|
Date |
Article Title |
Publication |
Author |
Synopsis |
|
6/24/2009 |
Cornell probes theft of
laptop with personal data |
Associated Press |
|
Cornell University announced that police are
investigating the theft of a school laptop containing
the personal information--including Social Security
numbers--of approximately 45,000 students, alumni,
faculty and staff. |
|
6/23/2009 |
TJ Maxx Settles Data
Breach Charges |
ConsumerAffairs.com |
|
Retailer TJX will pay $9.75 million to settle charges
related to its 2007 data breach that exposed the
financial details of thousands of customers. |
|
6/19/2009 |
Malicious Attacks Most
Blamed in '09 Data Breaches |
Washington Post |
Brian Krebs |
Nearly 40 percent of data breaches reported since
January were the work of hackers or employees, according
to Identity Theft Resource Center (ITRC) figures. |
|
6/18/2009 |
Court Stiffs Veterans
Caught in Privacy Breach |
Wired |
David Kravets |
The 11th U.S. Circuit Court of Appeals decided that
veterans whose personal data was stolen could not
recover financial damages for mental anguish. |
|
6/17/2009 |
Heartland CEO says data
breach was 'devastating' |
Computerworld |
Jaikumar Vijayan |
Even before it happened, the possibility of a data
breach was what kept him up at night, Heartland Payment
Systems chairman and CEO Bob Carr told Computerworld. |
|
6/14/2009 |
AP IMPACT: Weak security
enables credit card hacks |
Associated Press |
Jordan Robertson |
An
Associated Press investigation into credit card hacks
has revealed that industry-accepted safeguards are
lacking. |
|
6/9/2009 |
T-Mobile Confirms Stolen
Data Is Genuine |
PC
World |
Jeremy Kirk |
T-Mobile today confirmed that hackers accessed
information from its servers, as alleged, but the
company does not believe customer data is in danger. |
|
6/8/2009 |
Aetna named in security-breach lawsuit |
Hartford Business |
Greg Bordonaro |
A
class-action suit has been filed against health insurer
Aetna for alleged data protection and privacy failures. |
|
6/4/2009 |
Printing glitch leads to
'breach' |
Kennebec Journal |
Betty Adams |
The Maine state Office of Information Technology has
notified nearly 600 residents that certain information
about their unemployment benefits was mailed to the
wrong recipients. |
|
6/2/2009 |
In Legal First,
Data-Breach Suit Targets Auditor |
Wired |
Kim
Zetter |
A
bank is suing the security auditor that certified
CardSystems Solutions three months before hackers
breached its systems in 2004. |
|
6/2/2009 |
Batteries.com, insurance
firm report data breaches |
Computer World |
Grant Gross |
Online retailer Batteries.com said in a letter to New
Hampshire's Attorney General on May 18 that hackers
breached its server in February, stealing names,
addresses and credit card information. |
|
5/29/2009 |
Heartland Update: More
than 650 Institutions Impacted |
Bank Info Security |
Linda McGlasson |
The number of banks reporting card compromises as a
result of the Heartland Payment Systems data breach has
reached 656. |
|
5/28/2009 |
Aetna Contacts 65,000
after web site data breach |
PC
World |
Jeremy Kirk |
Aetna is erring "on the side of caution" in notifying
65,000 people about a breach of its Web site. |
|
5/20/2009 |
Heartland Payment Systems
CEO discusses breach, previews speech |
IAPP |
|
Not a week had passed after the announcement of what
some have described as the largest data breach ever,
when the CEO of Heartland Payment Systems, Robert Carr,
began calling for better industry cooperation and new
efforts directed at preventing future breaches. |
|
5/20/2009 |
Heartland Data Breach:
Hearing Set for Class Action Suits |
Bank Info Security |
Linda McGlasson |
Multiple financial institutions have filed suits against
Heartland Payment Systems for its payment processing
system security breach last year. |
|
5/20/2009 |
HIV-positive patients sue
hospital over records lost on train |
Boston Globe |
Elizabeth Cooney |
Two of the Massachusetts General Hospital patients whose
records were among those lost on an MBTA train in March
have filed suit against the hospital and the employee
responsible for the loss. |
|
5/19/2009 |
Investigation into huge
loss of computerized Clinton data |
New York Times |
David Johnston |
The FBI is investigating the loss of a computer hard
drive from the National Archives record center. |
|
5/13/2009 |
Most claims dismissed in
Hannaford data breach suit |
Computerworld |
Jaikumar Vijayan |
A
U.S. District Court judge has dismissed most of the
civil claims associated with the Hannaford Bros. data
breach disclosed in March 2008. |
|
5/12/2009 |
D.C. Agency Accidentally
E-Mails Personal Data About College Financial Aid
Application |
Washington Post |
Bill Turque |
The personal details of 2,400 students were exposed by a
government agency. |
|
5/11/2009 |
TD Ameritrade data theft
settlement goes to court OK |
Associated Press |
Josh Funk |
A
U.S. District Court judge has approved the settlement
agreement for a class-action suit against TD Ameritrade
Holding Corp. |
|
5/11/2009 |
Inside a data leak audit |
Network World |
Sandra Gittlen |
An
inside look at the data leakage audit of a Boston-based
pharmaceutical firm. |
|
5/8/2009 |
Hackers Say They Have Va.
Prescription Drug Data, Demand $10 Milion |
The Washington Post |
Brian Krebs |
Virginia officials say they have no evidence that
personal information is at risk due to a breach of its
Prescription Monitoring Program database, but are urging
residents to watch their finances just the same. |
|
5/8/2009 |
Hackers breach UC-Berkeley
database; infor for 160,000 students, alums at risk |
San Jose Mercury News |
Matt Krupnick |
Hackers have stolen the personal information of 160,000
current and former University of California-Berkeley
students. |
|
5/7/2009 |
Security breach leads to
Heartland Payment 1Q loss |
Forbes.com |
David Pitt |
The Heartland Payment Systems security breach
contributed to a first-quarter loss for the company. |
|
5/7/2009 |
Missile data, medical
records found on discarded hard disks |
The Register |
John Leyden |
University researchers purchased 300 drives from eBay
and other retailers, finding that 34 percent of disk
drives still contained confidential data. |
|
5/4/2009 |
Heartland earns back spot
on PCI approved list |
Network World |
|
Heartland Payment Systems is back on Visa Inc.'s list of
compliant vendors. |
|
5/2/2009 |
LexisNexis warns 32,000
people about data breach |
Associated Press |
Amy
Westfeldt |
LexisNexis has notified tens of thousands that their
personal information was exposed in a database security
breach. |
|
4/29/2009 |
Likely cause of Ill. Data
breach pervasive |
Associated Press |
|
Officials at the Illinois Department on Aging say
"employee error" likely caused a breach of sensitive
information. |
|
4/28/2009 |
Identifying the source of
corporate threats |
NetworkWorld |
Davi Ottenheimer |
The Verizon Business RISK team recently released its
"2009 Data Breach Investigations Report," which gives a
fresh look into the question of whether insiders or
outsiders are the larger threat group. |
|
4/28/2009 |
Federal Reserve IT Analyst
Arrest Highlights Internal Threat |
Information Week |
George Hulme |
A
recent arrest stokes the debate that was rekindled with
the recent release ofVerizon
Business' 2009 Data Breach Investigations Report. |
|
4/28/2009 |
Mountain of private
information found in abandoned warehouse |
WWLTV News |
Bigad Shaban |
The confidential records of Orleans Parish public-school
employees have been discovered in an abandoned and
unsecured warehouse in New Orleans. |
|
4/27/2009 |
Data Security Breaches
Present Emerging Risks, Opportunities for Agents |
Insurance Journal |
Patricia-Ann Tom |
Data security represents both a new market opportunity
to sell insurance coverage and a new risk - especially
for independent insurance agencies that may not be
compliant with data security laws or have plans in place
to protect their own companies from data breaches. |
|
4/27/2009 |
Study: Many Employees
Undermine Data Breach Prevention Strategies |
Insurance Journal |
|
Many employees disable the encryption solutions on their
laptops, putting their employers at risk for data
breaches, according to a study by Absolute Software
Corp. and the Ponemon Institute. |
|
4/27/2009 |
The Real Costs Of Laptop
Loss |
Dark Reading |
John Sawyer |
Numbers like $49,346 as the averags cost of a lost
laptop is certainly enough to turn some managerial
heads. |
|
4/24/2009 |
Unencrypted laptop with 1
million SSNs stolen from state |
SC
Magazine |
Dan
Kaplan |
The sensitive personal information of more than a
million Oklahomans has been compromised |
|
4/24/2009 |
After mass security lapse,
RBS Worldpay gets IRS contract No bad deed goes
unrewarded |
The Register |
Dan
Goodin |
RBS Worldpay - the electronic payment processor that
admitted it exposed sensitive financial records for
millions of customers - has been awarded a contract by
the Internal Revenue Service to process tax return
payments next year. |
|
4/24/2009 |
Oklahomans Demand Better Identity Security Recent Breaches Raise
Concern Across State |
KOCO (Oklahoma City) |
|
Oklahomans are demanding action after two security
breaches in less than a month, both linked to state
agencies. |
|
4/24/2009 |
DHS alerts clients to
theft |
Tulsa World |
Althea Peterson |
The Oklahoma Department of Human Services sent letters
to clients in nearly half a million households this week
stating that their names and personal information might
have been stolen from a DHS employee's laptop computer. |
|
4/23/2009 |
SunTrust Banks Announce Security Breach |
WESH.com |
|
A
bank that serves Central Florida has become the victim
of a security breach, and its customers could be at
risk. |
|
4/22/2009 |
Typical lost or stolen
laptop costs companies nearly $50,000, study finds |
Mercury News |
Steve Johnson |
The results of an Intel-commissioned study on business
costs associated with lost or stolen laptops. |
|
4/22/2009 |
Employee info device
missing from FairPoint |
AP
via The Telegraph |
Clarke Canfield |
A
portable data storage device containing the personal
information of more than 4,000 employees of FairPoint
Communications Inc. has been reported missing. |
|
4/22/2009 |
Many Companies Don't
Report Data Breaches as a Risk Factor |
MX
Logic |
|
Thirty-eight percent of Fortune 500 companies fail to
report the threat of a data breach in the "risk factors"
section of their SEC 10-K filing, according to a recent
survey by international specialist insurer Hiscox. |
|
4/21/2009 |
Pentagon Fighter Jet Data
Breach Was Avoidable |
ChannelWeb |
Andrew Hickey |
The hack into the Pentagon's computer system that led to
the theft of information related to the $300 billion
Joint Strike Fighter project could have been prevented. |
|
4/21/2009 |
Fraud specialists want
more transparency on data breaches |
MX
Logic |
|
A
survey released ahead of this week's RSA Conference in
San Francisco shows that network security fraud
specialists want more transparency in reporting of data
breaches. |
|
4/21/2009 |
Affinion Security Center
Publishes Data Breach Response Guide |
PR
News Wire |
|
As
incidents of corporate data breaches continue to rise,
the rules and regulations requiring compliance for
breach notification and response from financial
institutions, creditors and many other businesses have
strengthened. |
|
4/20/2009 |
Crime rings behind 91% of
data theft: report |
Information Age |
JJ
Robinson |
Cybercrime rings are organised, sophisticated and highly
effective when it comes to data theft, reveals a new
report from frontline forensic investigators. |
|
4/20/2009 |
Proposed breach
notification rule would affect more health vendors |
Nextgov |
Bob
Brewin |
Rules proposed by the Federal Trade Commission on April
16 on disclosure of breaches of personal health
information would greatly expand the number of companies
that would be subject to notifying individuals if their
personal health data was exposed because records were
lost or stolen, or because a hacker broke into a
computer health network. |
|
4/20/2009 |
Five Ways To Survive a
Data Breach Investigation |
IT
World |
Bill Brenner |
Security experts say it all the time: If a company
thinks it has suffered a data security breach, the key
to getting at the truth unscathed is to have a response
plan in place for what needs to be done and who needs to
be in charge of certain tasks. |
|
4/20/2009 |
Study: Mistakes, Not
Insiders, to Blame for Most Breaches |
IT
World |
Joan Goodchild |
2008 was a banner year for security breaches, according
to new research from Verizon. |
|
4/17/2009 |
Data Breach Notification
Law Across the World from California to Australia |
DocuTicker |
|
Examining the specifics of data breach notification
frameworks in multiple jurisdictions. |
|
4/16/2009 |
Proposed rule would
require notice about breaches |
ModernHealtcare |
Joseph Conn |
The Federal Trade Commission, in compliance with the
American Recovery and Reinvestment Act of 2009, issued a
formal notice seeking public comment on a proposed rule
requiring vendors of personal health record systems and
related entities to provide notice to consumers in the
event of a security breach. |
|
4/16/2009 |
Verizon Breach Report
Challenges Conventional Wisdom |
Information Week |
Mike Fratto |
Verizon (NYSE: VZ) Business' most recent 2009 Data
Breach Investigations Report is a must-read report if
you're involved in IT. |
|
4/16/2009 |
FTC Issues Proposed PHR
Breach Rule |
Health Data Management |
Joseph Goedert |
The Federal Trade Commission has issued a proposed rule
that would require personal health records vendors and
related entities to notify consumers when their
identifiable health information has been breached. |
|
4/16/2009 |
Criminal gangs on the hunt
for weak business security |
IT
Pro |
Asavin Wattanajantra |
Organised criminals are trawling businesses looking for
weak defences ripe for an attempt at a data breach. |
|
4/15/2009 |
E-Mobsters Continue Brazen
Data Extortion |
eWeek |
Matthew Hines |
The Verizon Business Data Breach [report] that was
published today seems to have raised a few eyebrows. |
|
4/15/2009 |
More Data Breached In 2008
Than In Previous Four Years Combined |
Information Week |
Thomas Claburn |
The findings of the 2009 Verizon Business Data Breach
Investigations Report, which revealed that the number of
breached records in 2008--285 million--surpassed the
total number of records breached in the previous four
years combined. |
|
4/15/2009 |
Over 280
million records compromised last year Damning report
finds simple steps still being ignored |
VNUNet |
Phil Muncaster |
More than 280 million records were compromised in 2008,
according to a new Data Breach Investigations Report
from global comms and IT provider Verizon Business. |
|
4/14/2009 |
Five Ways to
Survive a Data Breach Investigation |
CIO |
Bill Brenner |
If
a company thinks it has suffered a data security breach,
the key to getting at the truth unscathed is to have a
response plan in place for what needs to be done and who
needs to be in charge of certain tasks. |
|
4/13/2009 |
Stolen laptop
has information on 14,000 Moses Cone patients |
Greensboro News Record |
Joe
Killian |
Personal information from more than 14,000 Moses Cone
Health System patients might have been compromised after
a laptop computer was stolen. |
|
4/9/2009 |
18,000 Nashville students'
personal data put online |
The Tennnessean |
Chris Echegaray |
The personal information of more than 18,000 Tennessee
students was inadvertently posted online and remained
there for three months. |
|
4/2/2009 |
Judge to decide if
Hannaford data breach should go to trial |
Portland Press Herald |
Trevor Maxwell |
A
federal judge will soon decide whether a case against
supermarket chain Hannaford Bros. will go forward. |
|
4/1/2009 |
Diary of a Data Breach
Investigation |
CSO Online |
Anonymous |
An
anonymous information security manager has shared the
diary entries he or she compiled during the
investigation of a potential data breach. |
|
3/26/2009 |
OWASP Security Spending
Benchmarks Project Report |
www.owasp.org |
|
A
survey of 50 companies reveals that firms that have
experienced a pubic data breach spend more on the
security aspect of application development than those
that have not. |
|
3/24/2009 |
Mass. General paperwork
for 66 patients lost on Red Line train |
Boston Globe |
Milton Valencia |
A
Massachusetts General Hospital employee left the
confidential personal and medical data of at least 66
patients on an MBTA train earlier this month. |
|
3/20/2009 |
Aussie stumbles on 19,000
exposed credit card numbers |
IT
News |
Ry
Cozier |
A
cache containing 22,000 payment card numbers, along with
names, addresses and expiry dates, has been discovered
on the Web. |
|
3/19/2009 |
VA's security lessons
learned |
Government Computer News |
William Jackson |
Speaking at an event in Washington recently, a risk
management official from the Department of Veterans
Affairs (VA) cautioned her federal colleagues to heed
the lessons of the VA's data breach experience. |
|
3/16/2009 |
Passwords of Comcast
Customers Exposed |
New York Times |
Brad Stone |
One of the nation's largest Internet service providers
has confirmed that the user names and passwords of 700
current customers were exposed on the Internet. |
|
3/12/2009 |
Beyond the Norm:
Coleman's data leak disaster |
InfoWorld |
Robert Cringley |
Robert Cringley unravels the events surrounding the
exposure of the personal information of tens of
thousands of supporters and donors to the Norm Coleman
campaign for re-election to the U.S. Senate. |
|
3/5/2009 |
NYPD Suffers Massive Data
Breach |
Security Management |
Matthew Harwood |
The New York Police Department is notifying nearly
80,000 police officers that their personal information
was stolen by one of their own. |
|
3/2/2009 |
Visa: New
payment-processor data breach not so new after all |
Computerworld |
Jaikumar Vijayan |
Last week's reports that another payment processor may
have experienced a data breach remain unfounded and in a
statement issued Friday, Visa said that new alerts
recently sent to banks and credit unions regarding a
compromise were part of efforts to clean up after an
already-known breach. |
|
3/2/2009 |
Banks, credit unions begin
to sue Heartland over data breach |
Computerworld |
Jaikumar Vijayan |
Eight of the 500 banks and credit unions affected by the
Heartland Payment Systems data breach have filed
lawsuits against the company. |
|
2/24/2009 |
Heartland Payment Systems
to vigorously defend breach claims, CEO says |
Search Financial Security |
Robert Westervelt |
In
a filing with the Securities and Exchange Commission,
Heartland Payment Systems' CEO Robert Carr said his
company will "vigorously defend" claims in several
class-action lawsuits that have been filed since the
company's January 20 announcement that its systems were
breached. |
|
2/23/2009 |
Starbucks sued after
laptop data breach |
Network World |
|
A
Starbucks employee on Thursday filed a class-action
lawsuit against the company for damages related to last
year's data breach that exposed the private information
of 97,000 employees. |
|
2/23/2009 |
Just weeks after Heartland
breach, another payment processor said to be hit |
Computerworld |
Jaikumar Vijayan |
Another payment processor has been rocked by a security
breach. Details are few and the affected company has not
been identified, but according to reports, attackers
breached a U.S.-based company, uncovering the account
numbers and expiration dates of payment cards used in
card-not-present transactions between February 2008 and
January 2009. |
|
2/20/2009 |
Personal data on
University of Florida system breached |
South Florida Sun Sentinel |
Robert Nolin |
The University of Florida is again notifying students,
former students, faculty and staff of a breach of its
computer system. |
|
2/16/2009 |
Thousands of Floridians
may have been affected by hotel data breach |
South Florida Sun Sentinel |
|
Florida's Attorney General Bill McCollum has warned
residents to watch their credit statements after
learning of a data breach at Wyndham Hotels & Resorts. |
|
2/16/2009 |
Government Hack Attacks
Prompt Scrutiny |
Wall Street Journal |
Marisa Taylor |
Authorities at the Los Alamos National Laboratory (LANL)
are investigating the theft of three computers and the
loss of a LANL BlackBerry device in a "sensitive foreign
country" since the beginning of the year. |
|
2/9/2009 |
FAA Notifies Employees of
Personal Identity Breach |
FAA |
Laura Brown |
The Federal Aviation Administration (FAA) has confirmed
that a breach has exposed the sensitive personal
information of tens of thousands of employees and
retirees. |
|
2/9/2009 |
Kaiser employee data
breached; ID theft reported |
Modern Healthcare |
Rebecca Vesely |
A
data breach affecting nearly 30,000 Northern California
employees of health insurer Kaiser Permanente has been
positively linked to a number of cases of identity
theft, according to police. |
|
2/9/2009 |
Geeks.com agrees to
security audits in wake of data breach |
Computerworld |
Grant Gross |
As
part of a settlement with the Federal Trade Commission,
Genica Corp., operators of computer and electronics
supply Web site Geeks.com, must submit to five
independent security audits over the next decade after
security failures resulted in a data breach last year. |
|
2/9/2009 |
Union:
Hacker broke into FAA computers |
MSNBC |
Joan Lowy |
Hackers broke into a Federal Aviation Administration
employee database accessing the personally identifiable
information of 45,000 employees and retirees. |
|
2/6/2009 |
Legislation aims at data
breach notification |
The Delaware County Daily Times |
Alex Rose |
Pennsylvania State Senator Dominic Pileggi has
introduced a bill that would require state agencies to
provide public notice of data breaches involving
personal information within one week of discovering the
incident. |
|
2/5/2009 |
Data Breach Led to
Multi-Milion Dollar ATM Heists |
Washington Post |
Brian Krebs |
Personal and financial data compromised as a result of a
data breach, disclosed in late December by Atlanta-based
RBS WorldPay, was used to swipe more than $9 million in
one day during a highly coordinated, global ATM heist. |
|
2/5/2009 |
Costs of a Data Breach:
Can You Afford $6.65 Million? |
Computerworld |
Larry Ponemon |
Privacy researcher Dr. Larry Ponemon, founder and
chairman of the Ponemon Institute, says that while the
Institute's recent findings show the financial impact of
data breaches on companies continues to rise, there is
ample evidence to suggest that steps can be taken to
minimize those costs. |
|
2/3/2009 |
Watch out!
Privacy litigation damages becoming more viable |
WTN News |
Mark Foley |
After years of unsuccessful attempts, developments in
two data breach-related lawsuits could set a precedent
that might put companies at risk of further legal
action. |
|
2/3/2009 |
Federal workers notified
after SRA virus breach |
IT
World |
Robert McMillan |
Government contractor SRA International is notifying
federal agencies' employees of a network breach that may
have exposed their personal information. |
|
2/2/2009 |
The Rising Price Of Data
Breaches |
Forbes |
Andy Greenberg |
A
report released today by the Ponemon Institute shows
that, increasingly, companies that experience a breach
of customer data are losing business. |
|
1/30/2009 |
Bank Of America To Pay
Connecticut for Countrywide Data Breach |
Hartford Courant |
Staff |
Bank of America will pay the State of Connecticut
$350,000 as part of a settlement on the Countrywide
Financial Corp. data breach that affected 30,000
Connecticut residents. |
|
1/28/2009 |
Data-theft victims in
Monster, Heartland cases may not be notified |
USA Today |
Byron Acohido |
Two companies reported major data breaches last week.
The number of consumers affected could top 100 million,
according to reports. |
|
1/28/2009 |
Heartland sued over data
breach |
cnet News |
Elinor Mills |
A
week to the day after Heartland Payment Systems
announced the data breach some are calling "the largest
ever," a lawsuit materialized. |
|
1/28/2009 |
VA agrees to pay $20
million in 2006 data breach |
The Boston Globe |
Hope Yen |
The Veterans Affairs Department yesterday settled a $20
million class-action lawsuit stemming from the
department's 2006 data breach that exposed the personal
information of up to 26.5 million veterans and
active-duty troops. |
|
1/26/2009 |
"Biggest Breach Ever," Now
What? |
Bank Technology News |
Rebecca Sausner |
Few new details have emerged surrounding the breach of
Heartland Payment Systems' internal system that exposed
a yet undisclosed number of consumers. |
|
1/26/2009 |
Heartland’s Carr Calls for
End-to-End Encryption To Stop Breaches |
Digital Transactions |
|
Heartland Payment Systems' CEO is calling for better
encryption and more industry cooperation to prevent
breaches like the one his company discovered last week. |
|
1/23/2009 |
Monster.com Reports Theft
of User Data |
PCWorld |
Nancy Gohring |
Certain personal information of job seekers has been
stolen from Monster.com's database. |
|
1/23/2009 |
MasterCard, Visa warn
security breach may compromise data |
USA Today |
Byron Acohido |
Visa and MasterCard are notifying member banks to
contact those whose card accounts may have been
compromised in the Heartland Payment Systems breach. |
|
1/22/2009 |
Heartland incident
provides opportunity to standardise data breach
notification laws |
SC
Magazine |
Dan
Raywood |
The Heartland Payment Systems data breach announced
earlier this week has some calling for legislative
improvements. |
|
1/21/2009 |
Students' information
leaked |
Springfield News-Leader |
Didi Tang |
Officials at Missouri State University are investigating
an incident that leaked the sensitive personal
information of hundreds of MSU students. |
|
1/20/2009 |
Card Data Breached, Firm
Says |
Wall Street Journal |
Ben
Worthen |
The personal information of as many as 100 million may
have been exposed in a breach at New Jersey-based
credit-card processor Heartland Payment Systems Inc. |
|
1/6/2009 |
Delaware Insurance
Commissioner fines Blue Cross $150,000 for privacy
violations |
IFAwebnews.com |
Keith L. Martin |
Delaware's insurance commissioner has fined BlueCross
BlueShield of Delaware $150,000 for violating two state
regulations. |
|
1/6/2009 |
Data Breaches Up Almost 50
Percent, Affecting Records of 35.7 Million People |
Washington Post |
Brian Krebs |
The number of data breaches reported in 2008 was nearly
double that of 2007. |
|
12/17/2008 |
NH Agency Breaches Client
Data |
WCAX.com |
|
The New Hampshire Department of Health and Human
Services inadvertently released the Social Security
numbers (SSNs) and other personal information of more
than 9,000 Medicare Part D recipients. |
|
12/15/2008 |
Mortgage Company Settled
Sata Security Charges |
Originator Times |
|
A
Texas-based mortgage company has agreed to the terms of
a Federal Trade Commission (FTC) settlement on charges
that the company failed to protect customer information. |
|
12/11/2008 |
How a CIO should deal with
the aftermath of a data breach |
CIO |
Andrew Donoghue |
In
the article "How a CIO should deal with the aftermath of
a data breach," CIO
provides an hour-by-hour, day-by-day framework for
managing the madness. |
|
12/4/2008 |
Glitch allowed online
access to private data Florida agency |
SunSentinel.com |
Tallahassee Bureau |
The names and Social Security numbers of 250,000
job-seekers in Florida were accidentally posted online
and remained there for 19 days. |
|
11/26/2008 |
CEOs should take the rap
for data losses |
vnunet.com |
Madeline Bennett |
A
vnunet.com
reader poll shows that many believe chief executive
officers should be held responsible for data breaches. |
|
11/25/2008 |
Mainframe Breach and Lens
Crafters Parent Hits 59K |
InternetNews |
Richard Adhikari |
A
hacker has the personal data of more than 59,000
Luxottica Group employees. |
|
11/24/2008 |
Missing laptop puts
Starbucks workers' data at risk |
seattlepi.com |
Dan
Richman |
Tens of thousands of Starbucks employees have been
notified that a company laptop containing their personal
information was stolen. |
|
11/24/2008 |
Senator probes privacy law
after Obama phone record breach |
cnet News |
Stephanie Condon |
Senator Patrick Leahy (D-VT) wants to know how many
actions the Justice Department has taken on violations
of the Telephone Records and Privacy Protection Act. |
|
11/22/2008 |
Snoopy Verizon Employees
Fired |
PC
World |
Peggy Watt |
Verizon has fired the employees who looked at
President-elect Barack Obama's cellphone account. |
|
11/21/2008 |
In Pictures:
The Year's Biggest Data Breaches |
Forbes.com |
Andy Greenberg |
Forbes.com provides a photographic
review of 2008's biggest data breaches in all economic
sectors. |
|
11/21/2008 |
Obama's Cellphone Account
Breached by Verizon Employees |
Wall Street Journal |
Amol Sharma |
Several Verizon Wireless employees improperly accessed
Barack Obama's personal cellphone account. |
|
11/12/2008 |
University of Florida
discloses patient-record data breach |
NetworkWorld |
Ellen Messmer |
The University of Florida College of Dentistry has
notified 330,000 patients about a security breach that
exposed their personal information. |
|
11/11/2008 |
How to stop the Grinch
from stealing your corporate data |
CNN Money |
Lisa Astor |
Gadgets may be great for gift-giving, but employers
trying to control their company's sensitive data may
need to step up precautions during this holiday season. |
|
11/11/2008 |
Express Scripts rReports
New Threats Tied to Data Security Breach |
Market Watch |
|
In
response to an extortion threat, Express Scripts is
offering a $1 million reward for information leading to
the arrest and conviction of the person or persons
responsible. |
|
11/6/2008 |
Express Scripts receives
extortion threat |
The Associated Press |
Matthew Perrone |
The FBI is investigating a threat to expose the personal
information of patients. |
|
11/4/2008 |
Remote Workers, Costly
Data Breach Notification, Being Too Nice at Work and
More |
CIO |
Steff Gelston |
CIO's "Trendline" highlights two
issues near and dear to the hearts of CPOs:
telecommuting data protection and data breach
notifications. |
|
11/4/2008 |
Baylor Health Care says
laptop with patient data stolen |
The Dallas Morning News |
Jason Roberson |
A
Baylor Health Care System employee was fired for
breaking company protocol by leaving a company laptop in
her unattended vehicle. |
|
11/3/2008 |
State Department, VA
disclose two new data breaches |
ComputerWorld |
Jaikumar Vijayan |
The personal information of 1,600 Portland, Oregon
Veterans Affairs (VA) medical center patients was
accidentally posted onto a public Web site. |
|
10/31/2008 |
A Huge Cache of Stolen
Financial Data |
New York Times |
John Markoff |
The RSA FraudAction Research Lab last week announced its
discovery of a digital cache containing a vast amount of
financial information. |
|
10/20/2008 |
Web Exclusive:
RSA president Art Coviello speaks to SC |
SC
Magazine |
Andrew Donoghue |
In
advance of the RSA Conference in London next week,
SC Magazine
sat down with RSA president and vice president of EMC
Art Coviello. |
|
10/20/2008 |
Web Exclusive:
RSA president Art Coviello speaks to SC |
SC
Magazine |
Andrew Donoghue |
In
advance of the RSA Conference in London next week,
SC Magazine
sat down with RSA president and vice president of EMC
Art Coviello. |
|
10/12/2008 |
World Bank denies report
of massive data breaches |
Network World |
Tim
Greene |
World Bank Group (WBG) officials say that a
Fox News
report of massive data security breaches affecting
sensitive data is misleading. |
|
10/12/2008 |
World Bank denies report
of massive data breaches |
Network World |
Tim
Greene |
World Bank Group (WBG) officials say that a
Fox News
report of massive data security breaches affecting
sensitive data is misleading. |
|
10/8/2008 |
Colorado state Web site
dishes out SSNs of CEOs, other top execs |
Computerworld |
Jaikumar Vijayan |
The personal data--including Social Security numbers,
dates of birth and home addresses--of executives from
some of the nation's largest companies are posted on the
Colorado Secretary of State's Web site |
|
10/8/2008 |
Colorado state Web site
dishes out SSNs of CEOs, other top execs |
Computerworld |
Jaikumar Vijayan |
The personal data--including Social Security numbers,
dates of birth and home addresses--of executives from
some of the nation's largest companies are posted on the
Colorado Secretary of State's Web site |
|
10/1/2008 |
Verizon breach study
identifies industry specific threats |
SearchSecurity.com |
Robert Westervelt |
In
a supplement to its June data breach investigation
report, Verizon Business has released information on
industry-specific threats in the financial services,
high-tech services, retail and food and beverage
sectors. |
|
10/1/2008 |
New York state mishandles
Social Security numbers |
Democrat and Chronicle |
Jay
Gallagher |
Applicants for New York unemployment-insurance payments
may have been surprised to receive the personal
information of other applicants on one side of a
two-sided form mailed out by state officials. |
|
10/1/2008 |
Hackers hit Uindy
computers; personal data of 11,000 compromised |
The Indianapolis Star |
Erika D. Smith |
The personal information of 11,000 people affiliated
with the University of Indianapolis has been exposed. |
|
10/1/2008 |
Verizon breach study
identifies industry specific threats |
SearchSecurity.com |
Robert Westervelt |
In
a supplement to its June data breach investigation
report, Verizon Business has released information on
industry-specific threats in the financial services,
high-tech services, retail and food and beverage
sectors. |
|
10/1/2008 |
New York state mishandles
Social Security numbers |
Democrat and Chronicle |
Jay
Gallagher |
Applicants for New York unemployment-insurance payments
may have been surprised to receive the personal
information of other applicants on one side of a
two-sided form mailed out by state officials. |
|
10/1/2008 |
Hackers hit Uindy
computers; personal data of 11,000 compromised |
The Indianapolis Star |
Erika D. Smith |
The personal information of 11,000 people affiliated
with the University of Indianapolis has been exposed. |
|
9/18/2008 |
Surviving an FTC
Investigation After a Data Breach |
New York Law Journal |
Lisa Sotto & Aaron Simpson |
Notification requirements and the resulting widespread
publicity after a data breach incident has, over the
past few years, seen regulators paying more attention to
companies' privacy and information security practices. |
|
9/17/2008 |
Who's Most Aware of
Corporate Fraud and Security Vulnerabilities? |
CIO |
Thomas Wailgum |
The results of a recent Kroll Global Fraud report show
that 72 percent of senior executives feel their
companies are highly or moderately vulnerable to
information theft, loss or attack. |
|
9/15/2008 |
Lost Computer Exposes Data
of 22,000 at Intuit |
Dark Reading |
Tim
Wilson |
Last week, 22,000 current and former employees of Intuit
were notified that their personal data--including names,
addresses, birth dates and Social Security numbers--were
lost in the incident that has, so far, affected at least
75,000 people whose firms outsourced their HR operations
to Colt Express. |
|
9/12/2008 |
Forever 21 Provides Notice
to Customers Regarding Security Breach Incident |
Wall Street Journal |
Forever 21 Inc. |
Clothing retailer Forever 21 has posted on its Web site
a notice regarding security breach incidents involving
its customers. |
|
9/10/2008 |
Mortgage firm Countrywide,
in response to alleged data breach, offers free credit
monitoring |
Los Angeles Times |
E.
Scott Reckard |
Countrywide Financial Corp. will pay for two years of
credit monitoring for loan applicants whose sensitive
personal information was allegedly sold by a Countrywide
employee. |
|
9/9/2008 |
530M records exposed, and
counting |
Computerworld |
Jay
Cline |
If
you took the numbers of people living in the U.S.,
Canada, Mexico, Central America and the Caribbean and
combined them, you still wouldn't have arrived at the
number of data breaches that have occurred in the past
eight years. |
|
9/9/2008 |
Why all the data breaches?
Businesses just don't care |
Wall Street Journal |
Ben
Worthen |
A
leading security expert questions business's willingness
to address information security. |
|
9/8/2008 |
Data Breaches Spark Hard
Drive Shredding Boom |
CSO |
Bill Brenner |
Those in the business of data destruction have seen a
surge in demand for their services as data breaches have
become more regular occurrences |
|
8/24/2008 |
Personal data breaches
this year surpass 2007 total |
Los Angeles Times |
Joseph Menn |
The nonprofit Identity Theft Resource Center (ITRC)
revealed that, so far this year, there have been 447
personal data loss events in the U.S. |
|
8/7/2008 |
State investigates after
breach of Granholm's medical records |
mlive.com |
Associated Press |
Employees at Lansing's Sparrow Hospital were found to be
in violation of hospital policy for viewing, or trying
to view, Michigan governor Jennifer Granholm's medical
records. |
|
8/5/2008 |
Missing SFO Laptop Found |
The Daily Journal |
Bay
City News Service |
The stolen laptop containing unencrypted personal
information for 33,000 travelers who applied for the
Transportation Security Administration's (TSA)
Registered Travel program has been located. |
|
8/5/2008 |
11 charged in connection
with credit card fraud |
The Associated Press |
ANNE D'INNOCENZIO |
Eleven people have been charged in connection with the
TJX data breach that exposed the card numbers of about
100 million |
|
8/5/2008 |
Missing Laptop Keeps Firm
From Registering New Fliers |
The Washington Post |
Joseph Galante |
The personal information of travelers who had applied to
enroll in the Transportation Security Administration's
(TSA) "Registered Travel" program may have been exposed
when a laptop containing the information was stolen late
last month. |
|
8/1/2008 |
Anheuser-Busch says data loss affects employees |
The Associated Press |
Emily Fredrix |
The recent theft of laptops from Anheuser-Busch
headquarters in St. Louis has potentially exposed the
personal information of citizens in four states. |
|
7/30/2008 |
Data Breach Fallout:
Do CISOs Need Legal Protection? |
CSO Magazine |
Bill Brenner |
Who takes the fall at your organization when a data
breach occurs? The chief information security officer?
Chief privacy officer? In a CSO
Security and Risk newsletter
article, one security contractor and advisor says those
who will take the heat should take steps to protect
themselves. |
|
7/29/2008 |
Private medical data
exposed, raising ID theft risk |
ajc.com |
Andy Miller |
A
mix-up at Blue Cross Blue Shield of Georgia resulted in
the mailing of 202,000 explanation-of-benefits (EOB)
letters to the wrong addresses. |
|
7/25/2008 |
Personal data put online
in error |
The Columbus Dispatch |
Misti Crane |
The Columbus Dispatch
reports that a clerical error resulted in the posting of
personal information of persons associated with Ohio
University's Centers for Osteopathic Research and
Education (CORE). |
|
7/25/2008 |
Anatomy of a Data Breach |
CIO |
Ryan Sherstobitoff |
Ryan Sherstobitoff says that in order for corporations
to survive long term, they must implement measures to
protect against data breaches this year. |
|
7/18/2008 |
UMD Releases Students'
Social Security Numbers |
ABC News |
|
Officials at the University of Maryland have apologized
to 23,000 students for mailing a parking brochure with
their Social Security numbers printed on the address
label. The brochures were sent through U.S. Postal
Service third-class mail on July 1. |
|
7/17/2008 |
2008 Data Breach Count is
69% greater than 2007 |
Identity Theft Daily |
Staff Writer |
The Identity Theft Resource Center (ITRC) released
comparison data showing the number of data breaches so
far in 2008 is 69 percent greater than the same time
period in 2007. Between January 1 and June 27 of this
year, the ITRC has recorded 342 breaches. |
|
7/17/2008 |
Bristol-Myers:
Tape with workers' personal data was stolen |
cnn.com |
Peter Loftus |
Drug maker Bristol-Myers Squibb Co has acknowledged the
theft of a backup computer data tape containing employee
information, reports Dow Jones Newswire. The tape was
stolen during transport from a storage facility on June
4. |
|
7/14/2008 |
Metro releases employees'
Social Security Numbers |
Forbes.com |
Associated Press |
The Social Security numbers (SSNs) of thousands of
former and current employees of Washington DC's Metro
transit system were exposed in a data breach. The SSN
data of 4,675 was accidentally posted to the Metro's Web
site between June 9 and June 25 when the agency was
soliciting for worker's compensation and risk management
providers. |
|
7/11/2008 |
Student ID breach embroils
thousands |
The Tennessean |
Maria Giordano |
Personally identifiable information (PII) for as many as
17,000 Williamson County, Tennessee students and faculty
were posted to a Web site where the information may have
been freely available for nearly one year before being
discovered. |
|
7/11/2008 |
State agency acts to shield employees from ID theft |
Sacramento Bee |
Andrew McIntosh |
Officials at the California Department of Consumer
Affairs say reparations for last month's security breach
could cost taxpayers as much as $122,000. The department
is providing identity theft protection services to more
than 5,000 employees whose names and Social Security
numbers were compromised when an employee downloaded a
roster containing the information and forwarded the file
to her personal e-mail account. |
|
7/11/2008 |
Student ID breach embroils
thousands |
The Tennessean |
Maria Giordano |
Personally identifiable information (PII) for as many as
17,000 Williamson County, Tennessee students and faculty
were posted to a Web site where the information may have
been freely available for nearly one year before being
discovered. |
|
7/10/2008 |
How Ready Is Your Company
to Respond to a Data Breach? |
Law.com |
Harry Valetk |
Harry Valetk writes that gaining an understanding of
applicable laws and having a response strategy in
advance will help an organization react effectively to
satisfy both the law and customer expectations. What's
more, preventative measures implemented and consistently
maintained can help avoid the situation in the first
place. |
|
7/10/2008 |
How Ready Is Your Company
to Respond to a Data Breach? |
Law.com |
Harry Valetk |
Harry Valetk writes that gaining an understanding of
applicable laws and having a response strategy in
advance will help an organization react effectively to
satisfy both the law and customer expectations. What's
more, preventative measures implemented and consistently
maintained can help avoid the situation in the first
place. |
|
7/8/2008 |
Justice Breyer among
victims in data breach |
Washington Post |
Brian Krebs |
Supreme Court Justice Stephen Breyer is among the nearly
2,000 victims of a data breach resulting from the use of
peer-to-peer file sharing by an employee of an
investment firm used by the judge. |
|
7/8/2008 |
Justice Breyer among
victims in data breach |
Washington Post |
Brian Krebs |
Supreme Court Justice Stephen Breyer is among the nearly
2,000 victims of a data breach resulting from the use of
peer-to-peer file sharing by an employee of an
investment firm used by the judge. |
|
7/4/2008 |
Celebrity Passport Records
Popular |
Washington Post |
Glenn Kessler |
A
State Department audit has revealed that government
workers snooped inside the electronic passport records
of celebrities. Athletes, entertainers and other
notorious Americans were among those whose records were
breached. |
|
7/4/2008 |
Celebrity Passport Records
Popular |
Washington Post |
Glenn Kessler |
A
State Department audit has revealed that government
workers snooped inside the electronic passport records
of celebrities. Athletes, entertainers and other
notorious Americans were among those whose records were
breached. |
|
6/30/2008 |
Hannaford Data Breach
Fallout Continues |
seacoastonline.com |
Shir Haberman |
After the recent discovery of illegal activity on its
"Debit Card portfolio" as a result of the Hannaford
Bros. data breach earlier this year, Ocean National Bank
is re-issuing cards to about 7,000 customers. |
|
6/30/2008 |
Data Breach Reports Up 69
Percent in 2008 |
Washington Post |
Brian Krebs |
Reports of data breaches are on the increase compared to
2007 figures, reports The Washington
Post. The Identity Theft
Resource Center (ITRC) analyzed 342 data breach reports
between January 1 and June 27 of this year, finding a 69
percent increase in the number of breaches reported
compared to the same time frame in 2007. |
|
6/30/2008 |
Hannaford Data Breach
Fallout Continues |
seacoastonline.com |
Shir Haberman |
After the recent discovery of illegal activity on its
"Debit Card portfolio" as a result of the Hannaford
Bros. data breach earlier this year, Ocean National Bank
is re-issuing cards to about 7,000 customers. |
|
6/30/2008 |
Data Breach Reports Up 69
Percent in 2008 |
Washington Post |
Brian Krebs |
Reports of data breaches are on the increase compared to
2007 figures, reports The Washington
Post. The Identity Theft
Resource Center (ITRC) analyzed 342 data breach reports
between January 1 and June 27 of this year, finding a 69
percent increase in the number of breaches reported
compared to the same time frame in 2007. |
|
6/27/2008 |
Montgomery Ward Fails to
Alert Victims of Breach |
SC
Magazine |
Chuck Miller |
A
December breach involving the credit card numbers of
51,000 Montgomery Ward customers has just now come to
light. |
|
6/27/2008 |
Montgomery Ward Fails to
Alert Victims of Breach |
SC
Magazine |
Chuck Miller |
A
December breach involving the credit card numbers of
51,000 Montgomery Ward customers has just now come to
light. |
|
6/26/2008 |
Consumers punish
organizations that expose their data, but can be
mollified |
InternetRetailer.com |
|
More than half of the data breach victims questioned in
a recent Javelin Research survey reported decreased
confidence in the organization that lost their data,
says an Internet Retailer
report. And 30 percent said they would never again do
business with the company. |
|
6/26/2008 |
Consumers punish
organizations that expose their data, but can be
mollified |
InternetRetailer.com |
|
More than half of the data breach victims questioned in
a recent Javelin Research survey reported decreased
confidence in the organization that lost their data,
says an Internet Retailer
report. And 30 percent said they would never again do
business with the company. |
|
6/23/2008 |
CNET Employees Notified
After Data Breach |
PC
World |
Robert MacMillan |
A
burglary at Colt Express Outsourcing Services has left
the personal information of 6,500 CNET Networks
employees exposed. |
|
6/23/2008 |
Security breach
compromises 5,000 Social Security Numbers at Consumer
Affairs |
Capitol Weekly |
Malcom Maclachlan |
The names and Social Security numbers of 5,000 people
associated with the California Department of Consumer
Affairs (DCA) have been exposed by a security breach. |
|
6/23/2008 |
CNET Employees Notified
After Data Breach |
PC
World |
Robert MacMillan |
A
burglary at Colt Express Outsourcing Services has left
the personal information of 6,500 CNET Networks
employees exposed. |
|
6/23/2008 |
Security breach
compromises 5,000 Social Security Numbers at Consumer
Affairs |
Capitol Weekly |
Malcom Maclachlan |
The names and Social Security numbers of 5,000 people
associated with the California Department of Consumer
Affairs (DCA) have been exposed by a security breach. |
|
6/18/2008 |
TD Ameritrade close to
settling data theft lawsuit |
New York Times |
Associated Press |
The Associated Press reports that, in a proposed
settlement, Ameritrade Holding Corp. will pay nearly
$1.9 million to plaintiffs affected by the company's
September 2007 data breach that exposed the personal
information of more than six million people. |
|
6/18/2008 |
TD Ameritrade close to
settling data theft lawsuit |
New York Times |
Associated Press |
The Associated Press reports that, in a proposed
settlement, Ameritrade Holding Corp. will pay nearly
$1.9 million to plaintiffs affected by the company's
September 2007 data breach that exposed the personal
information of more than six million people. |
|
6/11/2008 |
Data breaches made
possible by incompetence, carelessness |
Information Week |
Thomas Claburn |
Incompetence and carelessness were cited as the greatest
threats to business information in a Verizon Business
Security survey released yesterday. Over a period of
four years, Verizon Business studied more than 500
forensic data breach investigations, finding that nine
out of 10 corporate data breaches could have been
prevented had reasonable security measures been in
place. |
|
6/11/2008 |
Data breaches made
possible by incompetence, carelessness |
Information Week |
Thomas Claburn |
Incompetence and carelessness were cited as the greatest
threats to business information in a Verizon Business
Security survey released yesterday. Over a period of
four years, Verizon Business studied more than 500
forensic data breach investigations, finding that nine
out of 10 corporate data breaches could have been
prevented had reasonable security measures been in
place. |
|
6/8/2008 |
Stanford employees' data
on stolen laptop |
San Francisco Chronicle |
Ilana DeBare |
Stanford University has notified tens of thousands of
current and former employees that their personal
information was on the hard drive of a stolen university
laptop. |
|
6/8/2008 |
Stanford employees' data
on stolen laptop |
San Francisco Chronicle |
Ilana DeBare |
Stanford University has notified tens of thousands of
current and former employees that their personal
information was on the hard drive of a stolen university
laptop. |
|
5/31/2008 |
Walter Reed says patient
data may be compromised |
Associated Press |
Jennifer Kerr |
A
computer file containing sensitive information on about
1,000 patients of Walter Reed Army Medical Center and
other military hospitals was found on a "non-government,
non-secure computer network." |
|
5/31/2008 |
Walter Reed says patient
data may be compromised |
Associated Press |
Jennifer Kerr |
A
computer file containing sensitive information on about
1,000 patients of Walter Reed Army Medical Center and
other military hospitals was found on a "non-government,
non-secure computer network." |
|
5/28/2008 |
Q & A with IAPP Practical
Privacy Series Speakers |
IAPP |
Agnes Bundy Scanlan |
Incidents of lost personal data make the news on a
weekly basis and, as we read in yesterday's
Daily Dashboard,
we do not hear about many of the breaches that occur due
to retailers' reluctance to tell. |
|
5/28/2008 |
Q & A with IAPP Practical
Privacy Series Speakers |
IAPP |
Agnes Bundy Scanlan |
Incidents of lost personal data make the news on a
weekly basis and, as we read in yesterday's
Daily Dashboard,
we do not hear about many of the breaches that occur due
to retailers' reluctance to tell. |
|
5/25/2008 |
Retailers Keep Silent
About Data Security Breaches |
Computerworld UK |
Robert MacMillan |
Even while credit card companies predict that fraud
rates will double by 2010, retailers seem loathe to
admit to security breaches when they occur |
|
5/25/2008 |
Retailers Keep Silent
About Data Security Breaches |
Computerworld UK |
Robert MacMillan |
Even while credit card companies predict that fraud
rates will double by 2010, retailers seem loathe to
admit to security breaches when they occur |
|
5/21/2008 |
Data breach at New York
bank possibly affecting hundreds of thousands of CT
consumers |
StamfordPlus.com |
Attorney General's Office |
The personal information, including Social Security
numbers and bank account information, of 4.5 million
customers and investors is missing and the Connecticut
Attorney General wants The Bank of New York to boost
measures to protect customers from identity theft. |
|
5/21/2008 |
Data breach at New York
bank possibly affecting hundreds of thousands of CT
consumers |
StamfordPlus.com |
Attorney General's Office |
The personal information, including Social Security
numbers and bank account information, of 4.5 million
customers and investors is missing and the Connecticut
Attorney General wants The Bank of New York to boost
measures to protect customers from identity theft. |
|
5/20/2008 |
UF Warns Patients of
Security Breach |
Jacksonville Business Journal |
|
The University of Florida (UF) privacy office this week
mailed letters to about 1,900 patients to notify them
that their health information may have been breached. |
|
5/20/2008 |
UF Warns Patients of
Security Breach |
Jacksonville Business Journal |
|
The University of Florida (UF) privacy office this week
mailed letters to about 1,900 patients to notify them
that their health information may have been breached. |
|
5/14/2008 |
Preparation key to
Managing Data Breaches |
eweek.com |
Darryl Taft |
At
the IntrusionWorld Conference and Expo in Baltimore
earlier this week, two chief privacy officers
enlightened attendees to the importance of preventing
data breaches. |
|
5/14/2008 |
Preparation key to
Managing Data Breaches |
eweek.com |
Darryl Taft |
At
the IntrusionWorld Conference and Expo in Baltimore
earlier this week, two chief privacy officers
enlightened attendees to the importance of preventing
data breaches. |
|
5/13/2008 |
Details of six million
Chileans posted online |
vnunet.com |
Ian
Williams |
A
hacker allegedly trying to make a point about poor data
security stole the personal information of about six
million Chilean residents from government and military
servers and posted it on a technology blog. |
|
5/13/2008 |
Details of six million
Chileans posted online |
vnunet.com |
Ian
Williams |
A
hacker allegedly trying to make a point about poor data
security stole the personal information of about six
million Chilean residents from government and military
servers and posted it on a technology blog. |
|
5/2/2008 |
6,000 UCSF patients' data
got put online |
San Francisco Chronicle |
Elizabeth Fernandez |
The San Francisco Chronicle reports
that personally-identifiable information for more than
6,000 patients of the University of California San
Francisco Medical Center was left exposed online for
more than three months. |
|
5/2/2008 |
6,000 UCSF patients' data
got put online |
San Francisco Chronicle |
Elizabeth Fernandez |
The San Francisco Chronicle reports
that personally-identifiable information for more than
6,000 patients of the University of California San
Francisco Medical Center was left exposed online for
more than three months. |
|
5/1/2008 |
Federal Breach
Notification stuck in Congress |
searchcio-midmarket.com |
Zach Church |
Hope is quickly fading for federal adoption of a data
breach notification bill that would pre-empt state law
and create a single, simpler standard for data breach
response, according to SearchCIO-Midmarket.com. Nine
bills are hung up in Congressional committee, six of
which would have the effect of setting a unified
standard for businesses. |
|
5/1/2008 |
Federal Breach
Notification stuck in Congress |
searchcio-midmarket.com |
Zach Church |
Hope is quickly fading for federal adoption of a data
breach notification bill that would pre-empt state law
and create a single, simpler standard for data breach
response, according to SearchCIO-Midmarket.com. Nine
bills are hung up in Congressional committee, six of
which would have the effect of setting a unified
standard for businesses. |
|
4/29/2008 |
Mortgage Broker Sues
Lenders in Privacy Breach |
Washington Post.com |
Ellen Nakashima |
Following a privacy breach that exposed the personal
information of an undisclosed number of individuals,
online mortgage broker LendingTree has filed suit
against five home loan lenders and two former company
executives. |
|
4/29/2008 |
Mortgage Broker Sues
Lenders in Privacy Breach |
Washington Post.com |
Ellen Nakashima |
Following a privacy breach that exposed the personal
information of an undisclosed number of individuals,
online mortgage broker LendingTree has filed suit
against five home loan lenders and two former company
executives. |
|
4/25/2008 |
How to Respond to a Data
Breach |
Wall Street Journal |
Ben
Worthen |
According to Wall Street Journal
business technology blogger Ben Worthen, the University
of Miami's response to a recent data breach could serve
as a model for organizations that have experienced
similar breaches. |
|
4/25/2008 |
How to Respond to a Data
Breach |
Wall Street Journal |
Ben
Worthen |
According to Wall Street Journal
business technology blogger Ben Worthen, the University
of Miami's response to a recent data breach could serve
as a model for organizations that have experienced
similar breaches. |
|
4/23/2008 |
Stung by hackers, grocer
encrypts customer data |
Boston Globe |
Todd Wallack |
In
the wake of a data breach that affected more than four
million of its customers, grocer Hannaford Bros. has
invested millions of dollars to upgrade its security,
including encrypting all transactional data. |
|
4/23/2008 |
Stung by hackers, grocer
encrypts customer data |
Boston Globe |
Todd Wallack |
In
the wake of a data breach that affected more than four
million of its customers, grocer Hannaford Bros. has
invested millions of dollars to upgrade its security,
including encrypting all transactional data. |
|
4/22/2008 |
LendingTree discloses
insider data breach |
Info World |
Ellen Messmer |
Online mortgage lead generation service LendingTree
disclosed this week that a number of former employees
used their old passwords to give mortgage brokers
unauthorized access to subscribers' personal records. |
|
4/22/2008 |
Pre-emptive strategy best
approach to breach notification |
Midmarket CIO News |
Zach Church |
Security breaches happen, and an organization's response
to a breach is the crucial first step in recovery. |
|
4/22/2008 |
LendingTree discloses
insider data breach |
Info World |
Ellen Messmer |
Online mortgage lead generation service LendingTree
disclosed this week that a number of former employees
used their old passwords to give mortgage brokers
unauthorized access to subscribers' personal records. |
|
4/22/2008 |
Pre-emptive strategy best
approach to breach notification |
Midmarket CIO News |
Zach Church |
Security breaches happen, and an organization's response
to a breach is the crucial first step in recovery. |
|
4/16/2008 |
Good News:
After Breach, Consumers Vote With Their Feet |
Information Week |
George Hulme |
George Hulme reports in his recent Security Weblog entry
for InformationWeek
that, according to a new Ponemon Institute survey,
nearly a third of consumers who receive a breach
notification letter will terminate their relationship
with the offending vendor, while another 57 percent said
the letter caused them to lose confidence in the
company. |
|
4/16/2008 |
Good News:
After Breach, Consumers Vote With Their Feet |
Information Week |
George Hulme |
George Hulme reports in his recent Security Weblog entry
for InformationWeek
that, according to a new Ponemon Institute survey,
nearly a third of consumers who receive a breach
notification letter will terminate their relationship
with the offending vendor, while another 57 percent said
the letter caused them to lose confidence in the
company. |
|
4/10/2008 |
Stolen NIH Laptop Held
Social Security Numbers |
The Washington Post |
Rick Weiss & Ellen Nakashima |
The NIH is sending letters to more than 1,200
participants of a National Health Institutes study whose
Social Security numbers were exposed when an unencrypted
laptop computer was stolen from an employee's vehicle
last month. |
|
4/10/2008 |
Stolen NIH Laptop Held
Social Security Numbers |
The Washington Post |
Rick Weiss & Ellen Nakashima |
The NIH is sending letters to more than 1,200
participants of a National Health Institutes study whose
Social Security numbers were exposed when an unencrypted
laptop computer was stolen from an employee's vehicle
last month. |
|
4/8/2008 |
Insurance records of
71,000 Ga. Families made public |
Atlanta Journal Constitution |
Bill Hendrick |
The health insurance information of 71,000 Georgia
families enrolled in insurance programs for the poor was
left exposed on the Internet for a number of days, and
may have been viewed by unauthorized parties. |
|
4/8/2008 |
Latest Laptop Loss At
Pfizer Renews Worries |
theday.com |
Lee
Howard |
Pharmaceutical firm Pfizer disclosed that a
password-protected laptop computer stolen from a
contractor in February contained personally-identifiable
information for about 800 employees. |
|
4/8/2008 |
Insurance records of
71,000 Ga. Families made public |
Atlanta Journal Constitution |
Bill Hendrick |
The health insurance information of 71,000 Georgia
families enrolled in insurance programs for the poor was
left exposed on the Internet for a number of days, and
may have been viewed by unauthorized parties. |
|
4/8/2008 |
Latest Laptop Loss At
Pfizer Renews Worries |
theday.com |
Lee
Howard |
Pharmaceutical firm Pfizer disclosed that a
password-protected laptop computer stolen from a
contractor in February contained personally-identifiable
information for about 800 employees. |
|
4/2/2008 |
Vermont ski area reports
hannaford-like theft of payment card data |
ComputerWorld |
Jaikumar Vijayan |
A
breach at Vermont's Okemo Mountain Resort exposed the
data from 46,000 credit and debit cards in February. |
|
4/2/2008 |
TJX settles with
MasterCard over data breach |
The Boston Globe |
Ross Kerber |
Pending final acceptance by the banks involved, TJX Cos.
has reached an agreement with MasterCard Inc. to cover
up to $24 million in fraud losses associated with the
data breach disclosed last year that affected 100
million cardholders. If accepted, the issuing banks
forgo any litigation associated with the losses. |
|
4/2/2008 |
Vermont ski area reports
hannaford-like theft of payment card data |
ComputerWorld |
Jaikumar Vijayan |
A
breach at Vermont's Okemo Mountain Resort exposed the
data from 46,000 credit and debit cards in February. |
|
4/2/2008 |
TJX settles with
MasterCard over data breach |
The Boston Globe |
Ross Kerber |
Pending final acceptance by the banks involved, TJX Cos.
has reached an agreement with MasterCard Inc. to cover
up to $24 million in fraud losses associated with the
data breach disclosed last year that affected 100
million cardholders. If accepted, the issuing banks
forgo any litigation associated with the losses. |
|
4/1/2008 |
Hannaford Data Breach
Blamed on Malware |
Information Week |
Thomas Claburn |
The data breach that exposed the credit and debit card
information of 4.2 Hannaford Bros. supermarket customers
earlier this month appears to have resulted from
malicious software. |
|
4/1/2008 |
Hannaford Data Breach
Blamed on Malware |
Information Week |
Thomas Claburn |
The data breach that exposed the credit and debit card
information of 4.2 Hannaford Bros. supermarket customers
earlier this month appears to have resulted from
malicious software. |
|
3/25/2008 |
Another Data Security
Breach |
Baltimore Sun |
Jonathan D. Rockoff |
A
laptop containing medical test results for 2,500
patients was stolen from the car trunk of a National
Institutes of Health (NIH) employee, exposing the names,
birth dates and unencrypted test results of participants
in a heart imaging study. |
|
3/25/2008 |
Another Data Security
Breach |
Baltimore Sun |
Jonathan D. Rockoff |
A
laptop containing medical test results for 2,500
patients was stolen from the car trunk of a National
Institutes of Health (NIH) employee, exposing the names,
birth dates and unencrypted test results of participants
in a heart imaging study. |
|
3/21/2008 |
Passport files of 3
Candidates were improperly viewed |
New York Times |
Helene Cooper & Michael Grynbaum |
What began as an inquiry into three separate data
breaches of Barack Obama's passport file, has turned
into a widespread investigation at the State Department,
involving information on Hillary Rodham Clinton and John
McCain, as well. |
|
3/21/2008 |
Passport files of 3
Candidates were improperly viewed |
New York Times |
Helene Cooper & Michael Grynbaum |
What began as an inquiry into three separate data
breaches of Barack Obama's passport file, has turned
into a widespread investigation at the State Department,
involving information on Hillary Rodham Clinton and John
McCain, as well. |
|
3/18/2008 |
Experts try to make sense
of Hannaford data breach |
SC
Magazine |
Dan
Kaplan |
Little new information has emerged since Hannaford Bros.
supermarket chain yesterday confirmed that 4.2 million
credit and debit cards were stolen from the company's
system during the checkout authorization process between
December and March, but some experts are speculating on
the cause. |
|
3/18/2008 |
Experts try to make sense
of Hannaford data breach |
SC
Magazine |
Dan
Kaplan |
Little new information has emerged since Hannaford Bros.
supermarket chain yesterday confirmed that 4.2 million
credit and debit cards were stolen from the company's
system during the checkout authorization process between
December and March, but some experts are speculating on
the cause. |
|
3/12/2008 |
Bearer of Bad News |
Government Executive |
Andrew Noyes |
The Department of Veterans Affairs data breach of 2006
that resulted in the personally-identifiable information
of more than 26 million U.S. veterans, and the VA's
response to that event, was a case study in how
government agencies should not respond to a breach
event. |
|
3/12/2008 |
Bearer of Bad News |
Government Executive |
Andrew Noyes |
The Department of Veterans Affairs data breach of 2006
that resulted in the personally-identifiable information
of more than 26 million U.S. veterans, and the VA's
response to that event, was a case study in how
government agencies should not respond to a breach
event. |
|
3/11/2008 |
Oklahoma County Clerk's
records reveal social security numbers |
Tulsa Today |
Mike McCarville |
Residents of Oklahoma County, Oklahoma learned recently
that a Web site maintained by County Clerk Carolynn
Caudill has left their Social Security numbers exposed
to anyone who cares to take a look. |
|
3/11/2008 |
Oklahoma County Clerk's
records reveal social security numbers |
Tulsa Today |
Mike McCarville |
Residents of Oklahoma County, Oklahoma learned recently
that a Web site maintained by County Clerk Carolynn
Caudill has left their Social Security numbers exposed
to anyone who cares to take a look. |
|
3/7/2008 |
Bankrupt lenders throwing
away your privacy |
MSNBC |
Alex Johnson |
As
more and more mortgage companies go out of business as a
result of the sub-prime lending crisis, a disturbing
trend has been uncovered in dumpsters and trash bins
near to the defunct lenders. |
|
3/6/2008 |
When does a privacy breach
cause harm? |
ComputerWorld |
Jay
Cline |
To
date, U.S. courts have stopped short at putting a price
on the non-monetary harms that result from privacy
breaches, such as those affecting a consumer's dignity.
That may change, writes Jay Cline for
Computerworld,
as other nations working to develop breach standards
begin defining thresholds for privacy harm that include
these seemingly less tangible injuries. |
|
3/6/2008 |
Data-leak security proves
to be too hard to use |
InfoWorld |
Matt Hines |
While most companies would acknowledge that "data leaks"
are a persistently troublesome challenge to maintaining
data integrity, those that have invested in data leak
prevention (DLP) products to plug their holes have found
them to be somewhat effective, though very difficult to
use. |
|
3/3/2008 |
Missing laptop, data could
affect Q-C Oscar Mayer employees |
Quad City Times |
Doug Schoropp |
A
Kraft Foods laptop computer recently stolen from an
employee contained personally identifiable information
for as many as 20,000 of the company's employees,
including 1,700 workers at a Davenport Oscar Mayer
plant. |
|
3/3/2008 |
TJX customers to claim
eligibility for breach settlement |
SC
Magazine |
Dan
Kaplan |
TJX Companies, operators of discount retail chains TJ
Maxx, Marshall's and Home Goods, has begun sending
notices to customers with instructions for obtaining
$30-$80 vouchers as part of a settlement stemming from a
data breach in which the personal information of between
45 and 100 million consumers was exposed. |
|
2/21/2008 |
Experts Offer Advice To
Recipients Of Breach Notices |
CSO Magazine |
Kathleen Carr |
Companies experiencing a data breach lack little in
terms of guidance for taking their next steps, but what
of the consumer who gets a breach notice letter in the
mail? |
|
2/21/2008 |
Experts Offer Advice To
Recipients Of Breach Notices |
CSO Magazine |
Kathleen Carr |
Companies experiencing a data breach lack little in
terms of guidance for taking their next steps, but what
of the consumer who gets a breach notice letter in the
mail? |
|
2/20/2008 |
South African Data
Protection Law Delayed |
ITWeb |
Leon Engelbrecht |
South African tech portal ITWeb.com
reports that a pending data protection law has been held
up in process and is not expected to be enacted before
2009. The South African Law Reform Commission is working
on the Protection of Personal Information Bill, which is
intended to help protect people from abuse of their
personally identifiable information by holding
individuals and organizations criminally responsible for
failing to adequately protect information, and requiring
notice if a breach occurs. |
|
2/20/2008 |
South African Data
Protection Law Delayed |
ITWeb |
Leon Engelbrecht |
South African tech portal ITWeb.com
reports that a pending data protection law has been held
up in process and is not expected to be enacted before
2009. The South African Law Reform Commission is working
on the Protection of Personal Information Bill, which is
intended to help protect people from abuse of their
personally identifiable information by holding
individuals and organizations criminally responsible for
failing to adequately protect information, and requiring
notice if a breach occurs. |
|
2/14/2008 |
HP, Journalists Settle
Pretexting Suit |
E
Commerce Times |
Katherine Noyes |
A
group of four journalists, including
BusinessWeek's Peter Burrows,
Ben Elgin and Roger Crockett, and
The New York Times' John
Markoff, have settled spying claims against tech concern
HP stemming from the company's 2006 investigation into
the source of high-level information leaks. |
|
2/14/2008 |
HP, Journalists Settle
Pretexting Suit |
E
Commerce Times |
Katherine Noyes |
A
group of four journalists, including
BusinessWeek's Peter Burrows,
Ben Elgin and Roger Crockett, and
The New York Times' John
Markoff, have settled spying claims against tech concern
HP stemming from the company's 2006 investigation into
the source of high-level information leaks. |
|
2/8/2008 |
Montana Financial Firm
Hacked, SSNs Stolen |
Great Falls Tribune |
Erin Madison |
Computer Systems belonging to a local finaicial firm, DA
Davidson Co. was recently hacked, putting the personal
and financial information of 226,000 account holders at
risk. |
|
2/8/2008 |
Montana Financial Firm
Hacked, SSNs Stolen |
Great Falls Tribune |
Erin Madison |
Computer Systems belonging to a local finaicial firm, DA
Davidson Co. was recently hacked, putting the personal
and financial information of 226,000 account holders at
risk. |
|
2/7/2008 |
One Breach, Two Letters |
CSO Magazine |
Scott Berinato |
When Monster.com suffered a data breach last year, the
victims were not just users of the well-known online job
search service. |
|
2/7/2008 |
One Breach, Two Letters |
CSO Magazine |
Scott Berinato |
When Monster.com suffered a data breach last year, the
victims were not just users of the well-known online job
search service. |
|
2/4/2008 |
California Lawmaker Wants
To Toughen Breach Law |
Info World |
Victor R. Garza |
State Senator Joe Simitian has drafted two new bills
designed to stiffen California's data breach law,
including one that would outline new guidelines for
breach notice requirements and that would require
consumer notification letters to be brief and clearly
understood. |
|
2/4/2008 |
California Lawmaker Wants
To Toughen Breach Law |
Info World |
Victor R. Garza |
State Senator Joe Simitian has drafted two new bills
designed to stiffen California's data breach law,
including one that would outline new guidelines for
breach notice requirements and that would require
consumer notification letters to be brief and clearly
understood. |
|
2/1/2008 |
Massachusetts Adopts Data
Breach Law |
Boston Herald |
Maria Recalde |
Massachusetts has joined the list of states that have
adopted data breach notification laws. The law affects
any person or commercial or public entity that handles
the personal information of Bay State residents. |
|
2/1/2008 |
Massachusetts Adopts Data
Breach Law |
Boston Herald |
Maria Recalde |
Massachusetts has joined the list of states that have
adopted data breach notification laws. The law affects
any person or commercial or public entity that handles
the personal information of Bay State residents. |
|
1/31/2008 |
New Jersey Wants
Investigation After Blue Cross Breach |
The Star Ledger |
Ted
Sherman |
State legislators have called for a formal inquiry into
a data breach at Horizon Blue Cross in which the
personal information of 300,000 individuals was
compromised. |
|
1/31/2008 |
New Jersey Wants
Investigation After Blue Cross Breach |
The Star Ledger |
Ted
Sherman |
State legislators have called for a formal inquiry into
a data breach at Horizon Blue Cross in which the
personal information of 300,000 individuals was
compromised. |
|
1/29/2008 |
Georgetown University
Reports Data Breach |
The Hoya |
Michele Hong |
Georgetown University reported that an external hard
drive containing the personally identifiable information
of 38,000 students, alumni and faculty was stolen from
the Office of Student Affairs earlier this month. |
|
1/29/2008 |
Georgetown University
Reports Data Breach |
The Hoya |
Michele Hong |
Georgetown University reported that an external hard
drive containing the personally identifiable information
of 38,000 students, alumni and faculty was stolen from
the Office of Student Affairs earlier this month. |
|
1/25/2008 |
13 Breaches And Counting In Higher Education |
Campus Technology |
David Nagel |
As
of January 25, 13 colleges and universities had reported
data breaches affecting students, alumni and employees.
Insider data thefts at Baylor University compromised
email accounts, while at Central Piedmont Community
College a student employee was arrested for embezzlement
and ID theft after accessing records through her job. |
|
1/25/2008 |
Penn State Laptop with
Alumni PII Stolen |
The Daily Collegian |
Lauren Boyer |
A
university laptop containing archived information and
social security numbers for 677 students attending Penn
State between 1999 and 2004 was recently stolen from a
faculty member while traveling earlier this month. |
|
1/25/2008 |
Stolen HMO Laptop
Contained PII |
Telegram & Gazette |
Bob
Kievra |
A
stolen laptop computer belonging to Massachusetts-based
Fallon Community Health Plan (FCHP) contained the
personally identifiable information of as many as 30,000
of the HMO's subscribers. |
|
1/25/2008 |
13 Breaches And Counting In Higher Education |
Campus Technology |
David Nagel |
As
of January 25, 13 colleges and universities had reported
data breaches affecting students, alumni and employees.
Insider data thefts at Baylor University compromised
email accounts, while at Central Piedmont Community
College a student employee was arrested for embezzlement
and ID theft after accessing records through her job. |
|
1/25/2008 |
Penn State Laptop with
Alumni PII Stolen |
The Daily Collegian |
Lauren Boyer |
A
university laptop containing archived information and
social security numbers for 677 students attending Penn
State between 1999 and 2004 was recently stolen from a
faculty member while traveling earlier this month. |
|
1/25/2008 |
Stolen HMO Laptop
Contained PII |
Telegram & Gazette |
Bob
Kievra |
A
stolen laptop computer belonging to Massachusetts-based
Fallon Community Health Plan (FCHP) contained the
personally identifiable information of as many as 30,000
of the HMO's subscribers. |
|
1/24/2008 |
California Expands Breach
Notice |
Mondaq |
Jacqueline Klosek |
Goodwin Proctor lawyers and IAPP members Deborah
Birnbach, Agnes Bundy Scanlan and Jacqueline Klosek
offer their perspective on the scope and impact of
California's expanded data notification law. AB 1298,
which went into effect on January 1, extends data breach
notification requirements to medical and health
insurance information, while also clarifying the
"security freeze" portion of SB 1386. |
|
1/24/2008 |
California Expands Breach
Notice |
Mondaq |
Jacqueline Klosek |
Goodwin Proctor lawyers and IAPP members Deborah
Birnbach, Agnes Bundy Scanlan and Jacqueline Klosek
offer their perspective on the scope and impact of
California's expanded data notification law. AB 1298,
which went into effect on January 1, extends data breach
notification requirements to medical and health
insurance information, while also clarifying the
"security freeze" portion of SB 1386. |
|
1/22/2008 |
Ministry Of Defence Admits
More Lost Laptops |
Guardian Unlimited |
Richard Norton-Taylor |
The Ministry of Defence investigates the theft of a
laptop computer containing personal information on more
than 600,000 potential armed forces recruits. |
|
1/22/2008 |
Ministry Of Defence Admits
More Lost Laptops |
Guardian Unlimited |
Richard Norton-Taylor |
The Ministry of Defence investigates the theft of a
laptop computer containing personal information on more
than 600,000 potential armed forces recruits. |
|
1/20/2008 |
Feds Blame KC Officials
For IRS Tape Loss |
Associated Press |
Associated Press |
Twenty-six IRS data tapes containing tax information on
Kansas City, Missouri residents were lost due to the
negligence of city officials, according to federal
investigators. |
|
1/20/2008 |
Feds Blame KC Officials
For IRS Tape Loss |
Associated Press |
Associated Press |
Twenty-six IRS data tapes containing tax information on
Kansas City, Missouri residents were lost due to the
negligence of city officials, according to federal
investigators. |
|
1/16/2008 |
Carphone Warehouse In Fix
After Breach |
Silicon.com |
Nick Heath |
British mobile phone retailer Carphone Warehouse and
sister company TalkTalk have been ordered to bring data
privacy and security practices in line with the
Information Commissioner's Office demands, or face
"unlimited fines" following the recent discovery of a
data breach that has put the personal information of
thousands of customers at risk. |
|
1/16/2008 |
Carphone Warehouse In Fix
After Breach |
Silicon.com |
Nick Heath |
British mobile phone retailer Carphone Warehouse and
sister company TalkTalk have been ordered to bring data
privacy and security practices in line with the
Information Commissioner's Office demands, or face
"unlimited fines" following the recent discovery of a
data breach that has put the personal information of
thousands of customers at risk. |
|
1/7/2008 |
Class Action Against Sears
"Ridiculous" |
Information Week |
Andrew Conry-Murray |
InformationWeek security blogger
Andrew Conry-Murray says the class action lawsuit filed
last week against retailer Sears, Roebuck & Co. for a
security flaw that exposed consumer purchase and
warranty information via its now defunct
managemyhome.com Web site is "ridiculous." |
|
1/7/2008 |
Class Action Against Sears
"Ridiculous" |
Information Week |
Andrew Conry-Murray |
InformationWeek security blogger
Andrew Conry-Murray says the class action lawsuit filed
last week against retailer Sears, Roebuck & Co. for a
security flaw that exposed consumer purchase and
warranty information via its now defunct
managemyhome.com Web site is "ridiculous." |
|
1/7/2008 |
Price of data theft
response: Milions |
Portland Press Herald |
Edward D. Murphy |
A
report from the Maine Bureau of Financial Information
shows that the TJX and Hannaford data breaches resulted
in millions of dollars in costs to state banks and
credit unions. |
|
1/4/2008 |
Calif. Law Requires
Notification Of Data Breaches Involving Medical Records |
San Francisco Chronicle |
Deborah Gage |
California's first-in-the-nation security breach
notification law -- which took effect on July 1, 2003 --
has been expanded to include notification of residents
when their electronic medical information or health
information is compromised. |
|
1/4/2008 |
Security breach could
derail NHS database plan |
CBR |
Staff Writer |
A
Department of Health security breach that has affected
medical records belonging to 168,000 patients. |
|
1/4/2008 |
Calif. Law Requires
Notification Of Data Breaches Involving Medical Records |
San Francisco Chronicle |
Deborah Gage |
California's first-in-the-nation security breach
notification law -- which took effect on July 1, 2003 --
has been expanded to include notification of residents
when their electronic medical information or health
information is compromised. |
|
1/4/2008 |
Security breach could
derail NHS database plan |
CBR |
Staff Writer |
A
Department of Health security breach that has affected
medical records belonging to 168,000 patients. |
|
12/31/2007 |
Breach Disclosure Laws
Shed Light On Inventory Of Lost Records In 2007 |
Security Focus |
Robert Lemos |
Two organizations, Attrition.org and the Identity Theft
Resource Center, have tracked the number of lost records
in 2007. |
|
12/31/2007 |
Breach Disclosure Laws
Shed Light On Inventory Of Lost Records In 2007 |
Security Focus |
Robert Lemos |
Two organizations, Attrition.org and the Identity Theft
Resource Center, have tracked the number of lost records
in 2007. |
|
12/25/2007 |
TJX Creates New Privacy
Roles In Wake Of Breach |
The Boston Globe |
Ross Kerber |
A
year after TJX Cos. revealed a computer intrusion that
led to the theft of at least 46.5 million customer
records, the company is moving to beef up its privacy
efforts by naming a chief privacy officer (CPO) and
hiring a privacy director. |
|
12/25/2007 |
TJX Creates New Privacy
Roles In Wake Of Breach |
The Boston Globe |
Ross Kerber |
A
year after TJX Cos. revealed a computer intrusion that
led to the theft of at least 46.5 million customer
records, the company is moving to beef up its privacy
efforts by naming a chief privacy officer (CPO) and
hiring a privacy director. |
|
12/21/2007 |
Consumers Remain Loyal To
TJX Despite Breach |
Boston Globe |
Ross Kerber |
This article explores the customer loyalty that TJX
enjoys despite its costly and vast security breach
ramifications. |
|
12/21/2007 |
Consumers Remain Loyal To
TJX Despite Breach |
Boston Globe |
Ross Kerber |
This article explores the customer loyalty that TJX
enjoys despite its costly and vast security breach
ramifications. |
|
12/19/2007 |
Investigation Under Way
After Medical Records Found In Trash Bin |
Norwich Evening News |
|
A
Bowthorpe woman discovered hospital records containing
confidential data on about 30 patients at the Norfolk
and Norwich University Hospital in a trash bin including
patients' names, their hospital numbers, past medical
history, and other personal details. |
|
12/19/2007 |
Details Of TJX Settlement
Not Disclosed |
The Boston Globe |
Ross Kerber |
TJX Cos. has reached a settlement with banks in New
England over credit card security practices that led to
a security breach that jeopardized as many as 100
million accounts. |
|
12/19/2007 |
Investigation Under Way
After Medical Records Found In Trash Bin |
Norwich Evening News |
|
A
Bowthorpe woman discovered hospital records containing
confidential data on about 30 patients at the Norfolk
and Norwich University Hospital in a trash bin including
patients' names, their hospital numbers, past medical
history, and other personal details. |
|
12/19/2007 |
Details Of TJX Settlement
Not Disclosed |
The Boston Globe |
Ross Kerber |
TJX Cos. has reached a settlement with banks in New
England over credit card security practices that led to
a security breach that jeopardized as many as 100
million accounts. |
|
12/18/2007 |
Records Missing For More
Than 3 Million British Learner Drivers |
The Times Online |
Philip Webster |
The government has acknowledged that the driving test
records from September 2004 through April 2007 are
missing from a facility in Iowa City, Iowa. |
|
12/18/2007 |
Ministers Mull Plans To
Create Criminal Penalties For Egregious Data Protection
Breaches |
The Times |
Greg Hurst |
Ministers are reviewing proposals that would impose
criminal penalties - including jail - for civil servants
who fail to protect citizens' personal information in
the wake of a government data breach that has exposed
the child benefit records of 25 million people. |
|
12/18/2007 |
Records Missing For More
Than 3 Million British Learner Drivers |
The Times Online |
Philip Webster |
The government has acknowledged that the driving test
records from September 2004 through April 2007 are
missing from a facility in Iowa City, Iowa. |
|
12/18/2007 |
Ministers Mull Plans To
Create Criminal Penalties For Egregious Data Protection
Breaches |
The Times |
Greg Hurst |
Ministers are reviewing proposals that would impose
criminal penalties - including jail - for civil servants
who fail to protect citizens' personal information in
the wake of a government data breach that has exposed
the child benefit records of 25 million people. |
|
12/17/2007 |
Web Server Glitch Exposes
Personal Data On Canada Post Site |
The Globe and Mail |
Kenyon Wallace |
A
Vancouver small business owner searched his company's
name and discovered a link that contained his username
and password for Canada Post's Sell Online Web site. The
glitch exposed names, addresses and shipping
information, including the potential to access credit
card numbers associated with the accounts. |
|
12/17/2007 |
Government Notifies More
Than 8 Million People About Missing Pension Records |
International Herald Tribune |
Associated Press |
The government is seeking to recover from a security
breach that has shaken the public's confidence in the
country's ability to take care of its elderly. |
|
12/17/2007 |
Deloitte & Touche, Ponemon
Institute Release Breach Survey Results |
Network World |
Ellen Messmer |
The Enterprise at Risk: 2007 Privacy
and Data Protection Survey
reveals that 66 percent of 827 security and privacy
professionals in North America say they know of six to
20 privacy incidents in their organizations in 2007 that
involved the exposure or mishandling of sensitive
personally identifiable information. |
|
12/17/2007 |
Computerworld's Q&A With
Art Coviello |
Computer World |
Siobahn Chapman |
What companies need to do in the face of increasingly
sophisticated cybercrime attacks and escalating security
breaches. |
|
12/17/2007 |
Web Server Glitch Exposes
Personal Data On Canada Post Site |
The Globe and Mail |
Kenyon Wallace |
A
Vancouver small business owner searched his company's
name and discovered a link that contained his username
and password for Canada Post's Sell Online Web site. The
glitch exposed names, addresses and shipping
information, including the potential to access credit
card numbers associated with the accounts. |
|
12/17/2007 |
Government Notifies More
Than 8 Million People About Missing Pension Records |
International Herald Tribune |
Associated Press |
The government is seeking to recover from a security
breach that has shaken the public's confidence in the
country's ability to take care of its elderly. |
|
12/17/2007 |
Deloitte & Touche, Ponemon
Institute Release Breach Survey Results |
Network World |
Ellen Messmer |
The Enterprise at Risk: 2007 Privacy
and Data Protection Survey
reveals that 66 percent of 827 security and privacy
professionals in North America say they know of six to
20 privacy incidents in their organizations in 2007 that
involved the exposure or mishandling of sensitive
personally identifiable information. |
|
12/17/2007 |
Computerworld's Q&A With
Art Coviello |
Computer World |
Siobahn Chapman |
What companies need to do in the face of increasingly
sophisticated cybercrime attacks and escalating security
breaches. |
|
12/14/2007 |
HMRC: One Of The Biggest
Stories Of 2007 |
silicon.com |
Gemma Simpson |
The HMRC security breach that jeopardized the personal
information of 25 million child benefit recipients as
one of the biggest stories of 2007. |
|
12/14/2007 |
HMRC: One Of The Biggest
Stories Of 2007 |
silicon.com |
Gemma Simpson |
The HMRC security breach that jeopardized the personal
information of 25 million child benefit recipients as
one of the biggest stories of 2007. |
|
12/12/2007 |
Bank Attorney: TJX Knew Of
Computer Intrusion Two Months Earlier Than Reported |
The Boston Globe |
Ross Kerber |
An
attorney for AmeriFirst Bank of Alabama, which is suing
TJX in federal court, said yesterday that the retailer
knew about its system intrusion two months before it
said it learned of the breach in December 2006 |
|
12/12/2007 |
Data On Northern Ireland
Motorists Missing |
Precision Marketing |
Gemma Hummerston |
Two unencrypted computer discs containing the names and
addresses of 7,685 Northern Ireland motorists are
missing. |
|
12/12/2007 |
Bank Attorney: TJX Knew Of
Computer Intrusion Two Months Earlier Than Reported |
The Boston Globe |
Ross Kerber |
An
attorney for AmeriFirst Bank of Alabama, which is suing
TJX in federal court, said yesterday that the retailer
knew about its system intrusion two months before it
said it learned of the breach in December 2006 |
|
12/12/2007 |
Data On Northern Ireland
Motorists Missing |
Precision Marketing |
Gemma Hummerston |
Two unencrypted computer discs containing the names and
addresses of 7,685 Northern Ireland motorists are
missing. |
|
12/11/2007 |
B.C. commissioner
investigating breach of privacy |
The Vancouver Sun |
|
David Loukidelis made public today in a news release
that his office is investigating the B.C. Ministry of
Health over a breach of privacy involving the loss of
unencrypted magnetic tapes containing the personal
information of over 100 B.C. residents. |
|
12/11/2007 |
B.C. commissioner
investigating breach of privacy |
The Vancouver Sun |
|
David Loukidelis made public today in a news release
that his office is investigating the B.C. Ministry of
Health over a breach of privacy involving the loss of
unencrypted magnetic tapes containing the personal
information of over 100 B.C. residents. |
|
12/10/2007 |
USA TODAY: Records
Compromised In Breaches More Than Triples In 2007 |
USA Today |
Byron Acohido |
An
analysis of security breaches in 2007 reveals that more
than 162 million records have been reported lost or
stolen in 2007. |
|
12/10/2007 |
USA TODAY: Records
Compromised In Breaches More Than Triples In 2007 |
USA Today |
Byron Acohido |
An
analysis of security breaches in 2007 reveals that more
than 162 million records have been reported lost or
stolen in 2007. |
|
12/6/2007 |
DVLA Sends Confidential
Documents To Wrong Drivers |
BBC News |
|
The Driver and Vehicle Licensing Agency sent about 100
questionnaires containing birth dates and motor vehicle
driving records to the wrong people. |
|
12/6/2007 |
Opinion: A Look At Two
Responses To Privacy Problems |
Information Week |
John Soat |
A
look at two different approaches to privacy PR
challenges: the Facebook Beacon controversy and the TJX
security breach. |
|
12/6/2007 |
Official: Just Over
$100,000 To Remove Confidential Data From HMRC Records |
Computer World |
Tash Shifrin |
The acting chair of HM Revenue and Customs told MPs on
the Commons Treasury committee that it would have cost
$102,000 to remove confidential data from the records of
25 million child benefit recipients. |
|
12/6/2007 |
DVLA Sends Confidential
Documents To Wrong Drivers |
BBC News |
|
The Driver and Vehicle Licensing Agency sent about 100
questionnaires containing birth dates and motor vehicle
driving records to the wrong people. |
|
12/6/2007 |
Opinion: A Look At Two
Responses To Privacy Problems |
Information Week |
John Soat |
A
look at two different approaches to privacy PR
challenges: the Facebook Beacon controversy and the TJX
security breach. |
|
12/6/2007 |
Official: Just Over
$100,000 To Remove Confidential Data From HMRC Records |
Computer World |
Tash
Shifrin |
The acting chair of HM Revenue and Customs told MPs on
the Commons Treasury committee that it would have cost
$102,000 to remove confidential data from the records of
25 million child benefit recipients. |
|
12/5/2007 |
European Commission plans
security breach notification law |
Out-Law News |
|
The European Commission wants laws to be passed across
Europe that would force telecoms companies to tell
customers when personal data security has been breached. |
|
12/5/2007 |
How TJX Became a Lesson In
Proper Security |
internetnews.com |
Andy Patrizio |
The TJX
security breach is threatening to rank as one of the
most expensive lessons in corporate data security
policies. |
|
12/5/2007 |
IPL fixes Web glitch
exposing customers' personal info |
Indianapolis Star |
Tom
Spalding |
Indianapolis Power & Light said it has fixed a security
glitch that potentially exposed compromising personal
information of some of its customers. |
|
12/5/2007 |
Duke Law School Reports
Web Site Breach |
The News & Observer |
|
Duke Law School has notified about 1,400 people whose
Social Security numbers were stored on a school Web site
that was compromised during an electronic attack. |
|
12/5/2007 |
European Commission plans
security breach notification law |
Out-Law News |
|
The European Commission wants laws to be passed across
Europe that would force telecoms companies to tell
customers when personal data security has been breached. |
|
12/5/2007 |
How TJX Became a Lesson In
Proper Security |
internetnews.com |
Andy Patrizio |
The TJX
security breach is threatening to rank as one of the
most expensive lessons in corporate data security
policies. |
|
12/5/2007 |
IPL fixes Web glitch
exposing customers' personal info |
Indianapolis Star |
Tom
Spalding |
Indianapolis Power & Light said it has fixed a security
glitch that potentially exposed compromising personal
information of some of its customers. |
|
12/5/2007 |
Duke Law School Reports
Web Site Breach |
The News & Observer |
|
Duke Law School has notified about 1,400 people whose
Social Security numbers were stored on a school Web site
that was compromised during an electronic attack. |
|
12/4/2007 |
Opinion: TJX 'Weathering
The Storm' |
The Boston Globe |
Steven Syre |
Steven Syre looks at the financial impact of the TJX
breach, concluding that despite ongoing legal challenges
and "more checks to write," it is "weathering the storm
remarkably well." In the aftermath of the breach. |
|
12/4/2007 |
Amendment To SB-1386 Takes
Effect Jan. 1 |
Mondaq |
Andrew B. Serwin |
Lawmakers in California have approved legislation,
signed recently by Gov. Arnold Schwarzenegger, which
would amend the state's first-in-the-nation security
breach notification law. |
|
12/4/2007 |
Breach at Passport Canada
Web site closed, says Bernier |
National Post |
Andrew Mayeda |
A
"serious" privacy breach at Passport Canada's website
had been fixed. |
|
12/4/2007 |
Passport Canada Shuts Down
Web Site After Breach Complaint |
The Globe and Mail |
Kenyon Wallace |
A
passport applicant has notified Passport Canada that its
Web site was allowing access to applicants' personal
information, including social insurance numbers, birth
dates and driver's license numbers. |
|
12/4/2007 |
Opinion: TJX 'Weathering
The Storm' |
The Boston Globe |
Steven Syre |
Steven Syre looks at the financial impact of the TJX
breach, concluding that despite ongoing legal challenges
and "more checks to write," it is "weathering the storm
remarkably well." In the aftermath of the breach. |
|
12/4/2007 |
Amendment To SB-1386 Takes
Effect Jan. 1 |
Mondaq |
Andrew B. Serwin |
Lawmakers in California have approved legislation,
signed recently by Gov. Arnold Schwarzenegger, which
would amend the state's first-in-the-nation security
breach notification law. |
|
12/4/2007 |
Breach at Passport Canada
Web site closed, says Bernier |
National Post |
Andrew Mayeda |
A
"serious" privacy breach at Passport Canada's website
had been fixed. |
|
12/4/2007 |
Passport Canada Shuts Down
Web Site After Breach Complaint |
The Globe and Mail |
Kenyon Wallace |
A
passport applicant has notified Passport Canada that its
Web site was allowing access to applicants' personal
information, including social insurance numbers, birth
dates and driver's license numbers. |
|
12/3/2007 |
Opinion: It's Not All
About The Money |
it-director.com |
Nigel Stanley |
Nigel Stanley, Practice Leader, IT Security, Bloor
Research, highlights the Ponemon Institute's research
that indicates an escalating price tag for security
breaches. |
|
12/3/2007 |
ICO Plans Probe Of Sites
That Illegally Sell Britons' Bank Data |
Times Online |
Alexi Mostrous and Dominic Kennedy |
The Times was able to download
banking information belonging to 32 customers, including
a High Court deputy judge. The newspaper obtained
account numbers, PINs and security codes for free from
illegal sites that offer more information for a fee. |
|
12/3/2007 |
Opinion: It's Not All
About The Money |
it-director.com |
Nigel Stanley |
Nigel Stanley, Practice Leader, IT Security, Bloor
Research, highlights the Ponemon Institute's research
that indicates an escalating price tag for security
breaches. |
|
12/3/2007 |
ICO Plans Probe Of Sites
That Illegally Sell Britons' Bank Data |
Times Online |
Alexi Mostrous and Dominic Kennedy |
The Times was able to download
banking information belonging to 32 customers, including
a High Court deputy judge. The newspaper obtained
account numbers, PINs and security codes for free from
illegal sites that offer more information for a fee. |
|
12/1/2007 |
New Study Recommends
Reforms for Security Breach Notification Laws |
Berkeley Law Study |
|
A
Samuelson Law, Technology & Public Policy Clinic study
of chief security officers finds that security breach
notification laws have had profound effects on practices
within companies. The study found that breach
notification laws drive information exchange among
organizations, and within organizations themselves. |
|
12/1/2007 |
New Study Recommends
Reforms for Security Breach Notification Laws |
Berkeley Law Study |
|
A
Samuelson Law, Technology & Public Policy Clinic study
of chief security officers finds that security breach
notification laws have had profound effects on practices
within companies. The study found that breach
notification laws drive information exchange among
organizations, and within organizations themselves. |
|
11/30/2007 |
TJX Cos. Scores Legal
Victory |
The Boston Globe |
Ross Kerber |
A
U.S. District Court judge has ruled that banks seeking
breach-related damages from TJX Cos. may not bring a
class action against the retailer |
|
11/30/2007 |
TJX Cos. Scores Legal
Victory |
The Boston Globe |
Ross Kerber |
A
U.S. District Court judge has ruled that banks seeking
breach-related damages from TJX Cos. may not bring a
class action against the retailer |
|
11/29/2007 |
FBI Investigates Data
Theft From Nonprofits |
Computer World |
Greg Keizer |
Hackers have made off with passwords and email addresses
from nearly 100 nonprofit organizations. The information
was lifted from a Web-based email marketing and online
fundraising service used by nonprofits, associations,
colleges and universities. |
|
11/29/2007 |
FBI Investigates Data
Theft From Nonprofits |
Computer World |
Greg Keizer |
Hackers have made off with passwords and email addresses
from nearly 100 nonprofit organizations. The information
was lifted from a Web-based email marketing and online
fundraising service used by nonprofits, associations,
colleges and universities. |
|
11/28/2007 |
Survey Indicates Security
Breach Costs Spike 30 Percent |
Baseline |
Deborah Gage |
The price tag for recovering from a security breach
averages $6.3 million, which is a 31 percent increase
since 2006 and almost 90 percent more since 2005,
according to the Ponemon Institute. The Ponemon
Institute study found that two-thirds of a company's
overall costs are devoted to recovering business that is
lost in the breach's aftermath. |
|
11/28/2007 |
Survey Indicates Security
Breach Costs Spike 30 Percent |
Baseline |
Deborah Gage |
The price tag for recovering from a security breach
averages $6.3 million, which is a 31 percent increase
since 2006 and almost 90 percent more since 2005,
according to the Ponemon Institute. The Ponemon
Institute study found that two-thirds of a company's
overall costs are devoted to recovering business that is
lost in the breach's aftermath. |
|
11/25/2007 |
60 Minutes Explores The
Security Vulnerabilities In Retail |
CBS News |
|
View this 60 Minutes video clip from its segment,
"Hi-Tech Heist," reported by Correspondent Lesley Stahl.
Stahl looks at the TJX security breach, which features
Canada's Privacy Commissioner Jennifer Stoddart, whose
investigation into the breach determined that the
discount retailer "collected too much personal
information," then kept it too long and "didn't keep it
according to appropriate security standards." |
|
11/25/2007 |
60 Minutes Explores The
Security Vulnerabilities In Retail |
CBS News |
|
View this 60 Minutes video clip from its segment,
"Hi-Tech Heist," reported by Correspondent Lesley Stahl.
Stahl looks at the TJX security breach, which features
Canada's Privacy Commissioner Jennifer Stoddart, whose
investigation into the breach determined that the
discount retailer "collected too much personal
information," then kept it too long and "didn't keep it
according to appropriate security standards." |
|
11/24/2007 |
Ohio Bank Fined Twice For
Role In Separate Retail Breaches |
The Boston Globe |
Ross Kerber |
Fifth Third Bancorp. of Ohio -- which recently faced an
$880,000 fine for its role in the TJX security breach --
previously paid fines and compensation totaling $1.4
million related to the loss of customer data from BJ's
Wholesale Club Inc. |
|
11/24/2007 |
Ohio Bank Fined Twice For
Role In Separate Retail Breaches |
The Boston Globe |
Ross Kerber |
Fifth Third Bancorp. of Ohio -- which recently faced an
$880,000 fine for its role in the TJX security breach --
previously paid fines and compensation totaling $1.4
million related to the loss of customer data from BJ's
Wholesale Club Inc. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
The Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
|
11/16/2007 |
Latest VA Breach Roils
Ranking GOP Member Of The House Veterans Affairs
Committee |
The Indianapolis Star |
Vic
Ryckaert |
The revelation that three computers have been stolen
from a VA hospital in Indianapolis is leading to
criticism from U.S. Rep. Steve Buyer, a Monticello
Republican, who is the ranking GOP member of the House
Veterans Affairs Committee. The theft is under
investigation by the Department of Veterans Affairs
Office of the Inspector General, the FBI, as well as
local and state police. |
|
11/15/2007 |
Computers Containing
Personal Data Stolen From VA Hospital |
Indianapolis Star |
Associated Press |
The Department of Veterans Affairs has reported the
theft of three laptops from a locked office in the
Indianapolis facility. The laptops were taken on
Saturday from the Roudebush VA Medical Center. |
|
11/15/2007 |
Computers Containing
Personal Data Stolen From VA Hospital |
Indianapolis Star |
Associated Press |
The Department of Veterans Affairs has reported the
theft of three laptops from a locked office in the
Indianapolis facility. The laptops were taken on
Saturday from the Roudebush VA Medical Center. |
|
11/14/2007 |
Commerce Bank Notifies
Customers About Data Leak |
Philadelphia Inquirer |
Harold Brubaker |
An
employee of Commerce Bank is under investigation for
allegedly leaking customer data to one or more people
not affiliated with the company. |
|
11/14/2007 |
Commerce Bank Notifies
Customers About Data Leak |
philly.com |
Harold Brubaker |
An
employee of Commerce Bank is under investigation for
allegedly leaking customer data to one or more people
not affiliated with the company. |
|
11/14/2007 |
Commerce Bank Notifies
Customers About Data Leak |
Philadelphia Inquirer |
Harold Brubaker |
An
employee of Commerce Bank is under investigation for
allegedly leaking customer data to one or more people
not affiliated with the company. |
|
11/14/2007 |
Commerce Bank Notifies
Customers About Data Leak |
philly.com |
Harold Brubaker |
An
employee of Commerce Bank is under investigation for
allegedly leaking customer data to one or more people
not affiliated with the company. |
|
11/8/2007 |
Experts: Beware Of Poorly
Executed Security Breach Disclosure Plan |
searchsecurity.com |
Bill Brenner |
Security experts speaking at the Computer Security
Institute's 2007 conference in Virginia warned companies
not to execute security breach notification without
first taking some basic initial steps that help to avoid
making the problem worse. |
|
11/8/2007 |
Experts: Beware Of Poorly
Executed Security Breach Disclosure Plan |
searchsecurity.com |
Bill Brenner |
Security experts speaking at the Computer Security
Institute's 2007 conference in Virginia warned companies
not to execute security breach notification without
first taking some basic initial steps that help to avoid
making the problem worse. |
|
11/7/2007 |
Montana State University
Notifies People About Breach Incidents |
Billings Gazette |
MSU
News Service |
A
lost data storage device and two spreadsheets containing
personal information that were posted online are the
culprits in a spate of security breach incidents at
Montana State University. The university has announced
that 271 people were impacted by the three incidents. |
|
11/7/2007 |
Montana State University
Notifies People About Breach Incidents |
Billings Gazette |
MSU
News Service |
A
lost data storage device and two spreadsheets containing
personal information that were posted online are the
culprits in a spate of security breach incidents at
Montana State University. The university has announced
that 271 people were impacted by the three incidents. |
|
10/29/2007 |
Visa fines bank after
losses in TJX breach |
The Boston Globe |
Ross Kerber |
Repercussions from the TJX security breach continue to
become clear as the result of court documents filed in
litigation. |
|
10/29/2007 |
After a Data Breach:
Navigating the tangle of state notification laws can be
exasperating |
Computer World |
Jennifer McAdams |
This ComputerWorld
article looks at one company's
failed efforts to meet all of the differing requirements
of various state notification laws. In an effort to
comply, some companies issue a blizzard of notices. |
|
10/29/2007 |
Insurer's data breach
affecting Ohio consumers |
Business First of Columbus |
|
Hartford Financial Services Group Inc. is offering
credit protection services for one year for all
customers affected by the loss of the three backup tapes
that contained the personal information for 230,000
customers, including 9,200 people in Ohio. |
|
10/29/2007 |
Visa fines bank after
losses in TJX breach |
The Boston Globe |
Ross Kerber |
Repercussions from the TJX security breach continue to
become clear as the result of court documents filed in
litigation. |
|
10/29/2007 |
After a Data Breach:
Navigating the tangle of state notification laws can be
exasperating |
Computer World |
Jennifer McAdams |
This ComputerWorld
article looks at one company's
failed efforts to meet all of the differing requirements
of various state notification laws. In an effort to
comply, some companies issue a blizzard of notices. |
|
10/29/2007 |
Insurer's data breach
affecting Ohio consumers |
Business First of Columbus |
|
Hartford Financial Services Group Inc. is offering
credit protection services for one year for all
customers affected by the loss of the three backup tapes
that contained the personal information for 230,000
customers, including 9,200 people in Ohio. |
|
10/28/2007 |
Art.com Website Hacked |
AHN News |
Harriett Cecilio |
Art.com, which operates Web sites including Art.com and
Allposters.com, has alerted its customers that hackers
gained access to its systems recently to access credit
card accounts. |
|
10/28/2007 |
Art.com Website Hacked |
AHN News |
Harriett Cecilio |
Art.com, which operates Web sites including Art.com and
Allposters.com, has alerted its customers that hackers
gained access to its systems recently to access credit
card accounts. |
|
10/24/2007 |
True Lies and Data
Breaches |
Info World |
Robert X. Cringely |
Robert X. Cringely predicts in this
InfoWorld post that another
version of the Consumer Data Protection Act, vetoed by
Gov. Arnold Schwarzenegger earlier this month, "will
likely return in altered form." |
|
10/24/2007 |
Court filing in TJX breach
doubles toll |
The Boston Globe |
Ross Kerber |
Court filings in a lawsuit brought by a banking group in
the wake of the TJX breach allege that more than 94
million accounts were affected - which is twice the
number of accounts the company has estimated were
impacted by the largest security breach in history. |
|
10/24/2007 |
True Lies and Data
Breaches |
Info World |
Robert X. Cringely |
Robert X. Cringely predicts in this
InfoWorld post that another
version of the Consumer Data Protection Act, vetoed by
Gov. Arnold Schwarzenegger earlier this month, "will
likely return in altered form." |
|
10/24/2007 |
Court filing in TJX breach
doubles toll |
The Boston Globe |
Ross Kerber |
Court filings in a lawsuit brought by a banking group in
the wake of the TJX breach allege that more than 94
million accounts were affected - which is twice the
number of accounts the company has estimated were
impacted by the largest security breach in history. |
|
10/23/2007 |
Microsoft Report Warns of
More Data Breaches |
searchsecurity.com |
Bill Brenner |
Lack of coordination among marketing, privacy and
security staff members will lead to a certain outcome:
more security breaches, according to Lynch, in an
interview with SearchSecurity.com. |
|
10/23/2007 |
Microsoft Report Warns of
More Data Breaches |
searchsecurity.com |
Bill Brenner |
Lack of coordination among marketing, privacy and
security staff members will lead to a certain outcome:
more security breaches, according to Lynch, in an
interview with SearchSecurity.com. |
|
10/22/2007 |
Office of the financial aid loses back up info |
KATC.com |
|
Iron Mountain, a data storage company hired by the state
of Louisiana, lost backup media belonging to the
Louisiana Office of Student Financial Assistance (LOSFA)
on September 19. The file contained personal information
on individuals applying for or participating in LOFSA
programs. |
|
10/18/2007 |
United States: Seventh
Circuit Dismisses Security Breach Class Action |
Mondaq |
|
For the first time, a U.S. Court of Appeals has
dismissed a security breach class action lawsuit,
joining several federal district courts than have
dismissed similar actions. |
|
10/18/2007 |
United States: Seventh
Circuit Dismisses Security Breach Class Action |
Mondaq |
|
For the first time, a U.S. Court of Appeals has
dismissed a security breach class action lawsuit,
joining several federal district courts than have
dismissed similar actions. |
|
10/17/2007 |
Stolen laptop prompts
Administaff to alert 159,000 of possible breach |
Computer World |
Jaikumar Vijayan |
About 159,000 former and current employees of
Administaff Inc. will be offered free credit monitoring
for a year after the theft of a laptop containing their
personal information. |
|
10/15/2007 |
Governor kills California
Data Protection Law |
eweek.com |
Evan Schuman |
In
a highly anticipated decision, Gov. Arnold
Schwarzenegger vetoed a law that would have required
retailers to protect data by standards that exceed the
Payment Card Industry Data Security Standard. |
|
10/10/2007 |
Ohio official loses a
week's vacation for theft of tape |
ComputerWorld |
Brian Fonseca |
A
payroll team leader of the Ohio Department of
Administrative Services' Administrative Knowledge System
ERP project has lost a week of vacation for not ensuring
the security of personal data stored on a backup tape
stolen in June from a state intern's car. |
|
9/26/2007 |
Conn. AG Investigating
Former Employee Link to Pfizer Data Breach |
Information Week |
Sharon Gaudin |
The Connecticut Attorney General's Office is
investigating a former Pfizer employee in connection
with a security breach earlier this year that exposed
personally identifying information of employees. |
|
9/21/2007 |
TJX agrees to settle
customer class-action suits |
MarketWatch |
|
TJX Cos. has agreed to settle customer class-action
lawsuits in the U.S. and Canada stemming from the theft
of debit and credit card numbers from its system. |
|
9/19/2007 |
Hosting Vendor Suffers
Major Security Breach |
darkreading.com |
Tim
Wilson |
Layered Technologies Inc. is asking its customers to
change login credentials for all host details submitted
in the last two years. |
|
9/14/2007 |
Hacker Gained Access To
Data on Millions of TD Ameritrade Customers |
Information Week |
Sharon Gaudin |
TD
Ameritrade Holding Corp., an online brokerage, announced
Friday that a hacker broke into one of its databases and
stole names, email addresses, phone numbers and home
addresses. The company said there have been no reported
incidents of identity theft related to the breach. |
|
9/12/2007 |
Landmark Calif. Data
breach bill awaits Schwarzenegger OK |
ComputerWorld |
Jaikumar Vijayan |
The Consumer Data Protection Act, a bill that would
require retailers to reimburse banks and credit unions
for breach-related costs, is awaiting action by Gov.
Arnold Schwarzenegger. |
|
9/11/2007 |
Sleeping on the job?
Security at work-applicant sites faulted |
Los Angeles Times |
Joseph Menn |
A
recent security breach at Monster.com underscores the
need for security upgrades at online job sites. |
|
9/8/2007 |
Report:
More than two dozen state laptops missing since
July 2006 |
Boston Globe |
Associated Press |
The Journal Inquirer
has determined that 28 state-owned laptops have been
lost or stolen since July 26, according to this AP
article. The report comes after the most recent incident
in which a stolen laptop contained the names and Social
Security numbers of 106,000 taxpayers. |
|
9/7/2007 |
Predicting Insider Data
Breaches |
TechNewsWorld |
Jack Germain |
New security software systems are limiting the damages
of a serious and often under-reported phenomenon
affecting businesses of all sizes -- insider breaches of
data security. |
|
9/5/2007 |
Monster Security Worries
Widen |
workforce.com |
Ed
Frauenheim |
About 150,000 users of USAJobs.gov are dealing with the
consequences of a security breach at Monster.com.
Monster provides technology to the official federal
government job site. |
|
9/4/2007 |
Stolen hospital computer
returned; Hopkins hires investigator to probe data
breach |
Baltimore Business Journal |
Sue
Schultz |
A
spokesman for the Johns Hopkins School of Medicine said
officials are "very confident the information wasn't
compromised" on a computer, which was stolen July 15
from the facility's east Baltimore campus. |
|
8/30/2007 |
Data breach suit against
Ohio U. tossed |
Boston Globe |
Associated Press |
A
judge with the Ohio Court of Claims has granted a
request by Ohio University to dismiss a lawsuit filed by
two graduates who sued the school after a security
breach exposed their Social Security numbers. |
|
8/30/2007 |
Monster CEO:
Millions of users' data may be stolen |
Boston Globe |
Reuters |
The CEO of Monster Worldwide Inc. said that all of the
site's users should assume that their contact
information was stolen in a recent theft. He also said
the number of users affected far exceeds the initial
report that the hackers stole contact information for
1.3 million individuals. |
|
8/28/2007 |
Australian tax staff fired
for security breach |
ZDNET.co.uk |
|
ZDNet Australia reports that recent
audits that turned up unauthorized access to taxpayer
information have led to the dismissal or resignations of
a dozen employees. A spokeswoman for the agency said
that unauthorized access is unacceptable under any
circumstances, but in an agency with 22,000 employees
"it is inevitable that a very small number of people
will be tempted to do the wrong thing," according to
coverage in The Australian. |
|
8/21/2007 |
Monster.com hit by
personal data attack |
Out-Law News |
|
A
Trojan horse program has infiltrated Monster.com's
employers' section of the recruitment site, where it
then stole 1.6 million records, including email
addresses. Monster users have since received phishing
emails disguised as legitimate mail from Monster.com.
The emails encourage recipients to download software
that the phishing scam claims is a recruitment tool. |
|
8/19/2007 |
Identity attack spreads;
1.6M records stolen from Monster.com |
ComputerWorld |
Gregg Keizer |
A
new multistage attack on a Monster.com database has
allowed fraudsters to steal 1.6 million records
containing personal information including names, email
addresses, home addresses and telephone numbers, which
belong to several hundred thousand people from Monster
Worldwide Inc.'s job search service. |
|
8/16/2007 |
Californian sues Certegy
over data theft |
Tampa Bay Business Journal |
|
Check verification company Certegy and its parent
company, Fidelity National Information Services Inc.,
face a class action lawsuit in connection with the theft
of 8.5 million consumer records. The company announced
last month that a former senior database administrator
accessed and then sold consumers' financial and personal
information to marketing firms. |
|
8/9/2007 |
Credit card headaches from
TJX breach remain |
Boston Globe |
Se
Young Lee |
Seven months after TJX Cos. revealed a breach of its
systems that exposed 45.7 million credit and debit card
numbers, banks are continuing to reissue cards for
customers whose information may have been compromised
during the breach. |
|
8/7/2007 |
The Dangers of Too Much
Data Privacy |
SecurityPark.net |
Philip Alexander |
Philip Alexander, an Information Security Officer for a
financial institution and the author of a new book on
state breach disclosure laws, warns in this Security
Park.net column that frequent security breaches
affecting millions of consumers are "at least partially
responsible for the stampede of data privacy laws passed
in recent years." |
|
8/7/2007 |
VeriSign Worker Fired
After Laptop, Employee Info Are Stolen |
Information Week |
Sharon Gaudin |
A
contract employee who worked for VeriSign's human
resources department violated company policies that
require encryption of data and prohibits the downloading
of employee information on laptops, according to a
company spokesman. The employee, whose contract was not
renewed, reported to the company and the police that her
laptop was stolen from her car, which was parked inside
her garage. |
|
8/1/2007 |
Texas AG hones in on
Lifetime Fitness |
Austin Business Journal |
|
LifeTime Fitness, a Minnesota-based health club chain,
is under investigation by Texas Attorney General Greg
Abbott after several of its Dallas locations improperly
discarded paperwork containing sensitive customer
information. |
|
7/29/2007 |
City Harvest says donor
information could be at risk after security breach |
ny1.com |
Ingrid Kelley |
A New York City charity dedicated to feeding the hungry
recently warned donors that their credit card
information may have been improperly accessed. |
|
7/21/2007 |
Military Medical Breach
Revealed |
Washington Post |
Ellen Nakashima |
SAIC, Inc. is notifying 867,000 military service members
and their families that personal data, including names,
addresses, Social Security numbers, birth dates and
health information, may have been transmitted over the
Internet without being encrypted. |
|
7/19/2007 |
Texas State Site Leaks Personal Data |
PC
World |
Robert MacMillan |
Personal information on thousands of Texans is available
on the Texas Secretary of State's "SOSDirect" Web site,
says Steven Peisner, President of fraud prevention
vendor Sellitsafe Inc. |
|
7/19/2007 |
Feds scramble to meet data
breach deadline |
cnetnews.com |
Anne Broache |
A
White House directive established a Sept. 22 deadline
for federal agencies to release a data security plan
that includes security breach notification procedures. |
|
7/18/2007 |
Government, contractors
hit in targeted attack |
PC
World |
Robert McMillan |
A
"well-coordinated attack" on computers belonging to the
U.S. government, government contractors and
transportation companies was discovered on July 5 by
computer security vendor Prevx. |
|
7/17/2007 |
Breach, undetected since
'05, exposes data on Kingston customers |
ComputerWorld |
Jaikumar Vijayan |
Names, addresses and credit card information for 27,000
online customers of computer memory vendor Kingston
Technology Company Inc. were compromised during an
intrusion into the company's computer system that
occurred in September 2005. |
|
7/17/2007 |
La. Security Breach Exposes Thousands to ID Theft |
WDSU.com |
|
Student names, addresses, birth dates and Social
Security numbers were available publicly for as long as
two years on an internal Internet site run by the
Louisiana Board of Regents, according to a WDSU-TV
report. |
|
7/9/2007 |
Employee tried to mask
extent of latest VA data breach |
Government Executive |
Daniel Pulliam |
An
investigation by the Inspector General assigned to the
Department of Veterans Affairs has recommended
"appropriate administrative action" against an IT
specialist who misled investigators in an effort to
conceal the extent of a data breach related to the loss
of an external computer hard drive from an Alabama
research facility. |
|
6/12/2007 |
Pfizef Falls Victim to P2P
Hack |
darkreading.com |
Tim
Wilson |
Pfizer Privacy Officer Lisa Goldman has informed
employees in a June 1 letter that file sharing software
installed on a company laptop led to the exposure of
personal information, including names and Social
Security numbers, for more than 17,000 current and
former employees. |
|
6/12/2007 |
TJX data theft leads to
money-laundering scam |
USA Today |
Jon
Swartz |
Florida's Attorney General Bill McCollum has brought
charges against members of a theft ring that used data
stolen from TJX to make fake credit cards that the
defendants allegedly presented to pay for stacks of $400
gift cards from Wal-Mart stores all over Florida. The
gift cards were then used to buy the goods. |
|
6/12/2007 |
Massive identity theft at
UVA |
Charlottesville News & Arts |
Meg
McEvoy |
University of Virginia officials say that the personal
information, including birth dates and Social Security
numbers, of 5,735 current and former faculty members was
accessed by hackers on 54 separate days between May 2005
and April 2007. |
|
6/11/2007 |
Who's liable when private
data is improperly disclosed? |
Mondaq |
Carol Gerner |
This Mondaq
story examines the circumstances of two cases in which a
patient's personal or medical information was disclosed.
The Illinois case involves a hospital employee who,
while at a bar, disclosed to a patient's relative that
the patient was pregnant. |
|
12/23/2006 |
Data on 15,000 TWU
Students Exposed |
The Dallas Morning News |
|
Letters have gone out to students of Texas Woman’s
University notifying them that their personal
information was exposed during transmission of the data
to a vendor via a non-secure connection. The university
said the breach involved the personal information,
including names, addresses and Social Security numbers,
of about 15,000 students. |