A CD containing the clear text personal information of 75,000 WellPoint Empire Blue Cross and Blue Shield New York members that was reported lost on February 9 while being transported by UPS has been found.
The CD was lost when one of Wellpoint’s outsourced vendors, Health Data Management Solutions, sent the CD via UPS to Magellan Behavioral Health Services.
Archive for the ‘Privacy Incidents’ Category
Vulnerabilities of Transport Services & Privacy Incident Example: Wellpoint CD Containing PII of 75,000 People, Lost During UPS Transport, Found
Friday, March 16th, 2007Trying To Determine Actual Numbers of Privacy Breaches Since 1980; An Exercise in Futility?
Wednesday, March 14th, 2007Today a press release caught my eye, “Hackers get bum rap for corporate America’s digital delinquency.”
Hmm…sounds interesting. Let’s see what is behind this nicely-hooking title.
How Good are the Security Practices for “America’s Most Admired Companies 2007”?
Tuesday, March 6th, 2007Yesterday CNN reported the results of the FORTUNE 2007 survey of business people for the companies, in any industry, they admired most.
The rankings were based upon 8 key score areas:
Insider Threat Example: Wal-Mart Fires “System Technician” for Snooping On Text Messages and Taping Phone Calls
Monday, March 5th, 2007Today CNN reported Wal-Mart fired a systems technician who was “intercepting text messages of people who were not Wal-Mart employees and for recording telephone conversations with a New York Times reporter without authorization.”
Maine Seed Company Website Hacked: Demonstrates SMB Vulnerability & Questions Hacker Safe Seals
Saturday, March 3rd, 2007This is the time of the year that thoughts turn to gardening as seed catalogs start filling the mailboxes. I enjoy having fresh-grown vegetables from my garden; nothing is better than a deep red, ripe, juicy Big Boy Beefsteak tomato right off the vine. These seed companies are overwhelmingly small to medium-sized businesses (SMBs). Many have gone online in the past few years, bucking the century-long tradition of depending primarily upon postal mail for their sales.
Vermont State Privacy Breach Follow-up: Penetration Testing Reveals No Additional Vulnerabilities
Friday, March 2nd, 2007After the January Vermont State privacy breach through a remote attack that compromised Social Security numbers and bank account numbers for nearly 70,000 people, Governor Jim Douglas ordered a security review of the computer systems.
Addressing Web-Based Access and Authentication Challenges
Friday, March 2nd, 2007Many incidents occur through access control and authentication vulnerabilities. Just consider the recently reported Fruit of a Loom incident that allowed easy access to 1,006 names and Social Security numbers of former employees. It is likely poorly constructed and inadequately tested applications controls resulted in this breach, not unlike so many other breaches that have occurred.
Punitive Actions Pursued Against Professor in Japan Who Had PII About 8,800 on Disk That Was Stolen
Thursday, March 1st, 2007The differences throughout the world with which personally identifiable information (PII) privacy breaches are penalized is always interesting to me.
Today it was reported that the
Laptop Theft: Financial Company Given $1.9 Million Penalty Following Incident for Inadequate Security Program
Tuesday, February 20th, 2007For the first time, the United Kingdom financial regulators, the U.K. Financial Services Authority (FSA), gave a financial institution, the Nationwide Building Society, the U.K.’s largest “building society” (a member-owned mortgage lending and banking services institution) a penalty for poor data security, issuing a ¬£980,000 ($1.9 million) fine based on their response to the 2006 theft of a laptop computer containing sensitive customer data according to a February 14 notice from the FSA.
VA Suspends Medical Research Following Most Recent Breach Until Security Certification Is Obtained
Sunday, February 18th, 2007Saturday, 2/17/07, it was widely reported that the U.S. Veterans Affairs (VA) was suspending “activities at seven specialized research centers across the country after an unprotected computer hard drive disappeared from one of the facilities in Alabama last month.”
