|
Date |
Article Title |
Publication |
Author |
Synopsis |
|
6/30/2010 |
CSUSB investigating
student data breach |
The Desert Sun |
Michelle Mitchell |
Two educational institutions are looking into data
breaches involving personal information. |
|
6/30/2010 |
Foursquare Puts Money
Before Privacy |
Wired |
Ryan Singel |
Internet site Foursquare published a notice Wednesday
about a privacy breach that shared all users' location
information across the Web, regardless of whether they
had chosen to opt out of such broadcasts through their
privacy settings. |
|
6/29/2010 |
WellPoint: Data breach
caused by attorneys and faulty security update |
The Tech Herald |
Steve Ragan |
WellPoint has notified 470,000 health insurance
applicants that a security glitch may have exposed their
Social Security numbers and other personal information. |
|
6/29/2010 |
UMaine students who
sought mental health services' data compromised |
Sun Journal |
Staff Writer |
The University of Maine Police Department is
investigating a data breach that exposed nearly 5,000
students' personal and medical information. |
|
6/29/2010 |
New York hospital loses
data on 130,000 via FedEx |
Business Week |
Robert McMillan |
A
New York hospital is notifying some 130,000 patients
that their personal information may have been
compromised. |
|
6/24/2010 |
700-Plus Credit Cards
Stolen from Hotel |
ABC News |
Scott Mayerowitz |
Hackers broke into the computer system of a luxury hotel
chain and, over a three-month period, stole the credit
card information of hundreds of guests. |
|
6/23/2010 |
Personal data accessed on
Blue Cross website |
OC
Register |
Courtney Perkes |
Approximately 230,000 Anthem Blue Cross customers
received notification this week that personal
information--including Social Security and credit card
numbers--may have been accessed. |
|
6/23/2010 |
Florida university
notifies students and faculty of possible data exposure |
InfoSecurity.com |
|
A
Florida university is notifying 19,407 students and 88
faculty members that their personal data may have been
exposed. |
|
6/18/2010 |
Microsoft opens center
for reports of identity and data theft |
USA Today |
Byron Acohido |
Microsoft has launched a coalition to serve as a
clearinghouse for reports about caches of stolen data
stored on the Internet. |
|
6/14/2010 |
FCC Issues Warning, FBI
Investigates iPad Breach |
eSecurity Planet |
Kenneth Corbin |
The Federal Communications Commission is warning
businesses and consumers about data security in light of
two recent information breaches. |
|
6/10/2010 |
AT&T Discloses Breach of
iPad Owner Data |
Wall Street Journal |
Spencer Ante |
AT&T acknowledged that a small group of computer experts
known as Goatse Security accessed 114,000 e-mail
addresses of iPad users through a security hole in
AT&T's Web site. |
|
6/8/2010 |
FTC Approves Final
Settlement Order with Dave & Busters; FTC Rejects COPPA
Safe Harbor Application |
Federal Trade Commission |
Press Release |
The Federal Trade Commission (FTC) has approved a final
settlement order with entertainment operation Dave &
Buster's, settling charges that the company failed to
protect consumers' information. |
|
6/8/2010 |
Penn State Warns Of More
Cyber-Breaches |
CBS News |
Associated Press |
More people than additionally estimated may have been
affected by a data breach at Penn State University. |
|
6/7/2010 |
23andMe Sends Wrong DNA
Test Results To 96 Customers |
Tech Crunch |
Jason Kincaid |
23andMe, a company that provides genome testing by mail
to its customers, has announced that "up to 96" customer
samples were incorrectly processed by the company's
contracted laboratory. |
|
6/4/2010 |
Insurer says it's not
liable for University of Utah's $3.3M data breach |
Computerworld |
Jaikumar Vijayan |
A
Colorado insurance company has filed a federal lawsuit
claiming it is not responsible for reimbursing the
University of Utah for costs related to a 2008 data
breach. |
|
6/3/2010 |
University of Louisville
Patients' Data Exposed |
eSecurity Planet |
Larry Barrett |
AvMed Health Plan officials say a December data breach
involving missing laptops may have affected three times
as many customers as previously estimated, bringing the
number to more than one million. |
|
6/2/2010 |
Privacy Breaches May
Expose More Social Security Data At Penn State |
StateCollege.com |
Adam Smeltz |
During routine security procedures, Penn. State
information-technology staff discovered that two campus
computers were infected with malicious software,
potentially exposing as many as 25,572 alumni Social
Security numbers (SSNs). |
|
5/28/2010 |
Missing records on stolen
laptop from Cincinnati Children's Hospital |
cincinnati.com |
Peggy O'Farrell |
Officials at a Cincinnati hospital are increasing
employee training after a data breach affecting more
than 61,000 patients. |
|
5/19/2010 |
Heartland, MasterCard
Settle Over Data Breach |
PC
World |
Nancy Gohring |
In
its third settlement related to a 2008 data breach,
Heartland Payment Systems has agreed to pay out up to
$41.1 million to MasterCard issuers that lost money as a
result of the breach. |
|
5/14/2010 |
Los Angeles Firemen's CU
Has Data Breach |
Credit Union Times |
David Morrison |
The Los Angeles Firemen's Credit Union has notified some
of its members that their personal information,
including account and Social Security numbers, may have
been compromised. |
|
5/14/2010 |
VA reports new data
breaches |
Federal Times |
Tim
Kauffman |
A
House committee will discuss recent data breaches at the
Veterans Affairs Department during a hearing. |
|
5/13/2010 |
Information on 207,000
Army Reservists Stolen |
GovInfoSecurity |
Eric Chabrow |
The Army Reserve is notifying 207,000 reservists that a
laptop containing their sensitive data and that of their
family members was stolen from the office of a
government contractor. |
|
5/7/2010 |
Court gives preliminary
OK to $4M consumer settlement in Heartland case |
Computerworld |
Jaikumar Vijayan |
A
Texas federal court gave preliminary approval of a $4
million settlement in a consumer class action lawsuit
against Heartland Payment Systems Inc. |
|
4/29/2010 |
Data on 24,600 hospital
patients missing |
Courier Journal |
Laura Ungar |
A
psychiatric hospital in Kentucky is urging 24,600
affected patients to place fraud alerts on their credit
reports after a flash drive containing their personal
information went missing. |
|
4/28/2010 |
Data breaches in U.S.
cost more |
Network World |
Ellen Messmer |
The average cost of a data breach in the United States
is higher than breach costs in Australia, France,
Germany and the UK. |
|
4/28/2010 |
Man indicted in probe of
UMC privacy leak |
Las Vegas Sun |
Marshall Allen |
An FBI probe into a privacy breach involving hospital
patients' records has resulted in a federal grand jury
indicting a man who is alleged to have paid a hospital
employee for the information. |
|
4/23/2010 |
How Blippy users' credit
cards got into Google |
cnetnews.com |
Tom
Krazit |
Four users of a social networking service based on
sharing information about purchases with other users
have had their credit card information exposed via
Internet searches. |
|
4/21/2010 |
Army discloses theft of
medical patients' data |
Chron.com |
Associated Press |
Officials have alerted patients of an Army hospital in
Texas that their personal information may have been
exposed. |
|
4/19/2010 |
Certegy to pay $975K,
undergo annual security audit |
SC
Magazine |
Dan
Kaplan |
Certegy Check Services will pay $850,000 to the state of
Florida for a 2007 data breach that impacted nearly six
million personal records. |
|
4/17/2010 |
Data stolen from 628,000
Virginians recovered, Minn. agency says |
Virginian Pilot |
Carolyn Shapiro |
A
student loan firm that reported the theft of data
pertaining to 3.3 million borrowers late last month says
all of the data has been recovered. |
|
4/13/2010 |
Va. Beach human services
workers fired for privacy breaches |
Virginian Pilot |
Deidre Fernandes |
Eight Virginia Beach human services employees have been
fired or disciplined in the past year for wrongfully
accessing personal information contained in state
databases. |
|
4/9/2010 |
BCBS Data Theft Now
Affects 1 Million |
Health Data Management |
Joseph Goedert |
The number of those affected by the BlueCross BlueShield
of Tennessee data theft last October has increased to
998,422 since the last count in March. |
|
4/5/2010 |
Countrywide Sold Private
Info, Class Claims |
Courthouse News Service |
Tim
Hull |
Sixteen named plaintiffs have filed a class action suit
against Countrywide Financial, Countrywide Home Loans
and Bank of America, which bought Countrywide, alleging
Countrywide Financial employees stole and sold
customers' personal financial information. |
|
4/5/2010 |
John Muir Health to
notify 5,450 patients of data breach |
San Francisco Business Times |
Chris Rauber |
A
California Hospital is providing one year of free
identity theft protection to 5,450 patients whose
personal and health information was potentially breached
after the theft of two laptop computers. |
|
4/2/2010 |
Navy took more than a
year to announce personal data breach |
Washington Post |
Federal Diary |
Government employee organizations are asking the Navy
for identity-theft insurance following the notification
that the personal data of 244 employees was
inadvertently released to a "non-government entity." |
|
3/30/2010 |
JC Penney tried to block
publication of data breach |
Computerworld |
Jeremy Kirk |
JC
Penney and The Wet Seal have been named among the
retailers targeted in a 2008 data breach that resulted
in the theft of 130 million credit card numbers. |
|
3/30/2010 |
State AGs Stepping Up
HITECH Enforcement |
Health Leaders Media |
Dom
Nicastro |
Connecticut Attorney General Richard Blumenthal is
investigating his second case involving HIPAA violations
in three months. |
|
3/27/2010 |
Data stolen from firm
that handles student loans in Virginia |
Washington Post |
Martin Weil |
A
student loan firm is providing credit monitoring and
protection services to some 3.3 million people affected
by a data breach. |
|
3/26/2010 |
Computer hacker gets
20-year term |
Boston Globe |
Todd Wallack |
The man who orchestrated the theft of millions of credit
and debit card numbers from major companies was
sentenced to 20 years in prison. |
|
3/26/2010 |
Durex India eStore spills
customers' personal details |
The Register |
John Leyden |
An
Indian Web site that sold Durex condoms has threatened
legal action against the person who exposed a data
breach on the site. |
|
3/25/2010 |
Dave & Buster's Settles
FTC Charges it Failed to Protect Consumers' Information |
Federal Trade Commission |
|
The entertainment operation Dave & Buster's, Inc., has
agreed to settle Federal Trade Commission charges that
the company failed to protect consumers' information. |
|
3/18/2010 |
Data Breaches Are
Heaviest at Hotels |
Wall Street Journal |
Sarah Nassauer |
Hotels are attractive targets for hackers seeking
customer credit card data. |
|
3/10/2010 |
Companies urged to share data breach information |
searchsecurity.com |
Marcia Savage |
When it comes to battling cybercriminals, the key is to
share data breach information with law enforcement
officials. |
|
3/10/2010 |
Arkansas National Guard
Loses Hard Drive |
eSecurity Planet |
Larry Barrett |
Members of the Arkansas National Guard are learning this
week that their personal information may have been
exposed. |
|
3/9/2010 |
VA investigating security
breach of veterans' medical data |
NextGov |
Bob
Brewin |
The Veterans Affairs (VA) Department's inspector general
has launched an investigation into a potential breach
incident. |
|
3/5/2010 |
Westin hotel in LA
reports possible data breach |
Computerworld |
James Niccolai |
The Westin Bonaventure Hotel and Suites in Los Angeles
is offering free credit monitoring services for
customers whose payment card information may have been
exposed. |
|
3/1/2010 |
Data theft creates
notification nightmare for BlueCross |
PC
World |
Robert McMillan |
The theft of 57 unencrypted hard drives from
BlueCross-BlueShield of Tennessee has given thieves
access to personal data on upwards of 500,000 customers
and is costing millions to fix. |
|
2/28/2010 |
Wyndham Hotels hacked
again |
v3.co.uk |
Phil Muncaster |
Wyndham Hotels and Resorts has notified the U.S. Secret
Service and several state attorneys that hackers stole
customer names and payment card information from its
computer system. |
|
2/23/2010 |
Federal Trade Commission
links wide data breach to file sharing |
Washington Post |
Cecilia Kang |
A
Federal Trade Commission probe has uncovered widespread
leakage of sensitive data onto peer-to-peer file-sharing
networks. |
|
2/22/2010 |
Valdosta State University
server improperly accessed |
SC
Magazine |
Angela Moscarlito |
A
Georgia university is alerting some 170,000 students and
staff that their Social Security numbers may have been
exposed. |
|
2/20/2010 |
Error affects about 3,900
TennCare enrollees |
KnoxNews.com |
Kristi Nelson |
Tennessee's Medicaid management system is offering one
year of free identity theft safeguards to 3,900 people
after a computer glitch sent their personal information
to the wrong mailing addresses. |
|
2/12/2010 |
Shell employees' details
leaked to environmental campaigners |
Financial Times |
Ed
Crooks |
Contact information for 176,000 employees and
contractors of Royal Dutch Shell has been sent to
environmental and human rights campaign groups. |
|
2/11/2010 |
Equifax tax forms expose
worker Social Security numbers |
cnetnews.com |
Elinor Mills |
An
unknown number of current and former employees of a
credit reporting firm received W-2 forms in the mail
with their Social Security numbers visible through the
envelope's window. |
|
2/10/2010 |
Hackers Break Into
Ceridian's Payroll System |
eSecurity Planet |
Larry Barrett |
A
Minnesota payroll company is advising more than 1,900 of
its customer companies that their employees' personal,
sensitive data may have been compromised. |
|
2/6/2010 |
Error circulates state
workers' bank data |
The Columbus Dispatch |
Alan Johnson |
The personal banking information of 6,000 Ohio state
employees, including the governor, was mistakenly sent
in an e-mail to dozens of payroll officers at state
agencies. |
|
2/5/2010 |
Commerce breach of
personal data just the tip of the iceberg |
Washington Post |
Joe
Davidson |
In
an e-mail to employees, Commerce Secretary Gary Locke
called recent breach incidents involving employees'
personal information "simply unacceptable." |
|
2/4/2010 |
Business Associates Can
Pay Directly for Breaches |
Media Health Leaders |
Dom
Nicastro |
A
top official at the Office of Civil Rights (OCR) says
business associates could be liable for health data
breaches. |
|
2/4/2010 |
Minn.-based Ceridian
reports data security breach |
Minnesota Public Radio |
Elizabeth Dunbar |
A
Minnesota payroll company is changing all customer
passwords after discovering a security breach. |
|
2/4/2010 |
Highmark tells customers
personal information lost |
Pittsburgh Post-Gazette |
Bill Toland |
A
Pittsburg healthcare provider is offering some 3,700
policyholders one free year of credit monitoring after
documents containing their names and Social Security
numbers (SSNs) were lost. |
|
2/3/2010 |
Inquiry sought in data
breach |
Des Moines Register |
William Petroski |
Iowa's Senate majority leader will request an inquiry
into how a hacker gained access to a state computer
system. |
|
1/29/2010 |
Social Security numbers
found lying in street |
Chicago Tribune |
Lisa Black and John Keilman |
Hundreds of partially shredded documents containing
sensitive, personal information--including Social
Security numbers--were found on a Chicago street last
week. |
|
1/27/2010 |
UCSF says laptop with
4,400 patient records stolen, then recovered |
San Francisco Business Times |
Chris Rauber |
The University of California San Francisco (UCSF) is
alerting 4,400 patients that their medical files were
potentially exposed after the November theft of an
employee's laptop, which was later recovered. |
|
1/27/2010 |
Commerce Dept. slow to
notify employees of security breach |
Washington Post |
Joe
Davidson |
A
data breach at the U.S. Department of Commerce occurred
on December 4, exposing the personally identifiable
information of agency employees. |
|
1/26/2010 |
Tab for Response to Data
Breach Hits $7 Million for BCBS of Tennessee |
iHealthBeat |
|
Blue Cross Blue Shield (BCBS) of Tennessee says that the
October 2009 theft of 57 hard drives from the
organization's training facility compromised the
personally identifiable information of as many as
500,000 BCBS Tennessee subscribers. |
|
1/26/2010 |
Bank sues victim of
$800,000 cybertheft |
Computerworld |
Jaikumar Vijayan |
PlainsCapital Bank of Lubbock, Texas, has filed a
lawsuit against its customer, Plano-based Hillary
Machinery, following the theft of $800,000 from the
company by cyberthieves operating out of Italy and
Romania. |
|
1/25/2010 |
Survey: Data breaches
from malicious attacks doubled last year |
cnetnews.com |
Elinor Mills |
According to the Ponemon Institute's annual Cost of a
Data Breach study, released today, the financial impact
of a privacy failure rose to a per-record average of
$204 and a per-incident average of $6.75 million. |
|
1/22/2010 |
US State Department clerk
sentenced for passport peeking |
Associated Press |
|
A
State Department file clerk has been sentenced to one
year of probation and 75 hours of community service for
illegally accessing the confidential passport
applications of 70 celebrities in 2007. |
|
1/20/2010 |
Law Firms in Heartland
Cases Criticizing Proposed Settlement |
Credit Union Times |
David Morrison |
Two law firms representing credit unions and other card
issuers are expressing disappointment over a proposed
settlement in a case against Heartland Payment Systems. |
|
1/20/2010 |
Chase bank seems a bit
too loose with clients' data |
Los Angeles Times |
David Lazarus |
A
Chase Bank customer, who regularly told the bank that
she did not wish for it to share her personal
information with other organizations was dismayed
recently when she received a letter from the bank
informing her that information about her that had been
shared with another company was exposed online. |
|
1/20/2010 |
Mortgage Broker Who
Dumped Consumer Records Settles FTC Charges |
Federal Trade Commission |
|
A
mortgage broker charged with improperly disposing of
consumers' personal financial records has paid a $35,000
settlement to the Federal Trade Commission (FTC). |
|
1/19/2010 |
Health Net's missing
drive could cost it millions |
The Register |
Chris Meller |
The data breach that affected 1.5 million members of
health insurance provider Health Net may end up costing
the company millions of dollars. |
|
1/19/2010 |
Legislative auditor plans
follow-up investigation on data breach |
Minnesota Public Radio |
Sara Aslanian |
Minnesota's legislative auditor said this week he plans
an investigation into a Texas company's problematic
background-checking program that resulted in a data
breach affecting 500 new state employees. |
|
1/15/2010 |
Financial Firm Notifies
1.2M After Password Mistake |
PC
World |
Robert MacMillan |
Financial services firm Lincoln National has begun
notifying as many as 1.2 million customers after
discovering that a policy of shared passwords. |
|
1/14/2010 |
Kaiser patient medical
records compromised |
San Francisco Chronicle |
Victoria Colliver |
The personal and sensitive medical information of about
15,500 patients of Northern California Kaiser were
compromised after an external storage drive was stolen
from an employee's car. |
|
1/14/2010 |
NY Bank Suffers Online
Breach |
Bank Info Security |
Linda McGlasson |
Suffolk County National Bank (SCNB) has disclosed that
the servers hosting its online banking service suffered
a breach lasting six days in November. |
|
1/13/2010 |
Significant downturn in
data breach notifications |
IT
Wire |
David Heath |
A
report that the number of data breaches reported to the
media has declined significantly over the past 18
months. |
|
1/11/2010 |
NARA talks about lessons
learned from lost PII incident |
Federal News Radio |
Gary Stern |
Gary Stern, general counsel for the National Archives
and Records Administration (NARA), spoke with
Federal News Radio
about recent data breaches at the agency, including what
happened, how the agency is responding and lessons
learned from the experience. |
|
1/8/2010 |
Heartland to Pay up to
$60 Million to Visa Over Breach |
PC
World |
Grant Gross |
In
the latest settlement related to the 2008 Heartland
Payment Systems data breach, PCWorld
reports that U.S. and international Visa debit and
credit card issuers will receive payments totaling as
much as $60 million to pay for costs incurred as a
result of the security gaffe that affected more than 130
million card holders. |
|
12/31/2009 |
Hacker may have accessed
EWU student information |
Seattle Times |
Tri-City Herald |
Officials at Eastern Washington University (EWU) are
notifying up to 130,000 current and former students that
their personal information may have been exposed in a
security breach. |
|
12/30/2009 |
Facebook App Maker Hit
With Data-Breach Class Action |
Wired |
David Kravets |
Third-party app provider RockYou.com is facing a
proposed class-action lawsuit. |
|
12/30/2009 |
Hacker Gonzalez pleads
guilty in Heartland breach |
cnetnews.com |
Elinor Mills |
A
Miami hacker has pleaded guilty to charges associated
with the Heartland Payment Systems and Hannaford
Brothers data breaches. |
|
12/30/2009 |
Penn State notifies
30,000 of computer security breach |
Pittsburgh Post-Gazette |
Bill Schackner |
A
report that Penn State has begun the process of
notifying nearly 30,000 individuals that their
personally identifiable information (PII), including
Social Security numbers, may have been compromised as a
result of three separate malware infections discovered
in late December. |
|
12/29/2009 |
Parties agree to
settlement over Countrywide data breach |
SC
Magazine |
Dan
Kaplan |
A
federal judge in Kentucky granted preliminary approval
to settle a class-action lawsuit related to the
Countrywide Financial data breach that exposed the
personal data of millions. |
|
12/22/2009 |
Did Hackers Steal
Millions from Citigroup? |
ABC News |
Huma Khan, Pierre Thomas and Jason Ryan |
Citigroup is denying a Wall Street
Journal report that Eastern
European cybercriminals hacked the company's network and
made off with tens of millions of dollars. |
|
12/21/2009 |
UPDATE 1-Heartland to
settle class actions over cyber breach |
Reuters |
|
A
report that Heartland Payment Systems will settle class
action lawsuits stemming from a data breach the credit
card processor sustained during a period from 2007
through 2008. |
|
12/17/2009 |
Heartland Pays Amex $3.6
Million Over 2008 Data Breach |
PC
World |
Robert McMillan |
Heartland Payment Systems will pay American Express $3.6
million to settle charges related to its 2008 data
breach. |
|
12/16/2009 |
Mass. Supreme Court
throws out lawsuit against BJs over '04 data breach |
Computerworld |
Jaikumar Vijayan |
The Massachusetts Supreme Judicial Court upheld a lower
court's decision to dismiss a lawsuit against BJ's
Wholesale Club over its 2004 data breach. |
|
12/16/2009 |
RockYou Hacker: 30% of
Sites Store Plain Text Passwords |
Read Write Web |
Jolie O'Dell |
News emerged that a hacker successfully infiltrated the
database of social network RockYou.com and located the
login information of more than 32 million users. |
|
12/15/2009 |
UCSF belatedly announces
September data breach |
San Francisco Business Journal |
Chris Rauber |
The University of California San Francisco (UCSF) has
notified 600 patients that their personal information
may have been exposed. |
|
12/11/2009 |
Warnings issued after
possible security breach |
Minnesota Public Radio |
Sasha Aslanian |
The State of Minnesota has requested that all state
agencies stop using a private background investigation
firm following the possible disclosure of 500 state
employees' personally identifiable information (PII) on
the company's Web site. |
|
12/9/2009 |
Verizon: Data Breaches
Getting More Sophisticated |
Wired |
Kim
Zetter |
A
new study by Verizon has found that cybercriminals are
using increasingly sophisticated techniques to steal
information, but that most hackers still gain access to
sensitive information in known, preventable ways. |
|
12/8/2009 |
24,000 employees affected
by data breach |
The Observer |
Sarah Mervosh |
A
report by the University of Notre Dame independent
newspaper, The Observer,
states more than 24,000 employees of the school had
their personally identifiable information exposed when
the information was posted to an unsecure, publicly
accessible Internet site. |
|
12/7/2009 |
Blumenthal suspects
HealthNet disk was stolen |
Hartford Business |
|
Connecticut Attorney General Richard Blumenthal has
notified federal investigators of what he believes to
have been the theft of a computer disk containing the
personal, financial and medical information of more than
450,000 subscribers of HealthNet insurance. |
|
12/4/2009 |
EIU warns of student data
security breach |
Chicago Tribune |
Associated Press |
Eastern Illinois University officials have mailed
letters to prospective and current students who may have
been affected by a data breach. |
|
11/24/2009 |
The Year Of The Mega Data
Breach |
Forbes |
Andy Greenberg |
Forbes reports on the numbers of
data breaches during the first 11 months of 2009. |
|
11/21/2009 |
PATIENT PRIVACY: FBI
probing UMC data leaks |
Las Vegas Review-Journal |
Scott Wyland |
The Federal Bureau of Investigation is now involved in
the investigation into the sharing of University Medical
Center (UMC) patients' health records. |
|
11/20/2009 |
Hospital privacy leak
could harm patients |
Las Vegas Sun |
Marshall Allen |
Someone at University Medical Center (UMC) is leaking
the records of accident victims to attorneys. |
|
11/18/2009 |
Health Net Loses
Information for 450,000 Clients |
nbcconnecticut.com |
Leanne Gendreau |
Connecticut Attorney General (AG) Richard Blumenthal has
expressed outrage that six months passed before health
insurer Health Net notified the state and police about a
breach of confidential data. |
|
11/9/2009 |
Conn. AG investigates
insurer's data breach |
Hartford Courant |
Associated Press |
Connecticut's attorney general (AG) is looking into Blue
Cross Blue Shield's (BCBS) loss of confidential
information on 800,000 doctors. |
|
10/30/2009 |
68,000 CalOptima Members
at Risk in Data Breach |
Consumer Affairs |
|
CalOptima has reported that CDs containing the personal
information of Orange County, California Medicaid
recipients are missing. |
|
10/29/2009 |
CalOptima recovers discs
with personal data on 68,000 members |
Computerworld |
Jaikumar Vijayan |
CalOptima has recovered discs containing the personal
data of 68,000 members. |
|
10/28/2009 |
Report Suggest Consumers
Don't Understand Data Breach Notifications |
Credit Union Times |
David Morrison |
A
report on study findings that suggest consumers do not
understand the importance of data breach notifications
and, as a result, fail to protect themselves from fraud. |
|
10/27/2009 |
UW says 40 computers
hacked |
Wisconsin State Journal |
|
The University of Wisconsin-Madison is the latest campus
to report a breach of students' personal information. |
|
10/22/2009 |
Zurich loses data on
51,000 UK customers |
Times Online |
Miles Costello |
Zurich Insurance has notified customers in three
countries that their personal details went missing
during a routine data transfer last year, and their
whereabouts remain unknown. |
|
10/22/2009 |
Security Flaws Discovered
in Calif. EDD Website |
CBS 5 Local News |
Anna Werner |
The Swiss foreign ministry announced a shutdown of its
computer system after a "professional virus attack"
allowed hackers in. |
|
10/20/2009 |
Data collector charged
$275,000 for leaking personal data |
The Register |
Dan
Goodin |
A
report on ChoicePoint's settlement with the Federal
Trade Commission. |
|
10/19/2009 |
ChoicePoint to Pay Fine
for Second Data Breach |
PC
World |
Grant Gross |
The Federal Trade Commission (FTC) announced yesterday
that data broker ChoicePoint will pay a fine to resolve
charges that it failed to implement data protection
measures required by the agency after its 2004 security
breach. |
|
10/15/2009 |
Computer data on 103,000
VA Adult Ed Students Misplaced |
Washington Post |
Michael Alison Chandler |
The personally identifiable information of more than
100,000 former adult education students in Virginia was
exposed as a result of a misplaced USB flash drive on
which their data was stored. |
|
10/15/2009 |
PayChoice Suffers Another
Data Breach |
Washington Post |
Brian Krebs |
For the second time in a month, hackers have gained the
login credentials of PayChoice clients. |
|
10/14/2009 |
Women's data breach
probed |
News & Observer |
Eric Ferreri |
When the University of North Carolina-Chapel Hill sent
letters to women notifying them of a data breach related
to their medical data used in a UNC mammography study,
many expressed concern about both the compromise and
their involvement in the study. |
|
10/9/2009 |
MD Bank Dumps Identities
into Trash |
ABC News |
Joce Sterman |
A
number of customers in Rodgers Forge, Maryland were
upset to learn that the institution which recently took
over the local branch of the former Bradford Bank has
been less than protective of their personal and banking
information. |
|
10/7/2009 |
City Admits Lapse in Data
Release |
New York Times |
Sewell Chan |
New York City officials admitted to a security blunder
yesterday that occurred when municipal data was released
to local programmers working on New York City-specific
software applications in a project known as BigApp. |
|
10/6/2009 |
Heartland, After The
Hacking |
Information Week |
Thomas Claburn |
Nearly 10 months after disclosing a months-long data
breach that affected millions of consumers, the
financial impact of the Heartland data breach continues
to unfold. |
|
10/6/2009 |
850,000 doctors could be
hit by potential data breach from insurer's stolen
laptop |
amednews.com |
Emily Berry |
A
report that the impact of the theft of a Blue Cross-Blue
Shield (BCBS) employee's laptop computer could be as
large as 850,000 and include every physician in the BCBS
network. |
|
10/6/2009 |
Google targeted in e-mail
scam |
BBC News |
Jonathan Fildes |
Google's Gmail service is the latest to have been
targeted by a phishing scheme. |
|
10/6/2009 |
Microsoft warns of
Hotmail privacy breach |
SmartCompany.com |
Patrick Stafford |
Microsoft is warning hundreds of millions of Hotmail
users to take precautions after their account details
were posted on a third-party Web site. |
|
10/5/2009 |
Lawsuits over Heartland
data breach folded into one |
Computerworld |
Jaikumar Vijayan |
A
lawsuit consolidating 16 separate class-action
complaints against Heartland Payment Systems has been
filed in U.S. District Court for the Southern District
of Texas. |
|
10/5/2009 |
Microsoft acknowledges
Windows Live ID breach |
SC
Magazine |
Chuck Miller |
Microsoft Corporation acknowledged the compromise of
thousands of Windows Live user login credentials after
they were exposed on a third party Web site. |
|
10/3/2009 |
Blue Cross physicians
warned of data breach |
Boston Globe |
Kay
Lazar |
Blue Cross-Blue Shield (BCBS) is warning tens of
thousands of physicians about a breach involving their
personal information. |
|
10/2/2009 |
Soldiers' Data Still
Being Downloaded Overseas, Firm Says |
Washington Post |
Ellen Nakashima |
A
private cybersecurity monitoring firm says it continues
to find the sensitive data of U.S. soldiers on
unauthorized computers in foreign nations such as China
and Pakistan |
|
10/1/2009 |
Probe Targets Archives'
Handling of Data on 70 Million Vets |
Wired |
Ryan Singel |
The inspector general of the National Archives and
Records Administration (NARA) is investigating a
potential data breach involving the sensitive data of 76
million military veterans. |
|
10/1/2009 |
Data breach hits payroll
firm PayChoice |
Network World |
Ellen Messmer |
A
New Jersey payroll processor has acknowledged a breach
of its processing operations. |
|
9/30/2009 |
2nd Update: Express
Scripts: Extortionist Has Even More Data |
Wall Street Journal |
|
Express Scripts, one of the nation's largest pharmacy
benefits managers, has mailed letters to 700,000 members
after new details emerged about the scope of data stolen
by an unknown person a year ago. |
|
9/25/2009 |
UNC data breach exposes
163,000 SSNs |
Computerworld |
Jaikumar Vijayan |
The University of North Carolina is notifying 163,000
women that their personally identifiable information was
exposed in a security breach. |
|
9/16/2009 |
Data Breach Highlights
Role Of 'Money Mules' |
Washington Post |
Brian Krebs |
Maine's Downeast Energy & Building Supply notified about
850 customers that the company had experienced a
security breach that drained them of $200,000 and
potentially exposed customers' personal data. |
|
9/14/2009 |
Heartland on Defense at
Senate Hearing |
Government Information Security |
Eric Chabrow |
Heartland Payment Systems CEO Robert Carr appeared
before the Senate Homeland Security and Governmental
Affairs Committee to answer questions about the data
breach that impacted hundreds of millions of
cardholders. |
|
9/11/2009 |
TD Ameritrade data theft
settlement nears approval |
Associated Press |
Josh Funk |
The U.S. District Court judge presiding over the hearing
on a proposed TD Ameritrade Holding Corp. settlement
with customers did not make a final decision on the
deal. |
|
9/9/2009 |
DuPont Alleges Second
Insider Breach In Two Years |
darkreading.com |
Tim
Wilson |
Chemical giant DuPont has fired an employee for
allegedly stealing trade secrets. |
|
9/9/2009 |
Heartland Update: Judge
to Hear Motions to Dismiss Class Action Suits |
Bank Info Security |
Linda McGlasson |
Preliminary hearings have begun in the case against
Heartland Payment Systems. |
|
9/9/2009 |
NHS body admits losing
sensitive data on over 6,000 job applicants |
Out-Law News |
|
The Information Commissioner's Office (ICO) is reminding
all that "password-protected laptops are not secure." |
|
9/7/2009 |
Phony debt collectors
raise fear of national data breach |
Augusta Chronicle |
Kelvin Collins |
The Better Business Bureau (BBB) has issued a national
alert about a new scam that elicits confidential
information from consumers. |
|
9/3/2009 |
TJX agrees to settle
another breach lawsuit for $525,000 |
Computerworld |
Jaikumar Vijayan |
Retail giant TJX has settled for $525,000 a lawsuit with
a group of banks for costs incurred following the
company's 2006 data breach. |
|
8/25/2009 |
Insider risk problem
revealed |
BBC News |
Maggie Shiels |
The majority of data breaches result from inadvertent
employee error, say experts. |
|
8/22/2009 |
BU reports data breach of
400 ROTC members |
Boston Globe |
Abbie Ruzicka |
Another Massachusetts university has reported a data
breach. |
|
8/21/2009 |
Hackers gained access to
UMass info |
Telegram.com |
Priyanka Dayal |
University of Massachusetts at Amherst officials say
they have taken steps to shore up information security
practices since learning last fall of a breach that
exposed the personal information of alumni. |
|
8/19/2009 |
Inside The Year's Biggest
Data Breach |
Forbes.com |
Taylor Buley |
Forbes reports on the ease with
which hackers responsible for some of the largest data
breaches to date were able to infiltrate the breached
entities' networks. |
|
8/13/2009 |
Amex cardholders' data
stolen by employee |
The Associated Press |
|
An
American Express employee has been arrested for stealing
corporate data and the company is notifying some card
holders that their information may have been
compromised. |
|
8/12/2009 |
U.C. Berkeley Alumni Data
is Breached |
The Snitch |
Anna McCarthy |
A
SF Weekly
blog reports that those affiliated with the University
of California Berkeley are again being notified that
hackers may have accessed their private details. |
|
8/10/2009 |
BofA warns Mass. Security
breach |
Charlotte Business Journal |
Tim
McLaughlin |
Bank of America and Citigroup have issued new credit and
debit cards to customers in Massachusetts, letting them
know that their account numbers may have been
compromised. |
|
8/10/2009 |
Twitter breach revives
cloud security fears |
Computerworld |
Jaikumar Vijayan |
A
data breach involving Twitter's use of an application
hosted by Google has prompted calls for a reversal in
the City of Los Angeles' recent decision to switch to
cloud-based applications. |
|
8/4/2009 |
Inmate found with
sensitive info |
Concord Monitor |
Lauren R. Dorgan |
New Hampshire officials are looking into how an inmate
obtained sensitive information on state Corrections
Department employees. |
|
8/3/2009 |
Federal Eye: Personal
Data Mishandled at Commerce Dept. |
Washington Post |
Ed
O'Keefe |
Commerce Department employees have been notified that
their sensitive personal information was exposed last
month. |
|
7/29/2009 |
Security experts' sites
hacked on eve of Black Hat conference |
cnetnews.com |
Elinor Mills |
With the collective gaze of the security community fixed
on Las Vegas and the Black Hat security conference, a
number of high-profile security experts have been
targeted by hackers. |
|
7/27/2009 |
Network Solutions starts
healing process after data breach |
DMNews |
Lauren Bell |
Following disclosure of a data breach that may have
compromised the credit card data of more than 573,000
patrons of small commercial Web sites, Internet domain
administer and host Network Solutions has initiated a
crisis response effort. |
|
7/24/2009 |
Network Solutions Hack
Compromises 573,000 Credit, Debit Accounts |
Washington Post |
Brian Krebs |
Brian Krebs reports that a data breach at Internet
domain administrator and host Network Solutions has
compromised personal and financial data for more than
573,000. |
|
7/20/2009 |
Data Explosion Expands
Breach Exposure, But Insurers More Open To Handling Risk |
National Underwriter |
Phil Gusman |
The amount of data stored electronically continues to
explode, creating more potential for privacy breaches. |
|
7/17/2009 |
Hotline for UCSD patients
swamped |
SignOnSanDiego.com |
David Hasemyer |
The University of California-San Diego Moores Cancer
Center notified 30,000 individuals that their personal
information may have been stolen by hackers. |
|
7/14/2009 |
Canyons School District:
Sorry about that missing employee info |
Salt Lake Tribune |
Kristen Stewart |
A
school district in Utah has notified more than 6,000
employees that a thumb drive containing their personal
information has been lost. |
|
7/13/2009 |
LexisNexis issues data
breach warning after alleged mafia bust |
Computerworld |
Robert McMillan |
Consumer databases have become coveted scouring grounds
for identity thieves and other fraudsters. |
|
7/10/2009 |
Boxes of medical records
found in Salt Lake dumpster |
KUTV |
Brian Mullahy |
Medical records, including names, credit card numbers,
Social Security numbers and cancelled checks were found
in a dumpster behind a Salt Lake City shoe distribution
center. |
|
7/6/2009 |
Lessons from the Data
Breach at Heartland |
BusinessWeek |
Rachel King |
BusinessWeek goes in depth with
Heartland Payment Systems CEO Robert Carr on the data
security breach his company experienced late last year. |
|
6/24/2009 |
Cornell probes theft of
laptop with personal data |
Associated Press |
|
Cornell University announced that police are
investigating the theft of a school laptop containing
the personal information--including Social Security
numbers--of approximately 45,000 students, alumni,
faculty and staff. |
|
6/23/2009 |
TJ Maxx Settles Data
Breach Charges |
ConsumerAffairs.com |
|
Retailer TJX will pay $9.75 million to settle charges
related to its 2007 data breach that exposed the
financial details of thousands of customers. |
|
6/19/2009 |
Malicious Attacks Most
Blamed in '09 Data Breaches |
Washington Post |
Brian Krebs |
Nearly 40 percent of data breaches reported since
January were the work of hackers or employees, according
to Identity Theft Resource Center (ITRC) figures. |
|
6/18/2009 |
Court Stiffs Veterans
Caught in Privacy Breach |
Wired |
David Kravets |
The 11th U.S. Circuit Court of Appeals decided that
veterans whose personal data was stolen could not
recover financial damages for mental anguish. |
|
6/17/2009 |
Heartland CEO says data
breach was 'devastating' |
Computerworld |
Jaikumar Vijayan |
Even before it happened, the possibility of a data
breach was what kept him up at night, Heartland Payment
Systems chairman and CEO Bob Carr told Computerworld. |
|
6/14/2009 |
AP IMPACT: Weak security
enables credit card hacks |
Associated Press |
Jordan Robertson |
An
Associated Press investigation into credit card hacks
has revealed that industry-accepted safeguards are
lacking. |
|
6/9/2009 |
T-Mobile Confirms Stolen
Data Is Genuine |
PC
World |
Jeremy Kirk |
T-Mobile today confirmed that hackers accessed
information from its servers, as alleged, but the
company does not believe customer data is in danger. |
|
6/8/2009 |
Aetna named in
security-breach lawsuit |
Hartford Business |
Greg Bordonaro |
A
class-action suit has been filed against health insurer
Aetna for alleged data protection and privacy failures. |
|
6/4/2009 |
Printing glitch leads to
'breach' |
Kennebec Journal |
Betty Adams |
The Maine state Office of Information Technology has
notified nearly 600 residents that certain information
about their unemployment benefits was mailed to the
wrong recipients. |
|
6/2/2009 |
In Legal First,
Data-Breach Suit Targets Auditor |
Wired |
Kim
Zetter |
A
bank is suing the security auditor that certified
CardSystems Solutions three months before hackers
breached its systems in 2004. |
|
6/2/2009 |
Batteries.com, insurance
firm report data breaches |
Computer World |
Grant Gross |
Online retailer Batteries.com said in a letter to New
Hampshire's Attorney General on May 18 that hackers
breached its server in February, stealing names,
addresses and credit card information. |
|
5/29/2009 |
Heartland Update: More
than 650 Institutions Impacted |
Bank Info Security |
Linda McGlasson |
The number of banks reporting card compromises as a
result of the Heartland Payment Systems data breach has
reached 656. |
|
5/28/2009 |
Aetna Contacts 65,000
after web site data breach |
PC
World |
Jeremy Kirk |
Aetna is erring "on the side of caution" in notifying
65,000 people about a breach of its Web site. |
|
5/20/2009 |
Heartland Payment Systems
CEO discusses breach, previews speech |
IAPP |
|
Not a week had passed after the announcement of what
some have described as the largest data breach ever,
when the CEO of Heartland Payment Systems, Robert Carr,
began calling for better industry cooperation and new
efforts directed at preventing future breaches. |
|
5/20/2009 |
Heartland Data Breach:
Hearing Set for Class Action Suits |
Bank Info Security |
Linda McGlasson |
Multiple financial institutions have filed suits against
Heartland Payment Systems for its payment processing
system security breach last year. |
|
5/20/2009 |
HIV-positive patients sue
hospital over records lost on train |
Boston Globe |
Elizabeth Cooney |
Two of the Massachusetts General Hospital patients whose
records were among those lost on an MBTA train in March
have filed suit against the hospital and the employee
responsible for the loss. |
|
5/19/2009 |
Investigation into huge
loss of computerized Clinton data |
New York Times |
David Johnston |
The FBI is investigating the loss of a computer hard
drive from the National Archives record center. |
|
5/13/2009 |
Most claims dismissed in
Hannaford data breach suit |
Computerworld |
Jaikumar Vijayan |
A
U.S. District Court judge has dismissed most of the
civil claims associated with the Hannaford Bros. data
breach disclosed in March 2008. |
|
5/12/2009 |
D.C. Agency Accidentally
E-Mails Personal Data About College Financial Aid
Application |
Washington Post |
Bill Turque |
The personal details of 2,400 students were exposed by a
government agency. |
|
5/11/2009 |
TD Ameritrade data theft
settlement goes to court OK |
Associated Press |
Josh Funk |
A
U.S. District Court judge has approved the settlement
agreement for a class-action suit against TD Ameritrade
Holding Corp. |
|
5/11/2009 |
Inside a data leak audit |
Network World |
Sandra Gittlen |
An
inside look at the data leakage audit of a Boston-based
pharmaceutical firm. |
|
5/8/2009 |
Hackers Say They Have Va.
Prescription Drug Data, Demand $10 Milion |
The Washington Post |
Brian Krebs |
Virginia officials say they have no evidence that
personal information is at risk due to a breach of its
Prescription Monitoring Program database, but are urging
residents to watch their finances just the same. |
|
5/8/2009 |
Hackers breach
UC-Berkeley database; infor for 160,000 students, alums
at risk |
San Jose Mercury News |
Matt Krupnick |
Hackers have stolen the personal information of 160,000
current and former University of California-Berkeley
students. |
|
5/7/2009 |
Security breach leads to
Heartland Payment 1Q loss |
Forbes.com |
David Pitt |
The Heartland Payment Systems security breach
contributed to a first-quarter loss for the company. |
|
5/7/2009 |
Missile data, medical
records found on discarded hard disks |
The Register |
John Leyden |
University researchers purchased 300 drives from eBay
and other retailers, finding that 34 percent of disk
drives still contained confidential data. |
|
5/4/2009 |
Heartland earns back spot
on PCI approved list |
Network World |
|
Heartland Payment Systems is back on Visa Inc.'s list of
compliant vendors. |
|
5/2/2009 |
LexisNexis warns 32,000
people about data breach |
Associated Press |
Amy
Westfeldt |
LexisNexis has notified tens of thousands that their
personal information was exposed in a database security
breach. |
|
4/29/2009 |
Likely cause of Ill. Data
breach pervasive |
Associated Press |
|
Officials at the Illinois Department on Aging say
"employee error" likely caused a breach of sensitive
information. |
|
4/28/2009 |
Identifying the source of
corporate threats |
NetworkWorld |
Davi Ottenheimer |
The Verizon Business RISK team recently released its
"2009 Data Breach Investigations Report," which gives a
fresh look into the question of whether insiders or
outsiders are the larger threat group. |
|
4/28/2009 |
Federal Reserve IT
Analyst Arrest Highlights Internal Threat |
Information Week |
George Hulme |
A
recent arrest stokes the debate that was rekindled with
the recent release ofVerizon
Business' 2009 Data Breach Investigations Report. |
|
4/28/2009 |
Mountain of private
information found in abandoned warehouse |
WWLTV News |
Bigad Shaban |
The confidential records of Orleans Parish public-school
employees have been discovered in an abandoned and
unsecured warehouse in New Orleans. |
|
4/27/2009 |
Data Security Breaches
Present Emerging Risks, Opportunities for Agents |
Insurance Journal |
Patricia-Ann Tom |
Data security represents both a new market opportunity
to sell insurance coverage and a new risk - especially
for independent insurance agencies that may not be
compliant with data security laws or have plans in place
to protect their own companies from data breaches. |
|
4/27/2009 |
Study: Many Employees
Undermine Data Breach Prevention Strategies |
Insurance Journal |
|
Many employees disable the encryption solutions on their
laptops, putting their employers at risk for data
breaches, according to a study by Absolute Software
Corp. and the Ponemon Institute. |
|
4/27/2009 |
The Real Costs Of Laptop
Loss |
Dark Reading |
John Sawyer |
Numbers like $49,346 as the averags cost of a lost
laptop is certainly enough to turn some managerial
heads. |
|
4/24/2009 |
Unencrypted laptop with 1
million SSNs stolen from state |
SC
Magazine |
Dan
Kaplan |
The sensitive personal information of more than a
million Oklahomans has been compromised |
|
4/24/2009 |
After mass security
lapse, RBS Worldpay gets IRS contract No bad deed goes
unrewarded |
The Register |
Dan
Goodin |
RBS Worldpay - the electronic payment processor that
admitted it exposed sensitive financial records for
millions of customers - has been awarded a contract by
the Internal Revenue Service to process tax return
payments next year. |
|
4/24/2009 |
Oklahomans Demand Better
Identity Security Recent Breaches Raise Concern Across
State |
KOCO (Oklahoma City) |
|
Oklahomans are demanding action after two security
breaches in less than a month, both linked to state
agencies. |
|
4/24/2009 |
DHS alerts clients to
theft |
Tulsa World |
Althea Peterson |
The Oklahoma Department of Human Services sent letters
to clients in nearly half a million households this week
stating that their names and personal information might
have been stolen from a DHS employee's laptop computer. |
|
4/23/2009 |
SunTrust Banks Announce
Security Breach |
WESH.com |
|
A
bank that serves Central Florida has become the victim
of a security breach, and its customers could be at
risk. |
|
4/22/2009 |
Typical lost or stolen
laptop costs companies nearly $50,000, study finds |
Mercury News |
Steve Johnson |
The results of an Intel-commissioned study on business
costs associated with lost or stolen laptops. |
|
4/22/2009 |
Employee info device
missing from FairPoint |
AP
via The Telegraph |
Clarke Canfield |
A
portable data storage device containing the personal
information of more than 4,000 employees of FairPoint
Communications Inc. has been reported missing. |
|
4/22/2009 |
Many Companies Don't
Report Data Breaches as a Risk Factor |
MX
Logic |
|
Thirty-eight percent of Fortune 500 companies fail to
report the threat of a data breach in the "risk factors"
section of their SEC 10-K filing, according to a recent
survey by international specialist insurer Hiscox. |
|
4/21/2009 |
Pentagon Fighter Jet Data
Breach Was Avoidable |
ChannelWeb |
Andrew Hickey |
The hack into the Pentagon's computer system that led to
the theft of information related to the $300 billion
Joint Strike Fighter project could have been prevented. |
|
4/21/2009 |
Fraud specialists want
more transparency on data breaches |
MX
Logic |
|
A
survey released ahead of this week's RSA Conference in
San Francisco shows that network security fraud
specialists want more transparency in reporting of data
breaches. |
|
4/21/2009 |
Affinion Security Center
Publishes Data Breach Response Guide |
PR
News Wire |
|
As
incidents of corporate data breaches continue to rise,
the rules and regulations requiring compliance for
breach notification and response from financial
institutions, creditors and many other businesses have
strengthened. |
|
4/20/2009 |
Crime rings behind 91% of
data theft: report |
Information Age |
JJ
Robinson |
Cybercrime rings are organised, sophisticated and highly
effective when it comes to data theft, reveals a new
report from frontline forensic investigators. |
|
4/20/2009 |
Proposed breach
notification rule would affect more health vendors |
Nextgov |
Bob
Brewin |
Rules proposed by the Federal Trade Commission on April
16 on disclosure of breaches of personal health
information would greatly expand the number of companies
that would be subject to notifying individuals if their
personal health data was exposed because records were
lost or stolen, or because a hacker broke into a
computer health network. |
|
4/20/2009 |
Five Ways To Survive a
Data Breach Investigation |
IT
World |
Bill Brenner |
Security experts say it all the time: If a company
thinks it has suffered a data security breach, the key
to getting at the truth unscathed is to have a response
plan in place for what needs to be done and who needs to
be in charge of certain tasks. |
|
4/20/2009 |
Study: Mistakes, Not
Insiders, to Blame for Most Breaches |
 IT
World |
Joan Goodchild |
2008 was a banner year for security breaches, according
to new research from Verizon. |
|
4/17/2009 |
Data Breach Notification
Law Across the World from California to Australia |
DocuTicker |
|
Examining the specifics of data breach notification
frameworks in multiple jurisdictions. |
|
4/16/2009 |
Proposed rule would
require notice about breaches |
ModernHealtcare |
Joseph Conn |
The Federal Trade Commission, in compliance with the
American Recovery and Reinvestment Act of 2009, issued a
formal notice seeking public comment on a proposed rule
requiring vendors of personal health record systems and
related entities to provide notice to consumers in the
event of a security breach. |
|
4/16/2009 |
Verizon Breach Report
Challenges Conventional Wisdom |
Information Week |
Mike Fratto |
Verizon (NYSE: VZ) Business' most recent 2009 Data
Breach Investigations Report is a must-read report if
you're involved in IT. |
|
4/16/2009 |
FTC Issues Proposed PHR
Breach Rule |
Health Data Management |
Joseph Goedert |
The Federal Trade Commission has issued a proposed rule
that would require personal health records vendors and
related entities to notify consumers when their
identifiable health information has been breached. |
|
4/16/2009 |
Criminal gangs on the
hunt for weak business security |
IT
Pro |
Asavin Wattanajantra |
Organised criminals are trawling businesses looking for
weak defences ripe for an attempt at a data breach. |
|
4/15/2009 |
E-Mobsters Continue
Brazen Data Extortion |
eWeek |
Matthew Hines |
The Verizon Business Data Breach [report] that was
published today seems to have raised a few eyebrows. |
|
4/15/2009 |
More Data Breached In
2008 Than In Previous Four Years Combined |
Information Week |
Thomas Claburn |
The findings of the 2009 Verizon Business Data Breach
Investigations Report, which revealed that the number of
breached records in 2008--285 million--surpassed the
total number of records breached in the previous four
years combined. |
|
4/15/2009 |
Over 280
million records compromised last year Damning report
finds simple steps still being ignored |
VNUNet |
Phil Muncaster |
More than 280 million records were compromised in 2008,
according to a new Data Breach Investigations Report
from global comms and IT provider Verizon Business. |
|
4/14/2009 |
Five Ways to
Survive a Data Breach Investigation |
CIO |
Bill Brenner |
If
a company thinks it has suffered a data security breach,
the key to getting at the truth unscathed is to have a
response plan in place for what needs to be done and who
needs to be in charge of certain tasks. |
|
4/13/2009 |
Stolen
laptop has information on 14,000 Moses Cone patients |
Greensboro News Record |
Joe
Killian |
Personal information from more than 14,000 Moses Cone
Health System patients might have been compromised after
a laptop computer was stolen. |
|
4/9/2009 |
18,000 Nashville
students' personal data put online |
The Tennnessean |
Chris Echegaray |
The personal information of more than 18,000 Tennessee
students was inadvertently posted online and remained
there for three months. |
|
4/2/2009 |
Judge to decide if
Hannaford data breach should go to trial |
Portland Press Herald |
Trevor Maxwell |
A
federal judge will soon decide whether a case against
supermarket chain Hannaford Bros. will go forward. |
|
4/1/2009 |
Diary of a Data Breach
Investigation |
CSO Online |
Anonymous |
An
anonymous information security manager has shared the
diary entries he or she compiled during the
investigation of a potential data breach. |
|
3/26/2009 |
OWASP Security Spending
Benchmarks Project Report |
www.owasp.org |
|
A
survey of 50 companies reveals that firms that have
experienced a pubic data breach spend more on the
security aspect of application development than those
that have not. |
|
3/24/2009 |
Mass. General paperwork
for 66 patients lost on Red Line train |
Boston Globe |
Milton Valencia |
A
Massachusetts General Hospital employee left the
confidential personal and medical data of at least 66
patients on an MBTA train earlier this month. |
|
3/20/2009 |
Aussie stumbles on 19,000
exposed credit card numbers |
IT
News |
Ry
Cozier |
A
cache containing 22,000 payment card numbers, along with
names, addresses and expiry dates, has been discovered
on the Web. |
|
3/19/2009 |
VA's security lessons
learned |
Government Computer News |
William Jackson |
Speaking at an event in Washington recently, a risk
management official from the Department of Veterans
Affairs (VA) cautioned her federal colleagues to heed
the lessons of the VA's data breach experience. |
|
3/16/2009 |
Passwords of Comcast
Customers Exposed |
New York Times |
Brad Stone |
One of the nation's largest Internet service providers
has confirmed that the user names and passwords of 700
current customers were exposed on the Internet. |
|
3/12/2009 |
Beyond the Norm:
Coleman's data leak disaster |
InfoWorld |
Robert Cringley |
Robert Cringley unravels the events surrounding the
exposure of the personal information of tens of
thousands of supporters and donors to the Norm Coleman
campaign for re-election to the U.S. Senate. |
|
3/5/2009 |
NYPD Suffers Massive Data
Breach |
Security Management |
Matthew Harwood |
The New York Police Department is notifying nearly
80,000 police officers that their personal information
was stolen by one of their own. |
|
3/2/2009 |
Visa: New
payment-processor data breach not so new after all |
Computerworld |
Jaikumar Vijayan |
Last week's reports that another payment processor may
have experienced a data breach remain unfounded and in a
statement issued Friday, Visa said that new alerts
recently sent to banks and credit unions regarding a
compromise were part of efforts to clean up after an
already-known breach. |
|
3/2/2009 |
Banks, credit unions
begin to sue Heartland over data breach |
Computerworld |
Jaikumar Vijayan |
Eight of the 500 banks and credit unions affected by the
Heartland Payment Systems data breach have filed
lawsuits against the company. |
|
2/24/2009 |
Heartland Payment Systems
to vigorously defend breach claims, CEO says |
Search Financial Security |
Robert Westervelt |
In
a filing with the Securities and Exchange Commission,
Heartland Payment Systems' CEO Robert Carr said his
company will "vigorously defend" claims in several
class-action lawsuits that have been filed since the
company's January 20 announcement that its systems were
breached. |
|
2/23/2009 |
Starbucks sued after
laptop data breach |
Network World |
|
A
Starbucks employee on Thursday filed a class-action
lawsuit against the company for damages related to last
year's data breach that exposed the private information
of 97,000 employees. |
|
2/23/2009 |
Just weeks after
Heartland breach, another payment processor said to be
hit |
Computerworld |
Jaikumar Vijayan |
Another payment processor has been rocked by a security
breach. Details are few and the affected company has not
been identified, but according to reports, attackers
breached a U.S.-based company, uncovering the account
numbers and expiration dates of payment cards used in
card-not-present transactions between February 2008 and
January 2009. |
|
2/20/2009 |
Personal data on
University of Florida system breached |
South Florida Sun Sentinel |
Robert Nolin |
The University of Florida is again notifying students,
former students, faculty and staff of a breach of its
computer system. |
|
2/16/2009 |
Thousands of Floridians
may have been affected by hotel data breach |
South Florida Sun Sentinel |
|
Florida's Attorney General Bill McCollum has warned
residents to watch their credit statements after
learning of a data breach at Wyndham Hotels & Resorts. |
|
2/16/2009 |
Government Hack Attacks
Prompt Scrutiny |
Wall Street Journal |
Marisa Taylor |
Authorities at the Los Alamos National Laboratory (LANL)
are investigating the theft of three computers and the
loss of a LANL BlackBerry device in a "sensitive foreign
country" since the beginning of the year. |
|
2/9/2009 |
FAA Notifies Employees of
Personal Identity Breach |
FAA |
Laura Brown |
The Federal Aviation Administration (FAA) has confirmed
that a breach has exposed the sensitive personal
information of tens of thousands of employees and
retirees. |
|
2/9/2009 |
Kaiser employee data
breached; ID theft reported |
Modern Healthcare |
Rebecca Vesely |
A
data breach affecting nearly 30,000 Northern California
employees of health insurer Kaiser Permanente has been
positively linked to a number of cases of identity
theft, according to police. |
|
2/9/2009 |
Geeks.com agrees to
security audits in wake of data breach |
Computerworld |
Grant Gross |
As
part of a settlement with the Federal Trade Commission,
Genica Corp., operators of computer and electronics
supply Web site Geeks.com, must submit to five
independent security audits over the next decade after
security failures resulted in a data breach last year. |
|
2/9/2009 |
Union:
Hacker broke into FAA computers |
MSNBC |
Joan Lowy |
Hackers broke into a Federal Aviation Administration
employee database accessing the personally identifiable
information of 45,000 employees and retirees. |
|
2/6/2009 |
Legislation aims at data
breach notification |
The Delaware County Daily Times |
Alex Rose |
Pennsylvania State Senator Dominic Pileggi has
introduced a bill that would require state agencies to
provide public notice of data breaches involving
personal information within one week of discovering the
incident. |
|
2/5/2009 |
Data Breach Led to
Multi-Milion Dollar ATM Heists |
Washington Post |
Brian Krebs |
Personal and financial data compromised as a result of a
data breach, disclosed in late December by Atlanta-based
RBS WorldPay, was used to swipe more than $9 million in
one day during a highly coordinated, global ATM heist. |
|
2/5/2009 |
Costs of a Data Breach:
Can You Afford $6.65 Million? |
Computerworld |
Larry Ponemon |
Privacy researcher Dr. Larry Ponemon, founder and
chairman of the Ponemon Institute, says that while the
Institute's recent findings show the financial impact of
data breaches on companies continues to rise, there is
ample evidence to suggest that steps can be taken to
minimize those costs. |
|
2/3/2009 |
Watch out!
Privacy litigation damages becoming more viable |
WTN News |
Mark Foley |
After years of unsuccessful attempts, developments in
two data breach-related lawsuits could set a precedent
that might put companies at risk of further legal
action. |
|
2/3/2009 |
Federal workers notified
after SRA virus breach |
IT
World |
Robert McMillan |
Government contractor SRA International is notifying
federal agencies' employees of a network breach that may
have exposed their personal information. |
|
2/2/2009 |
The Rising Price Of Data
Breaches |
Forbes |
Andy Greenberg |
A
report released today by the Ponemon Institute shows
that, increasingly, companies that experience a breach
of customer data are losing business. |
|
1/30/2009 |
Bank Of America To Pay
Connecticut for Countrywide Data Breach |
Hartford Courant |
Staff |
Bank of America will pay the State of Connecticut
$350,000 as part of a settlement on the Countrywide
Financial Corp. data breach that affected 30,000
Connecticut residents. |
|
1/28/2009 |
Data-theft victims in
Monster, Heartland cases may not be notified |
USA Today |
Byron Acohido |
Two companies reported major data breaches last week.
The number of consumers affected could top 100 million,
according to reports. |
|
1/28/2009 |
Heartland sued over data
breach |
cnet News |
Elinor Mills |
A
week to the day after Heartland Payment Systems
announced the data breach some are calling "the largest
ever," a lawsuit materialized. |
|
1/28/2009 |
VA agrees to pay $20
million in 2006 data breach |
The Boston Globe |
Hope Yen |
The Veterans Affairs Department yesterday settled a $20
million class-action lawsuit stemming from the
department's 2006 data breach that exposed the personal
information of up to 26.5 million veterans and
active-duty troops. |
|
1/26/2009 |
"Biggest Breach Ever,"
Now What? |
Bank Technology News |
Rebecca Sausner |
Few new details have emerged surrounding the breach of
Heartland Payment Systems' internal system that exposed
a yet undisclosed number of consumers. |
|
1/26/2009 |
Heartland’s Carr Calls
for End-to-End Encryption To Stop Breaches |
Digital Transactions |
|
Heartland Payment Systems' CEO is calling for better
encryption and more industry cooperation to prevent
breaches like the one his company discovered last week. |
|
1/23/2009 |
Monster.com Reports Theft
of User Data |
PCWorld |
Nancy Gohring |
Certain personal information of job seekers has been
stolen from Monster.com's database. |
|
1/23/2009 |
MasterCard, Visa warn
security breach may compromise data |
USA Today |
Byron Acohido |
Visa and MasterCard are notifying member banks to
contact those whose card accounts may have been
compromised in the Heartland Payment Systems breach. |
|
1/22/2009 |
Heartland incident
provides opportunity to standardise data breach
notification laws |
SC
Magazine |
Dan
Raywood |
The Heartland Payment Systems data breach announced
earlier this week has some calling for legislative
improvements. |
|
1/21/2009 |
Students' information
leaked |
Springfield News-Leader |
Didi Tang |
Officials at Missouri State University are investigating
an incident that leaked the sensitive personal
information of hundreds of MSU students. |
|
1/20/2009 |
Card Data Breached, Firm
Says |
Wall Street Journal |
Ben
Worthen |
The personal information of as many as 100 million may
have been exposed in a breach at New Jersey-based
credit-card processor Heartland Payment Systems Inc. |
|
1/6/2009 |
Delaware Insurance
Commissioner fines Blue Cross $150,000 for privacy
violations |
IFAwebnews.com |
Keith L. Martin |
Delaware's insurance commissioner has fined BlueCross
BlueShield of Delaware $150,000 for violating two state
regulations. |
|
1/6/2009 |
Data Breaches Up Almost
50 Percent, Affecting Records of 35.7 Million People |
Washington Post |
Brian Krebs |
The number of data breaches reported in 2008 was nearly
double that of 2007. |
|
12/17/2008 |
NH Agency Breaches Client
Data |
WCAX.com |
|
The New Hampshire Department of Health and Human
Services inadvertently released the Social Security
numbers (SSNs) and other personal information of more
than 9,000 Medicare Part D recipients. |
|
12/15/2008 |
Mortgage Company Settled
Sata Security Charges |
Originator Times |
|
A
Texas-based mortgage company has agreed to the terms of
a Federal Trade Commission (FTC) settlement on charges
that the company failed to protect customer information. |
|
12/11/2008 |
How a CIO should deal
with the aftermath of a data breach |
CIO |
Andrew Donoghue |
In
the article "How a CIO should deal with the aftermath of
a data breach," CIO
provides an hour-by-hour, day-by-day framework for
managing the madness. |
|
12/4/2008 |
Glitch allowed online
access to private data Florida agency |
SunSentinel.com |
Tallahassee Bureau |
The names and Social Security numbers of 250,000
job-seekers in Florida were accidentally posted online
and remained there for 19 days. |
|
11/26/2008 |
CEOs should take the rap
for data losses |
vnunet.com |
Madeline Bennett |
A
vnunet.com
reader poll shows that many believe chief executive
officers should be held responsible for data breaches. |
|
11/25/2008 |
Mainframe Breach and Lens
Crafters Parent Hits 59K |
InternetNews |
Richard Adhikari |
A
hacker has the personal data of more than 59,000
Luxottica Group employees. |
|
11/24/2008 |
Missing laptop puts
Starbucks workers' data at risk |
seattlepi.com |
Dan
Richman |
Tens of thousands of Starbucks employees have been
notified that a company laptop containing their personal
information was stolen. |
|
11/24/2008 |
Senator probes privacy
law after Obama phone record breach |
cnet News |
Stephanie Condon |
Senator Patrick Leahy (D-VT) wants to know how many
actions the Justice Department has taken on violations
of the Telephone Records and Privacy Protection Act. |
|
11/22/2008 |
Snoopy Verizon Employees
Fired |
PC
World |
Peggy Watt |
Verizon has fired the employees who looked at
President-elect Barack Obama's cellphone account. |
|
11/21/2008 |
In Pictures:
The Year's Biggest Data Breaches |
Forbes.com |
Andy Greenberg |
Forbes.com provides a photographic
review of 2008's biggest data breaches in all economic
sectors. |
|
11/21/2008 |
Obama's Cellphone Account
Breached by Verizon Employees |
Wall Street Journal |
Amol Sharma |
Several Verizon Wireless employees improperly accessed
Barack Obama's personal cellphone account. |
|
11/12/2008 |
University of Florida
discloses patient-record data breach |
NetworkWorld |
Ellen Messmer |
The University of Florida College of Dentistry has
notified 330,000 patients about a security breach that
exposed their personal information. |
|
11/11/2008 |
How to stop the Grinch
from stealing your corporate data |
CNN Money |
Lisa Astor |
Gadgets may be great for gift-giving, but employers
trying to control their company's sensitive data may
need to step up precautions during this holiday season. |
|
11/11/2008 |
Express Scripts rReports
New Threats Tied to Data Security Breach |
Market Watch |
|
In
response to an extortion threat, Express Scripts is
offering a $1 million reward for information leading to
the arrest and conviction of the person or persons
responsible. |
|
11/6/2008 |
Express Scripts receives
extortion threat |
The Associated Press |
Matthew Perrone |
The FBI is investigating a threat to expose the personal
information of patients. |
|
11/4/2008 |
Remote Workers, Costly
Data Breach Notification, Being Too Nice at Work and
More |
CIO |
Steff Gelston |
CIO's "Trendline" highlights two
issues near and dear to the hearts of CPOs:
telecommuting data protection and data breach
notifications. |
|
11/4/2008 |
Baylor Health Care says
laptop with patient data stolen |
The Dallas Morning News |
Jason Roberson |
A
Baylor Health Care System employee was fired for
breaking company protocol by leaving a company laptop in
her unattended vehicle. |
|
11/3/2008 |
State Department, VA
disclose two new data breaches |
ComputerWorld |
Jaikumar Vijayan |
The personal information of 1,600 Portland, Oregon
Veterans Affairs (VA) medical center patients was
accidentally posted onto a public Web site. |
|
10/31/2008 |
A Huge Cache of Stolen
Financial Data |
New York Times |
John Markoff |
The RSA FraudAction Research Lab last week announced its
discovery of a digital cache containing a vast amount of
financial information. |
|
10/20/2008 |
Web Exclusive:
RSA president Art Coviello speaks to SC |
SC
Magazine |
Andrew Donoghue |
In
advance of the RSA Conference in London next week,
SC Magazine
sat down with RSA president and vice president of EMC
Art Coviello. |
|
10/20/2008 |
Web Exclusive:
RSA president Art Coviello speaks to SC |
SC
Magazine |
Andrew Donoghue |
In
advance of the RSA Conference in London next week,
SC Magazine
sat down with RSA president and vice president of EMC
Art Coviello. |
|
10/12/2008 |
World Bank denies report
of massive data breaches |
Network World |
Tim
Greene |
World Bank Group (WBG) officials say that a
Fox News
report of massive data security breaches affecting
sensitive data is misleading. |
|
10/12/2008 |
World Bank denies report
of massive data breaches |
Network World |
Tim
Greene |
World Bank Group (WBG) officials say that a
Fox News
report of massive data security breaches affecting
sensitive data is misleading. |
|
10/8/2008 |
Colorado state Web site
dishes out SSNs of CEOs, other top execs |
Computerworld |
Jaikumar Vijayan |
The personal data--including Social Security numbers,
dates of birth and home addresses--of executives from
some of the nation's largest companies are posted on the
Colorado Secretary of State's Web site |
|
10/8/2008 |
Colorado state Web site
dishes out SSNs of CEOs, other top execs |
Computerworld |
Jaikumar Vijayan |
The personal data--including Social Security numbers,
dates of birth and home addresses--of executives from
some of the nation's largest companies are posted on the
Colorado Secretary of State's Web site |
|
10/1/2008 |
Verizon breach study
identifies industry specific threats |
SearchSecurity.com |
Robert Westervelt |
In
a supplement to its June data breach investigation
report, Verizon Business has released information on
industry-specific threats in the financial services,
high-tech services, retail and food and beverage
sectors. |
|
10/1/2008 |
New York state mishandles
Social Security numbers |
Democrat and Chronicle |
Jay
Gallagher |
Applicants for New York unemployment-insurance payments
may have been surprised to receive the personal
information of other applicants on one side of a
two-sided form mailed out by state officials. |
|
10/1/2008 |
Hackers hit Uindy
computers; personal data of 11,000 compromised |
The Indianapolis Star |
Erika D. Smith |
The personal information of 11,000 people affiliated
with the University of Indianapolis has been exposed. |
|
10/1/2008 |
Verizon breach study
identifies industry specific threats |
SearchSecurity.com |
Robert Westervelt |
In
a supplement to its June data breach investigation
report, Verizon Business has released information on
industry-specific threats in the financial services,
high-tech services, retail and food and beverage
sectors. |
|
10/1/2008 |
New York state mishandles
Social Security numbers |
Democrat and Chronicle |
Jay
Gallagher |
Applicants for New York unemployment-insurance payments
may have been surprised to receive the personal
information of other applicants on one side of a
two-sided form mailed out by state officials. |
|
10/1/2008 |
Hackers hit Uindy
computers; personal data of 11,000 compromised |
The Indianapolis Star |
Erika D. Smith |
The personal information of 11,000 people affiliated
with the University of Indianapolis has been exposed. |
|
9/18/2008 |
Surviving an FTC
Investigation After a Data Breach |
New York Law Journal |
Lisa Sotto & Aaron Simpson |
Notification requirements and the resulting widespread
publicity after a data breach incident has, over the
past few years, seen regulators paying more attention to
companies' privacy and information security practices. |
|
9/17/2008 |
Who's Most Aware of
Corporate Fraud and Security Vulnerabilities? |
CIO |
Thomas Wailgum |
The results of a recent Kroll Global Fraud report show
that 72 percent of senior executives feel their
companies are highly or moderately vulnerable to
information theft, loss or attack. |
|
9/15/2008 |
Lost Computer Exposes
Data of 22,000 at Intuit |
Dark Reading |
Tim
Wilson |
Last week, 22,000 current and former employees of Intuit
were notified that their personal data--including names,
addresses, birth dates and Social Security numbers--were
lost in the incident that has, so far, affected at least
75,000 people whose firms outsourced their HR operations
to Colt Express. |
|
9/12/2008 |
Forever 21 Provides
Notice to Customers Regarding Security Breach Incident |
Wall Street Journal |
Forever 21 Inc. |
Clothing retailer Forever 21 has posted on its Web site
a notice regarding security breach incidents involving
its customers. |
|
9/10/2008 |
Mortgage firm
Countrywide, in response to alleged data breach, offers
free credit monitoring |
Los Angeles Times |
E.
Scott Reckard |
Countrywide Financial Corp. will pay for two years of
credit monitoring for loan applicants whose sensitive
personal information was allegedly sold by a Countrywide
employee. |
|
9/9/2008 |
530M records exposed, and
counting |
Computerworld |
Jay
Cline |
If
you took the numbers of people living in the U.S.,
Canada, Mexico, Central America and the Caribbean and
combined them, you still wouldn't have arrived at the
number of data breaches that have occurred in the past
eight years. |
|
9/9/2008 |
Why all the data
breaches?
Businesses just don't care |
Wall Street Journal |
Ben
Worthen |
A
leading security expert questions business's willingness
to address information security. |
|
9/8/2008 |
Data Breaches Spark Hard
Drive Shredding Boom |
CSO |
Bill Brenner |
Those in the business of data destruction have seen a
surge in demand for their services as data breaches have
become more regular occurrences |
|
8/24/2008 |
Personal data breaches
this year surpass 2007 total |
Los Angeles Times |
Joseph Menn |
The nonprofit Identity Theft Resource Center (ITRC)
revealed that, so far this year, there have been 447
personal data loss events in the U.S. |
|
8/7/2008 |
State investigates after
breach of Granholm's medical records |
mlive.com |
Associated Press |
Employees at Lansing's Sparrow Hospital were found to be
in violation of hospital policy for viewing, or trying
to view, Michigan governor Jennifer Granholm's medical
records. |
|
8/5/2008 |
Missing SFO Laptop Found |
The Daily Journal |
Bay
City News Service |
The stolen laptop containing unencrypted personal
information for 33,000 travelers who applied for the
Transportation Security Administration's (TSA)
Registered Travel program has been located. |
|
8/5/2008 |
11 charged in connection
with credit card fraud |
The Associated Press |
ANNE D'INNOCENZIO |
Eleven people have been charged in connection with the
TJX data breach that exposed the card numbers of about
100 million |
|
8/5/2008 |
Missing Laptop Keeps Firm
From Registering New Fliers |
The Washington Post |
Joseph Galante |
The personal information of travelers who had applied to
enroll in the Transportation Security Administration's
(TSA) "Registered Travel" program may have been exposed
when a laptop containing the information was stolen late
last month. |
|
8/1/2008 |
Anheuser-Busch says data loss affects employees |
The Associated Press |
Emily Fredrix |
The recent theft of laptops from Anheuser-Busch
headquarters in St. Louis has potentially exposed the
personal information of citizens in four states. |
|
7/30/2008 |
Data Breach Fallout:
Do CISOs Need Legal Protection? |
CSO Magazine |
Bill Brenner |
Who takes the fall at your organization when a data
breach occurs? The chief information security officer?
Chief privacy officer? In a CSO
Security and Risk newsletter
article, one security contractor and advisor says those
who will take the heat should take steps to protect
themselves. |
|
7/29/2008 |
Private medical data
exposed, raising ID theft risk |
ajc.com |
Andy Miller |
A
mix-up at Blue Cross Blue Shield of Georgia resulted in
the mailing of 202,000 explanation-of-benefits (EOB)
letters to the wrong addresses. |
|
7/25/2008 |
Personal data put online
in error |
The Columbus Dispatch |
Misti Crane |
The Columbus Dispatch
reports that a clerical error resulted in the posting of
personal information of persons associated with Ohio
University's Centers for Osteopathic Research and
Education (CORE). |
|
7/25/2008 |
Anatomy of a Data Breach |
CIO |
Ryan Sherstobitoff |
Ryan Sherstobitoff says that in order for corporations
to survive long term, they must implement measures to
protect against data breaches this year. |
|
7/18/2008 |
UMD Releases Students'
Social Security Numbers |
ABC News |
|
Officials at the University of Maryland have apologized
to 23,000 students for mailing a parking brochure with
their Social Security numbers printed on the address
label. The brochures were sent through U.S. Postal
Service third-class mail on July 1. |
|
7/17/2008 |
2008 Data Breach Count is
69% greater than 2007 |
Identity Theft Daily |
Staff Writer |
The Identity Theft Resource Center (ITRC) released
comparison data showing the number of data breaches so
far in 2008 is 69 percent greater than the same time
period in 2007. Between January 1 and June 27 of this
year, the ITRC has recorded 342 breaches. |
|
7/17/2008 |
Bristol-Myers:
Tape with workers' personal data was stolen |
cnn.com |
Peter Loftus |
Drug maker Bristol-Myers Squibb Co has acknowledged the
theft of a backup computer data tape containing employee
information, reports Dow Jones Newswire. The tape was
stolen during transport from a storage facility on June
4. |
|
7/14/2008 |
Metro releases employees'
Social Security Numbers |
Forbes.com |
Associated Press |
The Social Security numbers (SSNs) of thousands of
former and current employees of Washington DC's Metro
transit system were exposed in a data breach. The SSN
data of 4,675 was accidentally posted to the Metro's Web
site between June 9 and June 25 when the agency was
soliciting for worker's compensation and risk management
providers. |
|
7/11/2008 |
Student ID breach
embroils thousands |
The Tennessean |
Maria Giordano |
Personally identifiable information (PII) for as many as
17,000 Williamson County, Tennessee students and faculty
were posted to a Web site where the information may have
been freely available for nearly one year before being
discovered. |
|
7/11/2008 |
State agency acts to
shield employees from ID theft |
Sacramento Bee |
Andrew McIntosh |
Officials at the California Department of Consumer
Affairs say reparations for last month's security breach
could cost taxpayers as much as $122,000. The department
is providing identity theft protection services to more
than 5,000 employees whose names and Social Security
numbers were compromised when an employee downloaded a
roster containing the information and forwarded the file
to her personal e-mail account. |
|
7/11/2008 |
Student ID breach
embroils thousands |
The Tennessean |
Maria Giordano |
Personally identifiable information (PII) for as many as
17,000 Williamson County, Tennessee students and faculty
were posted to a Web site where the information may have
been freely available for nearly one year before being
discovered. |
|
7/10/2008 |
How Ready Is Your Company
to Respond to a Data Breach? |
Law.com |
Harry Valetk |
Harry Valetk writes that gaining an understanding of
applicable laws and having a response strategy in
advance will help an organization react effectively to
satisfy both the law and customer expectations. What's
more, preventative measures implemented and consistently
maintained can help avoid the situation in the first
place. |
|
7/10/2008 |
How Ready Is Your Company
to Respond to a Data Breach? |
Law.com |
Harry Valetk |
Harry Valetk writes that gaining an understanding of
applicable laws and having a response strategy in
advance will help an organization react effectively to
satisfy both the law and customer expectations. What's
more, preventative measures implemented and consistently
maintained can help avoid the situation in the first
place. |
|
7/8/2008 |
Justice Breyer among
victims in data breach |
Washington Post |
Brian Krebs |
Supreme Court Justice Stephen Breyer is among the nearly
2,000 victims of a data breach resulting from the use of
peer-to-peer file sharing by an employee of an
investment firm used by the judge. |
|
7/8/2008 |
Justice Breyer among
victims in data breach |
Washington Post |
Brian Krebs |
Supreme Court Justice Stephen Breyer is among the nearly
2,000 victims of a data breach resulting from the use of
peer-to-peer file sharing by an employee of an
investment firm used by the judge. |
|
7/4/2008 |
Celebrity Passport
Records Popular |
Washington Post |
Glenn Kessler |
A
State Department audit has revealed that government
workers snooped inside the electronic passport records
of celebrities. Athletes, entertainers and other
notorious Americans were among those whose records were
breached. |
|
7/4/2008 |
Celebrity Passport
Records Popular |
Washington Post |
Glenn Kessler |
A
State Department audit has revealed that government
workers snooped inside the electronic passport records
of celebrities. Athletes, entertainers and other
notorious Americans were among those whose records were
breached. |
|
6/30/2008 |
Hannaford Data Breach
Fallout Continues |
seacoastonline.com |
Shir Haberman |
After the recent discovery of illegal activity on its
"Debit Card portfolio" as a result of the Hannaford
Bros. data breach earlier this year, Ocean National Bank
is re-issuing cards to about 7,000 customers. |
|
6/30/2008 |
Data Breach Reports Up 69
Percent in 2008 |
Washington Post |
Brian Krebs |
Reports of data breaches are on the increase compared to
2007 figures, reports The Washington
Post. The Identity Theft
Resource Center (ITRC) analyzed 342 data breach reports
between January 1 and June 27 of this year, finding a 69
percent increase in the number of breaches reported
compared to the same time frame in 2007. |
|
6/30/2008 |
Hannaford Data Breach
Fallout Continues |
seacoastonline.com |
Shir Haberman |
After the recent discovery of illegal activity on its
"Debit Card portfolio" as a result of the Hannaford
Bros. data breach earlier this year, Ocean National Bank
is re-issuing cards to about 7,000 customers. |
|
6/30/2008 |
Data Breach Reports Up 69
Percent in 2008 |
Washington Post |
Brian Krebs |
Reports of data breaches are on the increase compared to
2007 figures, reports The Washington
Post. The Identity Theft
Resource Center (ITRC) analyzed 342 data breach reports
between January 1 and June 27 of this year, finding a 69
percent increase in the number of breaches reported
compared to the same time frame in 2007. |
|
6/27/2008 |
Montgomery Ward Fails to
Alert Victims of Breach |
SC
Magazine |
Chuck Miller |
A
December breach involving the credit card numbers of
51,000 Montgomery Ward customers has just now come to
light. |
|
6/27/2008 |
Montgomery Ward Fails to
Alert Victims of Breach |
SC
Magazine |
Chuck Miller |
A
December breach involving the credit card numbers of
51,000 Montgomery Ward customers has just now come to
light. |
|
6/26/2008 |
Consumers punish
organizations that expose their data, but can be
mollified |
InternetRetailer.com |
|
More than half of the data breach victims questioned in
a recent Javelin Research survey reported decreased
confidence in the organization that lost their data,
says an Internet Retailer
report. And 30 percent said they would never again do
business with the company. |
|
6/26/2008 |
Consumers punish
organizations that expose their data, but can be
mollified |
InternetRetailer.com |
|
More than half of the data breach victims questioned in
a recent Javelin Research survey reported decreased
confidence in the organization that lost their data,
says an Internet Retailer
report. And 30 percent said they would never again do
business with the company. |
|
6/23/2008 |
CNET Employees Notified
After Data Breach |
PC
World |
Robert MacMillan |
A
burglary at Colt Express Outsourcing Services has left
the personal information of 6,500 CNET Networks
employees exposed. |
|
6/23/2008 |
Security breach
compromises 5,000 Social Security Numbers at Consumer
Affairs |
Capitol Weekly |
Malcom Maclachlan |
The names and Social Security numbers of 5,000 people
associated with the California Department of Consumer
Affairs (DCA) have been exposed by a security breach. |
|
6/23/2008 |
CNET Employees Notified
After Data Breach |
PC
World |
Robert MacMillan |
A
burglary at Colt Express Outsourcing Services has left
the personal information of 6,500 CNET Networks
employees exposed. |
|
6/23/2008 |
Security breach
compromises 5,000 Social Security Numbers at Consumer
Affairs |
Capitol Weekly |
Malcom Maclachlan |
The names and Social Security numbers of 5,000 people
associated with the California Department of Consumer
Affairs (DCA) have been exposed by a security breach. |
|
6/18/2008 |
TD Ameritrade close to
settling data theft lawsuit |
New York Times |
Associated Press |
The Associated Press reports that, in a proposed
settlement, Ameritrade Holding Corp. will pay nearly
$1.9 million to plaintiffs affected by the company's
September 2007 data breach that exposed the personal
information of more than six million people. |
|
6/18/2008 |
TD Ameritrade close to
settling data theft lawsuit |
New York Times |
Associated Press |
The Associated Press reports that, in a proposed
settlement, Ameritrade Holding Corp. will pay nearly
$1.9 million to plaintiffs affected by the company's
September 2007 data breach that exposed the personal
information of more than six million people. |
|
6/11/2008 |
Data breaches made
possible by incompetence, carelessness |
Information Week |
Thomas Claburn |
Incompetence and carelessness were cited as the greatest
threats to business information in a Verizon Business
Security survey released yesterday. Over a period of
four years, Verizon Business studied more than 500
forensic data breach investigations, finding that nine
out of 10 corporate data breaches could have been
prevented had reasonable security measures been in
place. |
|
6/11/2008 |
Data breaches made
possible by incompetence, carelessness |
Information Week |
Thomas Claburn |
Incompetence and carelessness were cited as the greatest
threats to business information in a Verizon Business
Security survey released yesterday. Over a period of
four years, Verizon Business studied more than 500
forensic data breach investigations, finding that nine
out of 10 corporate data breaches could have been
prevented had reasonable security measures been in
place. |
|
6/8/2008 |
Stanford employees' data
on stolen laptop |
San Francisco Chronicle |
Ilana DeBare |
Stanford University has notified tens of thousands of
current and former employees that their personal
information was on the hard drive of a stolen university
laptop. |
|
6/8/2008 |
Stanford employees' data
on stolen laptop |
San Francisco Chronicle |
Ilana DeBare |
Stanford University has notified tens of thousands of
current and former employees that their personal
information was on the hard drive of a stolen university
laptop. |
|
5/31/2008 |
Walter Reed says patient
data may be compromised |
Associated Press |
Jennifer Kerr |
A
computer file containing sensitive information on about
1,000 patients of Walter Reed Army Medical Center and
other military hospitals was found on a "non-government,
non-secure computer network." |
|
5/31/2008 |
Walter Reed says patient
data may be compromised |
Associated Press |
Jennifer Kerr |
A
computer file containing sensitive information on about
1,000 patients of Walter Reed Army Medical Center and
other military hospitals was found on a "non-government,
non-secure computer network." |
|
5/28/2008 |
Q & A with IAPP Practical
Privacy Series Speakers |
IAPP |
Agnes Bundy Scanlan |
Incidents of lost personal data make the news on a
weekly basis and, as we read in yesterday's
Daily Dashboard,
we do not hear about many of the breaches that occur due
to retailers' reluctance to tell. |
|
5/28/2008 |
Q & A with IAPP Practical
Privacy Series Speakers |
IAPP |
Agnes Bundy Scanlan |
Incidents of lost personal data make the news on a
weekly basis and, as we read in yesterday's
Daily Dashboard,
we do not hear about many of the breaches that occur due
to retailers' reluctance to tell. |
|
5/25/2008 |
Retailers Keep Silent
About Data Security Breaches |
Computerworld UK |
Robert MacMillan |
Even while credit card companies predict that fraud
rates will double by 2010, retailers seem loathe to
admit to security breaches when they occur |
|
5/25/2008 |
Retailers Keep Silent
About Data Security Breaches |
Computerworld UK |
Robert MacMillan |
Even while credit card companies predict that fraud
rates will double by 2010, retailers seem loathe to
admit to security breaches when they occur |
|
5/21/2008 |
Data breach at New York
bank possibly affecting hundreds of thousands of CT
consumers |
StamfordPlus.com |
Attorney General's Office |
The personal information, including Social Security
numbers and bank account information, of 4.5 million
customers and investors is missing and the Connecticut
Attorney General wants The Bank of New York to boost
measures to protect customers from identity theft. |
|
5/21/2008 |
Data breach at New York
bank possibly affecting hundreds of thousands of CT
consumers |
StamfordPlus.com |
Attorney General's Office |
The personal information, including Social Security
numbers and bank account information, of 4.5 million
customers and investors is missing and the Connecticut
Attorney General wants The Bank of New York to boost
measures to protect customers from identity theft. |
|
5/20/2008 |
UF Warns Patients of
Security Breach |
Jacksonville Business Journal |
|
The University of Florida (UF) privacy office this week
mailed letters to about 1,900 patients to notify them
that their health information may have been breached. |
|
5/20/2008 |
UF Warns Patients of
Security Breach |
Jacksonville Business Journal |
|
The University of Florida (UF) privacy office this week
mailed letters to about 1,900 patients to notify them
that their health information may have been breached. |
|
5/14/2008 |
Preparation key to
Managing Data Breaches |
eweek.com |
Darryl Taft |
At
the IntrusionWorld Conference and Expo in Baltimore
earlier this week, two chief privacy officers
enlightened attendees to the importance of preventing
data breaches. |
|
5/14/2008 |
Preparation key to
Managing Data Breaches |
eweek.com |
Darryl Taft |
At
the IntrusionWorld Conference and Expo in Baltimore
earlier this week, two chief privacy officers
enlightened attendees to the importance of preventing
data breaches. |
|
5/13/2008 |
Details of six million
Chileans posted online |
vnunet.com |
Ian
Williams |
A
hacker allegedly trying to make a point about poor data
security stole the personal information of about six
million Chilean residents from government and military
servers and posted it on a technology blog. |
|
5/13/2008 |
Details of six million
Chileans posted online |
vnunet.com |
Ian
Williams |
A
hacker allegedly trying to make a point about poor data
security stole the personal information of about six
million Chilean residents from government and military
servers and posted it on a technology blog. |
|
5/2/2008 |
6,000 UCSF patients' data
got put online |
San Francisco Chronicle |
Elizabeth Fernandez |
The San Francisco Chronicle reports
that personally-identifiable information for more than
6,000 patients of the University of California San
Francisco Medical Center was left exposed online for
more than three months. |
|
5/2/2008 |
6,000 UCSF patients' data
got put online |
San Francisco Chronicle |
Elizabeth Fernandez |
The San Francisco Chronicle reports
that personally-identifiable information for more than
6,000 patients of the University of California San
Francisco Medical Center was left exposed online for
more than three months. |
|
5/1/2008 |
Federal Breach
Notification stuck in Congress |
searchcio-midmarket.com |
Zach Church |
Hope is quickly fading for federal adoption of a data
breach notification bill that would pre-empt state law
and create a single, simpler standard for data breach
response, according to SearchCIO-Midmarket.com. Nine
bills are hung up in Congressional committee, six of
which would have the effect of setting a unified
standard for businesses. |
|
5/1/2008 |
Federal Breach
Notification stuck in Congress |
searchcio-midmarket.com |
Zach Church |
Hope is quickly fading for federal adoption of a data
breach notification bill that would pre-empt state law
and create a single, simpler standard for data breach
response, according to SearchCIO-Midmarket.com. Nine
bills are hung up in Congressional committee, six of
which would have the effect of setting a unified
standard for businesses. |
|
4/29/2008 |
Mortgage Broker Sues
Lenders in Privacy Breach |
Washington Post.com |
Ellen Nakashima |
Following a privacy breach that exposed the personal
information of an undisclosed number of individuals,
online mortgage broker LendingTree has filed suit
against five home loan lenders and two former company
executives. |
|
4/29/2008 |
Mortgage Broker Sues
Lenders in Privacy Breach |
Washington Post.com |
Ellen Nakashima |
Following a privacy breach that exposed the personal
information of an undisclosed number of individuals,
online mortgage broker LendingTree has filed suit
against five home loan lenders and two former company
executives. |
|
4/25/2008 |
How to Respond to a Data
Breach |
Wall Street Journal |
Ben
Worthen |
According to Wall Street Journal
business technology blogger Ben Worthen, the University
of Miami's response to a recent data breach could serve
as a model for organizations that have experienced
similar breaches. |
|
4/25/2008 |
How to Respond to a Data
Breach |
Wall Street Journal |
Ben
Worthen |
According to Wall Street Journal
business technology blogger Ben Worthen, the University
of Miami's response to a recent data breach could serve
as a model for organizations that have experienced
similar breaches. |
|
4/23/2008 |
Stung by hackers, grocer
encrypts customer data |
Boston Globe |
Todd Wallack |
In
the wake of a data breach that affected more than four
million of its customers, grocer Hannaford Bros. has
invested millions of dollars to upgrade its security,
including encrypting all transactional data. |
|
4/23/2008 |
Stung by hackers, grocer
encrypts customer data |
Boston Globe |
Todd Wallack |
In
the wake of a data breach that affected more than four
million of its customers, grocer Hannaford Bros. has
invested millions of dollars to upgrade its security,
including encrypting all transactional data. |
|
4/22/2008 |
LendingTree discloses
insider data breach |
Info World |
Ellen Messmer |
Online mortgage lead generation service LendingTree
disclosed this week that a number of former employees
used their old passwords to give mortgage brokers
unauthorized access to subscribers' personal records. |
|
4/22/2008 |
Pre-emptive strategy best
approach to breach notification |
Midmarket CIO News |
Zach Church |
Security breaches happen, and an organization's response
to a breach is the crucial first step in recovery. |
|
4/22/2008 |
LendingTree discloses
insider data breach |
Info World |
Ellen Messmer |
Online mortgage lead generation service LendingTree
disclosed this week that a number of former employees
used their old passwords to give mortgage brokers
unauthorized access to subscribers' personal records. |
|
4/22/2008 |
Pre-emptive strategy best
approach to breach notification |
Midmarket CIO News |
Zach Church |
Security breaches happen, and an organization's response
to a breach is the crucial first step in recovery. |
|
4/16/2008 |
Good News:
After Breach, Consumers Vote With Their Feet |
Information Week |
George Hulme |
George Hulme reports in his recent Security Weblog entry
for InformationWeek
that, according to a new Ponemon Institute survey,
nearly a third of consumers who receive a breach
notification letter will terminate their relationship
with the offending vendor, while another 57 percent said
the letter caused them to lose confidence in the
company. |
|
4/16/2008 |
Good News:
After Breach, Consumers Vote With Their Feet |
Information Week |
George Hulme |
George Hulme reports in his recent Security Weblog entry
for InformationWeek
that, according to a new Ponemon Institute survey,
nearly a third of consumers who receive a breach
notification letter will terminate their relationship
with the offending vendor, while another 57 percent said
the letter caused them to lose confidence in the
company. |
|
4/10/2008 |
Stolen NIH Laptop Held
Social Security Numbers |
The Washington Post |
Rick Weiss & Ellen Nakashima |
The NIH is sending letters to more than 1,200
participants of a National Health Institutes study whose
Social Security numbers were exposed when an unencrypted
laptop computer was stolen from an employee's vehicle
last month. |
|
4/10/2008 |
Stolen NIH Laptop Held
Social Security Numbers |
The Washington Post |
Rick Weiss & Ellen Nakashima |
The NIH is sending letters to more than 1,200
participants of a National Health Institutes study whose
Social Security numbers were exposed when an unencrypted
laptop computer was stolen from an employee's vehicle
last month. |
|
4/8/2008 |
Insurance records of
71,000 Ga. Families made public |
Atlanta Journal Constitution |
Bill Hendrick |
The health insurance information of 71,000 Georgia
families enrolled in insurance programs for the poor was
left exposed on the Internet for a number of days, and
may have been viewed by unauthorized parties. |
|
4/8/2008 |
Latest Laptop Loss At
Pfizer Renews Worries |
theday.com |
Lee
Howard |
Pharmaceutical firm Pfizer disclosed that a
password-protected laptop computer stolen from a
contractor in February contained personally-identifiable
information for about 800 employees. |
|
4/8/2008 |
Insurance records of
71,000 Ga. Families made public |
Atlanta Journal Constitution |
Bill Hendrick |
The health insurance information of 71,000 Georgia
families enrolled in insurance programs for the poor was
left exposed on the Internet for a number of days, and
may have been viewed by unauthorized parties. |
|
4/8/2008 |
Latest Laptop Loss At
Pfizer Renews Worries |
theday.com |
Lee
Howard |
Pharmaceutical firm Pfizer disclosed that a
password-protected laptop computer stolen from a
contractor in February contained personally-identifiable
information for about 800 employees. |
|
4/2/2008 |
Vermont ski area reports
hannaford-like theft of payment card data |
ComputerWorld |
Jaikumar Vijayan |
A
breach at Vermont's Okemo Mountain Resort exposed the
data from 46,000 credit and debit cards in February. |
|
4/2/2008 |
TJX settles with
MasterCard over data breach |
The Boston Globe |
Ross Kerber |
Pending final acceptance by the banks involved, TJX Cos.
has reached an agreement with MasterCard Inc. to cover
up to $24 million in fraud losses associated with the
data breach disclosed last year that affected 100
million cardholders. If accepted, the issuing banks
forgo any litigation associated with the losses. |
|
4/2/2008 |
Vermont ski area reports
hannaford-like theft of payment card data |
ComputerWorld |
Jaikumar Vijayan |
A
breach at Vermont's Okemo Mountain Resort exposed the
data from 46,000 credit and debit cards in February. |
|
4/2/2008 |
TJX settles with
MasterCard over data breach |
The Boston Globe |
Ross Kerber |
Pending final acceptance by the banks involved, TJX Cos.
has reached an agreement with MasterCard Inc. to cover
up to $24 million in fraud losses associated with the
data breach disclosed last year that affected 100
million cardholders. If accepted, the issuing banks
forgo any litigation associated with the losses. |
|
4/1/2008 |
Hannaford Data Breach
Blamed on Malware |
Information Week |
Thomas Claburn |
The data breach that exposed the credit and debit card
information of 4.2 Hannaford Bros. supermarket customers
earlier this month appears to have resulted from
malicious software. |
|
4/1/2008 |
Hannaford Data Breach
Blamed on Malware |
Information Week |
Thomas Claburn |
The data breach that exposed the credit and debit card
information of 4.2 Hannaford Bros. supermarket customers
earlier this month appears to have resulted from
malicious software. |
|
3/25/2008 |
Another Data Security
Breach |
Baltimore Sun |
Jonathan D. Rockoff |
A
laptop containing medical test results for 2,500
patients was stolen from the car trunk of a National
Institutes of Health (NIH) employee, exposing the names,
birth dates and unencrypted test results of participants
in a heart imaging study. |
|
3/25/2008 |
Another Data Security
Breach |
Baltimore Sun |
Jonathan D. Rockoff |
A
laptop containing medical test results for 2,500
patients was stolen from the car trunk of a National
Institutes of Health (NIH) employee, exposing the names,
birth dates and unencrypted test results of participants
in a heart imaging study. |
|
3/21/2008 |
Passport files of 3
Candidates were improperly viewed |
New York Times |
Helene Cooper & Michael Grynbaum |
What began as an inquiry into three separate data
breaches of Barack Obama's passport file, has turned
into a widespread investigation at the State Department,
involving information on Hillary Rodham Clinton and John
McCain, as well. |
|
3/21/2008 |
Passport files of 3
Candidates were improperly viewed |
New York Times |
Helene Cooper & Michael Grynbaum |
What began as an inquiry into three separate data
breaches of Barack Obama's passport file, has turned
into a widespread investigation at the State Department,
involving information on Hillary Rodham Clinton and John
McCain, as well. |
|
3/18/2008 |
Experts try to make sense
of Hannaford data breach |
SC
Magazine |
Dan
Kaplan |
Little new information has emerged since Hannaford Bros.
supermarket chain yesterday confirmed that 4.2 million
credit and debit cards were stolen from the company's
system during the checkout authorization process between
December and March, but some experts are speculating on
the cause. |
|
3/18/2008 |
Experts try to make sense
of Hannaford data breach |
SC
Magazine |
Dan
Kaplan |
Little new information has emerged since Hannaford Bros.
supermarket chain yesterday confirmed that 4.2 million
credit and debit cards were stolen from the company's
system during the checkout authorization process between
December and March, but some experts are speculating on
the cause. |
|
3/12/2008 |
Bearer of Bad News |
Government Executive |
Andrew Noyes |
The Department of Veterans Affairs data breach of 2006
that resulted in the personally-identifiable information
of more than 26 million U.S. veterans, and the VA's
response to that event, was a case study in how
government agencies should not respond to a breach
event. |
|
3/12/2008 |
Bearer of Bad News |
Government Executive |
Andrew Noyes |
The Department of Veterans Affairs data breach of 2006
that resulted in the personally-identifiable information
of more than 26 million U.S. veterans, and the VA's
response to that event, was a case study in how
government agencies should not respond to a breach
event. |
|
3/11/2008 |
Oklahoma County Clerk's
records reveal social security numbers |
Tulsa Today |
Mike McCarville |
Residents of Oklahoma County, Oklahoma learned recently
that a Web site maintained by County Clerk Carolynn
Caudill has left their Social Security numbers exposed
to anyone who cares to take a look. |
|
3/11/2008 |
Oklahoma County Clerk's
records reveal social security numbers |
Tulsa Today |
Mike McCarville |
Residents of Oklahoma County, Oklahoma learned recently
that a Web site maintained by County Clerk Carolynn
Caudill has left their Social Security numbers exposed
to anyone who cares to take a look. |
|
3/7/2008 |
Bankrupt lenders throwing
away your privacy |
MSNBC |
Alex Johnson |
As
more and more mortgage companies go out of business as a
result of the sub-prime lending crisis, a disturbing
trend has been uncovered in dumpsters and trash bins
near to the defunct lenders. |
|
3/6/2008 |
When does a privacy
breach cause harm? |
ComputerWorld |
Jay
Cline |
To
date, U.S. courts have stopped short at putting a price
on the non-monetary harms that result from privacy
breaches, such as those affecting a consumer's dignity.
That may change, writes Jay Cline for
Computerworld,
as other nations working to develop breach standards
begin defining thresholds for privacy harm that include
these seemingly less tangible injuries. |
|
3/6/2008 |
Data-leak security proves
to be too hard to use |
InfoWorld |
Matt Hines |
While most companies would acknowledge that "data leaks"
are a persistently troublesome challenge to maintaining
data integrity, those that have invested in data leak
prevention (DLP) products to plug their holes have found
them to be somewhat effective, though very difficult to
use. |
|
3/3/2008 |
Missing laptop, data
could affect Q-C Oscar Mayer employees |
Quad City Times |
Doug Schoropp |
A
Kraft Foods laptop computer recently stolen from an
employee contained personally identifiable information
for as many as 20,000 of the company's employees,
including 1,700 workers at a Davenport Oscar Mayer
plant. |
|
3/3/2008 |
TJX customers to claim
eligibility for breach settlement |
SC
Magazine |
Dan
Kaplan |
TJX Companies, operators of discount retail chains TJ
Maxx, Marshall's and Home Goods, has begun sending
notices to customers with instructions for obtaining
$30-$80 vouchers as part of a settlement stemming from a
data breach in which the personal information of between
45 and 100 million consumers was exposed. |
|
2/21/2008 |
Experts Offer Advice To
Recipients Of Breach Notices |
CSO Magazine |
Kathleen Carr |
Companies experiencing a data breach lack little in
terms of guidance for taking their next steps, but what
of the consumer who gets a breach notice letter in the
mail? |
|
2/21/2008 |
Experts Offer Advice To
Recipients Of Breach Notices |
CSO Magazine |
Kathleen Carr |
Companies experiencing a data breach lack little in
terms of guidance for taking their next steps, but what
of the consumer who gets a breach notice letter in the
mail? |
|
2/20/2008 |
South African Data
Protection Law Delayed |
ITWeb |
Leon Engelbrecht |
South African tech portal ITWeb.com
reports that a pending data protection law has been held
up in process and is not expected to be enacted before
2009. The South African Law Reform Commission is working
on the Protection of Personal Information Bill, which is
intended to help protect people from abuse of their
personally identifiable information by holding
individuals and organizations criminally responsible for
failing to adequately protect information, and requiring
notice if a breach occurs. |
|
2/20/2008 |
South African Data
Protection Law Delayed |
ITWeb |
Leon Engelbrecht |
South African tech portal ITWeb.com
reports that a pending data protection law has been held
up in process and is not expected to be enacted before
2009. The South African Law Reform Commission is working
on the Protection of Personal Information Bill, which is
intended to help protect people from abuse of their
personally identifiable information by holding
individuals and organizations criminally responsible for
failing to adequately protect information, and requiring
notice if a breach occurs. |
|
2/14/2008 |
HP, Journalists Settle
Pretexting Suit |
E
Commerce Times |
Katherine Noyes |
A
group of four journalists, including
BusinessWeek's Peter Burrows,
Ben Elgin and Roger Crockett, and
The New York Times' John
Markoff, have settled spying claims against tech concern
HP stemming from the company's 2006 investigation into
the source of high-level information leaks. |
|
2/14/2008 |
HP, Journalists Settle
Pretexting Suit |
E
Commerce Times |
Katherine Noyes |
A
group of four journalists, including
BusinessWeek's Peter Burrows,
Ben Elgin and Roger Crockett, and
The New York Times' John
Markoff, have settled spying claims against tech concern
HP stemming from the company's 2006 investigation into
the source of high-level information leaks. |
|
2/8/2008 |
Montana Financial Firm
Hacked, SSNs Stolen |
Great Falls Tribune |
Erin Madison |
Computer Systems belonging to a local finaicial firm, DA
Davidson Co. was recently hacked, putting the personal
and financial information of 226,000 account holders at
risk. |
|
2/8/2008 |
Montana Financial Firm
Hacked, SSNs Stolen |
Great Falls Tribune |
Erin Madison |
Computer Systems belonging to a local finaicial firm, DA
Davidson Co. was recently hacked, putting the personal
and financial information of 226,000 account holders at
risk. |
|
2/7/2008 |
One Breach, Two Letters |
CSO Magazine |
Scott Berinato |
When Monster.com suffered a data breach last year, the
victims were not just users of the well-known online job
search service. |
|
2/7/2008 |
One Breach, Two Letters |
CSO Magazine |
Scott Berinato |
When Monster.com suffered a data breach last year, the
victims were not just users of the well-known online job
search service. |
|
2/4/2008 |
California Lawmaker Wants
To Toughen Breach Law |
Info World |
Victor R. Garza |
State Senator Joe Simitian has drafted two new bills
designed to stiffen California's data breach law,
including one that would outline new guidelines for
breach notice requirements and that would require
consumer notification letters to be brief and clearly
understood. |
|
2/4/2008 |
California Lawmaker Wants
To Toughen Breach Law |
Info World |
Victor R. Garza |
State Senator Joe Simitian has drafted two new bills
designed to stiffen California's data breach law,
including one that would outline new guidelines for
breach notice requirements and that would require
consumer notification letters to be brief and clearly
understood. |
|
2/1/2008 |
Massachusetts Adopts Data
Breach Law |
Boston Herald |
Maria Recalde |
Massachusetts has joined the list of states that have
adopted data breach notification laws. The law affects
any person or commercial or public entity that handles
the personal information of Bay State residents. |
|
2/1/2008 |
Massachusetts Adopts Data
Breach Law |
Boston Herald |
Maria Recalde |
Massachusetts has joined the list of states that have
adopted data breach notification laws. The law affects
any person or commercial or public entity that handles
the personal information of Bay State residents. |
|
1/31/2008 |
New Jersey Wants
Investigation After Blue Cross Breach |
The Star Ledger |
Ted
Sherman |
State legislators have called for a formal inquiry into
a data breach at Horizon Blue Cross in which the
personal information of 300,000 individuals was
compromised. |
|
1/31/2008 |
New Jersey Wants
Investigation After Blue Cross Breach |
The Star Ledger |
Ted
Sherman |
State legislators have called for a formal inquiry into
a data breach at Horizon Blue Cross in which the
personal information of 300,000 individuals was
compromised. |
|
1/29/2008 |
Georgetown University
Reports Data Breach |
The Hoya |
Michele Hong |
Georgetown University reported that an external hard
drive containing the personally identifiable information
of 38,000 students, alumni and faculty was stolen from
the Office of Student Affairs earlier this month. |
|
1/29/2008 |
Georgetown University
Reports Data Breach |
The Hoya |
Michele Hong |
Georgetown University reported that an external hard
drive containing the personally identifiable information
of 38,000 students, alumni and faculty was stolen from
the Office of Student Affairs earlier this month. |
|
1/25/2008 |
13 Breaches And Counting
In Higher Education |
Campus Technology |
David Nagel |
As
of January 25, 13 colleges and universities had reported
data breaches affecting students, alumni and employees.
Insider data thefts at Baylor University compromised
email accounts, while at Central Piedmont Community
College a student employee was arrested for embezzlement
and ID theft after accessing records through her job. |
|
1/25/2008 |
Penn State Laptop with
Alumni PII Stolen |
The Daily Collegian |
Lauren Boyer |
A
university laptop containing archived information and
social security numbers for 677 students attending Penn
State between 1999 and 2004 was recently stolen from a
faculty member while traveling earlier this month. |
|
1/25/2008 |
Stolen HMO Laptop
Contained PII |
Telegram & Gazette |
Bob
Kievra |
A
stolen laptop computer belonging to Massachusetts-based
Fallon Community Health Plan (FCHP) contained the
personally identifiable information of as many as 30,000
of the HMO's subscribers. |
|
1/25/2008 |
13 Breaches And Counting
In Higher Education |
Campus Technology |
David Nagel |
As
of January 25, 13 colleges and universities had reported
data breaches affecting students, alumni and employees.
Insider data thefts at Baylor University compromised
email accounts, while at Central Piedmont Community
College a student employee was arrested for embezzlement
and ID theft after accessing records through her job. |
|
1/25/2008 |
Penn State Laptop with
Alumni PII Stolen |
The Daily Collegian |
Lauren Boyer |
A
university laptop containing archived information and
social security numbers for 677 students attending Penn
State between 1999 and 2004 was recently stolen from a
faculty member while traveling earlier this month. |
|
1/25/2008 |
Stolen HMO Laptop
Contained PII |
Telegram & Gazette |
Bob
Kievra |
A
stolen laptop computer belonging to Massachusetts-based
Fallon Community Health Plan (FCHP) contained the
personally identifiable information of as many as 30,000
of the HMO's subscribers. |
|
1/24/2008 |
California Expands Breach
Notice |
Mondaq |
Jacqueline Klosek |
Goodwin Proctor lawyers and IAPP members Deborah
Birnbach, Agnes Bundy Scanlan and Jacqueline Klosek
offer their perspective on the scope and impact of
California's expanded data notification law. AB 1298,
which went into effect on January 1, extends data breach
notification requirements to medical and health
insurance information, while also clarifying the
"security freeze" portion of SB 1386. |
|
1/24/2008 |
California Expands Breach
Notice |
Mondaq |
Jacqueline Klosek |
Goodwin Proctor lawyers and IAPP members Deborah
Birnbach, Agnes Bundy Scanlan and Jacqueline Klosek
offer their perspective on the scope and impact of
California's expanded data notification law. AB 1298,
which went into effect on January 1, extends data breach
notification requirements to medical and health
insurance information, while also clarifying the
"security freeze" portion of SB 1386. |
|
1/22/2008 |
Ministry Of Defence
Admits More Lost Laptops |
Guardian Unlimited |
Richard Norton-Taylor |
The Ministry of Defence investigates the theft of a
laptop computer containing personal information on more
than 600,000 potential armed forces recruits. |
|
1/22/2008 |
Ministry Of Defence
Admits More Lost Laptops |
Guardian Unlimited |
Richard Norton-Taylor |
The Ministry of Defence investigates the theft of a
laptop computer containing personal information on more
than 600,000 potential armed forces recruits. |
|
1/20/2008 |
Feds Blame KC Officials
For IRS Tape Loss |
Associated Press |
Associated Press |
Twenty-six IRS data tapes containing tax information on
Kansas City, Missouri residents were lost due to the
negligence of city officials, according to federal
investigators. |
|
1/20/2008 |
Feds Blame KC Officials
For IRS Tape Loss |
Associated Press |
Associated Press |
Twenty-six IRS data tapes containing tax information on
Kansas City, Missouri residents were lost due to the
negligence of city officials, according to federal
investigators. |
|
1/16/2008 |
Carphone Warehouse In Fix
After Breach |
Silicon.com |
Nick Heath |
British mobile phone retailer Carphone Warehouse and
sister company TalkTalk have been ordered to bring data
privacy and security practices in line with the
Information Commissioner's Office demands, or face
"unlimited fines" following the recent discovery of a
data breach that has put the personal information of
thousands of customers at risk. |
|
1/16/2008 |
Carphone Warehouse In Fix
After Breach |
Silicon.com |
Nick Heath |
British mobile phone retailer Carphone Warehouse and
sister company TalkTalk have been ordered to bring data
privacy and security practices in line with the
Information Commissioner's Office demands, or face
"unlimited fines" following the recent discovery of a
data breach that has put the personal information of
thousands of customers at risk. |
|
1/7/2008 |
Class Action Against
Sears "Ridiculous" |
Information Week |
Andrew Conry-Murray |
InformationWeek security blogger
Andrew Conry-Murray says the class action lawsuit filed
last week against retailer Sears, Roebuck & Co. for a
security flaw that exposed consumer purchase and
warranty information via its now defunct
managemyhome.com Web site is "ridiculous." |
|
1/7/2008 |
Class Action Against
Sears "Ridiculous" |
Information Week |
Andrew Conry-Murray |
InformationWeek security blogger
Andrew Conry-Murray says the class action lawsuit filed
last week against retailer Sears, Roebuck & Co. for a
security flaw that exposed consumer purchase and
warranty information via its now defunct
managemyhome.com Web site is "ridiculous." |
|
1/7/2008 |
Price of data theft
response:
Milions |
Portland Press Herald |
Edward D. Murphy |
A
report from the Maine Bureau of Financial Information
shows that the TJX and Hannaford data breaches resulted
in millions of dollars in costs to state banks and
credit unions. |
|
1/4/2008 |
Calif. Law Requires
Notification Of Data Breaches Involving Medical Records |
San Francisco Chronicle |
Deborah Gage |
California's first-in-the-nation security breach
notification law -- which took effect on July 1, 2003 --
has been expanded to include notification of residents
when their electronic medical information or health
information is compromised. |
|
1/4/2008 |
Security breach could
derail NHS database plan |
CBR |
Staff Writer |
A
Department of Health security breach that has affected
medical records belonging to 168,000 patients. |
|
1/4/2008 |
Calif. Law Requires
Notification Of Data Breaches Involving Medical Records |
San Francisco Chronicle |
Deborah Gage |
California's first-in-the-nation security breach
notification law -- which took effect on July 1, 2003 --
has been expanded to include notification of residents
when their electronic medical information or health
information is compromised. |
|
1/4/2008 |
Security breach could
derail NHS database plan |
CBR |
Staff Writer |
A
Department of Health security breach that has affected
medical records belonging to 168,000 patients. |
|
12/31/2007 |
Breach Disclosure Laws
Shed Light On Inventory Of Lost Records In 2007 |
Security Focus |
Robert Lemos |
Two organizations, Attrition.org and the Identity Theft
Resource Center, have tracked the number of lost records
in 2007. |
|
12/31/2007 |
Breach Disclosure Laws
Shed Light On Inventory Of Lost Records In 2007 |
Security Focus |
Robert Lemos |
Two organizations, Attrition.org and the Identity Theft
Resource Center, have tracked the number of lost records
in 2007. |
|
12/25/2007 |
TJX Creates New Privacy
Roles In Wake Of Breach |
The Boston Globe |
Ross Kerber |
A
year after TJX Cos. revealed a computer intrusion that
led to the theft of at least 46.5 million customer
records, the company is moving to beef up its privacy
efforts by naming a chief privacy officer (CPO) and
hiring a privacy director. |
|
12/25/2007 |
TJX Creates New Privacy
Roles In Wake Of Breach |
The Boston Globe |
Ross Kerber |
A
year after TJX Cos. revealed a computer intrusion that
led to the theft of at least 46.5 million customer
records, the company is moving to beef up its privacy
efforts by naming a chief privacy officer (CPO) and
hiring a privacy director. |
|
12/21/2007 |
Consumers Remain Loyal To
TJX Despite Breach |
Boston Globe |
Ross Kerber |
This article explores the customer loyalty that TJX
enjoys despite its costly and vast security breach
ramifications. |
|
12/21/2007 |
Consumers Remain Loyal To
TJX Despite Breach |
Boston Globe |
Ross Kerber |
This article explores the customer loyalty that TJX
enjoys despite its costly and vast security breach
ramifications. |
|
12/19/2007 |
Investigation Under Way
After Medical Records Found In Trash Bin |
Norwich Evening News |
|
A
Bowthorpe woman discovered hospital records containing
confidential data on about 30 patients at the Norfolk
and Norwich University Hospital in a trash bin including
patients' names, their hospital numbers, past medical
history, and other personal details. |
|
12/19/2007 |
Details Of TJX Settlement
Not Disclosed |
The Boston Globe |
Ross Kerber |
TJX Cos. has reached a settlement with banks in New
England over credit card security practices that led to
a security breach that jeopardized as many as 100
million accounts. |
|
12/19/2007 |
Investigation Under Way
After Medical Records Found In Trash Bin |
Norwich Evening News |
|
A
Bowthorpe woman discovered hospital records containing
confidential data on about 30 patients at the Norfolk
and Norwich University Hospital in a trash bin including
patients' names, their hospital numbers, past medical
history, and other personal details. |
|
12/19/2007 |
Details Of TJX Settlement
Not Disclosed |
The Boston Globe |
Ross Kerber |
TJX Cos. has reached a settlement with banks in New
England over credit card security practices that led to
a security breach that jeopardized as many as 100
million accounts. |
|
12/18/2007 |
Records Missing For More
Than 3 Million British Learner Drivers |
The Times Online |
Philip Webster |
The government has acknowledged that the driving test
records from September 2004 through April 2007 are
missing from a facility in Iowa City, Iowa. |
|
12/18/2007 |
Ministers Mull Plans To
Create Criminal Penalties For Egregious Data Protection
Breaches |
The Times |
Greg Hurst |
Ministers are reviewing proposals that would impose
criminal penalties - including jail - for civil servants
who fail to protect citizens' personal information in
the wake of a government data breach that has exposed
the child benefit records of 25 million people. |
|
12/18/2007 |
Records Missing For More
Than 3 Million British Learner Drivers |
The Times Online |
Philip Webster |
The government has acknowledged that the driving test
records from September 2004 through April 2007 are
missing from a facility in Iowa City, Iowa. |
|
12/18/2007 |
Ministers Mull Plans To
Create Criminal Penalties For Egregious Data Protection
Breaches |
The Times |
Greg Hurst |
Ministers are reviewing proposals that would impose
criminal penalties - including jail - for civil servants
who fail to protect citizens' personal information in
the wake of a government data breach that has exposed
the child benefit records of 25 million people. |
|
12/17/2007 |
Web Server Glitch Exposes
Personal Data On Canada Post Site |
The Globe and Mail |
Kenyon Wallace |
A
Vancouver small business owner searched his company's
name and discovered a link that contained his username
and password for Canada Post's Sell Online Web site. The
glitch exposed names, addresses and shipping
information, including the potential to access credit
card numbers associated with the accounts. |
|
12/17/2007 |
Government Notifies More
Than 8 Million People About Missing Pension Records |
International Herald Tribune |
Associated Press |
The government is seeking to recover from a security
breach that has shaken the public's confidence in the
country's ability to take care of its elderly. |
|
12/17/2007 |
Deloitte & Touche,
Ponemon Institute Release Breach Survey Results |
Network World |
Ellen Messmer |
The Enterprise at Risk: 2007 Privacy
and Data Protection Survey
reveals that 66 percent of 827 security and privacy
professionals in North America say they know of six to
20 privacy incidents in their organizations in 2007 that
involved the exposure or mishandling of sensitive
personally identifiable information. |
|
12/17/2007 |
Computerworld's Q&A With
Art Coviello |
Computer World |
Siobahn Chapman |
What companies need to do in the face of increasingly
sophisticated cybercrime attacks and escalating security
breaches. |
|
12/17/2007 |
Web Server Glitch Exposes
Personal Data On Canada Post Site |
The Globe and Mail |
Kenyon Wallace |
A
Vancouver small business owner searched his company's
name and discovered a link that contained his username
and password for Canada Post's Sell Online Web site. The
glitch exposed names, addresses and shipping
information, including the potential to access credit
card numbers associated with the accounts. |
|
12/17/2007 |
Government Notifies More
Than 8 Million People About Missing Pension Records |
International Herald Tribune |
Associated Press |
The government is seeking to recover from a security
breach that has shaken the public's confidence in the
country's ability to take care of its elderly. |
|
12/17/2007 |
Deloitte & Touche,
Ponemon Institute Release Breach Survey Results |
Network World |
Ellen Messmer |
The Enterprise at Risk: 2007 Privacy
and Data Protection Survey
reveals that 66 percent of 827 security and privacy
professionals in North America say they know of six to
20 privacy incidents in their organizations in 2007 that
involved the exposure or mishandling of sensitive
personally identifiable information. |
|
12/17/2007 |
Computerworld's Q&A With
Art Coviello |
Computer World |
Siobahn Chapman |
What companies need to do in the face of increasingly
sophisticated cybercrime attacks and escalating security
breaches. |
|
12/14/2007 |
HMRC: One Of The Biggest
Stories Of 2007 |
silicon.com |
Gemma Simpson |
The HMRC security breach that jeopardized the personal
information of 25 million child benefit recipients as
one of the biggest stories of 2007. |
|
12/14/2007 |
HMRC: One Of The Biggest
Stories Of 2007 |
silicon.com |
Gemma Simpson |
The HMRC security breach that jeopardized the personal
information of 25 million child benefit recipients as
one of the biggest stories of 2007. |
|
12/12/2007 |
Bank Attorney: TJX Knew
Of Computer Intrusion Two Months Earlier Than Reported |
The Boston Globe |
Ross Kerber |
An
attorney for AmeriFirst Bank of Alabama, which is suing
TJX in federal court, said yesterday that the retailer
knew about its system intrusion two months before it
said it learned of the breach in December 2006 |
|
12/12/2007 |
Data On Northern Ireland
Motorists Missing |
Precision Marketing |
Gemma Hummerston |
Two unencrypted computer discs containing the names and
addresses of 7,685 Northern Ireland motorists are
missing. |
|
12/12/2007 |
Bank Attorney: TJX Knew
Of Computer Intrusion Two Months Earlier Than Reported |
The Boston Globe |
Ross Kerber |
An
attorney for AmeriFirst Bank of Alabama, which is suing
TJX in federal court, said yesterday that the retailer
knew about its system intrusion two months before it
said it learned of the breach in December 2006 |
|
12/12/2007 |
Data On Northern Ireland
Motorists Missing |
Precision Marketing |
Gemma Hummerston |
Two unencrypted computer discs containing the names and
addresses of 7,685 Northern Ireland motorists are
missing. |
|
12/11/2007 |
B.C. commissioner
investigating breach of privacy |
The Vancouver Sun |
|
David Loukidelis made public today in a news release
that his office is investigating the B.C. Ministry of
Health over a breach of privacy involving the loss of
unencrypted magnetic tapes containing the personal
information of over 100 B.C. residents. |
|
12/11/2007 |
B.C. commissioner
investigating breach of privacy |
The Vancouver Sun |
|
David Loukidelis made public today in a news release
that his office is investigating the B.C. Ministry of
Health over a breach of privacy involving the loss of
unencrypted magnetic tapes containing the personal
information of over 100 B.C. residents. |
|
12/10/2007 |
USA TODAY: Records
Compromised In Breaches More Than Triples In 2007 |
USA Today |
Byron Acohido |
An
analysis of security breaches in 2007 reveals that more
than 162 million records have been reported lost or
stolen in 2007. |
|
12/10/2007 |
USA TODAY: Records
Compromised In Breaches More Than Triples In 2007 |
USA Today |
Byron Acohido |
An
analysis of security breaches in 2007 reveals that more
than 162 million records have been reported lost or
stolen in 2007. |
|
12/6/2007 |
DVLA Sends Confidential
Documents To Wrong Drivers |
BBC News |
|
The Driver and Vehicle Licensing Agency sent about 100
questionnaires containing birth dates and motor vehicle
driving records to the wrong people. |
|
12/6/2007 |
Opinion: A Look At Two
Responses To Privacy Problems |
Information Week |
John Soat |
A
look at two different approaches to privacy PR
challenges: the Facebook Beacon controversy and the TJX
security breach. |
|
12/6/2007 |
Official: Just Over
$100,000 To Remove Confidential Data From HMRC Records |
Computer World |
Tash Shifrin |
The acting chair of HM Revenue and Customs told MPs on
the Commons Treasury committee that it would have cost
$102,000 to remove confidential data from the records of
25 million child benefit recipients. |
|
12/6/2007 |
DVLA Sends Confidential
Documents To Wrong Drivers |
BBC News |
|
The Driver and Vehicle Licensing Agency sent about 100
questionnaires containing birth dates and motor vehicle
driving records to the wrong people. |
|
12/6/2007 |
Opinion: A Look At Two
Responses To Privacy Problems |
Information Week |
John Soat |
A
look at two different approaches to privacy PR
challenges: the Facebook Beacon controversy and the TJX
security breach. |
 12/6/2007 |
Official: Just Over
$100,000 To Remove Confidential Data From HMRC Records |
Computer World |
Tash
Shifrin |
The acting chair of HM Revenue and Customs told MPs on
the Commons Treasury committee that it would have cost
$102,000 to remove confidential data from the records of
25 million child benefit recipients. |
|
12/5/2007 |
European Commission plans
security breach notification law |
Out-Law News |
|
The European Commission wants laws to be passed across
Europe that would force telecoms companies to tell
customers when personal data security has been breached. |
|
12/5/2007 |
How TJX Became a Lesson
In Proper Security |
internetnews.com |
Andy Patrizio |
The
TJX security breach is threatening to rank as one of the
most expensive lessons in corporate data security
policies. |
|
12/5/2007 |
IPL fixes Web glitch
exposing customers' personal info |
Indianapolis Star |
Tom
Spalding |
Indianapolis Power & Light said it has fixed a security
glitch that potentially exposed compromising personal
information of some of its customers. |
 12/5/2007 |
Duke Law School Reports
Web Site Breach |
The News & Observer |
|
Duke Law School has notified about 1,400 people whose
Social Security numbers were stored on a school Web site
that was compromised during an electronic attack. |
|
12/5/2007 |
European Commission plans
security breach notification law |
Out-Law News |
|
The European Commission wants laws to be passed across
Europe that would force telecoms companies to tell
customers when personal data security has been breached. |
|
12/5/2007 |
How TJX Became a Lesson
In Proper Security |
internetnews.com |
Andy Patrizio |
The
TJX security breach is threatening to rank as one of the
most expensive lessons in corporate data security
policies. |
|
12/5/2007 |
IPL fixes Web glitch
exposing customers' personal info |
Indianapolis Star |
Tom
Spalding |
Indianapolis Power & Light said it has fixed a security
glitch that potentially exposed compromising personal
information of some of its customers. |
|
12/5/2007 |
Duke Law School Reports
Web Site Breach |
The News & Observer |
|
Duke Law School has notified about 1,400 people whose
Social Security numbers were stored on a school Web site
that was compromised during an electronic attack. |
|
12/4/2007 |
Opinion: TJX 'Weathering
The Storm' |
The Boston Globe |
Steven Syre |
Steven Syre looks at the financial impact of the TJX
breach, concluding that despite ongoing legal challenges
and "more checks to write," it is "weathering the storm
remarkably well." In the aftermath of the breach. |
|
12/4/2007 |
Amendment To SB-1386
Takes Effect Jan. 1 |
Mondaq |
Andrew B. Serwin |
Lawmakers in California have approved legislation,
signed recently by Gov. Arnold Schwarzenegger, which
would amend the state's first-in-the-nation security
breach notification law. |
|
12/4/2007 |
Breach at Passport Canada
Web site closed, says Bernier |
National Post |
Andrew Mayeda |
A
"serious" privacy breach at Passport Canada's website
had been fixed. |
|
12/4/2007 |
Passport Canada Shuts
Down Web Site After Breach Complaint |
The Globe and Mail |
Kenyon Wallace |
A
passport applicant has notified Passport Canada that its
Web site was allowing access to applicants' personal
information, including social insurance numbers, birth
dates and driver's license numbers. |
|
12/4/2007 |
Opinion: TJX 'Weathering
The Storm' |
The Boston Globe |
Steven Syre |
Steven Syre looks at the financial impact of the TJX
breach, concluding that despite ongoing legal challenges
and "more checks to write," it is "weathering the storm
remarkably well." In the aftermath of the breach. |
|
12/4/2007 |
Amendment To SB-1386
Takes Effect Jan. 1 |
Mondaq |
Andrew B. Serwin |
Lawmakers in California have approved legislation,
signed recently by Gov. Arnold Schwarzenegger, which
would amend the state's first-in-the-nation security
breach notification law. |
|
12/4/2007 |
Breach at Passport Canada
Web site closed, says Bernier |
National Post |
Andrew Mayeda |
A
"serious" privacy breach at Passport Canada's website
had been fixed. |
|
12/4/2007 |
Passport Canada Shuts
Down Web Site After Breach Complaint |
The Globe and Mail |
Kenyon Wallace |
A
passport applicant has notified Passport Canada that its
Web site was allowing access to applicants' personal
information, including social insurance numbers, birth
dates and driver's license numbers. |
|
12/3/2007 |
Opinion: It's Not All
About The Money |
it-director.com |
Nigel Stanley |
Nigel Stanley, Practice Leader, IT Security, Bloor
Research, highlights the Ponemon Institute's research
that indicates an escalating price tag for security
breaches. |
|
12/3/2007 |
ICO Plans Probe Of Sites
That Illegally Sell Britons' Bank Data |
Times Online |
Alexi Mostrous and Dominic Kennedy |
The Times was able to download
banking information belonging to 32 customers, including
a High Court deputy judge. The newspaper obtained
account numbers, PINs and security codes for free from
illegal sites that offer more information for a fee. |
|
12/3/2007 |
Opinion: It's Not All
About The Money |
it-director.com |
Nigel Stanley |
Nigel Stanley, Practice Leader, IT Security, Bloor
Research, highlights the Ponemon Institute's research
that indicates an escalating price tag for security
breaches. |
|
12/3/2007 |
ICO Plans Probe Of Sites
That Illegally Sell Britons' Bank Data |
Times Online |
Alexi Mostrous and Dominic Kennedy |
The Times was able to download
banking information belonging to 32 customers, including
a High Court deputy judge. The newspaper obtained
account numbers, PINs and security codes for free from
illegal sites that offer more information for a fee. |
|
12/1/2007 |
New Study Recommends
Reforms for Security Breach Notification Laws |
Berkeley Law Study |
|
A
Samuelson Law, Technology & Public Policy Clinic study
of chief security officers finds that security breach
notification laws have had profound effects on practices
within companies. The study found that breach
notification laws drive information exchange among
organizations, and within organizations themselves. |
|
12/1/2007 |
New Study Recommends
Reforms for Security Breach Notification Laws |
Berkeley Law Study |
|
A
Samuelson Law, Technology & Public Policy Clinic study
of chief security officers finds that security breach
notification laws have had profound effects on practices
within companies. The study found that breach
notification laws drive information exchange among
organizations, and within organizations themselves. |
|
11/30/2007 |
TJX Cos. Scores Legal
Victory |
The Boston Globe |
Ross Kerber |
A
U.S. District Court judge has ruled that banks seeking
breach-related damages from TJX Cos. may not bring a
class action against the retailer |
|
11/30/2007 |
TJX Cos. Scores Legal
Victory |
The Boston Globe |
Ross Kerber |
A
U.S. District Court judge has ruled that banks seeking
breach-related damages from TJX Cos. may not bring a
class action against the retailer |
|
11/29/2007 |
FBI Investigates Data
Theft From Nonprofits |
Computer World |
Greg Keizer |
Hackers have made off with passwords and email addresses
from nearly 100 nonprofit organizations. The information
was lifted from a Web-based email marketing and online
fundraising service used by nonprofits, associations,
colleges and universities. |
|
11/29/2007 |
FBI Investigates Data
Theft From Nonprofits |
Computer World |
Greg Keizer |
Hackers have made off with passwords and email addresses
from nearly 100 nonprofit organizations. The information
was lifted from a Web-based email marketing and online
fundraising service used by nonprofits, associations,
colleges and universities. |
|
11/28/2007 |
Survey Indicates Security
Breach Costs Spike 30 Percent |
Baseline |
Deborah Gage |
The price tag for recovering from a security breach
averages $6.3 million, which is a 31 percent increase
since 2006 and almost 90 percent more since 2005,
according to the Ponemon Institute. The Ponemon
Institute study found that two-thirds of a company's
overall costs are devoted to recovering business that is
lost in the breach's aftermath. |
|
11/28/2007 |
Survey Indicates Security
Breach Costs Spike 30 Percent |
Baseline |
Deborah Gage |
The price tag for recovering from a security breach
averages $6.3 million, which is a 31 percent increase
since 2006 and almost 90 percent more since 2005,
according to the Ponemon Institute. The Ponemon
Institute study found that two-thirds of a company's
overall costs are devoted to recovering business that is
lost in the breach's aftermath. |
|
11/25/2007 |
60 Minutes Explores The
Security Vulnerabilities In Retail |
CBS News |
|
View this 60 Minutes video clip from its segment,
"Hi-Tech Heist," reported by Correspondent Lesley Stahl.
Stahl looks at the TJX security breach, which features
Canada's Privacy Commissioner Jennifer Stoddart, whose
investigation into the breach determined that the
discount retailer "collected too much personal
information," then kept it too long and "didn't keep it
according to appropriate security standards." |
|
11/25/2007 |
60 Minutes Explores The
Security Vulnerabilities In Retail |
CBS News |
|
View this 60 Minutes video clip from its segment,
"Hi-Tech Heist," reported by Correspondent Lesley Stahl.
Stahl looks at the TJX security breach, which features
Canada's Privacy Commissioner Jennifer Stoddart, whose
investigation into the breach determined that the
discount retailer "collected too much personal
information," then kept it too long and "didn't keep it
according to appropriate security standards." |
|
11/24/2007 |
Ohio Bank Fined Twice For
Role In Separate Retail Breaches |
The Boston Globe |
Ross Kerber |
Fifth Third Bancorp. of Ohio -- which recently faced an
$880,000 fine for its role in the TJX security breach --
previously paid fines and compensation totaling $1.4
million related to the loss of customer data from BJ's
Wholesale Club Inc. |
|
11/24/2007 |
Ohio Bank Fined Twice For
Role In Separate Retail Breaches |
The Boston Globe |
Ross Kerber |
Fifth Third Bancorp. of Ohio -- which recently faced an
$880,000 fine for its role in the TJX security breach --
previously paid fines and compensation totaling $1.4
million related to the loss of customer data from BJ's
Wholesale Club Inc. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
The Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
The Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
