======================================================================== Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 13, 2011 61 Incidents Added. ======================================================================== DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open Security Foundation asks for contributions of new incidents and new data for existing incidents. For any questions about the project or the data contained within this email or the website (http://www.datalossdb.org), please contact us at curators_at_private ======================================================================== DataLossDB News/Updates No news this week! ======================================================================== Incidents Added Reported Date: 2011-03-16 Summary: 200 credit cards and identities stolen due to credit card machines being compromised Organizations: Nation's Giant Hamburgers http://datalossdb.org/incidents/3458 --------------------- Reported Date: 2011-03-16 Summary: 80 administrators, teachers and school staff payroll files hacked Organizations: Walnut Township School District http://datalossdb.org/incidents/3457 --------------------- Reported Date: 2011-03-14 Summary: 17,094 students' names, addresses, dates of birth, grades, photos, and emergency contacts' birthdates and contact details exposed on the Internet without login required Organizations: University of York http://datalossdb.org/incidents/3421 --------------------- Reported Date: 2011-03-11 Summary: 370 employees' Social Security numbers and financial info sent overseas by Zeus virus Organizations: Virginia Polytechnic Institute and State University http://datalossdb.org/incidents/3427 --------------------- Reported Date: 2011-03-10 Summary: 942 patient’s names, health insurer names, medical record numbers and Rx info on infected server Organizations: University of Massachusetts at Amherst (UMASS) http://datalossdb.org/incidents/3482 --------------------- Reported Date: 2011-03-10 Summary: Missing laptop contained 37,000 patients' personal and protected health information Organizations: Ortho Montana, PSC http://datalossdb.org/incidents/3455 --------------------- Reported Date: 2011-03-10 Summary: Employee arrested for selling customer bank account numbers Organizations: TD Bank http://datalossdb.org/incidents/3440 --------------------- Reported Date: 2011-03-01 Summary: Unaccounted for servers drives contained personal, medical, and financial info on members, employees, and healthcare providers Organizations: IBM, Health Net http://datalossdb.org/incidents/3422 --------------------- Reported Date: 2011-03-01 Summary: Mismailing of tax statements exposed 650 employees' names, Social Insurance numbers, and earnings Organizations: University of Windsor http://datalossdb.org/incidents/3426 --------------------- Reported Date: 2011-03-01 Summary: Mailing error exposes 3,150 cancer patients' names Organizations: Cancer Care Northwest http://datalossdb.org/incidents/3456 --------------------- Reported Date: 2011-02-18 Summary: On-site credit card processing system hacked exposing customer credit card data Organizations: Snow Creek http://datalossdb.org/incidents/3436 --------------------- Reported Date: 2011-02-15 Summary: Mailing sent exposed 8000 childcare providers' Social Security Numbers in mailing labels Organizations: Affiliated Computer Services (ACS), Ohio Department of Job and Family Services http://datalossdb.org/incidents/3432 --------------------- Reported Date: 2011-02-09 Summary: Stolen computer contained names and Social Security numbers of employees Organizations: LOUD Technologies Inc. http://datalossdb.org/incidents/3431 --------------------- Reported Date: 2011-02-04 Summary: Unencrypted flash drive with applicants’ names, addresses, dates of birth, Social Security Numbers, information about applicants’ criminal convictions and results of drug testing lost on bus Organizations: First Transit http://datalossdb.org/incidents/3429 --------------------- Reported Date: 2011-01-31 Summary: Timeshare maintenance payment slips with owners’ names, addresses, full credit card numbers and card expiration dates lost while in transit to bank by shipping service Organizations: Unknown Organization, Marriott Vacation Club Intl http://datalossdb.org/incidents/3433 --------------------- Reported Date: 2011-01-24 Summary: Stolen backup device contained 12,209 patients' Social Security numbers, insurance details, driver’s license information, medical history forms, immunization records, previous doctor records, and patients’ medical records Organizations: Grays Harbor Pediatrics http://datalossdb.org/incidents/3423 --------------------- Reported Date: 2011-01-21 Summary: Mailing error exposes 750 insured employees' names, member numbers and birth dates Organizations: University of Missouri, Coventry Health Care http://datalossdb.org/incidents/3480 --------------------- Reported Date: 2011-01-20 Summary: Patients' names, addresses, and medicare numbers on unencrypted stolen laptops Organizations: Dr. Frances Alborg http://datalossdb.org/incidents/3469 --------------------- Reported Date: 2011-01-18 Summary: “Temporary glitch” in an automated electoral roll registration system resulted in an undisclosed number of personal details being sold to a third-party company. Organizations: Unknown Organization, Wandsworth Council http://datalossdb.org/incidents/3476 --------------------- Reported Date: 2011-01-16 Summary: Customer database with 2,150,000 names, addresses and billing details accessed by employees of rival company's sales marketer Organizations: Telecom, Slingshot, Power Marketing Limited http://datalossdb.org/incidents/3472 --------------------- Reported Date: 2011-01-14 Summary: Names, addresses, birthdates and Social Security numbers of 6500 insurance applicants exposed on web Organizations: Blue Cross Blue Shield Michigan , Tstream Software, Agent Benefits Corp http://datalossdb.org/incidents/3437 --------------------- Reported Date: 2011-01-14 Summary: Stolen computer contained 84,000 patients' names, birth dates, addresses,social security numbers, insurance and diagnosis codes plus some employees' names, social security numbers, birth dates, salary information and addresses Organizations: St. Francis - Broken Arrow Hospital http://datalossdb.org/incidents/3428 --------------------- Reported Date: 2011-01-14 Summary: Malware enabled hacker to access names, addresses, Social Security numbers and birth dates of up to 5,600 insured employees, retirees dependents and survivors. Organizations: South Carolina State Employee Insurance Program http://datalossdb.org/incidents/3438 --------------------- Reported Date: 2011-01-14 Summary: Hack of Omaha School Employees Retirement System web site may have compromised birth dates, Social Security numbers, years of service and beneficiaries of 4300 employees Organizations: Omaha Public Schools http://datalossdb.org/incidents/3424 --------------------- Reported Date: 2011-01-13 Summary: Stolen computer contained deployment records and Social Security numbers of 650 guard members Organizations: New Mexico National Guard http://datalossdb.org/incidents/3425 --------------------- Reported Date: 2011-01-13 Summary: Server with patients' names, birth dates, age, gender, medical record numbers and doctor’s names hacked Organizations: Kadlec Regional Medical Center http://datalossdb.org/incidents/3467 --------------------- Reported Date: 2011-01-12 Summary: Names, addresses, Social Security numbers, dates of birth, medical procedure codes, diagnosis codes and billing information of 231,400 patients on hacked server. Organizations: Seacoast Radiology http://datalossdb.org/incidents/3435 --------------------- Reported Date: 2011-01-12 Summary: Customers' names, addresses, telephone numbers, email addresses, and credit card numbers accessed by hacker and re-routed to email accounts Organizations: Hamilton Beach Brands, Inc. http://datalossdb.org/incidents/3478 --------------------- Reported Date: 2011-01-11 Summary: HuskyDirect.com database with customers' names, addresses, email, telephone number, credit card number, expiration date and security code accessed by someone using vendor's administrative password Organizations: University of Connecticut Cooperative Corporation, Fandotech http://datalossdb.org/incidents/3439 --------------------- Reported Date: 2011-01-07 Summary: Hacker accessed 156,000 patient names, social security numbers, date of birth, home addressees, account numbers, healthcare services and related diagnostic code(s) Organizations: Ankle and Foot Center of Tampa Bay http://datalossdb.org/incidents/3434 --------------------- Reported Date: 2011-01-05 Summary: Mental health patients’ names and dates of birth found on documents that blew out of truck Organizations: Adventist Behavioral Health http://datalossdb.org/incidents/3479 --------------------- Reported Date: 2011-01-03 Summary: Personnel records containing names, Social Security numbers, medical records, home addresses and phone numbers of now-defunct company found by dumpster. Organizations: White Rock Networks http://datalossdb.org/incidents/3468 --------------------- Reported Date: 2011-01-01 Summary: Names and billing rates of 699 former patients of alcohol and drug abuse center on stolen laptop Organizations: Azure Acres http://datalossdb.org/incidents/3470 --------------------- Reported Date: 2011-01-01 Summary: Names, Social Security Numbers and birthdates of 18,871 people exposed on the web. Organizations: Green River District Health Department, Fox Technology Group, Intergranetics http://datalossdb.org/incidents/3420 --------------------- Reported Date: 2010-12-27 Summary: Programming issue exposed employees' Social Security Numbers, medical history information, and spouses' and dependents' information to other employees Organizations: Marsh U.S. Consumer, ITT Corporation http://datalossdb.org/incidents/3477 --------------------- Reported Date: 2010-12-23 Summary: 1.7 million patients' and staffs' personal and/or medical information on tapes stolen from unattended transport vehicle Organizations: NYC Health & Hospitals Corporation, GRM Information Management Services, Jacobi Medical Center, North Central Bronx Hospital, Tremont Health Center, Gunhill Health Center http://datalossdb.org/incidents/3430 --------------------- Reported Date: 2010-12-18 Summary: Information on 12,000 current and former employees, including Social Security numbers, and protected health information of 800 students getting counseling services accessed by hacker Organizations: Saint Louis University http://datalossdb.org/incidents/3462 --------------------- Reported Date: 2010-12-09 Summary: 11,760 customers' records, including passport data and addresses, as well as account data, were discovered exposed on a server Organizations: Far East Telecom http://datalossdb.org/incidents/3441 --------------------- Reported Date: 2010-11-21 Summary: Airmen are being warned to watch their credit card balances after reports of credit card fraud on base Organizations: Shaw Air Force Base http://datalossdb.org/incidents/3443 --------------------- Reported Date: 2010-11-18 Summary: 98 applicants' names, Social Security Numbers, and some dates of birth and addresses on stolen laptop Organizations: Universal Technical Institute http://datalossdb.org/incidents/3471 --------------------- Reported Date: 2010-11-09 Summary: A third party payment service provider’s network had a data breach of customer information. Organizations: Unknown Organization, Monadnock Community Bank http://datalossdb.org/incidents/3442 --------------------- Reported Date: 2010-10-30 Summary: Tokyo Metropolitan police documents with sensitive personal info leaked on internet due to file-sharing error Organizations: Tokyo Metropolitan police Dept http://datalossdb.org/incidents/3445 --------------------- Reported Date: 2010-10-19 Summary: Confidential documents with names, addresses, telephone numbers, dates of birth, medical and employment data, and bank details found in car park after skip is stolen and dumped Organizations: Wolverhampton City Council http://datalossdb.org/incidents/3459 --------------------- Reported Date: 2010-10-13 Summary: 2900 patients' personal info, including Medicare numbers, used as part of Medicare fraud conspiracy Organizations: Orange Regional Medical Center http://datalossdb.org/incidents/3444 --------------------- Reported Date: 2010-09-01 Summary: 5700 members' names and addresses posted online after politically motivated hack Organizations: Sverigedemokratarna (Sweden Democrats) http://datalossdb.org/incidents/3446 --------------------- Reported Date: 2010-08-24 Summary: Employees caught snooping through patients' data Organizations: Mahaska County Hospital http://datalossdb.org/incidents/3450 --------------------- Reported Date: 2010-08-12 Summary: Hacker acquires customers' credit card numbers in real-time Organizations: Tino's Greek Cafe http://datalossdb.org/incidents/3447 --------------------- Reported Date: 2010-08-10 Summary: Hacker stole restaurant customers' credit card information Organizations: Montana Mike's http://datalossdb.org/incidents/3448 --------------------- Reported Date: 2010-06-08 Summary: 197 clients' names and Social Security numbers used by employee for tax return fraud Organizations: LA County Dept. Social Services http://datalossdb.org/incidents/3481 --------------------- Reported Date: 2010-01-19 Summary: Hacker accesses customer database containing names, e-mail and postal addresses, phone numbers, and credit card numbers Organizations: J. Press, Inc. http://datalossdb.org/incidents/3473 --------------------- Reported Date: 2009-08-07 Summary: Former employee caught selling account and credit card numbers Organizations: Wachovia http://datalossdb.org/incidents/3449 --------------------- Reported Date: 2009-07-17 Summary: Briefcase stolen from car contained documents with policyholders' information, including Social Security Numbers and Dates of Birth Organizations: John Hancock Life Insurance Company http://datalossdb.org/incidents/3461 --------------------- Reported Date: 2009-04-30 Summary: Former employee may have compromised one account, exposing others within the company Organizations: Dentemax http://datalossdb.org/incidents/3452 --------------------- Reported Date: 2009-02-27 Summary: Compromised login allowed access to clients' brokerage accounts Organizations: Fidelity Investments, Harmony Asset Management http://datalossdb.org/incidents/3464 --------------------- Reported Date: 2009-01-30 Summary: Unauthorized individual gained access to trading platform Organizations: LPL Financial http://datalossdb.org/incidents/3451 --------------------- Reported Date: 2008-11-13 Summary: Personal and financial information of clients and employees involved in child support and income support systems accessed by multiple hackers Organizations: Massachusetts Department of Revenue, New Mexico Human Services Department (NMHSD) http://datalossdb.org/incidents/3460 --------------------- Reported Date: 2006-01-31 Summary: Third party printing company sent W-2 forms to other employees Organizations: Unknown Organization, ICI Group Services Inc. http://datalossdb.org/incidents/3453 --------------------- Reported Date: 2006-01-17 Summary: Employee used customers' SSN and personal information to open credit card accounts Organizations: City of San Diego Water Department http://datalossdb.org/incidents/3463 --------------------- Reported Date: 2004-11-03 Summary: Mortgage and student loan customers' names, addresses, Social Security numbers and account numbers exposed after four computers containing unencrypted data were stolen Organizations: Wells Fargo, Regulus Integrated Solutions http://datalossdb.org/incidents/3466 --------------------- Reported Date: 1999-03-01 Summary: Tape with 675,000 drivers' personal information missing, presumed discarded Organizations: Elections Canada, Driver and Vehicle Licensing http://datalossdb.org/incidents/3465 --------------------- Reported Date: 1995-03-01 Summary: Access to 300,000 psychotherapy notes accidentally provided to all employees during computerizing of medical records Organizations: Harvard Community Health Plan http://datalossdb.org/incidents/3454 --------------------- ======================================================================== Blotter Posts Added: 2011-03-19 Title: What you can do to deter ID theft http://www.startribune.com/lifestyle/yourmoney/118256769.html --------------------- Added: 2011-03-17 Title: Mail thefts hit 300 in Queens Village: Resident http://www.yournabe.com/articles/2011/03/17/queens/qns_qv_mail_folo_20110317.txt --------------------- Added: 2011-03-17 Title: Is Your Facebook Account a Gold Mine for Identity Thieves? http://feedproxy.google.com/~r/time/mostemailed/~3/lty_2KpBaoU/0,8599,1909133,00.html --------------------- Added: 2011-03-16 Title: Medical ID theft on the rise, says new study http://feedproxy.google.com/~r/SCMagazineHome/~3/BQBcAl1jOxI/ --------------------- Added: 2011-03-16 Title: Bay Area Restaurant Center Of ID Theft Investigation http://feeds.nbcbayarea.com/click.phdo?i=b11ab889f5e15b114af9fa795fbaa758 --------------------- Added: 2011-03-16 Title: Fighting ID theft? Invest time before spending money http://www2.timesdispatch.com/business/business/2011/mar/16/TDBIZ04-fighting-id-theft-invest-time-before-spend-ar-908234/ --------------------- Added: 2011-03-15 Title: Medical identity theft on the rise http://www.healthcareitnews.com/news/medical-identity-theft-rise --------------------- Added: 2011-03-15 Title: Washington Man Steals Over 1000 Identities http://www.blogher.com/washington-man-steals-over-1000-identities --------------------- Added: 2011-03-14 Title: Health Net Security Breach Affects Nearly 25,000 Connecticut Residents http://www.courant.com/business/hc-health-net-security-breach-20110314,0,2292715.story?track=rss --------------------- Added: 2011-03-14 Title: Confidential tax documents litter neighborhood http://www.khou.com/news/texas-news/Confidential-tax-documents-litter-neighborhood-117935599.html --------------------- Added: 2011-03-14 Title: Romanian ATM skim ring arrested http://phuketwan.com/tourism/thousands-europe-faced-theft-phuket-skim-scam-gang-13819/ --------------------- _______________________________________________ Dataloss Mailing List (dataloss_at_private) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Mon Mar 21 2011 - 23:40:28 PDT
This archive was generated by hypermail 2.2.0 : Mon Mar 21 2011 - 23:47:02 PDT