| Date |
Article Title |
Publication |
Author |
Synopsis |
| |
|
|
|
|
| 7/17/2008 |
2008 Data Breach Count is 69% greater than 2007 |
Identity Theft Daily |
Staff Writer |
The Identity Theft Resource Center (ITRC) released comparison data showing the number of data breaches so far in 2008 is 69 percent greater than the same time period in 2007. Between January 1 and June 27 of this year, the ITRC has recorded 342 breaches. |
| 7/17/2008 |
Bristol-Myers: Tape with workers' personal data was stolen |
cnn.com |
Peter Loftus |
Drug maker Bristol-Myers Squibb Co has acknowledged the theft of a backup computer data tape containing employee information, reports Dow Jones Newswire. The tape was stolen during transport from a storage facility on June 4. |
| 7/14/2008 |
Metro releases employees' Social Security Numbers |
Forbes.com |
Associated Press |
The Social Security numbers (SSNs) of thousands of former and current employees of Washington DC's Metro transit system were exposed in a data breach. The SSN data of 4,675 was accidentally posted to the Metro's Web site between June 9 and June 25 when the agency was soliciting for worker's compensation and risk management providers. |
| 7/11/2008 |
State agency acts to shield employees from ID theft |
Sacramento Bee |
Andrew McIntosh |
Officials at the California Department of Consumer Affairs say reparations for last month's security breach could cost taxpayers as much as $122,000. The department is providing identity theft protection services to more than 5,000 employees whose names and Social Security numbers were compromised when an employee downloaded a roster containing the information and forwarded the file to her personal e-mail account. |
| 7/11/2008 |
Student ID breach embroils thousands |
The Tennessean |
Maria Giordano |
Personally identifiable information (PII) for as many as 17,000 Williamson County, Tennessee students and faculty were posted to a Web site where the information may have been freely available for nearly one year before being discovered. |
| 7/10/2008 |
How Ready Is Your Company to Respond to a Data Breach? |
Law.com |
Harry Valetk |
Harry Valetk writes that gaining an understanding of applicable laws and having a response strategy in advance will help an organization react effectively to satisfy both the law and customer expectations. What's more, preventative measures implemented and consistently maintained can help avoid the situation in the first place. |
| 7/8/2008 |
Justice Breyer among victims in data breach |
Washington Post |
Brian Krebs |
Supreme Court Justice Stephen Breyer is among the nearly 2,000 victims of a data breach resulting from the use of peer-to-peer file sharing by an employee of an investment firm used by the judge. |
| 7/4/2008 |
Celebrity Passport Records Popular |
Washington Post |
Glenn Kessler |
A State Department audit has revealed that government workers snooped inside the electronic passport records of celebrities. Athletes, entertainers and other notorious Americans were among those whose records were breached. |
| 6/30/2008 |
Hannaford Data Breach Fallout Continues |
seacoastonline.com |
Shir Haberman |
After the recent discovery of illegal activity on its "Debit Card portfolio" as a result of the Hannaford Bros. data breach earlier this year, Ocean National Bank is re-issuing cards to about 7,000 customers. |
| 6/30/2008 |
Data Breach Reports Up 69 Percent in 2008 |
Washington Post |
Brian Krebs |
Reports of data breaches are on the increase compared to 2007 figures, reports The Washington Post. The Identity Theft Resource Center (ITRC) analyzed 342 data breach reports between January 1 and June 27 of this year, finding a 69 percent increase in the number of breaches reported compared to the same time frame in 2007. |
| 6/27/2008 |
Montgomery Ward Fails to Alert Victims of Breach |
SC Magazine |
Chuck Miller |
A December breach involving the credit card numbers of 51,000 Montgomery Ward customers has just now come to light. |
| 6/26/2008 |
Consumers punish organizations that expose their data, but can be mollified |
InternetRetailer.com |
|
More than half of the data breach victims questioned in a recent Javelin Research survey reported decreased confidence in the organization that lost their data, says an Internet Retailer report. And 30 percent said they would never again do business with the company. |
| 6/23/2008 |
CNET Employees Notified After Data Breach |
PC World |
Robert MacMillan |
A burglary at Colt Express Outsourcing Services has left the personal information of 6,500 CNET Networks employees exposed. |
| 6/23/2008 |
Security breach compromises 5,000 Social Security Numbers at Consumer Affairs |
Capitol Weekly |
Malcom Maclachlan |
The names and Social Security numbers of 5,000 people associated with the California Department of Consumer Affairs (DCA) have been exposed by a security breach. |
| 6/18/2008 |
TD Ameritrade close to settling data theft lawsuit |
New York Times |
Associated Press |
The Associated Press reports that, in a proposed settlement, Ameritrade Holding Corp. will pay nearly $1.9 million to plaintiffs affected by the company's September 2007 data breach that exposed the personal information of more than six million people. |
| 6/11/2008 |
Data breaches made possible by incompetence, carelessness |
Information Week |
Thomas Claburn |
Incompetence and carelessness were cited as the greatest threats to business information in a Verizon Business Security survey released yesterday. Over a period of four years, Verizon Business studied more than 500 forensic data breach investigations, finding that nine out of 10 corporate data breaches could have been prevented had reasonable security measures been in place. |
| 6/8/2008 |
Stanford employees' data on stolen laptop |
San Francisco Chronicle |
Ilana DeBare |
Stanford University has notified tens of thousands of current and former employees that their personal information was on the hard drive of a stolen university laptop. |
| 5/31/2008 |
Walter Reed says patient data may be compromised |
Associated Press |
Jennifer Kerr |
A computer file containing sensitive information on about 1,000 patients of Walter Reed Army Medical Center and other military hospitals was found on a "non-government, non-secure computer network." |
| 5/28/2008 |
Q & A with IAPP Practical Privacy Series Speakers |
IAPP |
Agnes Bundy Scanlan |
Incidents of lost personal data make the news on a weekly basis and, as we read in yesterday's Daily Dashboard, we do not hear about many of the breaches that occur due to retailers' reluctance to tell. |
| 5/25/2008 |
Retailers Keep Silent About Data Security Breaches |
Computerworld UK |
Robert MacMillan |
Even while credit card companies predict that fraud rates will double by 2010, retailers seem loathe to admit to security breaches when they occur |
| 5/21/2008 |
Data breach at New York bank possibly affecting hundreds of thousands of CT consumers |
StamfordPlus.com |
Attorney General's Office |
The personal information, including Social Security numbers and bank account information, of 4.5 million customers and investors is missing and the Connecticut Attorney General wants The Bank of New York to boost measures to protect customers from identity theft. |
| 5/20/2008 |
UF Warns Patients of Security Breach |
Jacksonville Business Journal |
|
The University of Florida (UF) privacy office this week mailed letters to about 1,900 patients to notify them that their health information may have been breached. |
| 5/14/2008 |
Preparation key to Managing Data Breaches |
eweek.com |
Darryl Taft |
At the IntrusionWorld Conference and Expo in Baltimore earlier this week, two chief privacy officers enlightened attendees to the importance of preventing data breaches. |
| 5/13/2008 |
Details of six million Chileans posted online |
vnunet.com |
Ian Williams |
A hacker allegedly trying to make a point about poor data security stole the personal information of about six million Chilean residents from government and military servers and posted it on a technology blog. |
| 5/2/2008 |
6,000 UCSF patients' data got put online |
San Francisco Chronicle |
Elizabeth Fernandez |
The San Francisco Chronicle reports that personally-identifiable information for more than 6,000 patients of the University of California San Francisco Medical Center was left exposed online for more than three months. |
| 5/1/2008 |
Federal Breach Notification stuck in Congress |
searchcio-midmarket.com |
Zach Church |
Hope is quickly fading for federal adoption of a data breach notification bill that would pre-empt state law and create a single, simpler standard for data breach response, according to SearchCIO-Midmarket.com. Nine bills are hung up in Congressional committee, six of which would have the effect of setting a unified standard for businesses. |
| 4/29/2008 |
Mortgage Broker Sues Lenders in Privacy Breach |
Washington Post.com |
Ellen Nakashima |
Following a privacy breach that exposed the personal information of an undisclosed number of individuals, online mortgage broker LendingTree has filed suit against five home loan lenders and two former company executives. |
| 4/23/2008 |
Stung by hackers, grocer encrypts customer data |
Boston Globe |
Todd Wallack |
In the wake of a data breach that affected more than four million of its customers, grocer Hannaford Bros. has invested millions of dollars to upgrade its security, including encrypting all transactional data. |
| 4/25/2008 |
How to Respond to a Data Breach |
Wall Street Journal |
Ben Worthen |
According to Wall Street Journal business technology blogger Ben Worthen, the University of Miami's response to a recent data breach could serve as a model for organizations that have experienced similar breaches. |
| 4/22/2008 |
LendingTree discloses insider data breach |
Info World |
Ellen Messmer |
Online mortgage lead generation service LendingTree disclosed this week that a number of former employees used their old passwords to give mortgage brokers unauthorized access to subscribers' personal records. |
| 4/22/2008 |
Pre-emptive strategy best approach to breach notification |
Midmarket CIO News |
Zach Church |
Security breaches happen, and an organization's response to a breach is the crucial first step in recovery. |
| 4/16/2008 |
Good News: After Breach, Consumers Vote With Their Feet |
Information Week |
George Hulme |
George Hulme reports in his recent Security Weblog entry for InformationWeek that, according to a new Ponemon Institute survey, nearly a third of consumers who receive a breach notification letter will terminate their relationship with the offending vendor, while another 57 percent said the letter caused them to lose confidence in the company. |
| 4/10/2008 |
Stolen NIH Laptop Held Social Security Numbers |
The Washington Post |
Rick Weiss & Ellen Nakashima |
The NIH is sending letters to more than 1,200 participants of a National Health Institutes study whose Social Security numbers were exposed when an unencrypted laptop computer was stolen from an employee's vehicle last month. |
| 4/8/2008 |
Insurance records of 71,000 Ga. Families made public |
Atlanta Journal Constitution |
Bill Hendrick |
The health insurance information of 71,000 Georgia families enrolled in insurance programs for the poor was left exposed on the Internet for a number of days, and may have been viewed by unauthorized parties. |
| 4/8/2008 |
Latest Laptop Loss At Pfizer Renews Worries |
theday.com |
Lee Howard |
Pharmaceutical firm Pfizer disclosed that a password-protected laptop computer stolen from a contractor in February contained personally-identifiable information for about 800 employees. |
| 4/2/2008 |
Vermont ski area reports hannaford-like theft of payment card data |
ComputerWorld |
Jaikumar Vijayan |
A breach at Vermont's Okemo Mountain Resort exposed the data from 46,000 credit and debit cards in February. |
| 4/2/2008 |
TJX settles with MasterCard over data breach |
The Boston Globe |
Ross Kerber |
Pending final acceptance by the banks involved, TJX Cos. has reached an agreement with MasterCard Inc. to cover up to $24 million in fraud losses associated with the data breach disclosed last year that affected 100 million cardholders. If accepted, the issuing banks forgo any litigation associated with the losses. |
| 4/1/2008 |
Hannaford Data Breach Blamed on Malware |
Information Week |
Thomas Claburn |
The data breach that exposed the credit and debit card information of 4.2 Hannaford Bros. supermarket customers earlier this month appears to have resulted from malicious software. |
| 3/25/2008 |
Another Data Security Breach |
Baltimore Sun |
Jonathan D. Rockoff |
A laptop containing medical test results for 2,500 patients was stolen from the car trunk of a National Institutes of Health (NIH) employee, exposing the names, birth dates and unencrypted test results of participants in a heart imaging study. |
| 3/21/2008 |
Passport files of 3 Candidates were improperly viewed |
New York Times |
Helene Cooper & Michael Grynbaum |
What began as an inquiry into three separate data breaches of Barack Obama's passport file, has turned into a widespread investigation at the State Department, involving information on Hillary Rodham Clinton and John McCain, as well. |
| 3/18/2008 |
Experts try to make sense of Hannaford data breach |
SC Magazine |
Dan Kaplan |
Little new information has emerged since Hannaford Bros. supermarket chain yesterday confirmed that 4.2 million credit and debit cards were stolen from the company's system during the checkout authorization process between December and March, but some experts are speculating on the cause. |
| 3/12/2008 |
Bearer of Bad News |
Government Executive |
Andrew Noyes |
The Department of Veterans Affairs data breach of 2006 that resulted in the personally-identifiable information of more than 26 million U.S. veterans, and the VA's response to that event, was a case study in how government agencies should not respond to a breach event. |
| 3/11/2008 |
Oklahoma County Clerk's records reveal social security numbers |
Tulsa Today |
Mike McCarville |
Residents of Oklahoma County, Oklahoma learned recently that a Web site maintained by County Clerk Carolynn Caudill has left their Social Security numbers exposed to anyone who cares to take a look. |
| 2/21/2008 |
Experts Offer Advice To Recipients Of Breach Notices |
CSO Magazine |
Kathleen Carr |
Companies experiencing a data breach lack little in terms of guidance for taking their next steps, but what of the consumer who gets a breach notice letter in the mail? |
| 2/20/2008 |
South African Data Protection Law Delayed |
ITWeb |
Leon Engelbrecht |
South African tech portal ITWeb.com reports that a pending data protection law has been held up in process and is not expected to be enacted before 2009. The South African Law Reform Commission is working on the Protection of Personal Information Bill, which is intended to help protect people from abuse of their personally identifiable information by holding individuals and organizations criminally responsible for failing to adequately protect information, and requiring notice if a breach occurs. |
| 2/14/2008 |
HP, Journalists Settle Pretexting Suit |
E Commerce Times |
Katherine Noyes |
A group of four journalists, including BusinessWeek's Peter Burrows, Ben Elgin and Roger Crockett, and The New York Times' John Markoff, have settled spying claims against tech concern HP stemming from the company's 2006 investigation into the source of high-level information leaks. |
| 2/8/2008 |
Montana Financial Firm Hacked, SSNs Stolen |
Great Falls Tribune |
Erin Madison |
Computer Systems belonging to a local finaicial firm, DA Davidson Co. was recently hacked, putting the personal and financial information of 226,000 account holders at risk. |
| 2/7/2008 |
One Breach, Two Letters |
CSO Magazine |
Scott Berinato |
When Monster.com suffered a data breach last year, the victims were not just users of the well-known online job search service. |
| 2/4/2008 |
California Lawmaker Wants To Toughen Breach Law |
Info World |
Victor R. Garza |
State Senator Joe Simitian has drafted two new bills designed to stiffen California's data breach law, including one that would outline new guidelines for breach notice requirements and that would require consumer notification letters to be brief and clearly understood. |
| 2/1/2008 |
Massachusetts Adopts Data Breach Law |
Boston Herald |
Maria Recalde |
Massachusetts has joined the list of states that have adopted data breach notification laws. The law affects any person or commercial or public entity that handles the personal information of Bay State residents. |
| 1/31/2008 |
New Jersey Wants Investigation After Blue Cross Breach |
The Star Ledger |
Ted Sherman |
State legislators have called for a formal inquiry into a data breach at Horizon Blue Cross in which the personal information of 300,000 individuals was compromised. |
| 1/29/2008 |
Georgetown University Reports Data Breach |
The Hoya |
Michele Hong |
Georgetown University reported that an external hard drive containing the personally identifiable information of 38,000 students, alumni and faculty was stolen from the Office of Student Affairs earlier this month. |
| 1/25/2008 |
13 Breaches And Counting In Higher Education |
Campus Technology |
David Nagel |
As of January 25, 13 colleges and universities had reported data breaches affecting students, alumni and employees. Insider data thefts at Baylor University compromised email accounts, while at Central Piedmont Community College a student employee was arrested for embezzlement and ID theft after accessing records through her job. |
| 1/25/2008 |
Penn State Laptop with Alumni PII Stolen |
The Daily Collegian |
Lauren Boyer |
A university laptop containing archived information and social security numbers for 677 students attending Penn State between 1999 and 2004 was recently stolen from a faculty member while traveling earlier this month. |
| 1/25/2008 |
Stolen HMO Laptop Contained PII |
Telegram & Gazette |
Bob Kievra |
A stolen laptop computer belonging to Massachusetts-based Fallon Community Health Plan (FCHP) contained the personally identifiable information of as many as 30,000 of the HMO's subscribers. |
| 1/24/2008 |
California Expands Breach Notice |
Mondaq |
Jacqueline Klosek |
Goodwin Proctor lawyers and IAPP members Deborah Birnbach, Agnes Bundy Scanlan and Jacqueline Klosek offer their perspective on the scope and impact of California's expanded data notification law. AB 1298, which went into effect on January 1, extends data breach notification requirements to medical and health insurance information, while also clarifying the "security freeze" portion of SB 1386. |
| 1/22/2008 |
Ministry Of Defence Admits More Lost Laptops |
Guardian Unlimited |
Richard Norton-Taylor |
The Ministry of Defence investigates the theft of a laptop computer containing personal information on more than 600,000 potential armed forces recruits. |
| 1/20/2008 |
Feds Blame KC Officials For IRS Tape Loss |
Associated Press |
Associated Press |
Twenty-six IRS data tapes containing tax information on Kansas City, Missouri residents were lost due to the negligence of city officials, according to federal investigators. |
| 1/16/2008 |
Carphone Warehouse In Fix After Breach |
Silicon.com |
Nick Heath |
British mobile phone retailer Carphone Warehouse and sister company TalkTalk have been ordered to bring data privacy and security practices in line with the Information Commissioner's Office demands, or face "unlimited fines" following the recent discovery of a data breach that has put the personal information of thousands of customers at risk. |
| 1/7/2008 |
Class Action Against Sears "Ridiculous" |
Information Week |
Andrew Conry-Murray |
InformationWeek security blogger Andrew Conry-Murray says the class action lawsuit filed last week against retailer Sears, Roebuck & Co. for a security flaw that exposed consumer purchase and warranty information via its now defunct managemyhome.com Web site is "ridiculous." |
| 1/4/2008 |
Calif. Law Requires Notification Of Data Breaches Involving Medical Records |
San Francisco Chronicle |
Deborah Gage |
California's first-in-the-nation security breach notification law -- which took effect on July 1, 2003 -- has been expanded to include notification of residents when their electronic medical information or health information is compromised. |
| 1/4/2008 |
Security breach could derail NHS database plan |
CBR |
Staff Writer |
A Department of Health security breach that has affected medical records belonging to 168,000 patients. |
| 12/31/2007 |
Breach Disclosure Laws Shed Light On Inventory Of Lost Records In 2007 |
Security Focus |
Robert Lemos |
Two organizations, Attrition.org and the Identity Theft Resource Center, have tracked the number of lost records in 2007. |
| 12/25/2007 |
TJX Creates New Privacy Roles In Wake Of Breach |
The Boston Globe |
Ross Kerber |
A year after TJX Cos. revealed a computer intrusion that led to the theft of at least 46.5 million customer records, the company is moving to beef up its privacy efforts by naming a chief privacy officer (CPO) and hiring a privacy director. |
| 12/21/2007 |
Consumers Remain Loyal To TJX Despite Breach |
Boston Globe |
Ross Kerber |
This article explores the customer loyalty that TJX enjoys despite its costly and vast security breach ramifications. |
| 12/19/2007 |
Investigation Under Way After Medical Records Found In Trash Bin |
Norwich Evening News |
|
A Bowthorpe woman discovered hospital records containing confidential data on about 30 patients at the Norfolk and Norwich University Hospital in a trash bin including patients' names, their hospital numbers, past medical history, and other personal details. |
| 12/19/2007 |
Details Of TJX Settlement Not Disclosed |
The Boston Globe |
Ross Kerber |
TJX Cos. has reached a settlement with banks in New England over credit card security practices that led to a security breach that jeopardized as many as 100 million accounts. |
| 12/18/2007 |
Records Missing For More Than 3 Million British Learner Drivers |
The Times Online |
Philip Webster |
The government has acknowledged that the driving test records from September 2004 through April 2007 are missing from a facility in Iowa City, Iowa. |
| 12/18/2007 |
Ministers Mull Plans To Create Criminal Penalties For Egregious Data Protection Breaches |
The Times |
Greg Hurst |
Ministers are reviewing proposals that would impose criminal penalties - including jail - for civil servants who fail to protect citizens' personal information in the wake of a government data breach that has exposed the child benefit records of 25 million people. |
| 12/17/2007 |
Web Server Glitch Exposes Personal Data On Canada Post Site |
The Globe and Mail |
Kenyon Wallace |
A Vancouver small business owner searched his company's name and discovered a link that contained his username and password for Canada Post's Sell Online Web site. The glitch exposed names, addresses and shipping information, including the potential to access credit card numbers associated with the accounts. |
| 12/17/2007 |
Government Notifies More Than 8 Million People About Missing Pension Records |
International Herald Tribune |
Associated Press |
The government is seeking to recover from a security breach that has shaken the public's confidence in the country's ability to take care of its elderly. |
| 12/17/2007 |
Deloitte & Touche, Ponemon Institute Release Breach Survey Results |
Network World |
Ellen Messmer |
The Enterprise at Risk: 2007 Privacy and Data Protection Survey reveals that 66 percent of 827 security and privacy professionals in North America say they know of six to 20 privacy incidents in their organizations in 2007 that involved the exposure or mishandling of sensitive personally identifiable information. |
| 12/17/2007 |
Computerworld's Q&A With Art Coviello |
Computer World |
Siobahn Chapman |
What companies need to do in the face of increasingly sophisticated cybercrime attacks and escalating security breaches. |
| 12/14/2007 |
HMRC: One Of The Biggest Stories Of 2007 |
silicon.com |
Gemma Simpson |
The HMRC security breach that jeopardized the personal information of 25 million child benefit recipients as one of the biggest stories of 2007. |
| 12/12/2007 |
Bank Attorney: TJX Knew Of Computer Intrusion Two Months Earlier Than Reported |
The Boston Globe |
Ross Kerber |
An attorney for AmeriFirst Bank of Alabama, which is suing TJX in federal court, said yesterday that the retailer knew about its system intrusion two months before it said it learned of the breach in December 2006 |
| 12/12/2007 |
Data On Northern Ireland Motorists Missing |
Precision Marketing |
Gemma Hummerston |
Two unencrypted computer discs containing the names and addresses of 7,685 Northern Ireland motorists are missing. |
| 12/11/2007 |
B.C. commissioner investigating breach of privacy |
The Vancouver Sun |
|
David Loukidelis made public today in a news release that his office is investigating the B.C. Ministry of Health over a breach of privacy involving the loss of unencrypted magnetic tapes containing the personal information of over 100 B.C. residents. |
| 12/10/2007 |
USA TODAY: Records Compromised In Breaches More Than Triples In 2007 |
USA Today |
Byron Acohido |
An analysis of security breaches in 2007 reveals that more than 162 million records have been reported lost or stolen in 2007. |
| 12/6/2007 |
DVLA Sends Confidential Documents To Wrong Drivers |
BBC News |
|
The Driver and Vehicle Licensing Agency sent about 100 questionnaires containing birth dates and motor vehicle driving records to the wrong people. |
| 12/6/2007 |
Opinion: A Look At Two Responses To Privacy Problems |
Information Week |
John Soat |
A look at two different approaches to privacy PR challenges: the Facebook Beacon controversy and the TJX security breach. |
| 12/6/2007 |
Official: Just Over $100,000 To Remove Confidential Data From HMRC Records |
Computer World |
Tash Shifrin |
The acting chair of HM Revenue and Customs told MPs on the Commons Treasury committee that it would have cost $102,000 to remove confidential data from the records of 25 million child benefit recipients. |
|
European Commission plans security breach notification law |
Out-Law News |
|
The European Commission wants laws to be passed across Europe that would force telecoms companies to tell customers when personal data security has been breached. |
| 12/5/2007 |
How TJX Became a Lesson In Proper Security |
internetnews.com |
Andy Patrizio |
The TJX security breach is threatening to rank as one of the most expensive lessons in corporate data security policies. |
| 12/5/2007 |
IPL fixes Web glitch exposing customers' personal info |
Indianapolis Star |
Tom Spalding |
Indianapolis Power & Light said it has fixed a security glitch that potentially exposed compromising personal information of some of its customers. |
| 12/5/2007 |
Duke Law School Reports Web Site Breach |
The News & Observer |
|
Duke Law School has notified about 1,400 people whose Social Security numbers were stored on a school Web site that was compromised during an electronic attack. |
| 12/4/2007 |
Opinion: TJX 'Weathering The Storm' |
The Boston Globe |
Steven Syre |
Steven Syre looks at the financial impact of the TJX breach, concluding that despite ongoing legal challenges and "more checks to write," it is "weathering the storm remarkably well." In the aftermath of the breach. |
| 12/4/2007 |
Amendment To SB-1386 Takes Effect Jan. 1 |
Mondaq |
Andrew B. Serwin |
Lawmakers in California have approved legislation, signed recently by Gov. Arnold Schwarzenegger, which would amend the state's first-in-the-nation security breach notification law. |
| 12/4/2007 |
Breach at Passport Canada Web site closed, says Bernier |
National Post |
Andrew Mayeda |
A "serious" privacy breach at Passport Canada's website had been fixed. |
| 12/4/2007 |
Passport Canada Shuts Down Web Site After Breach Complaint |
The Globe and Mail |
Kenyon Wallace |
A passport applicant has notified Passport Canada that its Web site was allowing access to applicants' personal information, including social insurance numbers, birth dates and driver's license numbers. |
| 12/3/2007 |
Opinion: It's Not All About The Money |
it-director.com |
Nigel Stanley |
Nigel Stanley, Practice Leader, IT Security, Bloor Research, highlights the Ponemon Institute's research that indicates an escalating price tag for security breaches. |
| 12/3/2007 |
ICO Plans Probe Of Sites That Illegally Sell Britons' Bank Data |
Times Online |
Alexi Mostrous and Dominic Kennedy |
The Times was able to download banking information belonging to 32 customers, including a High Court deputy judge. The newspaper obtained account numbers, PINs and security codes for free from illegal sites that offer more information for a fee. |
| 12/1/2007 |
New Study Recommends Reforms for Security Breach Notification Laws |
Berkeley Law Study |
|
A Samuelson Law, Technology & Public Policy Clinic study of chief security officers finds that security breach notification laws have had profound effects on practices within companies. The study found that breach notification laws drive information exchange among organizations, and within organizations themselves. |
| 11/30/2007 |
TJX Cos. Scores Legal Victory |
The Boston Globe |
Ross Kerber |
A U.S. District Court judge has ruled that banks seeking breach-related damages from TJX Cos. may not bring a class action against the retailer |
| 11/29/2007 |
FBI Investigates Data Theft From Nonprofits |
Computer World |
Greg Keizer |
Hackers have made off with passwords and email addresses from nearly 100 nonprofit organizations. The information was lifted from a Web-based email marketing and online fundraising service used by nonprofits, associations, colleges and universities. |
| 11/28/2007 |
Survey Indicates Security Breach Costs Spike 30 Percent |
Baseline |
Deborah Gage |
The price tag for recovering from a security breach averages $6.3 million, which is a 31 percent increase since 2006 and almost 90 percent more since 2005, according to the Ponemon Institute. The Ponemon Institute study found that two-thirds of a company's overall costs are devoted to recovering business that is lost in the breach's aftermath. |
| 11/25/2007 |
60 Minutes Explores The Security Vulnerabilities In Retail |
CBS News |
|
View this 60 Minutes video clip from its segment, "Hi-Tech Heist," reported by Correspondent Lesley Stahl. Stahl looks at the TJX security breach, which features Canada's Privacy Commissioner Jennifer Stoddart, whose investigation into the breach determined that the discount retailer "collected too much personal information," then kept it too long and "didn't keep it according to appropriate security standards." |
| 11/24/2007 |
Ohio Bank Fined Twice For Role In Separate Retail Breaches |
The Boston Globe |
Ross Kerber |
Fifth Third Bancorp. of Ohio -- which recently faced an $880,000 fine for its role in the TJX security breach -- previously paid fines and compensation totaling $1.4 million related to the loss of customer data from BJ's Wholesale Club Inc. |
| 11/16/2007 |
Latest VA Breach Roils Ranking GOP Member Of The House Veterans Affairs Committee |
Indianapolis Star |
Vic Ryckaert |
The revelation that three computers have been stolen from a VA hospital in Indianapolis is leading to criticism from U.S. Rep. Steve Buyer, a Monticello Republican, who is the ranking GOP member of the House Veterans Affairs Committee. The theft is under investigation by the Department of Veterans Affairs Office of the Inspector General, the FBI, as well as local and state police. |
| 11/16/2007 |
Latest VA Breach Roils Ranking GOP Member Of The House Veterans Affairs Committee |
The Indianapolis Star |
Vic Ryckaert |
The revelation that three computers have been stolen from a VA hospital in Indianapolis is leading to criticism from U.S. Rep. Steve Buyer, a Monticello Republican, who is the ranking GOP member of the House Veterans Affairs Committee. The theft is under investigation by the Department of Veterans Affairs Office of the Inspector General, the FBI, as well as local and state police. |
| 11/15/2007 |
Computers Containing Personal Data Stolen From VA Hospital |
Indianapolis Star |
Associated Press |
The Department of Veterans Affairs has reported the theft of three laptops from a locked office in the Indianapolis facility. The laptops were taken on Saturday from the Roudebush VA Medical Center. |
| 11/14/2007 |
Commerce Bank Notifies Customers About Data Leak |
Philadelphia Inquirer |
Harold Brubaker |
An employee of Commerce Bank is under investigation for allegedly leaking customer data to one or more people not affiliated with the company. |
