TJX
Companies Inc.
|
Possibly
hacked, systems containing
CCNs, debit card nos etc
|
45,000,000 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Jan 17 2007
|
Rincon del
Diablo Municipal W ater Distr
|
2 computers
containing credit card numbers stolen from offices
|
500 |
California
SB-1386 & other State derivatives, PCI/Visa CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 16 2007
|
University
of New Mexico
|
3 computers
stolen from associate provost's office containing PII of faculty
members
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 13 2007
|
North
Carolina Dept. of Revenue
|
Laptop
stolen from car
|
30,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Jan 12 2007
|
Moneygram/Unnamed
biller
|
'Unlawfully
accessed'' PII may include bank a/c numbers
|
79,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1 -
Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information
|
Jan 11 2007
|
University
of Idaho
|
3 desktops
stolen from offices
|
70,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 08 2007
|
Towers
Perrin/unnamed clients
|
Clients
data on 5 laptops stolen from locked room in office building
|
Tens of
thousands
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 08 2007
|
University
of Notre Dame
|
University
director's laptop stolen
|
Undisclosed
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises A.11.7.1 - Mobile computing and
communications A.11.7.2 - Teleworking
|
Jan 04 2007
|
Johnston
County, Selma
|
Laptop
stolen from Selma water treatment plant
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
Jan 03 2007
|
Academic
Magnet High School
Charleston
|
Laptops and
PCs stolen from premises
|
Hundreds
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection
|
| |
|
ESTIMATED
TOTAL (ROUGH):
|
102,207,257 |
|
|
|
|
|
|
|
|
