======================================================================== Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, May 15, 2011 53 Incidents Added. ======================================================================== DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open Security Foundation asks for contributions of new incidents and new data for existing incidents. For any questions about the project or the data contained within this email or the website (http://www.datalossdb.org), please contact us at curators_at_private ======================================================================== DataLossDB News/Updates No news this week! ======================================================================== Incidents Added Reported Date: 2011-05-20 Summary: 800 credit union customers' names, addresses and account numbers were on checks in stolen courier's bag Organizations: Transpro, HarborOne Credit Union http://datalossdb.org/incidents/3738 --------------------- Reported Date: 2011-05-19 Summary: 12,000 customers' names, Social Security numbers, addresses and phone numbers acquired by hacker in extortion attempt Organizations: Leading Investment & Securities Co. http://datalossdb.org/incidents/3727 --------------------- Reported Date: 2011-05-18 Summary: 4,000 employees' Social Security numbers and other payroll information exposed when sent via unencrypted email. Organizations: National Business Center, Securities and Exchange Commission http://datalossdb.org/incidents/3726 --------------------- Reported Date: 2011-05-17 Summary: 210,000 residents' names, addresses, Social Security numbers, email addresses, Employer ID numbers, and some employer bank account information may have been transmitted after 1,500 computers were infected with a computer virus W32.QAKBOT Organizations: Massachusetts Department of Workforce Development http://datalossdb.org/incidents/3713 --------------------- Reported Date: 2011-05-17 Summary: 149 different customers' names, dates of birth and Social Security numbers used to set up 184 bank accounts for fraudulent purposes Organizations: Regions Bank http://datalossdb.org/incidents/3719 --------------------- Reported Date: 2011-05-17 Summary: Patients' names, dates of birth, Social Security numbers and limited dental claims data on stolen laptop Organizations: Unknown Organization, The Smile Center, Delta Dental of Minnesota http://datalossdb.org/incidents/3728 --------------------- Reported Date: 2011-05-17 Summary: Laptop with eye photos and names of 611 patients stolen during office burglary Organizations: EyeCare Associates of the San Ramon Valley http://datalossdb.org/incidents/3721 --------------------- Reported Date: 2011-05-16 Summary: 1,000 patients' names, birth dates, addresses, health care numbers and prescription information were on a stolen drive Organizations: Dr. Burnham & Associates Medical Clinic, Central Alberta Pain & Rehabilitation Institute (Alberta Health Services) http://datalossdb.org/incidents/3735 --------------------- Reported Date: 2011-05-14 Summary: ‘Hard copy’ applications including names, addresses, date of birth and potential payment information of around 30 members were lost Organizations: Chartered Institute of Public Relations http://datalossdb.org/incidents/3709 --------------------- Reported Date: 2011-05-13 Summary: Names and email addresses of 25,000 customers plus CVs of 350 job applicants downloaded Organizations: Square Enix http://datalossdb.org/incidents/3706 --------------------- Reported Date: 2011-05-13 Summary: Social Security numbers of 37,900 Medicare Supplement members exposed in envelope windows Organizations: Anthem Blue Cross of California http://datalossdb.org/incidents/3720 --------------------- Reported Date: 2011-05-05 Summary: 1,500 palliative care patients' names, dates of birth, religion, race, insurance information, and medical details on stolen laptop Organizations: Methodist Charlton Medical Center http://datalossdb.org/incidents/3742 --------------------- Reported Date: 2011-05-05 Summary: Protected health information of 635 patients on stolen device Organizations: Park Avenue Obstetrics & Gynecology, PC http://datalossdb.org/incidents/3745 --------------------- Reported Date: 2011-04-28 Summary: Vulnerability exposed some customers' names, email addresses, and vehicle descriptions (VINS) Organizations: Xtime Inc. http://datalossdb.org/incidents/3715 --------------------- Reported Date: 2011-04-23 Summary: Thousands of collection agency files, including credit card numbers and security codes as well as bank routing and checking account numbers found in dumpster Organizations: Unknown Organization, Unknown Organization, Resolution Services of America http://datalossdb.org/incidents/3716 --------------------- Reported Date: 2011-04-20 Summary: Unclassified data stolen in zero-day phishing attack. Organizations: Oak Ridge National Laboratory, U.S. Department of Energy http://datalossdb.org/incidents/3731 --------------------- Reported Date: 2011-04-18 Summary: Security breach exposed 8 account holders' information Organizations: Public Works and Government Services Canada http://datalossdb.org/incidents/3723 --------------------- Reported Date: 2011-04-15 Summary: Fraudster tricks restaurant into revealing information that led to customer credit card misuse Organizations: Jade House Restaurant http://datalossdb.org/incidents/3724 --------------------- Reported Date: 2011-03-18 Summary: Email error exposes the names and email address of 615 students with disabilities Organizations: University of Kent http://datalossdb.org/incidents/3722 --------------------- Reported Date: 2011-03-17 Summary: Incompletely burned tax documents with copies of W-2 showing Social Security numbers, names, addresses, wages, and employer, plus copies of check and other documents found behind tax service Organizations: Instant Tax Service http://datalossdb.org/incidents/3725 --------------------- Reported Date: 2011-01-21 Summary: 4,700 patients' names, ages, addresses, treatment information, and guarantor names and Social Security numbers were on stolen laptop Organizations: Debra C. Duffy, DDS http://datalossdb.org/incidents/3758 --------------------- Reported Date: 2011-01-21 Summary: 4,700 patients' names, ages, addresses, treatment information, and guarantor names and Social Security numbers were on stolen laptop Organizations: Debra C. Duffy, DDS http://datalossdb.org/incidents/3757 --------------------- Reported Date: 2011-01-01 Summary: Lost device contained protected health information on 16,200 individuals Organizations: Benefit Resources, Inc. http://datalossdb.org/incidents/3746 --------------------- Reported Date: 2010-10-20 Summary: Missing tapes contained names, addresses, Social Security numbers, drivers license numbers, payroll data, checking account numbers, and credit card information of 400,000 members and employees Organizations: Cambridge Who’s Who Publishing , Proactive Technology Group, Tandberg http://datalossdb.org/incidents/3748 --------------------- Reported Date: 2010-10-07 Summary: 1,270 patients' protected health information was breached due to unauthorized access/disclosure of paper records. Organizations: UnitedHealth Group--SACE, CareCore National http://datalossdb.org/incidents/3743 --------------------- Reported Date: 2010-10-07 Summary: 928 patients' notified that their protected health information was on a stolen computer Organizations: Lorenzo Brown, MD, Inc. http://datalossdb.org/incidents/3754 --------------------- Reported Date: 2010-10-01 Summary: Records with information on 967 patients were disposed of improperly Organizations: St. James Hospital and Health Centers (Franciscan St. James Health) http://datalossdb.org/incidents/3756 --------------------- Reported Date: 2010-08-25 Summary: 1,000 patients' names, dates of birth, and medical information were on a stolen Blackberry. Organizations: SunBridge Healthcare Corporation http://datalossdb.org/incidents/3744 --------------------- Reported Date: 2010-08-18 Summary: Insurance coverage determination letters to 2,631 applicants misrouted to other applicants Organizations: Humana Inc, Matrix Imaging http://datalossdb.org/incidents/3732 --------------------- Reported Date: 2010-08-18 Summary: 30 police officers' credit card numbers acquired from purchased computer printout from an unidentified person Organizations: Unknown Organization, Baton Rouge Police http://datalossdb.org/incidents/3752 --------------------- Reported Date: 2010-08-18 Summary: 1,309 patients' names and medical information on laptop that was accidentally discarded. Organizations: Wright State Physicians http://datalossdb.org/incidents/3736 --------------------- Reported Date: 2010-08-06 Summary: 560 insured's Social Security numbers exposed on a newsletter mailing label Organizations: Penn Treaty Network America Insurance Company http://datalossdb.org/incidents/3707 --------------------- Reported Date: 2010-07-29 Summary: 1,200 patients' protected health information were improperly disposed Organizations: Medina County OB/GYN Associates, Inc. http://datalossdb.org/incidents/3739 --------------------- Reported Date: 2010-07-22 Summary: 1,097 employees' protected health information was breached through unauthorized access/disclosure Organizations: UnitedHealth Insurance Company, John Deere Health Benefit Plan for Wage Employees http://datalossdb.org/incidents/3741 --------------------- Reported Date: 2010-07-06 Summary: 600 patients' protected health information was on a stolen server. Organizations: Alma Aguado, M.D., P.A. http://datalossdb.org/incidents/3708 --------------------- Reported Date: 2010-07-01 Summary: 4,500 patients' protected health information was breached due to unauthorized access/disclosure of paper records Organizations: Tricare Management Activity http://datalossdb.org/incidents/3747 --------------------- Reported Date: 2010-06-18 Summary: Stolen computers contained names, patient numbers, addresses, dates of birth, Social Security Numbers and medical information of 7,526 patients and employees Organizations: University of Nevada, Reno (University Health System) http://datalossdb.org/incidents/3737 --------------------- Reported Date: 2010-06-18 Summary: 1,001 patients names and addresses were erroneously e-mailed to an unauthorized recipient Organizations: The Children's Medical Center of Dayton http://datalossdb.org/incidents/3730 --------------------- Reported Date: 2010-06-14 Summary: 1,020 patients' protected health information was breached through unauthorized access/disclosure by insider Organizations: Comprehensive Care Management Corporation http://datalossdb.org/incidents/3729 --------------------- Reported Date: 2010-06-11 Summary: 1,105 patients' protected health information was on a stolen laptop Organizations: Occupational Health Partners http://datalossdb.org/incidents/3710 --------------------- Reported Date: 2010-06-10 Summary: 1,745 patients' protected health information was on a lost laptop. Organizations: St. Jude Children's Research Hospital http://datalossdb.org/incidents/3714 --------------------- Reported Date: 2010-04-22 Summary: Pre-populated form on Internet exposed 700 names, date of birth and account information Organizations: Unknown Organization, Telstra http://datalossdb.org/incidents/3751 --------------------- Reported Date: 2010-04-12 Summary: 3.7 full names, addresses, phone numbers and email addresses publicly exposed on the Internet Organizations: Phone Broadcast Club http://datalossdb.org/incidents/3717 --------------------- Reported Date: 2009-12-14 Summary: Hackers breached database and accessed username and password information on more than 30 million individuals Organizations: RockYou Inc. http://datalossdb.org/incidents/3755 --------------------- Reported Date: 2009-08-07 Summary: Third party lost account application plus asset transfer paperwork containing personal information including names, date of birth and Social Security numbers. Organizations: Unknown Organization, Ameriprise Financial http://datalossdb.org/incidents/3718 --------------------- Reported Date: 2009-06-19 Summary: Individual created fake collection agency to gain access to credit reports for fraudulent purposes Organizations: LexisNexis, Seisint http://datalossdb.org/incidents/3749 --------------------- Reported Date: 2009-05-15 Summary: Social Security numbers and Drivers License numbers of prospective recruits stolen Organizations: United States Army http://datalossdb.org/incidents/3711 --------------------- Reported Date: 2008-12-01 Summary: Laptop containing database with Workforce Investment Act (WIA) customers' Social Security numbers, birth dates, and addresses stolen from employee's home Organizations: TRAC Associates http://datalossdb.org/incidents/3733 --------------------- Reported Date: 2008-11-25 Summary: Financial adviser misplaced financial information provided by customer Organizations: Ameriprise Financial http://datalossdb.org/incidents/3750 --------------------- Reported Date: 2008-08-18 Summary: 7,800 individuals' names and national insurance numbers involved in a breach Organizations: Department for Work and Pensions http://datalossdb.org/incidents/3753 --------------------- Reported Date: 2007-11-26 Summary: Stolen hard drive contained personal information including names, addresses, date of birth, medical information and Social Security numbers relating to legal case Organizations: Heller Ehrman LLP http://datalossdb.org/incidents/3740 --------------------- Reported Date: 2007-05-15 Summary: Documents containing personal information of an employee stolen. Organizations: New Hanover Correctional Center, New Hanover County Clerk of Court http://datalossdb.org/incidents/3734 --------------------- Reported Date: 2007-03-27 Summary: Customer alleges his personal information was divulged in Internet chat rooms by employee Organizations: Rockaway Bedding http://datalossdb.org/incidents/3712 --------------------- ======================================================================== Blotter Posts Added: 2011-05-22 Title: Consider this: Bill on preventing identity theft goes too far http://blog.syracuse.com/opinion/2011/05/consider_this_bill_on_preventi.html --------------------- Added: 2011-05-20 Title: Crooks Using New Methods to Skim Debit and Credit Cards http://feedproxy.google.com/~r/lasvegasnow/iteam/~3/VGCovz7tdvA/crooks-using-new-methods-to-skim-debit-and-credit-cards --------------------- Added: 2011-05-19 Title: ID theft suspect pleads guilty to 48 counts http://www.khon2.com:80/news/local/story/ID-theft-suspect-pleads-guilty-to-48-counts/Kvm_LPAYL0WE9BKdYQ-Lqg.cspx?rss=1803 --------------------- Added: 2011-05-19 Title: Police bust ID theft scam at gas stations http://www.kgw.com/news/Feds-Gas-station-attendants-use-scanners-for-ID-theft-122244049.html --------------------- Added: 2011-05-19 Title: Houston woman uses public databases for ID theft http://www.kltv.com/Global/story.asp?S=14678136 --------------------- Added: 2011-05-18 Title: Wisconsin Beauty Queen Quits Amid Identity Theft Charges http://www.postchronicle.com/news/breakingnews/article_212364814.shtml?rssfeed --------------------- Added: 2011-05-18 Title: Alleged leader of Oahu ID theft ring indicted http://www.mysanantonio.com/news/article/Alleged-leader-of-Oahu-ID-theft-ring-indicted-1384197.php --------------------- Added: 2011-05-18 Title: Alleged identity theft ring leader indicted by grand jury http://www.khon2.com:80/news/local/story/Alleged-identity-theft-ring-leader-indicted-by/X7kThxkNrUubLqlK4-D9_A.cspx?rss=1803 --------------------- Added: 2011-05-17 Title: Disney ID cards risk identity theft, violate employee privacy, suit says http://newsandinsight.thomsonreuters.com/California/News/2011/05_-_May/Disney_ID_cards_risk_identity_theft,_violate_employee_privacy,_suit_says/ --------------------- Added: 2011-05-17 Title: 2 Accused Of ID Theft In Hendersonville http://www.wsmv.com/news/27921016/detail.html --------------------- Added: 2011-05-17 Title: Millions At Risk Of Electronic Pickpocketing With RFID Technology http://www.digtriad.com/news/local_state/article.aspx?storyid=175845 --------------------- Added: 2011-05-17 Title: Most Android devices vulnerable to identity theft http://www.zdnet.com/blog/gadgetreviews/most-android-devices-vulnerable-to-identity-theft/24801 --------------------- Added: 2011-05-17 Title: Sony PSN users offered free ID theft protection http://ingame.msnbc.msn.com/_news/2011/05/13/6637109-sony-psn-users-offered-free-id-theft-protection --------------------- Added: 2011-05-17 Title: Former SunTrust employee indicted on charges of theft, identity theft http://www.ledger-enquirer.com/2011/05/17/1580749/former-suntrust-employee-indicted.html --------------------- Added: 2011-05-16 Title: BBB shreds nearly 1 million pounds of material to prevent idenity theft http://www.examiner.com/online-marketing-in-chicago/bbb-shreds-nearly-1-million-pounds-of-material-to-prevent-idenity-theft --------------------- Added: 2011-05-16 Title: Timeline of Sony's PlayStation Network outage http://www.ibtimes.com/articles/145875/20110515/timeline-of-sony-s-playstation-network-outage.htm --------------------- Added: 2011-05-16 Title: Oakland police shut down Bay Area-wide identity theft operation http://www.mercurynews.com/news/ci_18073566?source=rss --------------------- _______________________________________________ Dataloss Mailing List (dataloss_at_private) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Mon May 23 2011 - 22:12:08 PDT
This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 22:19:05 PDT