======================================================================== Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 27, 2011 40 Incidents Added. ======================================================================== DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open Security Foundation asks for contributions of new incidents and new data for existing incidents. For any questions about the project or the data contained within this email or the website (http://www.datalossdb.org), please contact us at curators_at_private ======================================================================== DataLossDB News/Updates The DataLossDB project welcomes Dissent! http://datalossdb.org/incident_highlights/51 ======================================================================== Incidents Added Reported Date: 2011-04-01 Summary: Stolen laptop used for audiological diagnostic purposes contained 110 patients' names, contact information and medical charts Organizations: Warrington Hospital , Warrington and Halton Hospitals NHS http://datalossdb.org/incidents/3542 --------------------- Reported Date: 2011-03-31 Summary: 15,000 current and former adult film performers who tested for HIV and other STDs had their names, addresses, and pictures of their driver's license posted on a web site Organizations: Unknown Organization, AIM Medical Associates, PC (Adult Industry Medical Healthcare Foundation) http://datalossdb.org/incidents/3515 --------------------- Reported Date: 2011-03-31 Summary: 3800 former students' names, Social Security Numbers and student identification numbers exposed in response to public records request Organizations: Wenatchee Valley College http://datalossdb.org/incidents/3521 --------------------- Reported Date: 2011-03-30 Summary: Children's names, dates of birth, phone numbers, home addresses and other information in folder stolen from manager's car Organizations: Coach Pitch American Division Babe Ruth Baseball League http://datalossdb.org/incidents/3523 --------------------- Reported Date: 2011-03-30 Summary: 514,330 patient names, ages, dates of birth, last four digits of the Social Security numbers and Medical Record Numbers on stolen computer Organizations: Eisenhower Medical Center http://datalossdb.org/incidents/3512 --------------------- Reported Date: 2011-03-30 Summary: Credit applications and other documents from two closed businesses found in dumpster Organizations: Designer’s Choice, Corky’s http://datalossdb.org/incidents/3524 --------------------- Reported Date: 2011-03-30 Summary: List with 1,450 veterans' names and Social Security Numbers left in a car for months Organizations: Louis A. Johnson VA Medical Center http://datalossdb.org/incidents/3519 --------------------- Reported Date: 2011-03-29 Summary: 83,000 customer funeral planning product details leaked online by contractor Organizations: Unknown Organization, The Co-operative Group, Co-operative Life Planning , Co-operative Wills & Funeral Planning http://datalossdb.org/incidents/3538 --------------------- Reported Date: 2011-03-29 Summary: Records with students' names, ages, and other personal information dumped by contractor who was supposed to shred them. Organizations: Unknown Organization, Huntington Learning Center http://datalossdb.org/incidents/3527 --------------------- Reported Date: 2011-03-29 Summary: Lost laptop contains names, addresses and Social Security numbers of 13,000 gulf oil spill claimants Organizations: BP http://datalossdb.org/incidents/3504 --------------------- Reported Date: 2011-03-29 Summary: Stolen computer contained diagnostic and clinical information on 670 patients Organizations: New York University (NYU) Langone Medical Center, Bellevue Hospital Center http://datalossdb.org/incidents/3518 --------------------- Reported Date: 2011-03-26 Summary: Gift card purchasers' names, street, business, and email addresses, phone numbers, credit card numbers, card types, and expiration dates accessed by hacker. Organizations: Portland Center for the Performing Arts, Metro Regional Government http://datalossdb.org/incidents/3514 --------------------- Reported Date: 2011-03-25 Summary: Names, birthdates, DCFS ID numbers, some Social Security numbers, medical and behavioral health services, treatment plans, medications, and reports concerning children and families on stolen back-up drives Organizations: Maryville Academy http://datalossdb.org/incidents/3522 --------------------- Reported Date: 2011-03-24 Summary: Member names and email addresses stolen in possible SQL injection attack Organizations: TripAdvisor LLC http://datalossdb.org/incidents/3536 --------------------- Reported Date: 2011-03-24 Summary: Member names and email addresses stolen in possible SQL injection attack Organizations: TripAdvisor LLC http://datalossdb.org/incidents/3537 --------------------- Reported Date: 2011-03-22 Summary: Thousands of employees' W-4 forms, names, addresses, Social Security numbers, and other payroll and personnel information discarded without shredding Organizations: Lone Star Business Solutions http://datalossdb.org/incidents/3533 --------------------- Reported Date: 2011-03-21 Summary: Up to 75 patient ID cards with encoded Social Security numbers and birth dates discovered missing Organizations: Portland Veterans Affairs Medical Center http://datalossdb.org/incidents/3510 --------------------- Reported Date: 2011-03-20 Summary: Students' names, signatures, Social Security numbers and grade books found blowing in a field Organizations: Killeen Independent School District http://datalossdb.org/incidents/3516 --------------------- Reported Date: 2011-03-15 Summary: 321 employees' Social Security numbers erroneously revealed in response to freedom of information request Organizations: Bloomfield Hills School District http://datalossdb.org/incidents/3513 --------------------- Reported Date: 2011-03-09 Summary: Memory stick containing 2000 home security access codes and medical information on 4000 elderly people lost Organizations: LeicesterCare (Leicester City Council) http://datalossdb.org/incidents/3511 --------------------- Reported Date: 2011-02-24 Summary: 828 members' names, credit card numbers, card expiration dates and card identification numbers in file deleted and possibly acquired by network intruder Organizations: IEEE http://datalossdb.org/incidents/3506 --------------------- Reported Date: 2011-02-22 Summary: Customers' names and personal details misused by finance manager Organizations: Creech Chevrolet-Buick http://datalossdb.org/incidents/3532 --------------------- Reported Date: 2011-02-07 Summary: Members' names, email addresses and postal codes posted on the Internet as part of an extortion attempt Organizations: Nintendo Espana http://datalossdb.org/incidents/3543 --------------------- Reported Date: 2011-01-21 Summary: Current and former employees' and contractors' names, dates of birth, addresses, Social Security Numbers and Employee ID numbers on stolen laptop Organizations: KBR (Kellogg, Brown & Root) http://datalossdb.org/incidents/3530 --------------------- Reported Date: 2011-01-18 Summary: Credit reports for customers improperly accessed in third party database Organizations: MicroBilt Corporation, Integrity Bank Plus http://datalossdb.org/incidents/3517 --------------------- Reported Date: 2011-01-15 Summary: Misdelivered and discarded dictaphone tape and documents contained patients' names, addresses, phone numbers, and notes about their illness and appointments Organizations: Royal Mail - Royal Post, Ross Hall Hospital, Nuffield Hospital http://datalossdb.org/incidents/3503 --------------------- Reported Date: 2011-01-03 Summary: Stolen computers and drives contained names, addresses, and Social Security numbers Organizations: Wheeler & Associates CPA http://datalossdb.org/incidents/3534 --------------------- Reported Date: 2010-11-11 Summary: A laptop with employees' and applicants' personal and financial information was stolen from an employee's home Organizations: Rainforest Alliance Ltd http://datalossdb.org/incidents/3544 --------------------- Reported Date: 2010-08-06 Summary: 800 members' names and medical information were on a stolen laptop. Organizations: DeBoer & Associates, Omaha Construction Industry Health and Welfare Plan http://datalossdb.org/incidents/3520 --------------------- Reported Date: 2010-07-07 Summary: An email attachment exposed 692 dependents of APL staff members' names, Social Security numbers, birthdates and other information Organizations: Johns Hopkins University http://datalossdb.org/incidents/3505 --------------------- Reported Date: 2010-07-01 Summary: Medical information of 2,563 recovery room patients on missing USB drive. Organizations: New York University (NYU) Medical Center - Hospital for Joint Diseases http://datalossdb.org/incidents/3539 --------------------- Reported Date: 2010-04-14 Summary: Employee misused pharmacy patients' names and PHS Member ID numbers for insurance fraud Organizations: Presbyterian Health Care Services http://datalossdb.org/incidents/3529 --------------------- Reported Date: 2010-04-01 Summary: 5,103 patients' face sheets including names and medical information were stolen and provided to personal injury attorneys Organizations: University Medical Center of Southern Nevada http://datalossdb.org/incidents/3509 --------------------- Reported Date: 2010-02-09 Summary: 1,250 patients' protected health information on stolen computer Organizations: Franciscan Health Systems http://datalossdb.org/incidents/3528 --------------------- Reported Date: 2010-01-21 Summary: Laptop and documents with 109 employees' personal and payroll information stolen Organizations: Aramark Ltd http://datalossdb.org/incidents/3541 --------------------- Reported Date: 2009-11-24 Summary: 5,166 patients' names, date of birth, and medical information on computer stolen from office Organizations: Mark D. Lurie, MD http://datalossdb.org/incidents/3507 --------------------- Reported Date: 2009-09-30 Summary: 1,430 patients' names, social security numbers, and medical information reported missing from locked file room. Organizations: South Texas Veterans Health Care System http://datalossdb.org/incidents/3508 --------------------- Reported Date: 2009-09-29 Summary: List with names and social security numbers of 269 employees disclosed to nonauthorized party Organizations: Stanley Baker Hill, LLC (SBH), DAAR Engineering http://datalossdb.org/incidents/3531 --------------------- Reported Date: 2006-08-07 Summary: Search keywords for 658,000 users are made public, includes some personal information. Organizations: America Online (AOL) http://datalossdb.org/incidents/3535 --------------------- Reported Date: 1911-04-01 Summary: Names and email addresses exposed in third party email service provider breach Organizations: JPMorgan Chase, Walgreens, Capital One, Epsilon, Brookstone, New York & Co., Home Shopping Network, TIVO http://datalossdb.org/incidents/3540 --------------------- ======================================================================== Blotter Posts Added: 2011-04-02 Title: Identity Theft Is Out Of Control…Over 4,000 Kids With Gun Licenses, Mortgages, Car Loans http://feedproxy.google.com/~r/bossiprss/~3/2a3x4CjbiuA/ --------------------- Added: 2011-04-01 Title: Protecting Your Child From Identity Theft http://blogs.forbes.com/moneybuilder/2011/03/31/protecting-your-child-from-identity-theft/?utm_source=allactivity&utm_medium=rss&utm_campaign=20110331 --------------------- Added: 2011-04-01 Title: Moving house? Don't risk ID theft http://www.thisismoney.co.uk/credit-and-loans/id-fraud/article.html?in_article_id=528439&in_page_id=159&ito=1565 --------------------- Added: 2011-03-30 Title: A case of social-media identity theft http://blogs.reuters.com/great-debate/2011/03/29/a-case-of-social-media-identity-theft/ --------------------- Added: 2011-03-30 Title: British Gas customers targeted in identity theft scam http://telegraph.feedsportal.com/c/32726/f/534871/s/13b9ae91/l/0L0Stelegraph0O0Cfinance0Cpersonalfinance0Cconsumertips0Chousehold0Ebills0C84139420CBritish0EGas0Ecustomers0Etargeted0Ein0Eidentity0Etheft0Escam0Bhtml/story01.htm --------------------- _______________________________________________ Dataloss Mailing List (dataloss_at_private) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Mon Apr 04 2011 - 23:27:33 PDT
This archive was generated by hypermail 2.2.0 : Mon Apr 04 2011 - 23:36:40 PDT