PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
| December 30, 2010 |
EVG Quality Gas |
CCNs of gas
station customers misused |
175 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 28, 2010 |
Apothecary of
Colorado |
Binder of medical marijuana records with PII found in a dumpster |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 27, 2010 |
Geisinger Health Systems, Geisinger Wyoming Valley Medical
Center |
PII, PHI sent via unencrypted email to physician home email
account |
2,928 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| December 23, 2010 |
American Honda
Motor Co., Inc |
Email listwith PII and VINs compromised by hackers |
4,900,000 |
California
SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 23, 2010 |
Mankato Clinic |
PII, PHI
compromised as laptop is stolen from parked car |
3,159 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 22, 2010 |
Community First
Credit Union, Cambrium Group |
PII exposed in unsecured job applicant SQL database on the Web |
1,600 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 22, 2010 |
Santander, UK |
Statements sent to the wrong addresses include PII |
35,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 21, 2010 |
Kinetic Concepts
Inc. |
Payment card information misused by employee who also accessed
PII in customer database |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 20, 2010 |
Dean Health
Systems, St. Mary's Hospital (Madison, WI) |
A laptop computer containing PHI was stolen from a physician's
home |
3,288 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 16, 2010 |
Integrated
Biometrics Technology |
Employee steals thousands of background check applications
containing PII and uses them to open credit card and other accounts |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2010 |
Calderdale Royal Hospital, Calderdale and Huddersfield NHS
Foundation Trust, UK |
PII on laptop
stolen from locked room in hospital |
1,500 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 15, 2010 |
Ohio State
University |
PII of current and former students, faculty members, staff,
applicants, consultants and contractors compromised by hackers |
760,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 15, 2010 |
New York State Office of Temporary and Disability Assistance |
SSNs stolen by a subcontractor during computer infrastructure
upgrades. |
15,000 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 13, 2010 |
Mountain Vista
Medical Center |
Patients' PII,
PHI exposed due to lost memory card |
2,284 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 12, 2010 |
Gawker Media |
User names and passwords exposed after user database compromised |
1,300,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 12, 2010 |
Department of National Defence Canada, Canadian Forces Base
Stadacona |
Filing error exposes patients medical details in another
patients medical file |
20 |
Canada PIPA & PIPEDA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 12, 2010 |
Mesa County
Sheriff's Office |
Online database containing PII exposed online |
200,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 11, 2010 |
NatWest, UK |
Bank account statements stuffed in a single envelope |
23 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 27, 2010 |
University of
Tennessee Med. Centre |
PHI & PII in
hospital reports not properly disposed |
8,000 |
California SB-1386 & other State derivatives, FERPA, HIPAA
Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 23, 2010 |
State Department of Labor & Industries, Washington State
Employees Credit Union |
Documents
containing PII left out in alley |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 23, 2010 |
Pacific Hospital |
Employee steals
patients PII |
14 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 22, 2010 |
Stoke-on-Trent
City Council, UK |
Lost USB stick
contained children's PII |
40 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 19, 2010 |
Federal Reserve Bank, FedComp, Inc, Mercer County NJ Teachers'
Federal Credit Union, FASNY Federal Credit Union |
Hacker compromises Federal Reserve Bank, various financial
institutions, credit card details found |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 18, 2010 |
American
Association of Retired Persons (AARP) |
Mailing error
exposes AARP members PII |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 18, 2010 |
City of Nevada
City |
City workers
SSNs posted online |
31 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 16, 2010 |
ECS Learning
Systems |
Hacked customer
database exposes CCNs |
1,300 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 15, 2010 |
University of
Nebraska Lincoln |
University
students' financial data posted on the internet |
300,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 15, 2010 |
Henry Ford
Health System |
Employee's laptop containing unsecured PHI stolen from an
unlocked office |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 15, 2010 |
Messiah College |
Missing hard
drive exposes PII |
43,000 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 11, 2010 |
Service Canada |
Website
malfunctioned and publicly displayed PII |
75 |
Canada PIPA & PIPEDA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2010 |
Holy Cross
Hospital |
Documents stolen by employee exposes patients names, SSNs, DOBs
and PHI |
44,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 10, 2010 |
New Hanover
County |
PII of
townspeople posted on website |
163 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 08, 2010 |
Work Link |
Non-profit employment
company misplaces personal records exposing
PII |
212 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 06, 2010 |
Town of New Baltimore |
SSNsexposed in emails |
50 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 29, 2010 |
University of
Hawaii |
Students PII exposed online for over a year |
40,101 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 27, 2010 |
University of
Connecticut |
Student list containing PII posted on internet |
23 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 27, 2010 |
Telstra |
An error in a mailing list has meantletters with incorrect addresses were
mailed out |
220,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 24, 2010 |
Crown Paints, UK |
Possibly customer
database was published in full online |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 24, 2010 |
Sellafield, UK |
Nuclear company's USB device found in hotel room said to contain
information about its business operations |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 21, 2010 |
Thames Valley
District School Board, UK |
Usernames and passwords for online student portal posted on
internet |
27,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 20, 2010 |
California Men's
Colony, Peter Ferguson |
Prisoner files containing PII, PHI found in a dumpster |
8 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 20, 2010 |
Keystone Mercy
Health Plan |
Lost portable drive exposes PII, PHI |
285,691 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 19, 2010 |
University of
Arkansas for Medical Sciences |
Digital camera containng PII, PHI stolen |
Unknown |
California SB-1386 & other State derivatives, FERPA, HIPAA
Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 18, 2010 |
Milwaulkee County
Human Resources |
Temporary employee steals county workers PII |
30 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 18. 2010 |
Jackson Hewitt |
Boxes of employees PII found by dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 17, 2010 |
Health Service
Executive, Ireland |
Third party contractor downloads patients medical details to USB
then incorrectly emails the records to wrong person |
1,500 |
Irish Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 16, 2010 |
New Mexico Tech |
File posted on public facing server exposes PII |
3,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 16, 2010 |
UC Davis Medical
Center/UltraEx |
PII, PHI stolen from courier service temporary storage facility |
900 |
California SB-1386 & other State derivatives, FERPA, HIPAA
Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 15, 2010 |
Payday Loan Store
of Illinois |
Improper disposal of customer information |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 15, 2010 |
University of
North Florida |
Hacked |
106,884 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2010 |
U.S. Department of Veterans Affairs, Office of Performance
Analysis & Integrity |
Programming/mailing error exposes SSNs |
6,299 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2010 |
Fairwinds Credit
Union, RBC |
Employee steals customer names and CCNs |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 14, 2010 |
Healthcare Locums
Plc (HCL), UK |
Hard drive containing doctors' PII sold on an auction website
before being returned. |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 14, 2010 |
Accomack County
Virginia |
Laptop stolen from employee on holiday |
35,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 13, 2010 |
Omniquad |
A glitch in the helpdesk software resulted in the details of
customers being exposed on the net |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 13, 2010 |
Navy Federal
Credit Union |
Employee steals customers financial information to transfer
funds |
17 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 12, 2010 |
Citibank |
Employee steals CCNs from customers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 11, 2010 |
AmeriCorps |
PII may have been breached due to flaws in the program's website |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 11, 2010 |
College Of
Physicians & Surgeons of Manitoba |
Hacked, CCN, PHI impacted |
Unknown |
PCI/Visa, Canada PIPA & PIPEDA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 27, 2010 |
The Health
Service Executive (HSE), Ireland |
Computer containing patient information stolen during a break-in
at Ennis Hospital |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 27, 2010 |
NewYork-Presbyterian/ Columbia University Medical Center |
Patients PII & PHI exposed online |
6,800 |
California SB-1386 & other State derivatives, FERPA, HIPAA
Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 25, 2010 |
Wilderness Ridge
Golf course and Restaurant |
Systems hacked, credit cards affected |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 24, 2010 |
Saint Mary's
Regional Medical Center |
Patients medical records found on side of the road |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 24, 2010 |
St. Vincent
Hospital |
Stolen laptop contained PII, PHI |
1,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 23, 2010 |
Martin Luther King, Jr. Multi-Service Ambulatory Care Center |
Files of patients PII, PHI stolen by employee from locked
cabinet in a secure facility |
33,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 21, 2010 |
University of
Pittsburgh Medical Center |
Employee steals & sells patients' data |
Unknown |
California SB-1386 & other State derivatives, FERPA, HIPAA
Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 11, 2010 |
Corona-Norco
Unified School District |
Teachers & administrators PII inadvertently exposed online |
80 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 10, 2010 |
Rice University |
Device stolen from off-campus location |
7,250 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 09, 2010 |
Mayo Clinic |
Employee fired after accessing patient medical and financial records
simply to snoop. |
1,700 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 09, 2010 |
East Lothian
Council, UK |
Criminal records containing PII exposed online |
12 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 07, 2010 |
City University
of New York |
Computer stolen |
7,000 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 05, 2010 |
Eastern Michigan
University |
Server hacked compromising students' logon information |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 04, 2010 |
Town of Essex |
Filed records containing PII, PHI unaccounted for. |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 03, 2010 |
Benefit
Concepts, Inc. |
CD lost in transit |
Unknown |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| September 02, 2010 |
Kinetic Concepts
Inc. |
Email sent inadvertently exposes PII |
4,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| September 02, 2010 |
HEI Hospitality |
Credit card data compromised through vulnerability in POS |
3,400 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 02, 2010 |
Carpenters District Council of Greater St. Louis and Vicinity |
SSNs of recipients printed on the outside of envelopes |
24,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 02, 2010 |
Fraser Health
Authority, Burnaby General Hospital |
Laptop stolen from hospital |
600 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 31, 2010 |
University of Florida, P.K. Yonge Developmental Research School |
Laptop stolen from rental car contained SSNs & other PII |
8,300 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 31, 2010 |
Serious Texas
Bar-B-Q |
Hacked, CCNs impacted |
300 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 31, 2010 |
Jason's Deli |
Virus compromises CCNs |
300 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 30, 2010 |
P.K. Yonge
Developmental Research School |
Laptop stolen from car rental |
8,300 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 30, 2010 |
Aon Consulting,
State of Delaware |
Included SSNs, Sex and DOBs in a Request for Proposal (RFP) the
company prepared for the state of Delaware. |
22,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| August 28, 2010 |
DSG International
UK |
Documents found in dumster |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 27, 2010 |
Schlecker |
PII including email addresses exposed online by service provider |
150,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 26, 2010 |
The Regional Medical Center of Orangeburg & Calhoun Counties |
Former employee's password used to access patients' PII, PHI |
200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 25, 2010 |
Moffitt Cancer
Center |
Employee improper accesses patients data by falsifying consent
forms |
492 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 23, 2010 |
Eastmoreland
Surgical Clinic & Vein Center |
Desktops, backup device, laptop containing PII stolen from
office |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 20, 2010 |
Cook County
Health & Hospitals System |
Laptop stolen from building contained PII, PHI |
7,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 19, 2010 |
University of
Kentucky |
Laptop stolen from locked office contained PII, PHI |
2,027 |
California SB-1386 & other State derivatives, FERPA, HIPAA
Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 18, 2010 |
University of
Connecticut |
Laptop stolen from storage cabinet |
10,174 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 18, 2010 |
MATCH Services,
FIFA |
Customers PII sold on black market by employee |
80,000 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 18, 2010 |
Yale Medical
School |
Laptop stolen from school |
1,000 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 17, 2010 |
Farmers Insurance |
Hacked |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 16, 2010 |
Riverview Gardens
School District |
Students PII tossed next to dumpster |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 16, 2010 |
American Fidelity
Assurance Company |
50 folders containing documents with PII, PHI left at curb |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 13, 2010 |
Unknown Organization, Milton Hospital, Carney Hospital, Holyoke
Medical Center, Milford Regional Medical Center |
Paper pathology documents found at recycling station |
Thousands |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 13, 2010 |
Doherty Hotel
& Convention Center |
Database possibly hacked, CCNs impacted |
150 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 12, 2010 |
Oregon Health & Science University, Gostnell, David, PH.D |
Laptop stolen from car contained PII, PHI |
4,000 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 12, 2010 |
Portland
Community College |
Data storage device stolen from car |
2,900 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 12, 2010 |
College Center for Library Automation, Broward College, Florida
State College at Jacksonville, Northwest Florida State College, Pensacola
State College, South Florida Community College, Tallahassee Community College |
PII exposed due to 'software glitch' |
126,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2010 |
University of
North Carolina at Greensboro |
Spreadsheet exposed via malware |
240 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 06, 2010 |
Fort Worth
Allergy and Asthma Associates |
Computers containing PII, PHI stolen from offices |
25,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| July 27, 2010 |
Cooper University Hospital |
Thumb drive missing, PII affected |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 22, 2010 |
Hell Pizza, NZ |
Customer records stolen from online database |
230,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 20, 2010 |
British Columbia
Lottery Corporation |
'Data crossover' that
made PII and credit card information visible to other gamblers on
website
|
130 |
Canada PIPA & PIPEDA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 19, 2010 |
South Shore
Hospital |
Vendor loses backup tape, PII affected |
800,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| July 19, 2010 |
Starbucks |
Employee collects customer credit card details |
41 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 19, 2010 |
Maryland
Department of Human Resources |
Employee accidentally posts clients SSNs on third party website |
3,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 19, 2010 |
LV Financial
Services |
Boxes of PII, PHI disposed of in dumpster |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 16, 2010 |
Socialist Party in Madrid, Telecinco and the Children's
Ombudsman of the Community of Madrid, Spain |
Hacked |
120,000 |
Organic Law 15/99, EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2010 |
Utah Department
of Workforce Services |
Improper access of illegal immigrants PII by 2 employees |
1,300 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 16, 2010 |
Buena Vista
University |
Database hacked |
93,000 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2010 |
Connecticut
Department of Labor |
Stolen laptop exposes PII |
5,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 15, 2010 |
Prince William
County |
PII & PHI on stolen blackberry |
669 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 12, 2010 |
Entertainment
Software Ratings Board |
Complainants PII exposed as ''Reply All'' button used in sending
email |
1,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| July 10, 2010 |
London Borough of Barnet, West Sussex County Council and
Buckinghamshire, County Council, UK |
Poor handling of personal data |
9,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 08, 2010 |
Cisco |
Event attendance list hacked |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 08, 2010 |
The Pirate Bay |
Security weaknesses in the hugely popular file-sharing Web site
the piratebay.org exposed user PII |
4,000,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 06, 2010 |
Massachusetts
Secretary of the Commonwealth |
CD containing PII mistakenly sent to wrong receipient |
139,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 06, 2010 |
DentaQuest |
Contractor laptop stolen |
76,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 06, 2010 |
University of
Hawaii at Manoa |
CCNs & PII breached in hacked server |
53,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 06, 2010 |
University of
Florida |
Mailing labels printed with PII & PHI |
2,047 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 02, 2010 |
American
Airlines, AMR Corporation |
PII on hard drive stolen from office HQ |
79,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| July 02, 2010 |
Beautiful Brands
International, Camilles Sidewalk Cafe |
Credit card processing system hacked |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 30, 2010 |
A4e |
PII on stolen laptop |
24,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 29, 2010 |
Lincoln Medical
and Mental Health Center |
Cd with PHI stolen in transit |
130,495 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| June 29, 2010 |
University of
Maine |
Hacked |
4,585 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 25, 2010 |
University Hospital (Augusta, GA), Augusta Data Storage Inc. |
Data backup tape missing from offsite storage centre |
13,000 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 23, 2010 |
Oregon National
Guard |
Laptop stolen |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 23, 2010 |
Anthem Blue
Cross Blue Shield |
Patients PHI exposed online |
470,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 23, 2010 |
Destination
Hotels & Resorts, The Driskill Hotel |
Credit card data stolen from hacked server |
700 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 22, 2010 |
Florida
International University |
Unsecured database hacked |
19,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 19, 2010 |
Caritas Medical
Centre, Hong Kong |
Computer hard drive missing |
3,000 |
Personal Data (Privacy)
Ordinance (PCPD) |
A.9.2.5 -
Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 17, 2010 |
Ocean Lakes High
School |
Student inappropriately gains access to file on server |
Unknown |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 09, 2010 |
AT&T/Apple |
Hacked |
114,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 09, 2010 |
Tufts University |
Virus-infected computer may have exposed PII |
7,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 07, 2010 |
Nursing Visioned
Medical Services |
Defunct business documents dumped, PII, PHI impacted |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 03, 2010 |
Safe Harbor Med
Evaluations |
Hard drive with PII, PHI stolen from office |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| June 02, 2010 |
Penn State
University |
Hacked |
15,806 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2010 |
West Berkshire
Council, UK |
USB memory stick lost |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 02, 2010 |
Rainbow Hospice
and Palliative Care |
Laptop stolen, PII, PHI affected |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 02, 2010 |
University of
Louisville |
Patients PII, PHI exposed online |
708 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 02, 2010 |
Bank of America |
Call centre employee steals
customer PII |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 01, 2010 |
Roanoke City
Public Schools |
Surplus computers sold with employees' PII |
2,000 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 31, 2010 |
Tralee Town
Council, Ireland |
Bank details relating to a significant number of companies sent
to rival suppliers by email |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| May 28, 2010 |
Cincinnati
Children's Hospital Medical Center |
Laptop stolen from employee's car contained PHI |
61,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 27, 2010 |
HM Revenue and
Customs, UK |
HMRC wrongly mails PII to wrong addresses |
50,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 26, 2010 |
Payless Travel
& Cruises |
Employee steals credit card details |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| May 26, 2010 |
City of
Charlotte |
DVD media lost in mail exposes workers' PII |
5,220 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| May 25, 2010 |
Loma Linda
University Medical Center |
Desktop stolen from offices, PII, PHI impacted |
500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| May 25, 2010 |
AT&T,
Ferrell Communication |
Dumped files contained PII, CCNs |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 22, 2010 |
Aldaco's Mexican
Cuisine |
Computer systems hacked |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| May 21, 2010 |
Strong Memorial
Hospital |
Bills mailed to patients exposed PII, PHI |
1,250 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 17, 2010 |
Oconee Heart
Center |
Laptop stolen |
600 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 13, 2010 |
United States Army Reserve, Serco Inc. |
Contractor's laptop stolen |
207,000 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 12, 2010 |
U.S. Department
of Veterans Affairs |
Contractor's laptop stolen |
644 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 12, 2010 |
Peterborough
District Hospital, UK |
Laptop stolen |
1,100 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 11, 2010 |
West Monroe Partners LLC, DentaQuest, New Mexico Human Services
Department |
Subcontractor's laptop stolen |
9,600 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| May 11, 2010 |
Curtlin
Manufacturing |
Tax documents containing PII stolen from vacant office building |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| May 10, 2010 |
Los Angeles
Firemen's Credit Union |
Files containing PII exposed in transit |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| May 10, 2010 |
Mid Atlantic
Processing |
Boxes containing documents with PII including cancelled cheques
improperly disposed of |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 07, 2010 |
FHG Finance |
Documents containing PII, account details found in dumpster |
300 |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 07, 2010 |
Fast Cash Plus
Inc. |
Documents containing PII, account details found in dumpster |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| May 03, 2010 |
Our Lady of
Peace |
Flash drive missing, PHI affected |
24,600 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| April 29, 2010 |
St. Jude
Heritage Medical Center |
Computers stolen exposing PII |
20,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 28, 2010 |
Paychex |
Payroll company accidentally merges 2 organisations data |
21 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 28, 2010 |
Montana Tech of
The University of Montana |
Employee accidentally emails students PII |
260 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| April 28, 2010 |
The Medical
Center at Bowling Green |
Hard drive stolen contained PII, PHI |
5,418 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 26, 2010 |
DRC Physical
Therapy Plus |
Patients files containing PII, PHI dumped outside |
Hundreds |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 26, 2010 |
Texas Child
Protective Services Division |
Employee steals parents PII |
70 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 21, 2010 |
Affinity Health
Plan |
Leased equipment hardrive returned unerased, PHI affected |
400,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.6 Secure disposal or re-use of equipment |
| April 21, 2010 |
Royal Bank of
Scotland, UK |
Van containing documents stolen |
20 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 21, 2010 |
United Imaging,
Chattanooga State |
Contractor mishandles student applications containing PII during
a scanning project |
1,700 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 21, 2010 |
St. Patrick's
College Drumcondra, Ireland |
PII and bank checks of student applications stolen |
20 |
Irish Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 20, 2010 |
Massachusetts
Eye and Ear Infirmary |
Laptop stolen |
3,526 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 16, 2010 |
Gwent Police, UK |
PII accidentally emailed |
10, 006 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| April 12, 2010 |
Baylor Health
Care System Inc. |
Thousands of patients PHI found in dumpster |
Thousands |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 11, 2010 |
LPL Financial |
Portable hardrive containing PII stolen from car |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| April 09, 2010 |
Atlanta Fire
Rescue |
Hacked, PII affected |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 09, 2010 |
Hollywood Video |
Customer mebership forms dumped by closed store |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 08, 2010 |
HCR ManorCare,
ManorCare Health Services |
Patients PII, PHI found on documents by the roadside |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| April 08, 2010 |
St. Francis
Hospital |
Employee steals patients PII, PHI |
60 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 08, 2010 |
H&R Block |
Tax preparer steals customer tax details to file false tax
claims |
20 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| April 07, 2010 |
Mad Capper
Saloon & Eatery |
CCNs compomised, possibly hacked |
80 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| April 06, 2010 |
Providence
Hospital |
Hard drive missing, PII, PHI impacted |
12 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| April 05, 2010 |
John Muir Health |
Two laptops stolen, PII, PHI compromised |
5,450 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 30, 2010 |
Barnet Council, UK |
Employee's
home burgled, unencrypted storage devices containing PII stolen |
9,000 |
UK
Data Protection Act & EU Directive on Data Protection |
A.9.2.5
- Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 25, 2010 |
Educational Credit
Management Corporation |
PII
including SSNs exposed on portable media device stolen from office |
3,300,000 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 25, 2010 |
Northwestern
Memorial Hospital, The Millard Group,Inc. |
Patients'
files stolen from unlocked cabinets by cleaning crew, PHI, PII affected |
250 |
California
SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 24, 2010 |
Evergreen
Public Schools, Vancouver Public Schools, Washington Schools Information
Processing Cooperative (WSIPC) |
Former
student hacks systems |
5,000 |
California
SB-1386 & other State derivatives, FERPA |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 23, 2010 |
H&R Block |
Employee
steals customers' PII |
60 |
California
SB-1386 & other State derivatives |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 22, 2010 |
Connecticut Office of
Policy and Management |
Temporary
employee may have stolen PII of rebate program applicants |
11,000 |
California
SB-1386 & other State derivatives |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 20, 2010 |
Royal London Mutual
Insurance Society, UK |
8
laptops stolen from offices |
2,135 |
UK
Data Protection Act & EU Directive on Data Protection |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 18, 2010 |
Mary's Pizza Shack |
POS
terminal infected with virus exposes customers' CCNs |
50 |
California
SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 17, 2010 |
University of Calgary
Sunridge Medical Clinic |
PHI
may have been accessed by unauthorized parties after two viruses infected
clinic's computers |
4,700 |
California
SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 17, 2010 |
University of South
Carolina Beaufort |
Former
students' personal information on a stolen school-owned laptop |
480 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 16, 2010 |
Vanderbilt University |
Computer
stolen PII compromised |
7,174 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 16, 2010 |
California State
University Los Angeles |
Theft
of a computer from a department office exposes SSNs |
232 |
California
SB-1386 & other State derivatives, FERPA |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 16, 2010 |
House of Commons of
Canada |
Computer
glitch incorrectly mails tax forms to the wrong address PII exposed |
697 |
PIPEDA |
A.7.2.1
- Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| March 12, 2010 |
NHS Stoke on Trentl,
Haywood Hospital, UK |
Patients
records improperly disposed |
2,000 |
UK
Data Protection Act & EU Directive on Data Protection |
A.7.2.1
- Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| March 10, 2010 |
St. Louis
Metropolitan Police Department |
Malware
exposes PII |
24 |
California
SB-1386 & other State derivatives |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 10, 2010 |
Thrivent Financial
for Lutherans |
Laptops
stolen from office, PII, PHI affected |
9,500 |
California
SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1
- Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| March 07, 2010 |
Diabetes Direct, Inc. |
Employee
steals patients PII |
Unknown |
California
SB-1386 & other State derivatives |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 05, 2010 |
Starwood
Hotels and Resorts Worldwide Inc., Westin Bonaventure Hotel & Suites |
Hacked,
CCNs, Debit cards affected |
Unknown |
California
SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 05, 2010 |
University of Texas
Southwestern Medical Center |
Patients
exposed after a former employee was found in possession of a limited amount
of patient billing data |
12,000 |
California
SB-1386 & other State derivatives, FERPA |
A.8.1.1
- Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| March 05, 2010 |
Small Dog Electronics |
Hacked,
CCNs affected |
1,225 |
California
SB-1386 & other State derivatives, FERPA |
A.10.9.1
- Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| March 04, 2010 |
Wake Forest
University Baptist Medical Center |
Documents
of patients names and SSNs stolen from car |
554 |
California
SB-1386 & other State derivatives |
A.9.2.5
- Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| March 03, 2010 |
Argos Ltd, UK |
Customers
PII, CCNs, three-digit CCV security code exposed in order confirmation emails |
Unknown |
UK
Data Protection Act & EU Directive on Data Protection |
A.7.2.1
- Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 28, 2010 |
Wyndham Hotels and Resorts (WHR) |
Hacked, PII,
CCN affected |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 25, 2010 |
Coastal Community Credit Union |
CCNs improperly discarded |
257 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 24, 2010 |
Citigroup |
Mailing error exposes SSNs on envelope |
600000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 23, 2010 |
Medix School
London Campus |
Students PII, PHI discarded in trash |
50 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 19, 2010 |
TennCare |
Mail sent to wrong addresses exposing PII |
3900 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 18, 2010 |
Valdosta State
University |
Hacked |
170000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 17, 2010 |
Southern Illinois
University at Carbondale |
Malware found on faculty members workstation |
900 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 17, 2010 |
Cardiology
Consultants Inc |
Stolen laptop contained PII, PHI |
8000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 16, 2010 |
Dairy Queen
Corporation |
POS terminal hacked, CCNs stolen |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 15, 2010 |
West Memphis
Arkansas Police Department |
Police employee improperly accesses computer containing other
employees PII |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 13, 2010 |
Eclipse Property
Solutions |
Employee steals credit card details |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 11, 2010 |
University of
Texas Medical Branch, MedAssets |
Former employee with history of ID theft alleged to have had
access to other employees PII |
1200 |
California SB-1386 & other State derivatives, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| February 11, 2010 |
Automatic Data
Processing (ADP), Equifax Inc. |
Mailing error exposes SSNs in envelope window |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 09, 2010 |
Kansas City Art
Institute |
SSNs and DOB on stolen computer from the campus |
145 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| February 09, 2010 |
California
Department of Health Care Services |
SSNS printed on address labels |
50000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 08, 2010 |
AvMed Health
Plans |
Laptops stolen affecting PII, PHI |
208000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| February 05, 2010 |
Wyoming
Department of Health |
PII of children exposed on web |
9000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| February 04, 2010 |
University of
Texas at El Paso |
Mailing error exposes students SSNs in envelope window |
15000 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| February 04, 2010 |
Social Security
Administration |
Employee loses CD containing PII, PHI |
969 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| February 03, 2010 |
Highmark, Inc.,
Boscov's Department Store, LLC |
Mail arrives with signs of being tampered with |
3700 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| February 02, 2010 |
Ozarks Area
Community Action Corporation |
Mailing error exposes landlords SSNs |
243 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 31, 2010 |
Columbia University |
3 laptops
stolen from office |
1400 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 30, 2010 |
Humboldt
State University |
Virus infected computer may have exposed PII |
3500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 30, 2010 |
Iowa Racing and
Gaming Commission |
Hacked |
80000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 29, 2010 |
Ameriquest Mortgage Company |
Ex-employee
steals mortgage applications and commits fraud |
100 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 29, 2010 |
Rabjohns
Financial Group, MedHQ LLC, Lindy Manufacturing |
Hundreds of job application papers found blowing in the wind |
Hundreds |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 28, 2010 |
State of Alaska, Price Waterhouse Coopers LLC, Mercer |
PII goes missing from PWC's offices |
77000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
National Archives and Records Administration |
Missing hard drive contained PII |
250000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
Ontario Teachers Insurance Plan, Toronto District School Board |
3 laptops stolen from offices |
8600 |
PIPEDA (Ontario) |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 27, 2010 |
University of
California San Francisco |
Stolen laptop contained PII, PHI |
4400 |
California SB-1386 & other State derivatives, HIPAA
Security, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 26, 2010 |
Methodist
Hospital |
Stolen laptop contained PII, PHI |
689 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| January 24, 2010 |
Ladbrokes UK |
PII of Ladbrokes gamblers offered for sale by ex-employee |
10000 |
UK Data Protection Act & EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 22, 2010 |
City of Columbus
Ohio |
City health workers PII stolen by employee |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 19, 2010 |
University of
Missouri |
SSNs visible externally on mail |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 18, 2010 |
Goodwill
Industries of Greater Grand Rapids |
Safe stolen, PII affected |
Thousands |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| January 18, 2010 |
City of Oakridge
Oregon |
List of city employees PII mistakenly sent with monthly water
bills |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| January 13, 2010 |
Kaiser
Permanente Northern California |
Stolen electronic storage device contained PHI |
15500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| January 11, 2010 |
Suffolk County
National Bank |
Customer credentials stolen from server where they were stored
in plain text |
8378 |
California SB-1386 & other State derivatives, GLBA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 06, 2010 |
Eugene School
District 4J |
Hacked |
13000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| January 05, 2010 |
Metropark USA
Inc |
Job applications containing PII found in parking lot |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| January 03, 2010 |
Transportation Security Administration, Boston International
Airport |
Employee steals and sells workers PII |
16 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| January 01, 2010 |
Larch
Corrections Center |
Employee's briefcase containing documents with PII stolen from
car |
43 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| |
|
ESTIMATED TOTAL (ROUGH): |
23,002,263 |
|
|
|
|
|
|
|
|
