PUBLIC
NOTIFIED ON
|
ORGANIZATION AND LOCATION
|
TYPE OF BREACH
|
NUMBER OF PERSONALLY
IDENTIFIABLE INFORMATION (PII)
POTENTIALLY EXPOSED
|
REGULATORY IMPACT
|
ISO/IEC 27001 MITIGATING
CONTROLS
|
| December 31, 2011 |
California Statewide Law Enforcement Association |
PII as well as dozens of full credit card numbers with expiration dates and e-mail spools dumped by hackers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 30, 2011 |
United Airlines |
PII of people available to individual who logged in to mobile web site |
20 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 28, 2011 |
Care2 |
Members notified of forced password reset after hacker accesses "limited number" of users' logins |
17,900,617 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 28, 2011 |
Loma Linda University Medical Center |
Social Security and driver's license numbers and patients' medical records stolen by employee |
1,336 |
California SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 27, 2011 |
Promo-Web.org (Promo Web) |
Forum usernames, clear-text passwords, and e-mail addresses dumped by hacker |
2,784 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 27, 2011 |
Welcome Financial Services , Cattles Group, UK |
Backup tapes or disks with PII of loan customers as well as data on some employees reported missing |
1,400,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| December 26, 2011 |
Club Penguin Private Servers |
Usernames, e-mail addresses, IP addresses, and easily decrypted MD5 passwords posted to web by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 26, 2011 |
Tianya |
Forum members' usernames and clear-text passwords leaked online by hackers |
40,000,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 25, 2011 |
Taishin International Bank |
PII including cash card number, national health insurance card, of applicants for cash cards leaked to a criminal ring |
20,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 23, 2011 |
New York City Office of the Public Advocate |
Thousands of PII acquired and dumped by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 23, 2011 |
Virginia Department of General Services |
Database with Social Security numbers available on the web for over 10 years |
639 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 22, 2011 |
Oregon Department of Human Services |
Laptop stolen from office contained fingerprints and other personal information |
3,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 22, 2011 |
7k7k |
Data for game site users reportedly leaked by hackers |
20,000,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 22, 2011 |
Edinburgh City Council, UK |
Debt advice records accessed by hackers |
8,745 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 21, 2011 |
Trion Worlds |
Usernames, encrypted passwords, birthdates, email, billing addresses, and partial credit card info acquired by hackers |
3,300,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 21, 2011 |
Sociedad Española de Farmacia Hospitalaria, Spain |
Usernames and plain-text passwords acquired and dumped by hacker |
2,071 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 21, 2011 |
Pearl River Resort |
Breach in card processing system suspected after reports of card fraud linked to gaming resort |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 20, 2011 |
Aegis Science Corporation |
Laptop and external hard drive stolen from an employee’s car contained PII of those undergoing drug testing and those doing the testing |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 20, 2011 |
MyVetDirect.com, Butler Schein Animal Health (Henry Schein) |
Customers' PII, CCNs and delivery information involved in web site security breach |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 17, 2011 |
Ministro per la pubblica amministrazione e l’innovazione (Minister for Public Administration and Innovation), Italy |
Administrative usernames and encrypted passwords as well as other PII dumped by hacker |
9,195 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 16, 2011 |
Open Road Audi Brooklyn |
Employee used info stolen from UJA-Federation of NY and his employer to commit fraudulent financial transactions; |
900 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
JPMorgan Chase (Chase Bank) |
At least three employees stole customer account info and/or allowed fraudulent transfers to occur |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
UJA-Federation of New York |
Employee snapped pictures of checks given collecting PII and account numbers of her victims that she then sold to others in a large fraud ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
AKAM Associates Inc. |
Employee allegedly stole identity and account info of people making payments to the property management firm |
12 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 16, 2011 |
Hawaii Department of Taxation |
Audit revealed employees may have been improperly accessing tax database going back to 2008 |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 15, 2011 |
British Columbia Transplant (BC Transplant) |
Bag containing potential organ recipients' and staff PII was stolen from employee's unattended car |
500 |
Canada PIPA & PIPEDA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 15, 2011 |
Harold’s New York Deli |
Owner convicted for his role in a larger credit card fraud ring |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 15, 2011 |
Government of Newfoundland and Labrador Motor Registration Division |
Government employee may have inappropriately accessed PII |
Unknown |
Canada PIPA & PIPEDA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 14, 2011 |
Pleasure Beach |
E-mail addresses and MD5 passwords dumped by hacker |
6,321 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 14, 2011 |
SpecialForces.com |
CCNs as well as plain-text usernames, decrypted passwords, and 40,854 e-mail addresses acquired and leaked |
36,368 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 14, 2011 |
Se7ensins.com |
Usernames, plain-text passwords and e-mail addresses dumped by hacker |
14,993 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 14, 2011 |
Paul C. Brown, M.D., P.S. |
Burglars stole office equipment and CDs containing patients' PII & PHI |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 12, 2011 |
Bolton Council, UK |
Children's files stolen from employee's car |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 11, 2011 |
University of Mississippi Medical Center |
Patients' medical record numbers and PII' sensitive information on stolen researcher's laptop |
1,475 |
California SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 11, 2011 |
Coalition of Law Enforcement and Retail (CLEAR) |
Law enforcement and retail organization members' PII hacked and dumped on the Internet along with some private messages (PMs) |
2,430 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 10, 2011 |
Gene S. J. Liaw, M.D. |
Patients' PII & PHI on missing USB drive |
1,105 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 09, 2011 |
Stone Oak Urgent Care Family Practice |
Patients PII & PHI on stolen computers from physician's office |
3,079 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 09, 2011 |
Unknown Organization |
PII of financial accounts acquired by hacker; almost 50 dumped on Internet |
3,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 09, 2011 |
Jumpers Junction Restaurant Sports Pub |
Dozens of customers' cards compromised by hack |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 09, 2011 |
Mr. Janitor , Eagle Harbor Country Club, Selva Marina Country Club |
Owner of janitorial service charged with stealing country club members' personal info and checks |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 08, 2011 |
Camden Council, UK |
Dozens of licensing applications containing PII viewable on the Internet |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 08, 2011 |
Unknown Organization, Subway Restaurants |
Romanian hackers compromise POS systems at 150 Subway stores plus 50 other unnamed merchants |
80,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 08, 2011 |
Automatic Data Processing (ADP), A. W. Hastings Co. |
Laptop stolen from contractor's home held employees' data including names, addresses, and Social Security numbers. |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 07, 2011 |
Guide Publishing Group (GuideYou.com) |
Almost a year after code insertion, firm discovers that database with customers'PII & CCNs compromised |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 07, 2011 |
Bruce W. Carter Department of Veterans Affairs Medical Center |
Employee charged with selling ID of disabled patients |
22 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 06, 2011 |
Alan M Casson Associates |
Two unencrypted laptops and back up media containing PII on patients stolen during office burglary |
8,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 06, 2011 |
Powys County Council, UK |
Council fined by ICO following two shared printer-related breaches exposing sensitive child protection cases |
2 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 06, 2011 |
Richard Dominic Preston |
Stolen laptop contained documents relating to barrister's cases plus e-mail correspondence |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 05, 2011 |
Metabasis Therapeutics |
Employee stole co-workers' and their dependents' personal information, which he used to obtain credit cards |
90 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| December 04, 2011 |
Red River College |
Campus crime reports on more than 100 victims were dumped in a recycling bin |
100 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| December 04, 2011 |
Yahama Motor Racing, Yamaha Factory Racing, Italy |
Usernames, e-mail addresses, and plain-text passwords acquired by hacker and dumped on Internet |
10,147 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 03, 2011 |
State of Tennessee |
Mailing error exposed employees' insurance certificate data to the wrong parties |
1,770 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| December 03, 2011 |
Napsu |
Travel site usernames, e-mail addresses, and plain-text passwords acquired by hacker and leaked on Internet |
16,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 02, 2011 |
Pulaski County Special School District |
Laptop with employees' name and Social Security numbers stolen from former employee's home |
1,100 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| December 02, 2011 |
South Central Strategic Health Authority |
E-mail containing sensitive personnel data relating to pathology staff mistakenly sent to a clinical reference group |
1,822 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| December 02, 2011 |
University of Kansas |
Documents containing personal information of current and former student housing residents stolen from office |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| December 02, 2011 |
Contra Costa County |
Names of resident debtors of the county health department were included in a public document that was uploaded to the Internet |
5,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 02, 2011 |
Blanca Games |
Ultimate Bet player records obtained and leaked online |
3,500,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 01, 2011 |
Portal Mercosur |
Names, usernames, plain-text passwords, and e-mail addresses of trade organization's site acquired and dumped by hacker |
3,163 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| December 01, 2011 |
Unknown Organization, Trilegiant Corporation |
Call center employee caught taking screenshots of customers' names and card numbers with his cellphone camera |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 30, 2011 |
African Imports, KY, US |
Customers' PII and credit card numbers acquired by hacker and posted online with server admin's username and password |
1,193 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
Ekatra Books |
Users' e-mail addresses and plain-text passwords acquired and posted online by hacker |
1,100 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
The College of New Jersey |
Vulnerability in Campus Student Employment System may have exposed student job applicants' information |
12,815 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
Songs Fever |
PII including hashed passwords and userids acquired and posted by hacker, who also claims to have acquired credit card numbers |
1,344 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 30, 2011 |
Relay Specialties, Inc. |
Database with e-mail addresses, most with plain-text passwords, posted on Internet |
2,744 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 29, 2011 |
Evidalia.es, Spain |
Users' first names, nationality, e-mail addresses, plain-text passwords, and usernames acquired and posted by hacker |
42 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 28, 2011 |
Telford & Wrekin Council, Moorfield Primary School, UK |
Employee dumped files in public bin that included PII of every student at a primary school who had a school meal |
58 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 28, 2011 |
United Nations |
Usernames, passwords, and e-mail addresses from "old server" acquired and posted by hacker |
850 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 28, 2011 |
Flin Flon Clinic |
Partially burned medical records were found blowing near a highway and gravel pit |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 28, 2011 |
Worcestershire County Council, UK |
Council fined for e-mailing sensitive info on a large number of vulnerable people to unintended recipients |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 28, 2011 |
North Somerset Council |
Council fined for repeated e-mail errors by an employee involving sensitive and confidential information |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 28, 2011 |
Vagus Cosmetics |
Patient database with patients' personal information acquired and dumped by hacker |
2,555 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 27, 2011 |
Unknown Organization, 101Domain.com |
Phishing attempt on vendor resulted in a number of customers' accounts being at risk of compromise of personal and payment info |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.10.8.4 - Electronic messaging
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 27, 2011 |
Carbajal Realty |
Renters' payment records and information dumped online |
625 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 25, 2011 |
Nexon Korea Corp |
Million players of Maple Story had their PII acquired by hacker |
13,200,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 24, 2011 |
Lumen Christi College |
Names, usernames, department, position, and plain-text passwords dumped on web by hacker |
15 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Naijaloaded, Nigeria |
Users' names, passwords and location information acquired by hacker |
243,089 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Restaurant Depot, Jetro Cash & Carry |
Malware inserted in system exfiltrated customers' magstripe data to servers in Russia |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Save Mart Supermarkets , Lucky Supermarkets |
Supermarket chain notifies customers after skimmers were found in self-checkout terminals at 23 stores |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Club Penguin Private Servers |
Usernames, e-mail addresses, passwords and IP dumped on web by hacker |
309 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
Math2020.com |
Usernames, e-mail addresses, and plain-text passwords dumped on web by hacker |
99 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
New Jersey Motor Vehicles Commission |
Two employees sold PII; two other businessmen charged as part of the ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 23, 2011 |
MassBay Community College |
Failure to enable PeopleSoft when database launched in 2002 allowed employees to view PII of anyone in the database |
400 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 23, 2011 |
EMR4Doctors.com, Sitka Wellness Center |
EMR vendor exposed patients' info on internet |
566 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
Globeclassroom.ca, Globe and Mail, Canada |
Names, e-mail addresses, clear-text passwords, job title, school, and school contact details dumped on web by hacker |
1,409 |
Canada PIPA & PIPEDA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
HostBooter.com |
Usernames, passwords, e-mail addresses, DNS, IP addresses, and Serial numbers dumped on web by hacker |
713 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
NTR , Netherlands |
Names, dates of birth and e-mail addresses of 13,000 children using Sinterklaas web site downloaded by hacker |
13,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 22, 2011 |
Virtual Radiologic Professionals (vRad) |
Laptop stolen from employee's car contained physician and patient info, including SSNs, bank account numbers or credit card numbers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 21, 2011 |
Jewish Community Services of South Florida |
Employee sold Holocaust survivors' identity info to a confidential police informant |
32 |
EU Directive on Data Protection
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 21, 2011 |
Wine Library |
Customers' stored credit card data acquired and misused by hacker |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 21, 2011 |
Blairsville High School |
Students repeatedly accessed database with teachers' names, Social Security numbers, and salaries |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 21, 2011 |
London Borough of Southwark Council, UK |
Computer and papers containing peoples’ PII left behind after office move discovered when building was sold 1.5 years later and new landlord cleaned out building |
7,200 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 21, 2011 |
Central Essex Community Services, UK |
A book containing information about the general health of mothers and their babies was taken from a locked office. |
498 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 18, 2011 |
Daisy’s Florist |
Owner arrested for skimming customers' card numbers for fraudulent use |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 18, 2011 |
Asia-Pacific Economic Cooperation |
Honolulu’s APEC Host Committee computers containing host members' Social Security numbers and dates of birth hacked |
40 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 18, 2011 |
Unknown Organization, Lebanon Internal Medicine Associates, P. C. |
Patients' PII & PHI were on a flooded computer that was improperly discarded by a restoration contractor |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 18, 2011 |
Parkland Memorial Hospital (Parkland Health Hospital System) |
Employee accessed and copied patient information, allegedly to use for his own healthcare agency |
1,311 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 17, 2011 |
Smith and Wollensky, Capital Grille, Wolfgang's Steakhouse, Morton’s, Bicycle Club, JoJo |
Waiters at high-end steakhouses recruited to skim high-limit credit cards |
50 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 17, 2011 |
Ohio Rehabilitation Services Commission |
Confidential client files from state agency thrown in dumpster by employee. |
50 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 17, 2011 |
Sawicki & Phelps, P.A. |
Employee donated old papers to an elementary school for scrap paper, not realizing they contained confidential client data |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 17, 2011 |
Medcenter One |
Laptop with limited patient information stolen from employee's car; |
650 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 16, 2011 |
Netcar Finland Oy, Finland |
Usernames, passwords, and e-mail addresses leaked for netcar.fi car retail site |
12,109 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 16, 2011 |
McDonald's |
Drive-thru window employee confessed she was recruited to skim and sell over 100 customers' credit/debit card numbers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 16, 2011 |
Union Bank Trust Co, Bright Directions Program (Illinois Treasurer's Office) |
SSNs of people enrolled in a college savings program appeared on the outside of envelopes mailed to participants |
36,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 15, 2011 |
CEFCU |
Stolen laptop contained credit union members' names and account numbers |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 15, 2011 |
Pennsylvania Public School Employees Retirement System |
Pension fund members' names and SSNs exposed on Internet |
2,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 14, 2011 |
Unknown Organization, YMCA of Metro Atlanta |
Stolen computer may expose YMCA members' personal information and encrypted bank account and debit/credit card numbers) |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 14, 2011 |
Stephen F. Austin Hotel |
Employee skimmed guests' credit or debit cards left in their hotel rooms |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 14, 2011 |
Clayton County Police Department |
Police officer left memo pad with identifiable info on traffic stops and crime victims in his personal car that he sold |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 14, 2011 |
Smokers Choice |
Smoke shop customers reported their card number stolen |
200 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 13, 2011 |
FindFriendz.com, India |
Usernames and clear-text passwords acquired by hacker and posted on Internet |
57,721 |
The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 13, 2011 |
Providence Night Life |
Usernames, clear-text passwords, and e-mail addresses leaked on Internet |
50,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 12, 2011 |
Zapateria Orinoco |
Customers’ e-mail addresses, clear-text passwords, security questions and security answers posted by hacker |
487 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 12, 2011 |
University of California at Los Angeles (UCLA |
Applicants to Dept. of Psychology had first and last names, gender, date of birth and full mailing address in data dump by hacker, with 40 dept. usernames and passwords |
40 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 12, 2011 |
AdventSource |
Ministry site users' PII and encoded credit card numbers and passwords posted on Internet |
2,500 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2011 |
Transcend Capital |
Stolen laptop contained customers’ names, account numbers, and in some cases, Social Security numbers. |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 11, 2011 |
University of Texas - Pan American (UTPA) |
Spreadsheet containing PII and GPA of 19,276 students accessible on the Internet |
19,276 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2011 |
Mu Explicito |
Usernames, e-mail addresses and clear-text passwords from online gaming site posted on Internet with site administrator's password |
36 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 11, 2011 |
Microsoft, Unknown Organization |
Working MSN and Hotmail e-mail addresses and passwords found in phishing attempt attachment |
47,000 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 11, 2011 |
Virginia Commonwealth University |
Notified after database containing PII and various programmatic or departmental information accessed by intruder |
178,567 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 10, 2011 |
Steam (Valve, Inc.) |
Database containing PII and encrypted credit card information accessed by hacker(s). |
35,000,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 10, 2011 |
LivingSocial Inc. |
Stolen laptop contained hundreds of current and former employees' names, dates of birth, and addresses |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 10, 2011 |
Brownsville School District |
PII and estimated monthly salary exposed on the internet for 5 months |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 10, 2011 |
Wakulla County School District |
Students' FCAT scores and SSNs exposed on the Internet |
2,400 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 09, 2011 |
Habitat for Humanity of Delaware County ReStore |
Credit card transactions captured and exfiltrated to a server in Poland |
444 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 07, 2011 |
Unknown Organization, iQor, Inc. |
Contractor's employee stole PII and used them to open credit card accounts |
100 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 07, 2011 |
Computershare Inc |
Firm alleges former employee illegally accessed a protected computer and downloaded both proprietary information and shareholder information |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 06, 2011 |
Adidas AG (adidas.com, reebok.com, miCoach.com, adidas-group.com) |
E-mail addresses and passwords acquired and dumped by hackers |
500,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 05, 2011 |
Work Efficiency Institute, Student Alliance Osku, WinNova Länsirannikon koulutus Ltd, Aducate - Centre for Training and Development (University of Eastern Finland) |
Social security numbers, home addresses, telephone numbers and email addresses hacked and posted online |
16,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 05, 2011 |
Unknown Organization |
E-mail addresses and clear-text passwords posted in data dump |
1,272 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 05, 2011 |
Waseela Marriage Center |
Usernames, MD5 hashed passwords and e-mail addresses from marriage-making site dumped by hacker |
98 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 04, 2011 |
Washington South Supervisory Union |
Compromise of financial computer system put members' financial information at risk |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 04, 2011 |
Sociedad Española de Farmacia Hospitalaria, Spain |
Usernames and clear-text passwords, with some e-mail addresses, exposed by hacker |
1,826 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 04, 2011 |
St. Joseph Medical Center |
X-rays with PII & PHI stolen |
5,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 04, 2011 |
Jackson Hewitt |
Hundreds of completed tax returns found outside an abandoned office. |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 04, 2011 |
University of California Los Angeles Health System |
Patients' names, medical record numbers, addresses, and some medical info on hard drive stolen in home burglary |
16,288 |
California SB-1386 & other State derivatives, HIPAA Security, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| November 03, 2011 |
U.S. Department of Veterans Affairs |
Log book with personal and medical info stolen from a VA physician's car. |
377 |
California SB-1386 & other State derivatives, HIPAA Security |
.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 03, 2011 |
U.S. Department of Veterans Affairs |
10-12 sheets of paper with lists of in-patient Veterans with full PII & PHI were found in a cybercafe in a veterans' residential treatment program |
219 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 03, 2011 |
Rochdale Metropolitan Borough Council, UK |
Employee lost memory stick containing the details of over 18,000 residents, |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 03, 2011 |
ConsumerJournalWeekly.com |
Spread sheet of insurance leads with PII exposed on web in .txt file |
6,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 03, 2011 |
Top of the Line Marketing |
Employee provided 1,200 individuals' names, Social Security numbers and birth dates to someone who used them for card fraud |
1,200 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 02, 2011 |
Amsterdam Hospitality Group |
Auditor for the firm stole customer information and sold it to another party who used it to purchase airline tickets |
237 |
EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| November 02, 2011 |
Timothy Mathis, M.D. |
Patients' records stored in old building were destroyed in fire; some found on street |
4,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| November 02, 2011 |
University of Alabama |
E-mail gaffe exposes students' failing grades to each other |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| November 02, 2011 |
Maloney Properties |
Stolen laptop contained residents' housing data, including Social Security numbers |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| November 01, 2011 |
Metrolux 14 Theatres |
Cases of card fraud linked to breach at the theatre's system |
1,180 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| November 01, 2011 |
Premier Imaging LLC, High Point Regional Health System, Premier Medical Plaza |
Employee fired after taking patients' files home for reasons that are unknown at this time |
551 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 31, 2011 |
BanglaTV.ca |
Usernames and clear-text passwords acquired and dumped by hackers |
1,517 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information" |
| October 31, 2011 |
Hi5ads.com (KathmanduInfosys Educational Consultancy) |
Usernames, clear-text passwords, e-mail addresses, phone numbers, and names acquired and dumped by hackers |
5,067 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 31, 2011 |
Warren County Community College |
PII of former and current students and applicants may have been on stolen laptop |
5,461 |
California SB-1386 & other State derivatives, FERPA |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 31, 2011 |
British Columbia Ministry of Children and Family Development, Canada |
Documents containing PII & PHI found in a dumpster behind an apartment complex |
Unknown |
Canada PIPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 29, 2011 |
Archangel Security Agency Ltd, Ireland |
Personal details of individuals in a security training program were found strewn on grounds of industrial estate |
30 |
Irish Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 28, 2011 |
BrickWire LLC, Lawrence Memorial Hospital, Mid Continent Credit Services, Inc. (Blue Sky Credit) |
Online payment system exposed patients' credit card numbers and PII |
10,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 28, 2011 |
United States Air Force, Japan |
Service members' medical records were found at a service member’s home on Yokota Air Base |
593 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 28, 2011 |
Unknown Organization, Newcastle Youth Offending Team, Newcastle upon Tyne City Council, UK |
Personal data on laptop stolen from contractor's home |
110 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 28, 2011 |
Hong Kong Labour Department, HK |
Personal data of 56 people who applied for employee compensation was lost |
56 |
Personal Data (Privacy) Ordinance (PCPD) |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 27, 2011 |
James A. Haley Veterans Hospital |
Missing camera contained before and after pictures of breast cancer surgery patients with their SSNs |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 27, 2011 |
Muir Orthopaedic Specialists |
Stolen binder had patient labels including patients' date of birth |
1,800 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 27, 2011 |
Mama’s Boy Italian Ristorante |
Customers' credit and debit card numbers captured during transmission and misused |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 27, 2011 |
Eaton Group, Jani-King |
Court documents with personal and financial information found strewn in street |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 27, 2011 |
Vancouver Coastal Health Authority |
Patients' names, medical record numbers, dates of birth and diagnoses on laptop and USB lost or stolen at airport |
450 |
Canada PIPA & PIPEDA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 27, 2011 |
University Hospitals Coventry & Warwickshire NHS Trust, UK |
Patients' sensitive personal data found in public bin outside residential apartment complex |
18 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 26, 2011 |
Indalex Inc. (Sapa AB) |
Bankrupt firm abandoned building with employee records containing Social Security numbers |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 26, 2011 |
Indigo Joe's |
Personal information on hundreds of people from pub that went out of business found at trash storage company |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 25, 2011 |
United States Department of Education |
"Glitch" exposed Direct Loan Program applicants' Social Security numbers and financial information to each other |
5,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 25, 2011 |
Regions Bank, Ocala Police Department |
Police officer looked up PII of drivers for co-conspirator to open bank accounts to cash fraudulent tax return checks |
149 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 25, 2011 |
Bloggtoppen.se, Unknown Organization |
Usernames and passwords of users of at least 58 web sites acquired by hackers |
180,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 24, 2011 |
Cheaptickets.nl, Netherlands |
Database with 715000 customers, 1200000 tickets, 80000 passport numbers leaked |
715,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 24, 2011 |
Emory Healthcare |
Patients notified as patients PII were used to file fraudulent tax returns |
7,300 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 24, 2011 |
Ministry of Labor and Social Welfare, Israel |
Employee with access to the Population Registry stole the details of residents and then passed them to someone else; eventually publicly available |
9,000,000 |
Israel Privacy Law |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 23, 2011 |
Hazleton Community Ambulance Association |
Hundreds of old sheets with personal information of employees and former patients found in a dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 22, 2011 |
Boston Police Patrolmen’s Association, International Association of Chief of Police, Matrix Group International, Baldwin County Sheriff's Office |
Personal data from law enforcement-related web sites and their host acquired and posted by hacker groups |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 22, 2011 |
Unknown Organization, Unknown Organization, Worker Benefit Plans (Concordia Plan Services), The Lutheran Church-Missouri Synod |
Box of microfilm containing plan enrollment information from the 1960s and 1970s sent by vendor to subcontractor lost by delivery service |
Unknown |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| October 20, 2011 |
Wells Fargo |
Printer malfunction resulted in customers receiving parts of other customers' bank statements, including account numbers, balance, and transaction history |
Unknown |
California SB-1386 & other State derivatives, GLBA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 20, 2011 |
Edge Hill University |
Students’ PII and student network passwords included in e-mail to 53 other students by mistake |
798 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 19, 2011 |
Well United Methodist Church |
Church volunteers' SSNs and birthdates stolen by volunteer/former inmate |
40 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 18, 2011 |
Aaron's, Inc. |
Customers' names and Social Security numbers were on a stolen computer |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 18, 2011 |
Lord of the Rings Online Forum, Turbine, Inc., UK |
Forum database hacked, users' passwords acquired |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 17, 2011 |
Metropolitan Police Service, UK |
Online disclosure log for freedom of information requests failed to redact personal information in cases |
105 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 16, 2011 |
Ashley D. Bell Law Office |
Old client files containing sensitive information found in a newspaper's dumpster |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 15, 2011 |
Unknown Organization, United Healthcare, Futurity First Insurance Group, Mutual of Omaha Insurance , United of Omaha Life Insurance Company, United Health Group Health Plan, American Continental Insurance Company |
Hard driven stolen from repair vendor contained enrollee's personal and health information |
7,602 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 15, 2011 |
Thomas Jefferson University Hospitals, Lankenau Medical Center, Grand View Hospital |
Patients' x-ray films were stolen by men posing as employees of recycling firm |
3,000 |
California SB-1386 & other State derivatives, FERPA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 15, 2011 |
San Antonio Independent School District |
Students' PII and the reasons the district considered them potential dropouts exposed on the Internet |
360 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
Avia Dental Plan |
Stolen password enabled acquisition of members' PII and credit card information |
2,500 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
Unknown Organization, Securities and Exchange Commission, Financial Tracking Technologies LLC |
SEC staffers notified that their personal brokerage account information may have been compromised by unauthorized subcontractor(s) |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 14, 2011 |
Praxis Care Isle of Man, Department of Social Care |
Memory stick containing confidential information on disabled clients and staff lost by employee |
107 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 14, 2011 |
Social Security Administration |
Living Americans' names, birthdates and Social Security numbers exposed in Death Master Files |
31,931 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
NEA Baptist Clinic |
Hack of clinic's web site compromised usernames, passwords, and in some cases additional details |
3,116 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 14, 2011 |
Chili’s Grill Bar Restaurant |
Restaurant customers' credit card numbers hacked and misused |
Unknown |
UK Data Protection Act & EU Directive on Data Protection, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 13, 2011 |
Spectrum Health Services Inc. |
Stolen hard drive contained patients PII |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 11, 2011 |
Sony Online Entertainment, Sony Corporation |
PlayStation Network and Sony Online Entertainment usernames and passwords compromised via brute force attack |
93,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 11, 2011 |
Chilliwack General Hospital |
Internal records with names, ages, admission dates, attending physician and diagnoses for patients found on a street. |
27 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| October 10, 2011 |
Henry Ford Health System |
Stolen computer contained patients' name, physician’s name, medical record number, and results of a genotype test |
520 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 10, 2011 |
Baxter, Baker, Sidle, Conn Jones, St. Joseph Medical Center, Preferred Professional Insurance Co. |
Backup drive containing records of 161 patients suing for malpractice left on a train |
161 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| October 08, 2011 |
Troy School District |
Hacker obtained usernames and decrypted passwords from district's systems |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 07, 2011 |
Adult Pediatric Dermatology (APDerm) |
Patients' records on flash drive stolen from employee's car |
2,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 07, 2011 |
Nemours Childrens Clinic |
Backup tapes with 1.6 million individuals' patient billing and employee payroll data missing |
1,600,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| October 07, 2011 |
University of Georgia |
Personal data on faculty and staff including SSNs & DOBs available on university web site for years |
18,931 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 07, 2011 |
First State Superannuation, FSS Trustee Corporation, Pillar Administration |
URL manipulation exposed clients' name, address, date of birth, next of kin and superannuation payments. |
568 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 07, 2011 |
Air Pacific Limited |
Employee allegedly downloaded corporate and employee data including individual pilot and flight attendant salaries, and employee contracts |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| October 07, 2011 |
College of the Holy Cross |
Personal information of individuals compromised when employee fell for phishing attempt |
493 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| October 07, 2011 |
Public Service Enterprise Group (PSEG) |
Laptop stolen from employee’s home contained employees' Social Security numbers |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 06, 2011 |
Indiana University School of Optometry |
Patients' information exposed on the Internet |
757 |
California SB-1386 & other State derivatives, FERPA, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| October 06, 2011 |
United States Postal Service, AdvancePierre Foods |
Employee 401k data sent by mail on unencrypted flash drive was lost in the mail |
Unknown |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| October 05, 2011 |
Elections Alberta |
Binders containing voter registrant information lost by enumerators |
Unknown |
Canada PIPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 04, 2011 |
London Care PLC |
Personal details of home care patients, including keycode access to many of their doors, found in school car park |
50 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 04, 2011 |
Poole NHS Trust, UK |
Two diaries stolen from nurse's car contained details on 240 midwifery patients |
240 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 05, 2011 |
Association of School and College Leaders |
A laptop containing members' personal information stolen from an employee's home |
100 |
California SB-1386 & other State derivatives, FERPA |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| October 03, 2011 |
Estate of James C. Graham M.D. |
File cabinets with deceased doctor's patient records stolen in burglary at unoccupied property |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| October 03, 2011 |
Surrey and Sussex Healthcare NHS Trust, UK |
Confidential patient records on lost memory stick |
800 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 30, 2011 |
Unknown Organization, Blue Cross of Northeastern Pennsylvania, Penn Foster |
Documents and laptop stolen from employee's home contained PII & PHI of Penn Foster employees |
500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 30, 2011 |
Betfair, UK |
Payment card details of most customers as well as PII with bank account details acquired by hacker |
3,150,000 |
UK Data Protection Act & EU Directive on Data Protection, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 29, 2011 |
Unknown Organization, Florida Hospital |
Employees accessed records of car accident victims for attorney referral service |
2,252 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 28, 2011 |
Science Applications International Corp (SAIC), Tricare Management Activity |
Backup tapes stolen from car containing patients' PII & PHI |
4,900,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.8.3 - Physical media in transit |
| September 28, 2011 |
Summit Medical Group , Fountain City Family Physicians , Emory Family Practice, Dr. Kenneth Reese |
Patients' PII & PHI in documents stolen from an employee's car |
750 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 27, 2011 |
Tyrolean Regional Health Insurance (TIROLER GEBIETSKRANKENKASSE) (TGKK), Austria |
Insured' names, addresses and insurance numbers leaked by hackers |
600,475 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 27, 2011 |
DeKalb County Sheriff’s Office |
Jail technician used inmates' SSNs for tax refund fraud |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 27, 2011 |
Fairview Health Services, Accretive Health, North Memorial Hospital |
Laptop stolen from employee's car contained patients' information |
16,800 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 24, 2011 |
UKChatterbox |
Chatroom users' passwords possibly acquired by hackers |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 23, 2011 |
United States Postal Service, US Steel, Carnegie Pension Fund, Benefits Administration Services |
CD with PIIs of U.S. Steel retirees and dependents sent by their benefits administrator lost in the mail |
4,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| September 22, 2011 |
University of Texas at San Antonio |
Students' and prospective students' PII accessed by employees after configuration error made data available on intranet |
688 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 21, 2011 |
Saint John Regional Hospital, Horizon Health |
Memory stick with pediatric patients' information missing |
1,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 21, 2011 |
Hana SK Card |
Telemarketing employee leaked customers' information including names, addresses and resident registration numbers |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 20, 2011 |
Blackpool Coastal Housing |
Tenants' PII and confidential care plans transferred to employee's home computer where they were accessible to others |
80 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 20, 2011 |
ProMedica |
Patients' applications for financial assistance sent to other patients due to mail sorting machine error |
14 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 19, 2011 |
Florida International University |
Emoticon discovered in internal database suggested that database with students' PII with GPAs might have been accessed by hacker |
19,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 16, 2011 |
California State Assembly |
Employees' personal information may have been acquired by hacker |
50 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 16, 2011 |
Guilford County Tax Department |
Taxpayers' PII and images of checks paid were accessible on internet |
1,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 16, 2011 |
Good Samaritan Hospital |
Barrels of x-ray films stolen by person impersonating disposal vendor |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security & FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 16, 2011 |
Connecticut Department of Revenue Services |
Employee accessed taxpayers' returns without legitimate business purpose |
15 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 15, 2011 |
Brandywyne Healthcare Center |
Licensed practical nurse stole patients' information for use in tax fraud scheme |
83 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 15, 2011 |
Royal Liverpool University Hospital, Royal Liverpool and Broadgreen University Hospitals NHS Trust, UK |
Ward handover sheets with patients' names and medical information found on public street |
22 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 15, 2011 |
Royal Liverpool University Hospital, Royal Liverpool and Broadgreen University Hospitals NHS Trust, UK |
Bag stolen from staff member's car contained sensitive information on patients |
27 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 15, 2011 |
Montgomery County Department of Job and Family Services |
PII of individuals seeking agency assistance were on lost thumb drive |
1,200 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 14, 2011 |
Eastern and Coastal Kent Primary Care Trust, UK |
CD holding the PII and GP practice codes left in filing cabinet sent to a landfill |
1,600,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 14, 2011 |
Bright House Networks |
Customer names, addresses, phone numbers and account numbers exposed in unauthorized access |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 14, 2011 |
United States Postal Service, United States Army |
CD containing the PII of Non-Appropriated Fund retiree records was lost in the mail |
25,000 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| September 13, 2011 |
McDonalds |
Employee skims credit card numbers of people who used the drive-through lane of the store |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 13, 2011 |
Intelligence and National Security Alliance (INSA) |
Members PII acquired by hackers and exposed on internet |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 13, 2011 |
Northern Ireland Police Fund, Royal Ulster Constabulary, UK |
Former reservists had PII potentially exposed when they were sent a gratuity payment in envelopes with a clear window |
6,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 12, 2011 |
Vacationland Vendors, Wilderness Resort, Wilderness at the Smokies |
Point of Sale breach at resort arcades exposes debit and credit card numbers |
40,000 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 11, 2011 |
Linux Foundation |
Usernames, passwords, email addresses as well as other information compromised due to hack |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 10, 2011 |
Tampa Signal |
Thousands of customers who purchased ADT systems had their personal information stolen by employee and sold to tax fraud ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 09, 2011 |
Oregon Department of Transportation |
File with individuals' names and encoded SSNs on an ftp server indexed by search engine |
62 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 09, 2011 |
Bonney Lake Medical Center |
Computers stolen from offices contained patients' PII & PHI. |
2,370 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| September 09, 2011 |
Unknown Organization, Walsall Council, UK |
Hundreds of residents’ postal vote statements containing names, addresses, dates of birth and signatures dumped in a skip |
951 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 09, 2011 |
Methodist Hospital (Methodist Health System) |
Employee stole patients' names and Social Security numbers to use in payday loan fraud |
50 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 09, 2011 |
Indiana University School of Medicine |
Laptop stolen from researcher's car contained patients' PII & PHI |
3,192 |
California SB-1386 & other State derivatives, FERPA, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 08, 2011 |
Beaumont Independent School District |
Students' PII including grade and scores on the Texas Assessment of Knowledge and Skills exposed on the web |
15,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 08, 2011 |
Multi-Specialty Collection Services, Stanford Hospital and Clinics |
Emergency Room patients PII & PHI posted online |
20,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 08, 2011 |
Unknown Organization, MyJob.ie, Ireland |
Security breach exposed users' passwords and information |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 08, 2011 |
North Bay Regional Health Centre |
Employee improperly accessed patients' records since 2004 |
5,800 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 07, 2011 |
Electronic Data Systems (EDS) |
Former employee stole identity info as part of tax refund fraud ring |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 07, 2011 |
London Ambulance Service, UK |
Personal laptop stolen from a staff member's home contained patients PII |
2,664 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 07, 2011 |
University Hospital of South Manchester NHS Foundation Trust, UK |
Patients' name, age, occupation and surgical details on thumb drive lost by student |
87 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 07, 2011 |
Treatment Services Northwest |
Stolen computer contained protected health information on patients |
1,200 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| September 03, 2011 |
Nordstrom |
Customers' online accounts accessed; 17 used for fraudulent purchases |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 02, 2011 |
Scottish Children’s Reporter Administration (SCRA), UK |
Children's case files with sensitive information left in file cabinet sold to secondhand store |
9 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| September 02, 2011 |
Texas Police Chiefs Association |
Email accounts of members acquired by hacker and contents posted online |
25 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 01, 2011 |
Federal Correctional Institution |
Contract employee obtained the PII of inmates, other persons and used for a Medicaid fraud scheme |
Unknown |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| September 01, 2011 |
Graduate University for Advanced Studies (SOKENDAI), Japan |
Personal information of students, graduates and applicants exposed on the web |
Unknown |
Japan Privacy Act |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 01, 2011 |
El Paso Independent School District |
Hackers accessed PII of district employees and students |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| September 01, 2011 |
Birdville Independent School District |
Two students hacked into their school district's server and accessed a file with student PII |
14,500 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 31, 2011 |
Edinburgh Royal Infirmary, UK |
PII of patients, including names, addresses, dates of birth and some medical files stolen from emergency room reception desk |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 31, 2011 |
TD Bank, AmeriHealth Administrators |
AmeriHealth employee accessed PII & bank account numbers for confederate who created counterfeit checks presented to an accomplice inside TD Bank |
86 |
California SB-1386 & other State derivatives, GLBA |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 26, 2011 |
SWGalaxies (LFNetwork) |
Fans' email addresses and plain-text passwords acquired and leaked by hacker |
23,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 26, 2011 |
Michigan Secretary of State, North Macomb PLUS, Southwest Macomb PLUS |
Documents containing PII of drivers license and state identification applications were stolen from offices |
14,000 |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 28, 2011 |
Borlas.net |
Hackers leak the names, passwords, emails and phone numbers of registered users |
14,800 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 26, 2011 |
Unknown Organization, Canada Post (Post Office Canada), Waterloo Region District School Board |
Two microfilm rolls with former students' PII lost in the post |
2,279 |
Canada PIPA & PIPEDA |
A.10.8.3 - Physical media in transit |
| August 26, 2011 |
Living Healthy Community Clinic, University of Wisconsin-Oshkosh College of Nursing |
PII as well as some health records of patients exposed by virus |
3,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 25, 2011 |
Shark Club, Moxie’s Canada |
PII and payroll information for dozens of staff found in dumpster |
Unknown |
Canada PIPA & PIPEDA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 24, 2011 |
Hays, Royal Bank of Scotland (RBS), UK |
Email error disclosed contractors' pay rates to contractors working for Royal Bank of Scotland |
3,000 |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| August 22, 2011 |
ShoWorks, Inc. (Allianceforbiz.com) |
Log-in credentials and personal information acquired by hacker and exposed online |
20,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 22, 2011 |
Texas Health Partners, Texas Health Presbyterian Hospital Flower Mound |
Stolen laptop contained personal, medical, and insurance information on patients |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 22, 2011 |
Louisiana Department of Children and Family Services |
Copies of assistance applicants' PIIs found blowing down the street |
67 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 19, 2011 |
Vanguard Defense Industries |
Defense contractor's personal e-mail account hacked, revealing PII |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 18, 2011 |
Chocolate Emporium |
Employee copied entire customer database to Dropbox, including credit card numbers |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 17, 2011 |
Fort Dodge Correctional Facility |
Employees' PII were in desk drawer accessible to inmates for 3-4 months |
23 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 17, 2011 |
Bay Area Rapid Transit (BART) Police Officers Association |
Hack exposes personal details of BART police officers |
100 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 16, 2011 |
Purdue University |
Former students' and faculty members' SSNs at risk from hack |
7,093 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 14, 2011 |
Bay Area Rapid Transit (BART) |
Employees' and customers' PIIs including unencrypted passwords acquired and posted by hackers |
2,450 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 13, 2011 |
St. Francis Hospital |
Doctor lost unencrypted flash drive with maternity patients' names and medical details |
574 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 12, 2011 |
Office of the Telecommunications Authority, Hong Kong |
Personal data of more than 500 people on stolen laptop |
500 |
Personal Data (Privacy) Ordinance (PCPD) |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 12, 2011 |
Midland Regional Hospital, Roscommon County Hospital, Ireland |
Files with patients' PII & PHI found outside another hospital |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 12, 2011 |
Reznick Group, AssureCare Risk Management, Inc, Colonial Healthcare, Inc. |
Breach at former benefits administrator exposed employees' and dependents' PII |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 11, 2011 |
TGI Fridays |
Employee skimmed and sold customers' credit card numbers |
73 |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 10, 2011 |
The Knoll at Thackley, ADL plc, UK |
Unknown number of medical files and records were found dumped in the grounds of the abandoned nursing home |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 10, 2011 |
University of Wisconsin - Milwaukee |
Malware infected computer expose PII |
75,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2011 |
Yale University |
PII of faculty, staff, students, and alumni in 1999 file indexed by Google |
43,000 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2011 |
North Carolina State University, Ashley Chapel Elementary School, Gardners Elementary School, Wells Elementary School |
PII of elementary students exposed on Internet by university server |
1,800 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 09, 2011 |
North Carolina State University |
School childrens' data including SSNs exposed on the web |
1,800 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 08, 2011 |
Thirty-One Gifts, LLC |
Missing laptop with consultants' bank account information discovered during investigation of fraudulent wire transfers |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 08, 2011 |
Unknown Organization, Thompson Dunavant, PLC |
Laptop stolen from auditor contained clients' employees' PII |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 08, 2011 |
Sikorsky Aircraft Corporation |
Employees' PII were in files on server accessed by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 08, 2011 |
California State Polytechnic University |
Staff member places files containing faculty members PII on a network share |
38 |
California SB-1386 & other State derivatives, FERPA |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 05, 2011 |
Unknown Organization, Citi Cards Japan (Citigroup) |
PII of customers sold to a third party by employee of contractor |
92,408 |
Japan Privacy Act |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 05, 2011 |
Harley Street Clinic, HCA International Limited, UK |
Two unencrypted laptops with patient information stolen from hospital |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 05, 2011 |
Brigham and Women’s/Faulkner Hospital |
Hard drive left in cab by doctor contained medical information on patients |
638 |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| August 04, 2011 |
Dialogic Inc. |
During a break-in, equipment with employees' names and SSNs was stolen |
Unknown |
California SB-1386 & other State derivatives |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| August 04, 2011 |
Unknown Organization, Lewisham Homes Limited, Wandle Housing Association Ltd, UK |
PII of tenants copied onto contractor's flash drive that was lost in a pub |
26,200 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.8.3 - Physical media in transit |
| August 03, 2011 |
Parenthesis Family Advocates, Franklin County Children Services |
PII & PHI found near recycling bin |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| August 02, 2011 |
Hershey |
Hacker accesses PII on server |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 01, 2011 |
News International Group Limited, UK |
PII of thousands of people acquired and posted online having participated in polls and competitions on The Sun newspaper website |
Unknown |
UK Data Protection Act & EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| August 01, 2011 |
Idaho State University, Pocatello Family Medicine |
Failure to restore firewall after maintenance left patient information exposed for 9 months |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| August 01, 2011 |
Mills-Peninsula Medical Center |
Mailroom employee took home mail with patients' PII & PHI for a 1-year period |
1,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 25, 2011 |
GIS, Austria |
Data files containing sensitive bank account information, acquired by hackers |
214,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 21, 2011 |
City Newsstand Inc. |
Customers' credit and debit card captured during transmission |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 20, 2011 |
Swedish Medical Center |
Employees' names and Social Security Numbers exposed on the Internet |
19,799 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 19, 2011 |
Mountain Mike’s Pizza |
Customers experienced card fraud after POS system hacked |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 18, 2011 |
Beth Israel Deaconess Medical Center |
Patients notified that their PII, PHI may have been transmitted by virus after vendor forgets to restore security controls following maintenance |
2,021 |
California SB-1386 & other State derivatives, HIPAA Security |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 18, 2011 |
Unknown Organization, JL Audio, Inc. |
Customers' PII including plain text passwords acquired and posted by hacker |
4,827 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 18, 2011 |
REWE Group, Germany |
Tens of thousands customers' PII obtained from two online stores |
Unknown |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 17, 2011 |
Unknown Organization, Federal Emergency Management Agency, Williams Chevrolet Inc. Customers |
Documents found in abandoned storage rental unit included FEMA assistance applications and car lease applications |
340 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 17, 2011 |
Haartman Hospital, Finland |
Employee accessed patients' records without authorization |
188 |
EU Directive on Data Protection |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 16, 2011 |
Margarita's Mexican Restaurant |
Hundreds of customers' card numbers misused or put up for sale on underground market |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2011 |
Meath Council, Ireland |
Planning applicants' PII posted online |
Unknown |
Irish Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 16, 2011 |
Kirklees Council |
Laptop stolen from employee's home contained PII & PHI |
25 |
UK Data Protection Act & EU Directive on Data Protection |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 15, 2011 |
The Kitchen Place |
Customers' records including credit card numbers and bank account information as well as employee payroll records exposed during bankruptcy sale |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| July 15, 2011 |
DeKalb Medical Center |
Stolen patient information may have been used in tax refund fraud scheme |
7,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 15, 2011 |
UPromise Investments, CollegeChoice529 Direct Savings Plan |
Employee accessed depositors' names, SSNs, birthdays and other contact information |
300 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 13, 2011 |
Estée Lauder |
Stolen laptop contained current and former employees' and contractors' names and SSNs |
Unknown |
California SB-1386 & other State derivatives |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 13, 2011 |
Lincoln National Life Insurance Company, Lincoln Life Annuity Company of New York, Lincoln Financial Group |
Email attachment exposed individuals' names and SSNs |
705 |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
A.10.8.4 - Electronic messaging |
| July 13, 2011 |
Sønderborg Municipality, Denmark |
Confidential details on 156 employees' work injuries leaked on website |
156 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 11, 2011 |
AssureCare, Lansing Community College |
Health and dental plan members' names, addresses and SSNs on compromised server |
Unknown |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 11, 2011 |
Toshiba Corporation |
Admins',users' and more than two dozen resellers' PII including plain text passwords acquired and posted by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 11, 2011 |
Colorado Springs Hospital, Memorial Health System |
City nurse fired for allegedly accessing patients' records via Physician Link without cause |
2,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 11, 2011 |
Booz Allen Hamilton |
Hackers breach military PII including encrypted passwords and an assortment of data related to other companies and government networks including source code |
90,000 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 08, 2011 |
Jeannette Hospital, Excela Health |
Stolen computer contained patients' PII & PHI |
Unknown |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.1.1 - Physical security perimeter
A.9.1.2 - Physical entry controls
A.9.2.1 - Equipment siting and protection |
| July 08, 2011 |
All Pets Club |
Customers at two of four pet shops report card fraud after transactions |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 08, 2011 |
German Federal Police (Bundespolizei) |
GPS location coordinates, license plate numbers, and telephone numbers of suspects, as well as police officers' usernames and passwords acquired and dumped by hackers |
Unknown |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 07, 2011 |
Stevens Institute of Technology |
Users' full names, usernames, plaintext passwords and email addresses exposed by hacker |
31 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 06, 2011 |
Hurley Medical Center |
Laptop containing patients' PII & PHI missing or stolen |
1,938 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| July 06, 2011 |
Troy Regional Medical Center |
Files containing patients' PII & PHI removed from the hospital and used in tax refund fraud scheme |
880 |
California SB-1386 & other State derivatives, HIPAA Security |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| July 04, 2011 |
Clark College |
Students' PII compromised by hacker |
250 |
California SB-1386 & other State derivatives, FERPA |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 04, 2011 |
IRC Federal |
E-mail addresses and passwords, private e-mails, and login information for an FBI contractor acquired and posted by hackers |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| July 01, 2011 |
Unknown Organization, Spain & Spain, Irene Makridis |
Client records from defunct law firm discarded without shredding by owner of building |
Unknown |
EU Directive on Data Protection |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 30, 2011 |
Department of Health Care Policy & Financing |
A disk containing medicaid applicant PII has been lost in transit between two state agencies. |
3,590 |
California SB-1386 & other State derivatives |
A.10.8.3 - Physical media in transit |
| June 30, 2011 |
Smashing Tomato |
Restaurant customers' card numbers acquired during transmission to card processor |
Unknown |
California SB-1386 & other State derivatives, PCI/Visa CISP |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 30, 2011 |
PhyData LLC, Advanced Diagnostic Imaging, Premier Radiology, Anesthesia Services Associates |
Laptop with patients' PII and medical record numbers stolen from car parked at shopping mall |
1,500 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 28, 2011 |
Plymouth State University |
Missing backup drive contains names and SSNs of students |
1,509 |
California SB-1386 & other State derivatives, FERPA |
A.10.8.3 - Physical media in transit |
| June 27, 2011 |
NHS Jobs, UK |
Jobs.nhs.uk site leaks candidate details to newly registered users |
69 |
UK Data Protection Act & EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 27, 2011 |
Gannett Government Media Corporation |
PII of subscribers to DefenseNews acquired by hacker |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 27, 2011 |
Sosasta, INDIA |
Users' email addresses and plaintext passwords indexed by Google |
300,000 |
The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 24, 2011 |
New York State Department of Taxation and Finance, Morgan Stanley Smith Barney , United States Postal Service |
Clients’ PII including account and tax identification numbers on two CDs that are missing after being mailed to the state's office |
34,000 |
California SB-1386 & other State derivatives, GLBA |
A.10.8.3 - Physical media in transit |
| June 24, 2011 |
California Department of Health Care Services, California Department of Public Health, California Department of Health Services |
Personal and workers' compensation information of approximately current and former state employees copied to a drive by an employee and removed from offices |
9,000 |
California SB-1386 & other State derivatives |
A.8.1.1 - Roles and Responsibilities
A.8.1.2 - Screening
A.8.1.3 - Terms and conditions of employment
A.8.2.1 - Management responsibilities
A.8.2.2 - Information security awareness, education and training
A.8.3.2 - Return of assets
A.8.3.3 - Removal of access rights |
| June 24, 2011 |
Accendo Insurance Company, RxAmerica (CVS Caremark) |
Mailing error exposes members' medication name, date of birth, and member ID in envelope window |
175,000 |
California SB-1386 & other State derivatives, HIPAA Security |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 23, 2011 |
Arizona Department of Public Safety |
Internal memos as well as PII including passwords belonging to Arizona law enforcement accessed by hackers |
Unknown |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 23, 2011 |
NATO e-Bookshop, Unknown Organization |
Usernames, passwords, addresses and email addresses may have been acquired by hacker |
12,000 |
EU Directive on Data Protection |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 20, 2011 |
Mt. Gox Japan |
Bitcoin exchange database containing username, email and password hashes stolen from auditor by hackers |
61,020 |
Japan Privacy Act |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 20, 2011 |
DropBox |
User accounts accessed by others after code update disabled authentication |
100 |
California SB-1386 & other State derivatives |
A.10.9.1 - Electronic Commerce
A.10.9.2 - On-line transactions
A.10.9.3 - Publicly Available Information |
| June 20, 2011 |
Staples Business Depot |
Inadequately wiping of devices being re-sold left sensitive information including PII, Employment history, academic transcripts, and personal investment info exposed |
Unknown |
California SB-1386 & other State derivatives |
A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training |
| June 20, 2011 |
Foothills Nephrology |
Patients' names, dates of birth, and clinical information on laptop stolen from physician's car |
1,280 |
California SB-1386 & other State derivatives, HIPAA Security |
A.9.2.5 - Security of equipment off-premises
A.11.7.1 - Mobile computing and communications
A.11.7.2 - Teleworking |
| June 19, 2011 |
