http://www.startribune.com/local/12190641.html By David Phelps Star Tribune December 6, 2007 Personal information, including the Social Security numbers of more than a quarter-million Minnesota and Wisconsin donors to Memorial Blood Centers, is in the hands of a thief. The organization revealed Wednesday that a laptop containing the names and addresses of 268,000 donors was stolen Nov. 28 as center employees set up a skyway-level blood drive in downtown Minneapolis on Seventh Street. Letters went out Wednesday to the affected donors, who make up about half of Memorial's donor base, apologizing for any inconvenience and warning them to watch for unusual activity in their banking and charge accounts. Blood centers chief executive Don Berglund said the organization believes it is highly unlikely that the person who stole the computer can gain access to the information inside because passwords and security devices had been installed. "We've never had anything like this happen before," said Berglund, who called the incident a "random crime." The theft, which was reported immediately to Minneapolis police, was caught on a security camera. Berglund said about half the laptop's records contain Social Security numbers. The records also include dates of birth and blood types. The data includes people who have donated since the center opened in 1948. Minneapolis police have asked anyone with knowledge of the computer's whereabouts to call 612-692-TIPS (8477). Not the only victims The theft of the blood center's laptop is the latest in what has become a string of crimes in which clients' personal information was stolen from an institution, most commonly retailers or financial institutions. Often the thieves seem more interested in the hardware than the information on it, but identity theft has been traced to the crimes as well. Sometimes the theft is highly sophisticated. Two years ago hackers outside a Marshall's department store in St. Paul used a telescope-shaped antenna to obtain credit card information going between cash registers and the store's computers. The theft ultimately was repeated across the country. Earlier this year Marshall's parent TJX Cos. revealed that information from at least 45.7 million credit and debit cards was stolen. The company recently agreed to pay up to $40.9 million to resolve claims by banks for money lost on Visa credit cards because of the security breach. Fraud claims associated with other credit cards in the case are still pending. The Memorial incident is similar to a case a year ago when a laptop containing the names and Social Security numbers of obstetrics patients of Allina Hospitals and Clinics was stolen from a nurse's car. That laptop was never recovered but there was no indication that the person who took it was able to use the information. "There never was any evidence the information was accessed," said Allina spokesman David Kanihan. "We sent letters [to patients], kept eyes on accounts and nothing ever happened." Nearly two years ago, a laptop containing client information was stolen from a car belonging to an employee of Ameriprise Financial Inc. That laptop was recovered before any data was accessed. 'Unfortunate situation' According to Berglund, Memorial employees who were setting up for the blood drive never saw the person who took the briefcase containing the laptop but realized right away that it had been stolen. The incident occurred at 6:43 a.m. Nov. 28, Berglund said. Memorial waited a week to send out warning letters to donors to allow police time to conduct an investigation, he said. "We want to let you know about an unfortunate situation," the letter begins. It goes on to say, "We believe that the possibility that donor information on the stolen laptop could be used inappropriately is unlikely. Nonetheless, it is always advisable to review your financial records, bank statements, credit card statements and credit reports carefully and report suspicious transactions promptly." Starting this week, Memorial will no longer ask for donors' Social Security numbers. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Dec 09 2007 - 23:48:22 PST