Breach Roundup
Where two organizations are implicated, the first is the one which collected the data, the second is Ernst and Young the one that lost it.
- Texas Guaranteed Student Loan/Hummingbird, 1.3m SSNs, “lost equipment.” “Toronto firm at centre of security breach”
- Hotels.com/Ernst and Young, 243,000 credit cards, lost laptop. “Hotels.com customer info may be at risk” Who cares? It’s just credit cards, but this is getting enough press that the roundup felt incomplete without it.
- Food conglomerate Royal Ahold (Stop & Shop, Giant, Tops, etc)/EDS, impact hidden by company, lost laptop. Royal Ahold Loses Personal Data of Former Employees.
Apparently, they haven’t yet learned that transparency is good. Related, “Royal Ahold Execs Fined After Conviction.”
- Miami University of Ohio, 851 student SSNs, dismal process. “Miami U. reports 2nd security breach.”
- IRS, 291 Employee SSNs and Fingerprints, Lost laptop. “Lost IRS laptop stored employee fingerprints.”
- University of Kentucky, 1300 employee SSNs, spreadsheet on a web server. “UK tells 1,300 past, current employees that personal data was accessible online.”
- Rhode Island YMCA, 65,000 CC, ‘some’ SSNs, lost laptop. “YMCA laptop with 65,000 members’ information stolen.” Props to the Providence Journal for getting the apostrophe correct.
- Medicaid/Buckeye Community Health Plan, 72,000 recipient SSNs, stolen laptops, “Computers stolen with data on 72,000 Medicaid recipients.”
- Veterans Administration, 50,000 active duty personnel, same laptop. “IDs of active military personnel on stolen laptop”
Many of these via Dataloss mail list.