YTD Recap | July 6, 2010
More than 7,000,000 Breached Records in 2010
Below are just some of the organizations who experienced data breaches in the past few months as reported by the media.
| 130,495 |
Lincoln Medical and Mental Health Center |
| 3,178 |
Eastern Connecticut Health Network Pension Plan |
| 3,000,000 |
Federal Aviation Administration |
| 470,000 |
Anthem Blue Cross, WellPoint |
| 19,495 |
Florida International University |
| 8,400 |
St. Francis Federal Credit Union |
| 8,000 |
Family Care Center |
| 8,700 |
Durham County Government |
| 76,000 |
TennCare, New Mexico Human Services Department |
| 35,000 |
Arkansas Army National Guard |
| 11,000 |
Office of Policy and Management |
| 3,300,000 |
Educational Credit Management Corporation |
| 170,000 |
Valdosta State University |
| 5,000 |
Evergreen Public Schools |
JANUARY Recap | February 1, 2010
One Month, 2,386,932 Breached Records.
Don’t even think about 2009 and the staggering amount of data breaches that have plagued large, well-branded organizations and their customers and patrons. Try to keep Heartland Payment Systems, the National Archives and Records Administration, Network Solutions, NYPD, Comcast, UNC Chapel Hill, BlueCross BlueShield of Tennessee, Mitsubishi Corp., National Guard Bureau, Moores Cancer Center, Cornell University, Florida Department of Revenue, Suncoast Schools Federal Credit Union, Aetna, Indianapolis Department of Workforce Development, NJ Department of Labor and Workforce Development, Oklahoma Housing Finance Agency, Marian Medical Center, Wyndham Hotels & Resorts, and Kaiser Permanent out of mind for a minute. With the increased awareness around the security of personal information and health records, the coming year should be one of prevention...one of detection and mitigation as tools get better. We should a positive outlook on a new era in privacy and security, right?
Maybe not. Below are just some of the organizations who experienced data breaches in the past month. So while there’s no argument that data breaches are on the rise, the question is why? Why does this keep happening? How does your employer’s payroll provider disclose your SSN and salary history? How does your hospital disclose your entire patient history along with 20,000 others? How does a defense contractor disclose files that affect national security?
The theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility last October has put at risk the private information of approximately 500,000 customers in at least 32 states. The hard drives containing 1.3 million audio files and 300,000 video files. The files contained customers' personal data and protected health information that was encoded but not encrypted, including: Names and BlueCross ID numbers. In some recordings-but not all-diagnostic information, date of birth, and/or a Social Security number. BCBS of TN estimates that the Social Security numbers of approximately 220,000 customers may be at risk.
Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers. In a disclosure letter sent to the attorney general of New Hampshire Jan. 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source. The unidentified source sent FINRA a username and password to the portfolio management system. "This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies," the letter says. "The sharing of usernames and passwords is not permitted under the LNC security policy."
Pay statements containing names and sensitive information about the finances of about 18,000 recipients of a special pay for disabled retirees were sent to wrong addressees. The statements, a page of which contained information about annual increases in Concurrent Retirement and Disability Pay, mistakenly listed data including at least a portion of another recipient’s name, their bank or insurance company name, the amount of their allotment and the allotment type. There is “no indication” that any Social Security numbers, bank account numbers or phone numbers were listed on the erroneously mailed pages.
AIG Medical Excess
A
28-year-old Indianapolis man was sentenced today to two years in state prison for trying to extort $208,00 from an insurance company after stealing a computer server. In March 2006, the man burglarized the Indianapolis office of AIG Medical Excess, threatening to release clients' personal data on the Internet. The server contained the names of more than 900,000 insured persons, as well as their personal identifying information, and confidential medical information and e-mail communications. At the time of the burglary, the man was an employee of a private security firm that provided security services to the insurance company. On July 23, 2008, Stewart delivered a package to the insurance company. The package included a letter stating that he possessed the stolen server and its confidential data. He asked for $1,000 a week for four years, but the FBI and others intervened. The Indiana State Police, the Indiana Department of Natural Resources, Indianapolis Metropolitan Police Department, and Attorney General also were part of the investigation.
Valley Kaiser
An electronic storage device stolen from an employee's car in Sacramento last month contained health information from 15,500 patients, including about 800 in the Fresno area. Information included patient names, medical-record numbers and, for some individuals, ages, dates of birth, gender, phone numbers and other information related to their care and treatment.
Suffolk County National Bank
Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system. The intrusion at Suffolk County National Bank happened over a six-day period that started on November 18. It was discovered on December 24 during an internal security review. In all, credentials for 8,378 online accounts were pilfered, a number that represents less than 10 percent of SCNB's total customer base.
collective2.com
Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. That e-mail, stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information.
BlueCross BlueShield (TN)
The theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility last October has put at risk the private information of approximately 500,000 customers in at least 32 states. The hard drives containing 1.3 million audio files and 300,000 video files. The files contained customers' personal data and protected health information that was encoded but not encrypted, including: Names and BlueCross ID numbers. In some recordings-but not all-diagnostic information, date of birth, and/or a Social Security number. BCBS of TN estimates that the Social Security numbers of approximately 220,000 customers may be at risk.
(Source: privacyrights.org)
|
|
| |
2009 Breached Data Highlights
Heartland Payment Systems
NARA
Network Solutions
NYPD
Comcast
UNC Chapel Hill
Moses Cone Hospital
Detroit Health Department
Virginia Commonwealth
Health Net
Universal American Action Network
CalOptima
Virginia Department of Education
Rocky Mountain Bank
Naval Hospital Pensacola
Mitsubishi Corp.
National Guard Bureau
Moores Cancer Center
Canyons School District
Cornell University
Florida Department of Revenue
Suncoast Schools Federal CU
Aetna
Indianapolis Dept. Workforce
NJ Department of Labor
Oklahoma Housing Finance Agency
Marian Medical Center
Peninsula Orthopaedic Associates
Maryland State
Symantec
University of Toledo
Dezonia Group
Binghamton University
Idaho National Laboratory
City of Muskogee
Arkansas Dept of Information
University of Florida
Wyndham Hotels & Resorts
University of Alabama
Federal Aviation Administration
Parkland Memorial Hospital
Kaiser Permanent
Kanawha-Charleston Health Department
|
|
|
