[ISN] [Dataloss Weekly Summary] Week of Sunday, April 17, 2011

From: InfoSec News <alerts_at_private>
Date: Tue, 26 Apr 2011 01:58:40 -0500 (CDT)
========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, April 17, 2011

45 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported 
data loss incidents world-wide. The Open Security Foundation asks for 
contributions of new incidents and new data for existing incidents. For 
any questions about the project or the data contained within this email 
or the website (http://www.datalossdb.org), please contact us at 
curators_at_private

========================================================================

DataLossDB News/Updates

  No news this week!


========================================================================

Incidents Added


Reported Date: 2011-04-21
Summary: Missing flash drive contains names and identity card numbers of 19 pediatric patients
Organizations: Queen Mary Hospital
http://datalossdb.org/incidents/3620
---------------------

Reported Date: 2011-04-21
Summary: Customers' card numbers acquired and misused
Organizations: Qdoba Mexican Grill 
http://datalossdb.org/incidents/3617
---------------------

Reported Date: 2011-04-21
Summary: 90 students' personal information on laptop stolen from car
Organizations: Freehold Community School  
http://datalossdb.org/incidents/3618
---------------------

Reported Date: 2011-04-20
Summary: Employee and applicants' records containing names, contact details, Social Security and personnel matters found discarded
Organizations: Blockbuster Video
http://datalossdb.org/incidents/3622
---------------------

Reported Date: 2011-04-19
Summary: 200 usernames, passwords and email addresses, as well as server logs exposed
Organizations: European Space Agency, Cern Science Institute, BAE Systems
http://datalossdb.org/incidents/3594
---------------------

Reported Date: 2011-04-19
Summary: Unencrypted flash drive with 750 patients' urology images and diagnoses left in a computer
Organizations: Brighton and Sussex University Hospitals NHS Trust , University College London Hospitals NHS Foundation Trust, University College London Hospitals
http://datalossdb.org/incidents/3598
---------------------

Reported Date: 2011-04-19
Summary: Misdirected faxes contained personal and mental health information
Organizations: Borough of Poole
http://datalossdb.org/incidents/3597
---------------------

Reported Date: 2011-04-18
Summary: Names and Social Security numbers of current and former employees on stolen computer
Organizations: ABM Industries
http://datalossdb.org/incidents/3614
---------------------

Reported Date: 2011-04-18
Summary: A memory stick containing personal and medical information 4,500 kids seen at speech and hearing clinic discovered missing   
Organizations: Middlesex London Health Unit, H.A. Leeper Speech and Hearing Clinic, University of Western Ontario - Elborn College.
http://datalossdb.org/incidents/3590
---------------------

Reported Date: 2011-04-18
Summary: Employee took 581 patient records with names, financial and medical information for training purposes
Organizations: Southwest Ambulance
http://datalossdb.org/incidents/3591
---------------------

Reported Date: 2011-04-13
Summary: 100 patient files stolen from doctor's garage contained personal and medical information
Organizations: Moises M. Soulas Jr, M.D.
http://datalossdb.org/incidents/3602
---------------------

Reported Date: 2011-04-13
Summary: Employee downloaded client files and transactions before resigning
Organizations: AllianceBernstein Holding LP
http://datalossdb.org/incidents/3604
---------------------

Reported Date: 2011-04-13
Summary: Mailing error exposed members' names and life insurance member numbers to others
Organizations: Marsh U.S. Consumer, IEEE
http://datalossdb.org/incidents/3626
---------------------

Reported Date: 2011-04-12
Summary: Configuration error exposes employees' pay stub data and bank account numbers to other employees
Organizations: UMass Memorial Healthcare
http://datalossdb.org/incidents/3588
---------------------

Reported Date: 2011-04-12
Summary: Customer credit card payment transactions may have been compromised
Organizations: Infogroup
http://datalossdb.org/incidents/3615
---------------------

Reported Date: 2011-04-12
Summary: Over 25,000 students' and 2,500 employees' personal information, including dates of birth and Social Security numbers, may have been acquired
Organizations: Lancaster County School District
http://datalossdb.org/incidents/3593
---------------------

Reported Date: 2011-04-11
Summary: Names and email addresses of leads and partners exposed by hacker
Organizations: Barracuda Networks Inc.
http://datalossdb.org/incidents/3603
---------------------

Reported Date: 2011-04-01
Summary: Customers' names, addresses, credit card numbers and card expiration dates viewable by intruder
Organizations: GoGrid LLC
http://datalossdb.org/incidents/3616
---------------------

Reported Date: 2011-03-11
Summary: 617 students' registration cards with names and social security numbers sent to auction house storage in error
Organizations: Central Ohio Technical College
http://datalossdb.org/incidents/3595
---------------------

Reported Date: 2011-02-11
Summary: 80 students' files containing personal and medical information dumped in skips
Organizations: Norwich City College of Further and Higher  Education (City College Norwich) 
http://datalossdb.org/incidents/3596
---------------------

Reported Date: 2010-10-25
Summary: Customers' usernames, passwords, line speeds and subscriber names posted on web by hacker
Organizations: MWEB, Bloomberg , Volvo SA, Caledon Hotel Casino, Peugeot SA, Radio 786, Internet Solutions (IS) 
http://datalossdb.org/incidents/3607
---------------------

Reported Date: 2010-10-18
Summary: Compromised customer login to TransUnion enabled access to consumers' credit reports
Organizations: Midtown Motors, TransUnion
http://datalossdb.org/incidents/3609
---------------------

Reported Date: 2010-09-09
Summary: Employees of other Trusts able to access patient and employee data
Organizations: Unknown Organization, Unknown Organization, NHS Birmingham East and North 
http://datalossdb.org/incidents/3613
---------------------

Reported Date: 2010-08-19
Summary: Bus driver stole personal information of disabled passengers and opened credit accounts using their information
Organizations: MV Transportation, Central Florida Regional Transportation Authority (LYNX)
http://datalossdb.org/incidents/3633
---------------------

Reported Date: 2010-08-18
Summary: Paper records of patient information lost or stolen
Organizations: Beauty Dental
http://datalossdb.org/incidents/3629
---------------------

Reported Date: 2010-07-27
Summary: 780 cancer patients' names and identity card numbers and up to 40 volunteers' names, identity card numbers, and contact information on stolen hard drive
Organizations: Queen Mary Hospital, Li Ka Shing Foundation Hospice Service Program 
http://datalossdb.org/incidents/3621
---------------------

Reported Date: 2010-07-15
Summary: Claims summary statements were inadvertently sent to the wrong members
Organizations: UnitedHealthcare, Deere & Co.
http://datalossdb.org/incidents/3589
---------------------

Reported Date: 2010-04-23
Summary: 500 patients' social security numbers, names, and addresses were stolen from 6 computers after a fire.
Organizations: Rockbridge Area Community Services
http://datalossdb.org/incidents/3619
---------------------

Reported Date: 2010-04-16
Summary: Stolen portable device contained protected health information of 2,773 individuals
Organizations: Laboratory Corporation of America (LabCorp), Dianon System Inc.
http://datalossdb.org/incidents/3592
---------------------

Reported Date: 2010-04-12
Summary: 2,600 newborn's protected health information including parent's name, infant's name, infant's date of birth, medical record number and hearing test results were on an unencrypted stolen laptop.
Organizations: Mount Sinai Medical Center
http://datalossdb.org/incidents/3624
---------------------

Reported Date: 2010-04-12
Summary: 2,024 patients' protected health information on stolen laptop
Organizations: Hypertension, Nephrology, Dialysis and Transplantation, PC
http://datalossdb.org/incidents/3623
---------------------

Reported Date: 2010-04-10
Summary: 36,657 living persons' names, dates of birth, Social Security numbers, and zip code exposed in Death Master File
Organizations: Social Security Administration
http://datalossdb.org/incidents/3600
---------------------

Reported Date: 2010-04-01
Summary: 8,000 students' protected health information stolen and destroyed by employee
Organizations: University of Pittsburgh Student Health Center
http://datalossdb.org/incidents/3625
---------------------

Reported Date: 2010-04-01
Summary: 735 patients' protected health information on stolen remittance forms
Organizations: UnitedHealth Group--SACE
http://datalossdb.org/incidents/3599
---------------------

Reported Date: 2009-12-08
Summary: Open Online Database with SSN's
Organizations: Shelby County Register
http://datalossdb.org/incidents/3611
---------------------

Reported Date: 2009-06-12
Summary: Former employee created a spreadsheet of personnel data including names, addresses, Social Security number and Date of Birth of 68 employees and emailed to spouse's email address.
Organizations: 1-800 East West Mortgage Co, Inc.
http://datalossdb.org/incidents/3632
---------------------

Reported Date: 2008-08-16
Summary: Discs containing 27,000 supplier records, including supplier name, address and in some cases bank details, were in the possession of a contractor to the ministry 
Organizations: Unknown Organization, UK Ministry of Justice
http://datalossdb.org/incidents/3630
---------------------

Reported Date: 2008-03-28
Summary: Customer personal information, including mobile numbers and resident registration codes, acquired by hacker
Organizations: Daum Communications
http://datalossdb.org/incidents/3605
---------------------

Reported Date: 2008-03-27
Summary: Thousands of patient records fell off a courier's truck
Organizations: Unknown Organization, Laboratory Corporation of America (LabCorp)
http://datalossdb.org/incidents/3612
---------------------

Reported Date: 2007-06-08
Summary: Employee stole patient identity information to open credit card accounts
Organizations: Laboratory Corporation of America (LabCorp)
http://datalossdb.org/incidents/3610
---------------------

Reported Date: 2007-05-03
Summary: Unauthorised person registered for account access and was able to view personal information.
Organizations: Countrywide Home Loans
http://datalossdb.org/incidents/3631
---------------------

Reported Date: 2001-01-01
Summary: Completed firearms license applications stolen from Canadian Firearms Centre van
Organizations: Justice Canada - Canadian Firearms Centre
http://datalossdb.org/incidents/3628
---------------------

Reported Date: 1994-09-28
Summary: 100,000 calling card numbers and PINs acquired by employee and sold to others
Organizations: MCI, AT&T, Sprint 
http://datalossdb.org/incidents/3601
---------------------

Reported Date: 1987-02-12
Summary: Microfiche containing applications and criminal records of 5,000 found in a dump
Organizations: Employment and Immigration Canada
http://datalossdb.org/incidents/3627
---------------------

Reported Date: 1985-08-06
Summary: Employee accesses credit ratings and posted them online
Organizations: MCI, American Express, Southern Bell
http://datalossdb.org/incidents/3606
---------------------


========================================================================

Blotter Posts


Added: 2011-04-24
Title: Identity theft scare arrives in teen's mail
http://www.ohio.com/business/120561649.html
---------------------

Added: 2011-04-24
Title: Secret Service looks into identity thefts
http://www.marshfieldnewsherald.com/article/20110423/MNH0101/104230581/1980&located=rss
---------------------

Added: 2011-04-22
Title: Rancho Cordova man suspected of card skimming, ID theft
http://feeds.bizjournals.com/~r/bizj_sacramento/~3/Eh1QXk_a4go/man-suspected-of-card-skimming-id-theft.html
---------------------

Added: 2011-04-22
Title: Exclusive: Million dollar ID theft operation busted
http://abclocal.go.com/wpvi/story?section=news/crime&id=8085649&rss=rss-wpvi-article-8085649
---------------------

Added: 2011-04-22
Title: Phoenix Man Sentenced For Forgery, ID Theft
http://www.kpho.com/news/27630065/detail.html
---------------------

Added: 2011-04-22
Title: Georgia man pleads guilty to $36.6M in ID theft
http://rss.computerworld.com/~r/computerworld/s/feed/topic/17/~3/yZoe39Chm0o/Georgia_man_pleads_guilty_to_36.6M_in_ID_theft
---------------------

Added: 2011-04-20
Title: Colo. bill to redefine ID theft shelved
http://feedproxy.google.com/~r/washingtonexaminer/nation/~3/drji62iqTuA/colo-bill-redefine-id-theft-shelved
---------------------

Added: 2011-04-20
Title: The New Ways Thieves Are Stealing Your Identity
http://blogs.forbes.com/investopedia/2011/04/19/the-new-ways-thieves-are-stealing-your-identity/?utm_source=allactivity&utm_medium=rss&utm_campaign=20110419
---------------------

Added: 2011-04-19
Title: Gwinnett ID Theft Case Could Have 5,800 Victims
http://www.wsbtv.com/news/27600264/detail.html
---------------------

Added: 2011-04-19
Title: US proposes online IDs for Americans
http://go.theregister.com/feed/www.theregister.co.uk/2011/04/19/us_proposes_online_ids_for_americans/
---------------------

Added: 2011-04-18
Title: Obama's online trusted ID plan greeted with caution
http://www.networkworld.com/news/2011/041811-obamas-online-trusted-id-plan.html?source=nww_rss
---------------------


_______________________________________________
Dataloss Mailing List (dataloss_at_private)

CREDANT Technologies, a leader in data security, offers advanced data 
encryption solutions. Protect sensitive data on desktops, laptops, 
smartphones and USB sticks transparently across your enterprise to 
ensure regulatory compliance. http://www.credant.com/stopdataloss


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Apr 25 2011 - 23:58:40 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 26 2011 - 00:05:57 PDT