Archive for December, 2006

Stolen Laptop: Laptop and Printouts with PII about 600 Students in Colorado

Sunday, December 17th, 2006

The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”

(more…)

Stolen Laptop: Cleartext Medical PII on 25,000 in Pennsylvania

Sunday, December 17th, 2006

On December 14 WCPO TV 9 News reported:

“A break-in in Springdale, Ohio is affecting thousands of people in Pennsylvania. The office of Electronic Registry Systems on Northland Boulevard was broken into Thanksgiving weekend and a computer was stolen. That computer had medical records on it for some 25,000 participants in a Pennsylvania health plan. Police don’t suspect I.D. theft. They say, in other recent cases, the thieves wiped the computer’s hard drive clean and then tried to re-sell it.”

(more…)

Stolen Laptop: 3rd Theft from Boeing Since November 2005; Clear Text PII of 382,000 On the Latest

Sunday, December 17th, 2006

It was reported December 15 that Boeing had the 3rd laptop stolen in just a little over a year.
The laptop was stolen from an employee’s car. PII included “names, home addresses, phone numbers, Social Security numbers and dates of birth for current and former Boeing employees.”

(more…)

Penalty Applied for Laptop Theft: More Significant Penalties Are Needed to Motivate Better Safeguards

Thursday, December 14th, 2006

The Boston Globe reported Tuesday that “Ameriprise Financial Services Inc. will pay $25,000 to settle a probe of how one of its laptop computers went missing with the personal data of thousands of Massachusetts residents.”
An Ameriprise Financial Services laptop was stolen in 2005 that contained clear text personally identifiable information (PII) about over 200,000 individuals.

(more…)

Example of Need to Validate Business Partner Security: State of Vermont Privacy Breach Resulting from Contractor

Wednesday, December 13th, 2006

An incident recently occurred where a contractor for the State of Vermont accidentally posted the Social Security numbers for hundreds of healthcare workers within Vermont. The data existed on the web site for approximately one month before it was removed.
This demonstrates one of the multiple reasons why organizations must ensure the acceptable security practices of the business partners to whom they entrust sensitive information.

(more…)

PII About 800,000 Individuals Compromised at UCLA

Tuesday, December 12th, 2006

Today CNN reported personally identifiable information (PII), Social Security numbers, home addresses and birth dates, about 800,000 current and former UCLA students, faculty and staff may have been compromised.
Surprisingly, the unauthorized access reportedly was occurring from October, 2005 through November 21 of this year when the security staff finally noticed suspicious activity.

(more…)

Six U.S. Bills Related To Data Protection Introduced Dec. 5 – 7

Monday, December 11th, 2006

Last week was a busy one for data protection bills for the end of the 109th U.S. Congress. Prior to adjourning, they introduced at least six bills related to data protection.

(more…)

Sarbanes Oxley: More Speculation on Rehaul

Sunday, December 10th, 2006

For those of you who are always looking for opinions on SOX, Pierce McNally wrote an opinion piece that appeared in today’s (Sunday’s) Minneapolise-St. Paul Star Tribune about how SOX needs to be reformed or it will cost companies needless amounts of millions of dollars in annual compliance costs.
Nothing really new, just more speculation that there is going to be a SOX overhaul sometime soon. However, perhaps something to add to your archives.

FTC Provides Claims Forms for Individuals Impacted by the 2004 Choicepoint Incident

Sunday, December 10th, 2006

On December 6, 2006, the U.S. Federal Trace Commission (FTC) made claims form available for anyone who believes they had identity theft occur as a result of the Choicepoint security incident late in 2004 involving at least 163,000 individuals. Since then around 1,400 individuals have indicated they have been victims of identity theft as a result of that incident.

(more…)

U.S. Naval War College Network and Website Still Down From Hack Over Two Weeks Ago

Thursday, December 7th, 2006

Tuesday Silicon Valley reported the U.S. Naval War College’s network and website had been down for over two weeks as a result of a hacker. The hacker apparently didn’t take the site and network down, but the Navy Cyber Defense Operations Command took it offline after detecting the unauthorized access on, or around, November 16.

(more…)