Posts Tagged ‘Data breach’

« Older Entries

Identity theft protection

Friday, March 5th, 2010

Consumer education key to cybercrime war

Is it better to try to chase down cybercriminals, or educate computer users? That’s the ongoing debate among security experts.

On one hand, there have been some huge victories recently in the battle against the bad guys. This week, three men were arrested in connection with a creating a “botnet” that infected an estimated 13 million computers from 190 countries and stole personal and financial information.

In 2008, the alleged mastermind of the largest cybercrimes in history was arrested. Albert Gonzalez is responsible for the greatest data breaches in history, including Heartland Payment Systems, TJX, Hannaford Brothers, 7-Eleven, Citibank, J.C. Penney, and Dave and Buster’s, according to his indictments.

Gonzalez also supervised an online forum in which more than 160 million credit cards, birth certificates, Social Security cards, PIN numbers and computer login information was exchanged.

So, the good guys must be winning the war, right? Probably not. (more…)

Tags: , , ,
Posted in identity theft protection | No Comments »

Data breach

Friday, February 5th, 2010

Data breaches in hotel industry higher than any other sector in 2009, according to Trustwave report

Which is most worrisome: (A) that hackers hit the hotel industry in 38% of data breaches last year; (B) that it took the hotels an average of five months to notice a data breach; (C) that the hackers often got into the data by using software glitches that had patches available 10 years ago; or, (D) all of the above?

A new report from security firm Trustwave indicates that the hotel industry was targeted for data breaches more than any other last year primarily because they were such an easy target and the takings were so rich. The hackers gained access to potentially millions of credit card account details from hotels that did little to protect the data, and never reported the resulting identity theft risk to officials or customers. (Picture a frisky young pit bull gleefully trotting after a fat, blind, three-legged cat while the cat’s owner sleeps in a hammock nearby.) (more…)

Tags: , , , , ,
Posted in Data breach | No Comments »

Data breach

Friday, January 15th, 2010

Health Net data breach prompts attorney general’s “historic lawsuit”

Connecticut Attorney General Richard Blumenthal said last November that he was “outraged and appalled” upon learning of Health Net’s massive data breach and their keeping it hush-hush for six months. He acted on those feelings this week by filing suit against the insurer and its new owners, United Health Group and Oxford Health Plans.

The data breach occurred May 2009 when a hard drive containing the information of 1.5 million customers went missing. Records were for the period 2002 through 2009. Roughly 446,000 of the members are from Connecticut.

Blumenthal’s lawsuit asserts Health Net gave its employees inadequate supervision and training on appropriate maintenance, use and disclosure of protected health information.

The company explained the six-month lag time between their awareness of the breach and their notifying state officials by saying the time was necessary to complete a “detailed forensic review.” Kroll, a computer forensic consulting firm hired to complete the investigation determined the information wasn’t encrypted or protected in any way from access or viewing. (more…)

Tags: , , , , , , , ,
Posted in Data breach | No Comments »

Express Script hackers update: 1,700 added to victim list

Wednesday, December 16th, 2009

Apparently, hackers stole even more of Express Scripts’ member information than was initially revealed last fall. An additional 1,771 New Hampshire residents are being sent data breach notification letters this week, according to a September 14 letter from Express Scripts.

Express Scripts, one of the world’s largest pharmacy benefits management companies, revealed in November 2008 that hackers demanded ransom in exchange for stolen customer information. Unless the ransom was paid, the hackers threatened to reveal the members’ information.

To strengthen their threat, the hackers sent personal information–including names, birth dates, Social Security numbers and some prescription details–of 75 of the firm’s 50 million customers. (more…)

Tags: , ,
Posted in Data breach | No Comments »

ID theft risk: Dumpster full of data found in Palm Beach County

Monday, October 12th, 2009

One of the reasons the risk of ID theft is so high has to do with your employer. You don’t have any idea what happens to your personal information after you provide it to an employer. Unless, that is, you work for the staffing agency CLP. If so, there’s a good chance your personal information was in one of the boxes found in a Dumpster out back of a Florida restaurant last week.

A worker at Newport Café discovered everything necessary to commit identity theft in the boxes full of job applications, copies of Social Security cards, driver’s licenses and tax records. The job applications bore the CLP logo.

The restaurant employee contacted the local police, who, in turn, contacted staffing firm’s regional director in Fort Lauderdale. The CLP regional director, Seth Sandler, made a quick trip up to Palm Beach County and “took care of the situation,” said Corp. Michelle Vazquez of the Palm Springs police.

Until last week, CLP had an office next door to the restaurant, but Newport Café employees said they saw people moving out the office furnishings the day before the documents were discovered. (more…)

Tags: , , , , , , ,
Posted in Data breach | No Comments »

National Archives data breach: Hard drive with 70 million veterans’ health, service records

Tuesday, October 6th, 2009

American military veterans have been put at risk again. An unencrypted hard drive associated with eVetRec—the system veterans use to access their health records and discharge papers—was sent first for repairs then for recycling without being wiped of 76 million veterans’ records.

The hard drive failed last November and was returned to the contractor that sold it to the National Archives and Records Administration (NARA). When the contractor was unable to fix the drive, the contractor sent it to another company for recycling. (more…)

Tags: , , , , , , , ,
Posted in Data breach | No Comments »

Express Scripts hackers update: 1,700 added to victims list

Tuesday, September 22nd, 2009

Apparently, hackers stole even more of Express Scripts’ member information than was initially revealed last fall. An additional 1,771 New Hampshire residents are being sent data breach notification letters this week, according to a September 14 letter from Express Scripts.

Express Scripts, one of the world’s largest pharmacy benefits management companies, revealed in November 2008 that hackers demanded ransom in exchange for stolen customer information. Unless the ransom was paid, the hackers threatened to reveal the members’ information.

To strengthen their threat, the hackers sent personal information–including names, birth dates, Social Security numbers and some prescription details–of 75 of the firm’s 50 million customers.

Express Scripts publicly refused to pay the ransom, even after some of their customers received similar letters, extortion attempts and sample employee information. Toyota, government agencies and labor unions were among those contacted by the hackers. (more…)

Tags: , , , , , ,
Posted in Data breach | 1 Comment »

National Guard Data Breach: Stolen laptop leaves 131,000 soldiers potential ID theft victims

Thursday, August 6th, 2009

Of course military service has inherent personal safety risks—that’s what makes enlistment so noble. But the risk of identity theft is something 131,000 current and former Army National Guards soldiers will be considering very seriously.

The Army National Guard announced this week that a contractor’s laptop containing the soldiers’ personal information was stolen July 27. The contractor was involved in the Army National Guard Bonus and Incentives Program.

The compromised information included program participants’ names, Social Security numbers, payment amounts and payment dates. (more…)

Tags: , , , , , ,
Posted in Data breach | 3 Comments »

Data breach: New Hampshire prisoner found with list of all Corrections employees’ info

Tuesday, August 4th, 2009

Here’s how we’d like to think of it: Prison inmates are the stupid ones and their keepers are the smart ones.

Here’s how it really is: An unnamed New Hampshire prison employee assigned prisoners to work in a warehouse where they had access to Corrections Department records, including a list of ALL department employees and their Social Security numbers.

Big surprise: An inmate in a Concord minimum-security prison absconded with the list, which was discovered in his cell during a routine search.

The employee information included names, titles, positions, departments, labor grades and Social Security numbers of the roughly 1,000 people employed in the Corrections Department as of March 2008. (more…)

Tags: , , , , ,
Posted in Data breach | No Comments »

Fla. Department of Education notifies student loan recipients of data breach

Monday, July 13th, 2009

If you’re already defaulting on your student loan, you might be praying that the state agency that manages it would somehow just lose the promissory note, thereby letting you off the hook.

Florida students got only half of what they wished for, and a whole lot of something they never wanted. (more…)

Tags: , , , , , , ,
Posted in Data breach | No Comments »

« Older Entries