PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
| December 31, 2009 |
Eastern
Washington University |
Hacked |
130,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 30, 2009 |
Collective2 LLC |
Hacked server exposes PII, CCNs |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 29, 2009 |
Little Italy |
Infected POS terminals exposes CCNs |
150 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 22, 2009 |
Plymouth County Correctional Facility |
Inmate
hacks prison systems |
1,100 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 21, 2009 |
Durham Region Health Department,
Canada |
PHI on lost usb drive |
83,524 |
PIPEDA, PIPA & PHIPA |
A.10.8.3 - Physical media in transit |
| December 18, 2009 |
Penn State
University |
Infected computer exposes SSNs |
261 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 18, 2009 |
Shropshire
County Council, UK |
Unencrypted memory stick lost, contained PHI of residents and
staff |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| December 17, 2009 |
Family and Morale, Welfare and Recreation
Command |
Laptop stolen from employee contained PII |
42,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 17, 2009 |
United States
Army |
Stolen laptop contained PII, CCN |
42,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 17, 2009 |
North Carolina
Community College System |
Library system of 25 community libraries hacked compromising
SSNs, drivers licenses |
51,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 15, 2009 |
Detroit
Department of Health and Wellness Promotion |
Flash drive stolen from vehicle contained city residents PII |
Unknown |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| December 15, 2009 |
Detroit
Department of Health and Wellness Promotion |
Computer stolen from office contained vaccination details |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 11, 2009 |
The Beijing
Center for Chinese Studies, US |
Laptop stolen |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 11, 2009 |
State of
Minnesota, Lookout Services Inc |
Website exposes state employee data |
500 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 10, 2009 |
Bushland
Independent School District |
Meal applications found in dumpster exposing PII |
100 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 10, 2009 |
University
Medical Center Las Vegas |
Accident patients data leaked to attorneys |
141 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 07, 2009 |
Anglo Irish Bank |
A bank
executive errorneously emailed a Northern Ireland client details of derivatives transactions of
other customers |
504 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| December 04, 2009 |
MedSolutions,
North Carolina Division of Medical Assistance, UK |
Website exposes PII of physicians |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 04, 2009 |
University of Nebraska Lincoln, Hinsdale High School District 86 |
Hacked |
4,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 04, 2009 |
Eastern Illinois
University |
Virus compromises server with PII |
9,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 04, 2009 |
Wake County
Public School System |
5000 postcards sent with SSNs printed on the outside |
5,000 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 04, 2009 |
Passport Canada,
Post Office Canada |
Passport applications stolen by employee |
70 |
PIPEDA, PIPA & PHIPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 03, 2009 |
Office of Consumer Affairs |
Sensitive
documents found in dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 01, 2009 |
The Children's Hospital of
Philadelphia |
Laptop stolen |
943 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 01, 2009 |
Textron |
Missing usb contains PII and financial details |
54 |
California SB-1386 & other State derivatives, GLBA |
A.10.8.3 - Physical media in transit |
| December 01, 2009 |
Nation Wide
Credit Counseling |
Dumpster full of documents with PII |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 29, 2009 |
Oregon Housing and Community Services, Oregon Parks and
Recreation Department |
PII exposed in open recycling bin |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 27, 2009 |
NorthgateArinso,
Verity Trustees, UK |
Laptop stolen |
110,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 26, 2009 |
Penn State
University |
Laptop compromised by virus |
303 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 25, 2009 |
Aurora St.
Luke's Medical Center |
Laptop stolen, PII, PHI affected |
6,400 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 23, 2009 |
Acorn |
Sensitive documents thrown in trash |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 20, 2009 |
University of
Notre Dame |
PII of employees placed on public website |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 19, 2009 |
Tadgear |
Hacked, CCNs compromised |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 19, 2009 |
Health Net |
Hard drive missing from office exposes PII, PHI |
1,500,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 18, 2009 |
Universal
American Insurance |
Postcards sent to receipients expose SSNs |
80,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 17, 2009 |
Nebraska
Workers' Compensation Court |
Hacked |
Thousands |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 17, 2009 |
T-Mobile, UK |
Employee sells customer data to rival firm |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 17, 2009 |
E.On, UK |
PII, bank details sent to wrong receipients by mail |
817 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 15, 2009 |
Guam Memorial
Hospital |
PII, PHI on stolen laptop |
2,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 13, 2009 |
United States
Army Corps of Engineers |
Hard drive lost |
60,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| November 13, 2009 |
Cal Poly Pomona |
SSNs, addresses exposed online |
355 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2009 |
Bloomsburg
University |
Laptop stolen |
574 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 11, 2009 |
Mercy Medical
Center |
Patients records accessed by former employee |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 10, 2009 |
Obsidian
Financial Group |
Customers SSNs & bank reference numbers stolen by employee |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 06, 2009 |
Chaminade
University |
Students PII accessible via web |
4,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 28, 2009 |
Bank of New York
Mellon Corp. (BK) |
Computer technician steals PII of fellow employees to make $1.1M |
150 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 28, 2009 |
Rural Payments
Agency, UK |
Computer tapes missing, contained PII & bank info |
100,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| October 28, 2009 |
Llywelyn's Pub |
Hacked, CCNs & other PII affected |
100 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 26, 2009 |
CalOptima |
PII, PHI on lost discs |
68,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| October 26, 2009 |
University of
Wisconsin-Madison |
Hacked |
2,920 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 21, 2009 |
Baptist Hospital
East |
Email leaks PII |
350 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 21, 2009 |
Zurich
Insurance, ZA |
Policy details on lost backup tape |
641,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| October 21, 2009 |
Roane State
Community College |
PII on stolen data storage device |
15,977 |
California SB-1386 & other State derivatives, FERPA |
A.10.8.3 - Physical media in transit |
| October 20, 2009 |
Bullitt County
Public Schools |
Email accidentally sent affecting PII |
676 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 20, 2009 |
ChoicePoint,
Reed Elsevier |
Hacked |
13,750 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 19, 2009 |
Cheers Liquor
Mart |
Customer data including CCNs exposed in hacking incident |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 16, 2009 |
Halifax Health |
PII on stolen laptop |
33,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 14, 2009 |
Virginia
Department of Education |
Flash drive lost |
103,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.8.3 - Physical media in transit |
| October 13, 2009 |
California State
University Los Angeles |
SSNs accidentally posted on website |
82 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 13, 2009 |
Pitt County
Memorial Hospital |
Usb device containing SSNs, PHI missing from where it was stored |
1,700 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 09, 2009 |
M&T Bank |
Records found in dumpster, PII exposed |
52 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 07, 2009 |
CLP Skilled
Trade Solutions |
Dumpster full of PII and tax records |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 05, 2009 |
National
Archives and Records Administration |
Hard drive improperly disposed of |
76,000,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 04, 2009 |
Suffolk County
Community College |
Names and SSNs mistakenly listed in an email |
300 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 03, 2009 |
Blue Cross Blue
Shield Association |
Stolen laptop |
187,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 29, 2009 |
Memorial
University of Newfoundland |
Material used for recycling project inadvertently exposes SSNs |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 28, 2009 |
Tennessee
Department of Human Services |
Doctors inadvertently fax patient records to an Indiana business |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| September 25, 2009 |
University of
North Carolina |
Hacked, PII compromised |
236,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 25, 2009 |
Penrose Hospital |
Binder containing PII stolen |
175 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 23, 2009 |
Eastern Kentucky
University |
PII inadvertently posted on the web |
5,045 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 23, 2009 |
Demon Internet,
UK |
Billing email inadvertently exposes customers PII |
3,600 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| September 23, 2009 |
Kern Medical
Center |
Break-in compromises PII |
31,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 23, 2009 |
Socorro County
Housing Authority |
Files containing SSNs and financial details found in dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 22, 2009 |
Cincinnati
Metropolitan Housing Authority |
Housing residents PII exposed online |
900 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 22, 2009 |
AlixPartners LLP |
Laptop stolen, contained PII and account information of Madoff
investors |
2,246 |
California SB-1386 & other State derivatives, GLBA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 21, 2009 |
Rocky Mountain
Bank |
Email attachment sent to wrong Google email address contained
names, SSNs and account details |
1,325 |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| September 18, 2009 |
Akron Children's
Hospital |
Spyware compromises patients PII, PHI and financial information |
62 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 14, 2009 |
University of Florida, Florida Department of Transportation |
Educational trainers names and SSNs exposed |
25 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 14, 2009 |
Jones General
Store |
Customer credit card receipts stolen from store by burglars |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 06, 2009 |
School for the
Physical City High School |
Students PHI, PII dumped on street |
Unknown |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 05, 2009 |
Mitsubishi
Corporation |
Server hacked, CCNs compromised |
52,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 02, 2009 |
Naval Hospital
Pensacola |
Laptop missing, contained names and SSNs |
38,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 01, 2009 |
Bluegrass
Community and Technical College |
A file containing students names and SSNs missing |
100 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 29, 2009 |
Birmingham NHS,
Trulife, UK |
Stolen
laptops contain PHI |
7,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 28, 2009 |
Iron Mountain,
Cuyahoga County, Ohio |
Box
containing documents with PII falls off a truck during transit |
300 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| August 25, 2009 |
Guardsmark |
Employee
files containing PII found in trash |
100 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 25, 2009 |
Worthing Borough
Council, UK |
Confidential
papers found on street, PHI affected |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 21, 2009 |
University of
Massachusetts at Amherst (UMASS) |
Server
hacked, PHI compromised |
Unknown |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 20, 2009 |
Boston University Army Reserve Officers' Training Corps |
PII exposed
through file transfer program |
6,675 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 20, 2009 |
Prompt Med |
Dumped
medical files exposes PHI |
623 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 19, 2009 |
Radisson Hotels
& Resorts |
Unauthorised access of CCNs,
PII on systems |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 18, 2009 |
Sun Valley
Mortgage |
Lost laptop exposes clients'
names, account numbers |
600 |
California SB-1386 & other State derivatives, GLBA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 18, 2009 |
California State
University, Los Angeles |
Stolen computers contained PII |
600 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 15, 2009 |
Northern Kentucky
University |
Laptop
stolen |
200 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 14, 2009 |
Calhoun Area
Career Center |
PII exposed online |
455 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 13, 2009 |
Chase Bank |
Tape lost at offsite storage location |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 13, 2009 |
Louisiana State
University |
PII exposed on website |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 11, 2009 |
University of
California, Berkeley |
Web server hacked, PII exposed |
493 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2009 |
Amuse Inc, Japan |
Hacked, CCNs & other PII affected |
148,680 |
Japan Privacy Act, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 08, 2009 |
Iowa Secretary of
State |
SSNs found on public website |
2,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 06, 2009 |
Mitsubishi UFJ
Nicos, Japan |
Privacy records on microfiche film missing |
197,000 |
Japan Privacy Act |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 06, 2009 |
Colorado Department of
Corrections |
Email containing PII inadvertently sent to co-workers |
1,084 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| August 04, 2009 |
United States Army National Guard |
Laptop
stolen |
131,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 28, 2009 |
University of
Colorado CO Springs |
Stolen laptop may have contained PII |
766 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 25, 2009 |
Network
Solutions |
Breach on web servers exposes credit card accounts |
573,928 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 24, 2009 |
Hampton
Redevelopment and Housing Authority |
SSNs of employees inadvertently sent by postal mail |
900 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 23, 2009 |
American International Group (AIG), American Life Insurance Co.,
Japan |
Policy holders CCNs compromised |
1,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 22, 2009 |
HSBC Holdings
plc, HSBC Life |
Policy holders PII on lost CD |
180,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| July 22, 2009 |
HSBC Holdings
plc, HSBC Actuaries, UK |
Lost floppy disk contained pension scheme members PII |
1,917 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| July 22, 2009 |
The Highland
Council, UK |
Stolen laptops contain PHI |
1,400 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 21, 2009 |
United Kingdom
Ministry of Defence, UK |
MOD admits losing an entire server |
700 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| July 17, 2009 |
Francis Howell
School District |
Laptop stolen |
1,700 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 16, 2009 |
University of California San Diego Moores Cancer Center |
Server hacked, PHI compromised |
30,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2009 |
Johnson County
Kansas |
File containing SSNs inadvertently attached to email |
8,600 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| July 14, 2009 |
LexisNexis |
Employee exposes PII to organized crime syndicate |
13,329 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 13, 2009 |
Florida
Department of Education |
Hard files containing PII missing |
475 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 08, 2009 |
AT&T |
Temporary employee steals other employee PII including SSNs |
2,100 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 08, 2009 |
Canyons School
District |
Lost thumb drive contained PII |
6,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.8.3 - Physical media in transit |
| July 08, 2009 |
Alberta Health
Services Edmonton |
Virus compromises PHI |
11,582 |
PIPEDA, PIPA & PHIPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 07, 2009 |
Jubilee Managing
Agency Limited, UK |
Unencrypted disk containing PII of policy holders lost |
2,100 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| July 02, 2009 |
Redford Union
School District |
Mailing error exposes SSNs on address labels |
400 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 02, 2009 |
American Express
(Technologies) |
DBA steals thousands of cardmember data and creates own plastics |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
June 23, 2009
|
Florida
Department of Revenue
|
Names,
addresses and SSNs of people on a
password- protected flash drive stolen from the car of an employee.
|
2,828 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
June 23, 2009
|
Cornell
University
|
Computer
stolen from university
|
45,277 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 22, 2009
|
Broadridge Financial Solutions,Inc.
|
Inadvertently
disclosed Dynegy shareholder
information including name, address, SSNs and other account
information to another client.
|
Unknown
|
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 22, 2009
|
Baptist
Medical Center
|
Folders
containing PHI found at dump
site
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 17, 2009
|
Bord Gais',
Ireland
|
Unencrypted
laptop stolen from office contained
account details of customers
|
75,000 |
Irish Data
Protection Act
& EU Directive on Data
Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 17, 2009
|
Blackbaud
/ University
of North Dakota
|
Laptop
stolen from car contained financial
information
|
84,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 16, 2009
|
Redondo
Beach Arco Gas Station
|
Organized
crime ring infiltrates station as
'employee' installs a skimmer that
steals PIIs, CCNs
|
1,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
June 15, 2009
|
Beam Global
Spirits & Wine Inc.
|
Unauthorized
access of HR database by former employee exposes PII
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
June 14, 2009
|
Custom House
Coffee
|
Hackers
access stores wireless network to steal credit & debit card data
|
50 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 12, 2009
|
Charles
Schwab & Co
|
Hard drive
stolen
|
60 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
June 12, 2009
|
JFY
Networks
|
Website
hacked exposing PII
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 12, 2009
|
Oregon
Health & Science University
|
A
physician's laptop was stolen from a
car parked at the doctor's home. PHI affected
|
1,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 12, 2009
|
Kirkwood
Community College
|
Storage
device stolen from office
|
1,600 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 08, 2009
|
Low Cost
Pharmacy
|
Patients
records thrown in dumpster
|
100 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 07, 2009
|
T-Mobile
USA
|
Hacked
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 06, 2009
|
Ohio State
Dining Services
|
Student
employees had their social security
numbers accidentally leaked in an
e-mail.
|
350 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
June 05, 2009
|
Virginia
Commonwealth University
|
Computer
desktop stolen from office, PII
impacted
|
17,214 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
June 04, 2009
|
Salford
Royal NHS Foundation Trust, UK
|
Stolen
laptop contains patient details
|
3,500 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 04, 2009
|
City of
Duncan, Oklahoma
|
Utility
system breach exposes customers' bank
account details
|
170 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 04, 2009
|
Maine Office
of Information Technology
|
Printing
error causes SSNs to be sent to wrong recipients
|
597 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
June 03, 2009
|
Aviva
|
Malware
compromises account numbers and other PII
|
550 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 02, 2009
|
Virginia
Department of Health Professions
|
Hacked, SSNs
compromised
|
531,400 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
June 01, 2009
|
Northern
Ireland Department Human
Resources, UK
|
Laptop
stolen
|
30,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 01, 2009
|
LPL
Financial
|
Computer
stolen contains PII
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
June 01, 2009
|
NHS Lothian,
UK
|
Medical
histories on lost usb stick
|
137 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
June 01, 2009
|
University
of Nevada
|
Virus found
on computer with PII
|
20 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 28, 2009
|
Pensions
Trust, NorthgateArinso, UK
|
Laptop
stolen
|
109,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 27, 2009
|
Aetna
Inc.
|
Website
exposes PII
|
65,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 27, 2009
|
Warren
County Virtual Community School,
OH
|
PII found in
dumpster
|
140 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 27, 2009
|
Batteries.com
|
Network
hacked, CCNs compromised
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 24, 2009
|
Moran Health
Care Group
|
Medical
& employment records found on the
street
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 23, 2009
|
Indiana
Department of Workforce
Development/Pitney Bowes
|
Accidental
disclosure>
of SSNs to incorrect employer
|
4,500 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 22, 2009
|
Royal Air
Force, Ministry of Defence, UK
|
3
Unencrypted disks missing from base
|
500 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
May 22, 2009
|
Ministry of
Defence, UK
|
Army laptop
stolen as employee leaves it in
vehicle overnight
|
Thousands
|
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 19, 2009
|
National
Archives and Records Administration
|
Hard drive
lost
|
100,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
May 19, 2009
|
CompuCredit
|
Computer
glitch exposes credit card statements
online
|
100 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 18, 2009
|
Anderson Kia
of Boulder
|
Defunct
dealership exposes PII as
documents found in bins
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 18, 2009
|
New Jersey
Department of Labor and Workforce
Development
|
SSNs
erroneously emailed to wrong
employers
|
28,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
May 14, 2009
|
John Hopkins
Hospital
|
Employee
steals patient data, PHI not affected
|
10,000 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
May 13, 2009
|
United Food
and Commercial Workers Union
|
Laptop
stolen
|
47,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 11, 2009
|
Washington
D.C. Office of the State Superintendent
of
Education
|
PII
erroneously emailed to
wrong recipients
|
2,400 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
May 08, 2009
|
University
of California Berkeley
|
Hacked , PHI
affected
|
160,000 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 07, 2009
|
West Herts
Hospitals Trust, UK
|
Laptops
stolen
|
2,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 05, 2009
|
The
Provincial Health Department
|
Lost
blackberry not password protected
contained PHI
|
Undisclosed
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
May 05, 2009
|
East Burke
Christian Ministries
|
Burglary,
laptop stolen
|
1,000 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
May 04, 2009
|
Virginia
Department of Health Professions
|
PII, PHI
stolen from company , backup also missing. Perpetrator
demands $10M for return of the data
|
8,257,378 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
A.10.5.1 Information
back-up
|
May 04, 2009
|
Fulton
County Board of Registration and
Elections
|
Discarded
voter registration
documents>
expose PII
|
100,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
May 04, 2009
|
Kapiolani
Community College
|
Malware
exposes PII
|
15,487 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
May 01, 2009
|
LexisNexis,
Investigative Professional
|
PII exposed
in fraud scheme
|
32,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 30, 2009
|
Oklahoma
Housing Finance Agency
|
Laptop
stolen
|
225,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 29, 2009
|
Bradford
Teaching Hospital NHS Foundation>
Trust, UK
|
Lost data
stick contained SSNs, names &
hospital numbers
|
5,650 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
April 29, 2009
|
Federal
Reserve Bank, New York
|
Former IT
employee found with PII used to obtain
loans fraudulently
|
Unknown
|
FISMA,
California SB-
1386 & other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
April 29, 2009
|
Addenbrooks
Hospital, UK
|
Lost data
stick contained PHI
|
741 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
April 25, 2009
|
Ministry of
Defence, UK
|
A junior
Royal Navy officer's laptop stolen from his car
|
600,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 23, 2009
|
Carbonite
|
Online
backup company Carbonite loses
customer data due to defective hardware and blames suppliers
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.10.5.1
Information>
back-up
|
April 23, 2009
|
Journal
Space
|
Malicious
act by disgruntled employee
wipes out main database for which there was
no backup
|
Undisclosed
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
A.10.5.1 Information
back-up
|
April 23, 2009
|
University
of Manchester,
UK
|
Unauthorized
staff emails PII to 469 other students
|
1,700 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
April 23, 2009
|
SunTrust
Bank
|
Undisclosed
type of breach, possibly hacked, CCNs
account numbers affected
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 23, 2009
|
Czech
Government
|
EU summit
participants including Prime Ministers
and
Presidents PII & PHI found on
public computers
|
200 |
EU Directive
on Data
Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
April 23, 2009
|
Aberdeen
Royal Infirmary, UK
|
Laptop
stolen from premises contained PII and
coded PHI
|
1,392 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
April 23, 2009
|
Oklahoma
Department>
of Human Services
|
Laptop
stolen
|
1,000,000 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 22, 2009
|
Marian
Medical Center
|
Blackberry
stolen contained
PII & PHI
|
3,200 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 21, 2009
|
FairPoint
Communications
|
Portable
data storage device lost
|
4,400 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
April 18, 2009
|
British
Council UK
|
Unencrypted
disk lost
|
2,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
April 13, 2009
|
Moses Cone
Hospital, VHA Inc.
|
Laptop
stolen
|
14,380 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 12, 2009
|
CBIZ Medical
Management Professionals/Southwest
Mississippi Regional Medical
Center
|
Laptop
stolen
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 11, 2009
|
Peninsula
Orthopaedic>
Associates
|
Data tapes
lost or stolen in transit exposes patients PII
including insurance numbers
|
100,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.8.3
- Physical media in transit
|
April 10, 2009
|
Borrego
Springs Bank/Vavrinek, Trine, Day and Co.
|
Names &
account numbers on stolen laptops
|
Unknown
|
California
SB-1386 & other State derivatives, GLBA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 10, 2009
|
Penn State
Erie, The Behrend College
|
Malicious
software found on computer, PII
exposed
|
10,868 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 10, 2009
|
Gexa
Energy
|
Hacked
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 09, 2009
|
Fox
Entertainment Group/MySpace.com
|
Unauthorized
access by employee exposes PII
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
April 09, 2009
|
Inet
Interactive
|
PIIs &
CCNs with CCVs exposed in hacking incident
|
9,561 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 09, 2009
|
North
Carolina Department of Motor
Vehicles
|
Undisclosed
type of breach, PII affected
|
13 |
California
SB-1386 &
other State derivatives
|
|
April 08, 2009
|
Northeast
Rehabilitation Hospital
|
Laptop
stolen
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 08, 2009
|
Metropolitan
Nashville Public Schools, Public
Consulting
Group
|
Students PII
exposed online
|
18,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 08, 2009
|
Hawaii Dept
of Transportation
|
Laptop
stolen
|
1,892 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 07, 2009
|
Richmond
Dermatology Specialists,
PC
|
Documents
found scattered along street
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
April 03, 2009
|
Policy
Studies Inc./Tennessee Department of
Human Services
|
Contracted
employee>
steals SSNs and bank account numbers
|
1,600 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
April 03, 2009
|
Town of
Culpeper
|
PII
including SSNs inadvertently posted on internet
|
7,845 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 02, 2009
|
Wigan
Borough Council, UK
|
Laptop
stolen contained PII of special needs
children
|
33,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
April 02, 2009
|
Fujitsu
Consulting Inc.
|
Package
containing storage device lost in
transit
|
3,410 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
April 01, 2009
|
University
of Washington
|
Hacked
|
6,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
April 01, 2009
|
State of
Maryland
|
State
employees PII including SSNs lost in
mail
|
8,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
March 30, 2009
|
Symantec
|
BBC reported
that it managed to purchase CCNs obtained from Symantec's
call center from an individual
|
200 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
March 26, 2009
|
Pacific
University
|
Laptop
stolen
|
Unknown
|
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 25, 2009
|
Westaff
Employment Staffing Company
|
Dumped
personal documents in the trash
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 24, 2009
|
Massachusetts
General Hospital
|
Paperwork
containing>
PHI lost when an employee>
apparently left it on a train.
|
66 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 21, 2009
|
Royal Air
Force Mildenhall, UK
|
Computer
stolen from post office employee's
residence contained
PII of mailbox holders
|
6,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 19, 2009
|
Bailey
Middle School
|
Confidential
papers found on street
|
21 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 18, 2009
|
Walgreens
|
PII of state
retirees were e-mailed to the Kentucky Retirement
Systems without being properly encrypted
|
28,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
March 18, 2009
|
University
of West Georgia
|
Personal
information was on a laptop stolen
from a traveling professor
|
1,300 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 18, 2009
|
Central Ohio
Transit Authority, COTA
|
COTA
personnel workers gave 51
companies names and identification
numbers
|
900 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 17, 2009
|
Penn State
Office of Physical Plant
|
A virus
infiltrated a computer that contained>
more than 1,000 social security numbers of OPP employees
|
1,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 16, 2009
|
Comcast
|
Phishing
scam exposes passwords
|
4,000 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 16, 2009
|
University
of Toledo
|
Computer
stolen
|
24,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
March 13, 2009
|
Dezonia
Group/Chicago Fire Department>
ambulance
|
An
employee's laptop containing
PII stolen
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 12, 2009
|
US
Army
|
Web-based
database hacked
|
1,600 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 12, 2009
|
Sprint
|
Former
employee sold or otherwise provided
account data without permission to
third parties
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
March 12, 2009
|
Sen. Norm
Colemans Campaign
|
Database
exposed online contained>
information on campaign donors,
including PII, CCNs and the three-digit>
security codes
|
Undisclosed
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 11, 2009
|
The
Department for Work and Pensions
|
Memory stick
was found in a pub car park
containing confidential
passcodes>
to the online Government
Gateway system
|
12,000,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
March 11, 2009
|
Binghamton
University
|
Payment
information including CCNs
stored insecurely
on campus, Door that was not only unlocked
but taped open.
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
March 11, 2009
|
Gwent
Police, Wales UK
|
Sent mail
arrives without unencrypted CD
containing crime victims PII
|
2,300 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
March 09, 2009
|
Road
Policing Division of Police Headquarters Edinburgh,
UK
|
USB drive
missing
|
Unknown
|
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
March 09, 2009
|
Wiltshire
County Council, UK
|
USB stick
lost in transit
|
1,385 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
March 07, 2009
|
Department
of Human Services, Oklahoma
|
Files ?
which included PII and details on child abuse investigations ?
reportedly were left behind when a DHS
worker was evicted from a rent house
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 07, 2009
|
Idaho
National Laboratory (INL)
|
An encoded
disc containing PII from the
employees was either lost or stolen in
transit via United Parcel Service
|
59,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
March 06, 2009
|
Federal
Emergency Management Agency
(FEMA)
|
Laptop
stolen from car
|
50 |
FISMA,
California SB-
1386 & other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 05, 2009
|
St. Rita's
Medical Center
|
Bag stolen
during an automobile break-in
|
242 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 04, 2009
|
New York
Police Department
|
A civilian
employee of the department's pension
fund is accused of stealing eight tapes containing
SSNs
|
80,000 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
March 04, 2009
|
Elk Grove
Unified School District
|
A
document with the SSNs of
employees was lost by a district
employee
|
500 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
March 04, 2009
|
Western
Oklahoma State College
|
A rootkit
was installed on a server administered by an outside party
|
1,500 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
March 03, 2009
|
Developers
Diversified>
Realty Corporation (DDR),
National City Bank
|
An affiliate
mailed out 1099-DIV forms to the wrong recipients, potentially
exposing PII.
|
1,799 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 02, 2009
|
City of
Muskogee
|
Hard drives
disposed of carelessly
|
4,500 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
March 01, 2009
|
National
Health Service (NHS) Scotland UK
|
NHS doctor
inappropriately accesses Emergency>
summary care system containing>
PHI
|
2,500,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 25, 2009
|
Stemboat
Springs School District
|
Laptop
stolen
|
1,300 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 24, 2009
|
North Wales
NHS Trust, UK
|
Disks
containing patient information
found in trash
|
Unknown
|
UK Data
Protection Act & EU Directive on
Data Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 23, 2009
|
Vantage
Point Retirement Living
|
Nurse steals
patient information
|
3 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 23, 2009
|
Seaview
Financial
|
Mortgage
broker dumps files in trash
|
Unknown
|
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 23, 2009
|
Ryerson
University
|
Software
error exposes students PII
|
588 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 22, 2009
|
Fiat
Financial Services
|
Documents
mailed to wrong customers,
bank account numbers impacted
|
6 |
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 20, 2009
|
Scottsdale
Healthcare>
Chandler Regional Medical Center
|
Employee
steals credit card information
|
15 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 20, 2009
|
Arkansas
Dept. of Information Systems
/Information Vaulting
Services
|
Tape
containing information
on background
checks missing
|
807,000 |
California
SB-1386 &
other State derivatives
|
A.10.8.3
- Physical media in transit
|
February 20, 2009
|
Del Mar
College
|
Class roster
stolen
|
53 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 19, 2009
|
California
Pizza Kitchen
|
Employee
steals credit card information
with skimming machine
|
50 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 19, 2009
|
University
of Florida
|
Hacked
|
97,200 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 18, 2009
|
People's
bank
|
Documents
containing>
bank account numbers & PII found in dumpster
|
Unknown
|
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 18, 2009
|
Northeast
Orthopaedics, LLP Mrecord
|
PHI, PII
exposed online
|
1,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 18, 2009
|
John Hopkins
Hospital
|
Employee
steals patients credit to obtain credit
cards and loans
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 17, 2009
|
Broome
Community College
|
SSNs printed
on backcover of alumni mailer
|
14,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 14, 2009
|
University
of Alabama
|
Hacked
|
37,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 13, 2009
|
Clayton
County Sherriff's Department
|
Employee
suspected>
of stealing Deputies PII
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 10, 2009
|
SemGroup
LP
|
Financial
information inadvertently exposed on
court bankruptcy document
|
160 |
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 10, 2009
|
Royal Bolton
Hospital, UK
|
Patients
details lost near hospital grounds, PHI affected
|
1,300 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
February 09, 2009
|
United
States Federal Aviation Administration (FAA)
|
Hacked
|
45,000 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 09, 2009
|
Parkland
Health & Hospital System
|
Laptop
stolen
|
9,300 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 09, 2009
|
United
States Postal Service
|
Employee
steals debit and credit cards in mail
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 09, 2009
|
Nationwide
Children's>
Hospital, UK
|
PHI stolen
from car
|
23 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 06, 2009
|
East Moon
Asian Bistro
|
Waiters
steal hundreds of CCNs from customers
|
200 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 06, 2009
|
Kaiser
Permanente
|
PII found
with individual, breach type
unknown
|
29,500 |
California
SB-1386 &
other State derivatives
|
|
February 06, 2009
|
Motorola
|
CCNs exposed
on website
|
6 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 06, 2009
|
Catskill
Regional Medical Center
|
Unauthorized
viewing of SSNs and financial information>
by employee
|
431 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.3 - Removal of access rights
|
February 05, 2009
|
Royal
Liverpool University Hospital,
UK
|
Documents
with patients PII stolen form car
|
354 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 05, 2009
|
Brent
Teaching Primary Care Trust
|
Laptop
stolen, PHI affected
|
389 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 04, 2009
|
Trent
University
|
Hacked, PII,
CCNs compromised
|
21 |
California
SB-1386 & other State derivatives, FERPA, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 04, 2009
|
Womancare
Inc
|
Medical
records found in dumpster
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 04, 2009
|
US
Department of Veteran Affairs
|
Mail
containing Veterans PII, PHI sent to a
disabled veteran
|
20 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 03, 2009
|
Georgia
State Board of Pardons & Paroles
|
Parolee PII
on computer stolen from undisclosed>
contractor
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
February 03, 2009
|
Moorevilles
Dry Cleaning station
|
Owner closes
down and elopes with credit card data
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness,
education>
and training
A.8.3.2 - Return of assets
|
February 03, 2009
|
United
Way
|
Systems
hacked, CCNs compromised
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 03, 2009
|
Baystate
Medical Centers Pediatrics
|
Laptops
stolen, PHI affected
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
February 03, 2009
|
Purdue
University
|
Tax forms
mailed to wrong addresses, Financial
information exposed
|
Unknown
|
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 02, 2009
|
Best
Buy
|
Employee
steals CCNs with card skimming device
|
4,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
February 02, 2009
|
Southern
Satellite
|
PII, CCNs
found in dumpster
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
February 01, 2009
|
Airtricity
|
Customer
bank information
exposed online
|
1,160 |
California
SB-1386 & other State derivatives, GLBA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
February 01, 2009
|
Centura
Health
|
PHI, SSNs
found in auctioned storage unit,
employee suspected of fraudulent
involvement
|
150 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
January 31, 2009
|
Ball State
University
|
Email
attachment inadvertently discloses the
SSNs of special- events employees
|
19 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
January 31, 2009
|
HoneyBaked
Ham Store
|
Computer
server containing
CCNs stolen from store
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 30, 2009
|
Greater
Ormond General Hospital
|
Laptop
stolen
|
458 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 30, 2009
|
Kansas State
University
|
Inadvertently
exposed online through departmental website
|
45 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 29, 2009
|
Educational
Testing Services
|
Missing
Laptop contains names, SSNs
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 28, 2009
|
Citystage/Springfield
Performing Arts Development
Corporation
|
Hacked
|
60 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 27, 2009
|
United
States State Department
|
Files
containing names, bank account
numbers, SSNs of
Marines and employees left inside
auctioned filing cabinet
|
Hundreds
|
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 27, 2009
|
UK Medical
Practice/Unnamed courier
|
Computer
tape lost in transit
|
8,000 |
UK Data
Protection Act & EU Directive on
Data Protection
|
A.10.8.3
- Physical media in transit
|
January 27, 2009
|
City
Habitats
|
Sensitive
documents found strewn on the
street
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 26, 2009
|
MassMutual
Financial Group
|
Inadvertent
disclosure>
of client information to
another client
|
Unknown
|
California
SB-1386 & other State derivatives, GLBA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 26, 2009
|
US Defence
Department
|
Files found
on pawned MP3 player containing>
PII
|
60 |
California
SB-1386 &
other State derivatives
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 26, 2009
|
Pflugerville
Independent School District
|
Two students
hack into school computer system
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 26, 2009
|
City of
Madison
|
Laptop
computer stolen from office
|
500 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 25, 2009
|
British
Council UK
|
Disk lost
during shipment exposes staff names, salary, bank account and insurance
details
|
2,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.10.8.3
- Physical media in transit
|
January 24, 2009
|
Abertawe
> Bro Morgannwq
University>
NHS Trust, UK
|
Stolen
laptop contains patient details
|
5,000 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 23, 2009
|
Hays Pharma,
Japan
|
Patients'
personal information
stolen from car, names, DOB, and PHI
|
10 |
Japan Privacy
Act
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 23, 2009
|
Monster
Worldwide Inc
|
Hackers
steal PII of online jobseekers
|
Millions
|
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 22, 2009
|
Lloyds TSB
UK
|
Customers
bank account details mailed to unauthorized
person
|
14 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
January 21, 2009
|
Missouri
State University
|
University
office inadvertently sends email message
with foreign students PII attached
|
565 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
A.10.8.4 - Electronic
messaging
|
January 21, 2009
|
Kanawha-Charleston
Health Department/Express Personnel
Services
|
Temporary
worker administering billing
information steals patients PII,
PHI
|
11,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
January 20, 2009
|
SRA
International Inc
|
Virus
potentially exposes sensitive current
and former employee, client data
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 20, 2009
|
Indiana
Dept. of Administration
|
SSNs
erroneously posted online
|
8,775 |
California
SB-1386 &
other State derivatives
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 20, 2009
|
University
of Rochester
|
Hacked
|
450 |
California
SB-1386 & other State derivatives, FERPA
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 20, 2009
|
Heartland
Payment Systems
|
Hacked -
CCNs compromised
|
Millions
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 19, 2009
|
Forcht
Bank/First Data Corporation
|
Hackers
compromise merchant card
processor data prompting
Forcht to cancel cards
|
8,500 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 17, 2009
|
Kennebec
Savings Bank/Unnamed card processor
|
Debit cards
compromised
|
1,500 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 16, 2009
|
Smokers
Choice
|
Business
owner installs skimmer, steals and fraudulently
uses customer credit cards
|
300 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 16, 2009
|
Southwestern
Orego Community College
|
Laptop
computer stolen from campus
|
200 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 15, 2009
|
Express EMS
Services
|
Medical
records of defunct ambulance>
company's patients found in
parking lot and dumpster. PHI
compromised
|
Unknown
|
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 13, 2009
|
Oregon
Department of Health Services
|
Laptop
stolen
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 13, 2009
|
University
of Oregon
|
Laptop
stolen
|
2,000 |
California
SB-1386 & other State derivatives, FERPA
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 13, 2009
|
Blue Ridge
Community Action, NC
|
External
hard drive missing, presumed stolen
from offices
|
300 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 12, 2009
|
Continental
Airlines Inc.
|
Laptop
stolen from locked office, employee,>
vendor and 'new hire candidates>
' PII affected
|
230 |
California
SB-1386 &
other State derivatives
|
A.9.1.1 -
Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and
protection
|
January 12, 2009
|
Columbus
City Schools
|
Employees
PII found with common criminals, who had
intercepted or stolen part of mailing
from payroll division. PII misused
|
100 |
California
SB-1386 & other State derivatives, FERPA
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 11, 2009
|
Family
Funbox
|
Affected by
massive credit card fraud putting company out of business
|
2,500 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 10, 2009
|
Circuit
City
|
Closed store
stashes customers' documents
containing>
credit card details behind store
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 10, 2009
|
Letterkenny
General Hospital
|
Medical
records containing names, dates of
birth and hospital numbers dumped
|
16 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.7.2.1 -
Classification guidelines
A.7.2.2 - Information labeling and
handling
A.8.2.2 - Information security
awareness, education
and training
|
January 09, 2009
|
NHS
Trust/Central Lancashire Primary Care
Trust, UK
|
USB stick
used for back-up missing
|
6,360 |
UK Data
Protection Act
& EU Directive on Data
Protection
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 07, 2009
|
Cedars-Sinai
Medical Center
|
Former
employee steals PHI to commit
insurance fraud
|
1,000 |
California
SB-1386 & other State derivatives, HIPAA Security
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
January 07, 2009
|
Seventh-Day
Adventist Church
|
Laptop
stolen
|
292 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 07, 2009
|
Indiana
Dept. Of Workforce Development
|
Unspecified
breach, CCNs affected
|
1,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
|
January 06, 2009
|
Checkfree
|
Hacked
website redirects customer traffic to malicious sites, CCNs may have been
compromised
|
5,000,000 |
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 06, 2009
|
Occidental
Petroleum>
Corporation
|
Former
Employee emailed spreadsheet
with PII to personal email account
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
January 05, 2009
|
Innodata
Isogen Inc.
|
Laptop
stolen from employee's car
containing names, addresses,
SSNs of current and former employees
|
141 |
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 05, 2009
|
United
States Library of Congress
|
Human
resources employee
steals employee
SSNs from
Library of Congress
|
10 |
California
SB-1386 &
other State derivatives
|
A.8.1.1 -
Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of
employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security
awareness, education
and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights
|
January 02, 2009
|
Wydnam
|
Computer
systems compromised, CCNs affected
|
Unknown
|
California
SB-1386 & other State derivatives, PCI/Visa
CISP
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
|
January 01, 2009
|
Pepsi
Bottling Group
|
Portable
data storage device lost
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
January 01, 2009
|
Kanagawa
Prefectural>
Senior High Schools, Japan
|
File sharing
software exposes students PII online
|
110,000 |
Japan Privacy
Act
|
A.10.9.1
- Electronic
Commerce
A.10.9.2 - On-line
transactions
A.10.9.3 - Publicly Available
Information
A.8.2.2 - Information security
awareness, education
and training
|
January 01, 2009
|
Merril Lynch
& Unknown third party contractor
|
Computer
stolen from home in violent burglary
|
Unknown
|
California
SB-1386 &
other State derivatives
|
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing
and communications A.11.7.2
- Teleworking
|
| |
|
ESTIMATED
TOTAL (ROUGH):
|
113,735,745 |
|
|
|
|
|
|
|
|
