http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9060018 By Jaikumar Vijayan January 29, 2008 Computerworld What do Fallon Community Health Plan, Pennsylvania State University, OmniAmerican Bank and T. Rowe Price Group Inc. all have in common? Each of them recently joined the seemingly never-ending parade of organizations that have disclosed security breaches resulting in the potential compromise of personal data. Leading the pack in terms of the number of data records known to be involved was T. Rowe Price. Two weeks ago, the Baltimore-based investment management firm's retirement plan services group began notifying about 35,000 current and former participants in "several hundred" plans that their names and Social Security numbers might have been compromised, a company spokesman confirmed today. The spokesman said that the possible breach resulted from the theft of computers containing the data from the offices of CBIZ Benefits and Insurance Services Inc., a third-party services provider that was preparing tax-related forms on behalf of T. Rowe Price. The theft took place during the last week of December, he added. T. Rowe Price is offering one year's worth of free credit monitoring services and up to $25,000 in identify theft insurance to the individuals whose personal data was on the stolen systems, the spokesman said. Meanwhile, a similar laptop theft that also took place in late December may have compromised the names, birth dates and some health care data of about 29,800 members at Fallon Community Health Plan, a Worcester, Mass.-based medical provider and insurer. A spokesman for Fallon said that the laptop was stolen from the offices of a third-party services provider, and that the data stored on the system doesn't appear to have been either encrypted or password-protected. But the fact that other equipment was taken along with the laptop may be an indication that the thieves were after the systems and not the data on them, the Fallon spokesman said. Like T. Rowe Price, Fallon is offering one year's worth of credit monitoring to all of the members of its Fallon Senior Plan and Summit ElderCare health plans who were affected by the breach. In cases where it's needed, the credit monitoring services will be extended to two years, the spokesman said, adding that all of the affected plan members have been notified of the incident. In the third incident to make the news over the past few days, Fort Worth, Texas-based OmniAmerican Bank said that it had been forced to impose unspecified restrictions on ATM and debit card transactions after hackers broke into its systems. In a prepared statement, the bank said that it has also implemented a series of new "communications and security measures" in response to attempted fraudulent activity stemming from the break-in last week. It didn't specify what those measures were, and a call to the bank seeking further comment wasn't immediately returned. In addition, OmniAmerican said in the statement that it is issuing new debit cards and personal identification numbers to its customers as a precaution against future fraud. The bank didn't disclose the number of cards that are being blocked and reissued. But a story posted last Thursday by the Fort Worth Star-Telegram newspaper that quoted OmniAmerican's president said that the bank was reissuing about 40,000 cards and that the system break-in was the work of an international gang of cybercriminals. In comparison to the other incidents, the breach reported by Penn State appears to have been much smaller in scope. According to a statement posted on the university's Web site last week, a laptop computer containing personally identifiable information on 677 individuals who attended Penn State between 1999 and 2004 was stolen from a faculty member. The theft occurred while the faculty member was traveling and appears to have been a random theft of hardware, the statement noted. The university said that it currently is in the process of notifying the affected individuals. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Wed Jan 30 2008 - 02:26:37 PST