Archive for the ‘Data breach’ Category

« Older Entries
Newer Entries »

Data breaches becoming more common; still frequently not reported

Wednesday, November 10th, 2010

Since the data breach by ChoicePoint six years ago, regulators, businesses and consumers have increased their awareness and reaction to organizations that mishandle sensitive consumer data.

In early 2005, California was the only state that had a breach notification law. ChoicePoint allowed information on approximately 150,000 consumers to be accessed fraudulently. When ChoicePoint only notified California victims of the breach, a precursor to identity theft, both victims and regulators reacted.

Since 2005, 46 states and three territories have enacted data breach laws. Only Alabama, Kentucky, New Mexico and South Dakota are left. Each state law is different, making compliance difficult for any organization that has security a security breach in which the victims reside in multiple states.

Since the CheckPoint incident, over a half-billion profiles have been compromised in 2,500 reported incidents. Some Americans have been victimized by security breaches multiple times, for example, by their schools, local, state or federal government, a retailer, financial institution or their favorite charity. Some organizations have suffered numerous breaches.

Of the 2,500 reported breaches, one third of the reporting organizations could not quantify how much information was accessed, lost, stolen or improperly disposed.

The most frightening statistics are a bit more general. Most organizations haven’t inventoried the consumer information they possess, and they don’t have a method in place to detect a breach. Others report that their employees don’t report breaches because they fear retribution by consumers and regulators.

It pays for consumers to take action to protect themselves with a service such as LifeLock.

LifeLock is the only proactive identity protection service on the market today. As a LifeLock customer, you will be notified the moment any threat to your personal information, whether credit related or not, is detected. This, in effect, stops identity theft in its tracks, and makes any information a thief could acquire during a data breach useless.

Call LifeLock today. Receive 30 days free and get a 10 percent discount on enrollment with the LifeLock Promo Code “Defense.”

Tags: , ,
Posted in Data breach | No Comments »

Stolen medical information could cost more than just your good credit

Tuesday, October 26th, 2010

When Joanna Saenz opened her mail several years ago, she got quite a surprise. She had delivered a baby girl, born in Nebraska, and she’d just received the hospital bill.

But here’s the glitch – Saenz doesn’t have a daughter, and she’s never been to Nebraska.

The child’s mother had stolen Saenz’s identity, using a birth certificate and Social Security card stolen 10 years ago from Saenz, when she was 17 and in Mexico visiting relatives.

Saenz says her situation consumed 10 years of her life. She is now the founder of Identity Recovery of Colorado, a nonprofit organization dedicated to helping victims of identity theft. Saenz says in her case, the thief had obtained an education, houses and cars in her name.

In the realm of identity theft, medical identity theft is a small slice, compared with incidents of theft stemming from stolen credit card information. But because medical records are so complete, they can pose an even greater risk. These records often include payment data, leading to financial and credit fraud. Payment information is worth a lot when sold on the black market.

But even more frightening is the possibility that a life-threatening error can be made as the medical histories of thief and victim become intertwined over time. A person with an allergy can be given the wrong medication or the wrong blood type.

To protect yourself, ask for your medical records, and review them for any inaccurate or false information. Work with providers and your insurance company to correct them. This will take time…but it could save not just your good name, but your life as well.

Tags: , , ,
Posted in Data breach | No Comments »

Swedish professor happy thief returned data

Tuesday, October 19th, 2010

A Swedish professor is a happy camper after a thief returned the contents of his laptop on a flash drive.

After recent surgery, the professor, who wasn’t identified, couldn’t carry his backpack, which contained the computer, his keys, calendar and other documents, up to his apartment before going to the laundry room. He instead left it hanging behind a door in the stairwell, thinking it would be safe while he made a quick trip to the laundry room.

But when he returned a few minutes later, the bag was missing. He was most upset because of the stolen calendar, which he said contained everything that has happened in the last 10 years of his life.

The professor reported the theft to the local police and blocked the credit cards that were in the bag.

A short time later, he was surprised to find the backpack had been returned to the stairwell, containing everything except the laptop. The professor was relieved to have most of his belongings returned, although he commented he was terrible at remembering to back up the contents of his backpack.

But about a week after the theft, the professor came home to find an envelope containing a flash drive, which had been attached to the computer at the time of the theft. The thief had copied all of the documents and personal files from the professor’s laptop onto the memory storage device.

The professor was delighted to receive the flash drive, and said he hopes other thieves will follow suit and learn to be as compassionate.

“Often when people lose their computers and cameras, it is understandably not the gadget itself that is the most important. The content is often irreplaceable,” he said.

Tags: , ,
Posted in Data breach | No Comments »

Broward data breach puts close to 24,000 at risk

Wednesday, August 11th, 2010

Nearly 24,000 Broward College summer school students are at risk for identity theft after a data breach at the Florida college leaked the students’ personal information during a computer upgrade.

The leak was not announced until recently, and college officials say the information was on the Web, unprotected, for five days in late May and early June.

The College Center for Library Automation, which provides library services and electronic resources to Florida’s community colleges, apologized Aug. 10 for the breach, which also affected five other schools.

The affected parties will receive a letter from the center, which will contain instructions on what to do to protect their credit and minimize the risk for identity theft.

Statewide, about 126,000 community college students, faculty and staff were affected by the breach. There is no evidence to date that the information has ben used by criminals.
According to identity theft statistics, about 11.1 million Americans – one out of every 20 adults – became victims of identity theft last year, with the cost to victims estimated at $54 billion.

To take a proactive stance to protect your personal information and your good credit, contact LifeLock today. With LifeLock Identity Alert™, you can rest assured that LifeLock will monitor for credit and non-credit related identity threats. You’ll be notified immediately via e-mail, postal mail or telephone of any potential compromises.

And should you fall victim to identity theft while under LifeLock’s watchful eye, LifeLock will spend up to $1 million to make it right. In addition, LifeLock’s member representatives are available 24 hours a day, seven days a week to assist you and answer all your questions.

Receive 30 days free and get a 10 percent discount on enrollment with the LifeLock Promo Code “Defense.”

Tags: , , ,
Posted in Data breach | No Comments »

Downloading apps? Here’s what they don’t tell you

Friday, August 6th, 2010

Look out, iPhone users – Big Brother has an app, and he’s using it to keep a close eye on you.

Lookout Inc., a mobile phone security firm, scanned about 300,000 free applications for the iPhone and Android, and found that many of them pull sensitive information off users’ phones and send them to third parties without notification.

The data can include full details about users’ contacts, their photos, text messages, and Internet and search histories. The danger is that the data is then vulnerable to hacking and use in identity theft if the third party doesn’t secure it.

The code that obtains the information was included in the application by the developers to allow the applications to run ads. But the applications wind up collecting more information on the users than intended.

And users don’t even know it’s happening.

Part of the problem is that smart phones don’t alert users to all the different types of data the applications running on them are collecting, and iPhones only alert users when apps want to use their locations.

Androids offer warnings when apps are first installed, but most people just breeze by them without reading them.

Make sure you protect yourself and your personal information. LifeLock will scan the Internet and databases to look for an fraudulent or suspicious activity and, should any such activity be found, will notify you immediately. LifeLock will also help you restore things to normal should you ever fall victim to identity theft.

Receive 30 days free and get a 10 percent discount on enrollment with the LifeLock Promo Code “Defense.”

Tags: , , ,
Posted in Data breach | No Comments »

Data Breach

Thursday, May 6th, 2010

Data breaches reported from 12 medical facilities last month

A dozen medical data breaches were added to the Privacy Rights Clearinghouse list last month – and that doesn’t even include Affinity Health Plan’s leaving personal information of more than 400,000 people on their digital copier when the lease was up.

  • Our Lady of Peace (Louisville, KY)
    Someone lost or stole a flash drive containing personal information of nearly 25,000 of the psychiatric hospital’s patients. Some of the records are from as far back as 2002.
  • St. Jude Heritage Medical Group (Orange, CA)
    Five computers storing the information of 20,000 patients were stolen during a break-in. In this case, the info included names, birth dates and Social Security numbers; some patients’ health information was also on the computers.

  • The Medical Center (Bowling Green, KY)


    • Someone stole a hard drive that contained the info of women who had bone density testing at the mammography suite between 1997 and 2009.

  • Hutcheson Medical Center and a plastic surgery center (Chattanooga, TN)
    Thousands of patient files dating back to 1998 were sent to the Dupont Recyling Center. Information within the files included personally identifying info. Patients who underwent plastic surgery will be mortified to know their photos were also up for grabs. (This data breach actually occurred May 2009, but just made the list April 2010.)
  • DRC Physical Therapy Plus (Monticello, NY)
    Thousands of patients’ records were unceremoniously dumped when the business folded. Police impounded a dump truck loaded with boxes of files and removed another 12 boxes of patient records from the bucket of a front-end loader.

    • (more…)

Tags: , , , , , , , , , , , , ,
Posted in Data breach | No Comments »

Data Breach

Friday, April 16th, 2010

Data breach at Countrywide Financial leads to class action lawsuit

When it was discovered that Rene Rebollo came into the office every Sunday for two years and stole a total of roughly two million files, Countrywide’s management said they were unaware he was downloading customer information to sell it; they just though Rene Rebollo, 36, was an especially hard working employee. Now, a class action lawsuit asks whether Rebollo was working on his own, or whether he was just the fall guy tasked with selling off the stolen information to raise money for the failing Countrywide Home Loan.

The plaintiffs are asking for a $20 million settlement and additional punitive damages because of their elevated identity theft risk they face and the invasion of their privacy. (more…)

Tags: , , ,
Posted in Data breach | No Comments »

Data breach

Friday, February 5th, 2010

Data breaches in hotel industry higher than any other sector in 2009, according to Trustwave report

Which is most worrisome: (A) that hackers hit the hotel industry in 38% of data breaches last year; (B) that it took the hotels an average of five months to notice a data breach; (C) that the hackers often got into the data by using software glitches that had patches available 10 years ago; or, (D) all of the above?

A new report from security firm Trustwave indicates that the hotel industry was targeted for data breaches more than any other last year primarily because they were such an easy target and the takings were so rich. The hackers gained access to potentially millions of credit card account details from hotels that did little to protect the data, and never reported the resulting identity theft risk to officials or customers. (Picture a frisky young pit bull gleefully trotting after a fat, blind, three-legged cat while the cat’s owner sleeps in a hammock nearby.) (more…)

Tags: , , , , ,
Posted in Data breach | No Comments »

Data breach

Friday, January 15th, 2010

Health Net data breach prompts attorney general’s “historic lawsuit”

Connecticut Attorney General Richard Blumenthal said last November that he was “outraged and appalled” upon learning of Health Net’s massive data breach and their keeping it hush-hush for six months. He acted on those feelings this week by filing suit against the insurer and its new owners, United Health Group and Oxford Health Plans.

The data breach occurred May 2009 when a hard drive containing the information of 1.5 million customers went missing. Records were for the period 2002 through 2009. Roughly 446,000 of the members are from Connecticut.

Blumenthal’s lawsuit asserts Health Net gave its employees inadequate supervision and training on appropriate maintenance, use and disclosure of protected health information.

The company explained the six-month lag time between their awareness of the breach and their notifying state officials by saying the time was necessary to complete a “detailed forensic review.” Kroll, a computer forensic consulting firm hired to complete the investigation determined the information wasn’t encrypted or protected in any way from access or viewing. (more…)

Tags: , , , , , , , ,
Posted in Data breach | No Comments »

Express Script hackers update: 1,700 added to victim list

Wednesday, December 16th, 2009

Apparently, hackers stole even more of Express Scripts’ member information than was initially revealed last fall. An additional 1,771 New Hampshire residents are being sent data breach notification letters this week, according to a September 14 letter from Express Scripts.

Express Scripts, one of the world’s largest pharmacy benefits management companies, revealed in November 2008 that hackers demanded ransom in exchange for stolen customer information. Unless the ransom was paid, the hackers threatened to reveal the members’ information.

To strengthen their threat, the hackers sent personal information–including names, birth dates, Social Security numbers and some prescription details–of 75 of the firm’s 50 million customers. (more…)

Tags: , ,
Posted in Data breach | No Comments »

« Older Entries
Newer Entries »