The Breach Blog, from FRSecure
The Breach Blog

Expectant and new mothers at risk after University of Kentucky laptop theft

Share |

Date Reported:
8/19/10

Organization:
University of Kentucky

Contractor/Consultant/Branch:
UK HealthCare

Location:
Lexington, Kentucky

Victims:
"mothers in the Newborn Screening Program"

Number Affected:
2,027

Types of Data:
"patient names, medical record numbers as well as the date of birth, diagnosis, mother’s name, and in some instances, the social security numbers"

Breach Description:
"The University of Kentucky is notifying 2,027 people of a breach of protected health information.  Between June 18 and June 21, 2010, a laptop computer containing information from the Newborn Screening Program was stolen from the Department of Pediatrics Newborn Screening Program."

<< MORE >>

Yale School of Medicine breach is under investigation by AG

Share |

Date Reported:
8/18/10

Organization:
Yale University

Contractor/Consultant/Branch:
Yale School of Medicine

Location:
New Haven, Connecticut

Victims:
Patients

Number Affected:
"about 1,000"

Types of Data:
"health information"

Breach Description:
"The security of personal health information of up to 1,000 people could have been compromised when a laptop was stolen from Yale Medical School."

<< MORE >>

Four Massachusetts hospital patients at risk after illegal dumping is discovered

Share |

Date Reported:
8/13/10

Organization:
Milton Hospital
Caritas Christi Health Care
Milford Hospital
Holyoke Medical Center

Contractor/Consultant/Branch:
Goldthwait Associates

Location:
Georgetown, Massachusetts

Victims:
Patients

Number Affected:
"thousands", there are an estimated 8,000 - 12,000 patients from Milton Hospital; Holyoke puts the number between 16,000 and 24,000 patients.

Types of Data:
"individuals' full names, addresses, dates of birth, Social Security numbers, insurance information including policy numbers, patient identification numbers, as well as protected health information including diagnoses relating to pathology tests"

Breach Description:
A Boston Globe photographer discovered thousands of billing records from four area hospitals at an transfer station (dump) in Georgetown, Massachusetts.  The confidential records were allegedly discarded (unsecurely) by the hospitals' common billing services provider, Goldthwaite Associates.

<< MORE >>

Laptop stolen from the University of Connecticut affects 10,174 applicants

Share |

Date Reported:
8/19/10

Organization:
University of Connecticut

Contractor/Consultant/Branch:
None

Location:
West Hartford, Connecticut

Victims:
School applicants

Number Affected:
10.174

Types of Data:
"undergraduate admissions data, including applicants' contact information, Social Security numbers and other data"

Breach Description:
"WEST HARTFORD, Conn., Aug. 19 (UPI) -- A laptop computer stolen from a Connecticut university contained names and sensitive information on 10,174 school applicants, school officials said."

<< MORE >>

Laptop stolen from Oregon doctor's car affects 4,000 patients

Share |

Date Reported:
8/11/10

Organization:
Dr. David Gostnell*

*This page is Dr. Gostnell's staff page at OHSU.  OHSU is not involved in this breach.

Contractor/Consultant/Branch:
None

Location:
Portland, Oregon

Victims:
Patients

Number Affected:
4,000

Types of Data:
"full names, diagnoses and Social Security numbers"

Breach Description:
"PORTLAND, Ore. -- A Portland psychologist is alerting 4,000 patients after his laptop, which contained personal health information, was stolen from his car last month."

<< MORE >>

126,000 people affiliated with six Florida schools involved in CCLA breach

Share |

Date Reported:
8/10/10

Organization:
Broward College
Florida State College at Jacksonville
Northwest Florida State College
Pensacola State College
South Florida Community College
Tallahassee Community College

Contractor/Consultant/Branch:
College Center for Library Automation ("CCLA")*

*Established in 1989, CCLA operates Florida's Library Information Network for Cooperative Content (LINCC) and associated web-based information portal, LINCCWeb.  CCLA is a cooperative effort between the Florida Department of Education's Division of Florida Colleges and the College Council of Presidents.

Location:
Online

Victims:
"students, faculty, and staff of six Florida public colleges"

Number Affected:
"As many as 126,000"

Types of Data:
"personal information, as defined by Section 817.5681(5)(a)-(c), Florida Statutes"*

*CCLA has not defined what personal information was exposed.  Section 817.5681(5)(a)-(c), Florida Statutes, states:
For purposes of this section, the term "personal information" means an individual's first name, first initial and last name, or any middle name and last name, in combination with any one or more of the following data elements when the data elements are not encrypted: (a) Social security number; (b) Driver's license number or Florida Identification Card number; (c) Account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.


Breach Description:
"On August 10, 2010, CCLA notified students, faculty, and staff of six Florida public colleges that some of their personal information, as defined by Section 817.5681(5)(a)-(c), Florida Statutes, was temporarily open to online access for a five-day period between May 29 and June 2, 2010."  The information was inadvertently made available during the installation of a software upgrade

<< MORE >>

Discarded insurance documents return to haunt three years later

Share |

Date Reported:
8/16/10

Organization:
American Fidelity Assurance Company

Contractor/Consultant/Branch:
None

Location:
Oklahoma City, Oklahoma

Victims:
Customers

Number Affected:
"hundreds"

Types of Data:
Personal information typically found on "insurance and related employee forms".  Names, addresses, Social Security numbers, etc.

Breach Description:
An Edmond, Oklahoma couple found hundreds of confidential documents inside storage containers located on a curb during trash day.  The couple stored the documents for three years, and only recently reported their finding.  The documents include hundreds of insurance-related forms, allegedly from American Fidelity Assurance Company.

<< MORE >>

UNCG malware infection may have exposed more than 2,500 patients

Share |

Date Reported:
8/9/10

Organization:
The University of North Carolina at Greensboro ("UNCG")

Contractor/Consultant/Branch:
Speech and Hearing Center
Psychology Clinic

Location:
Greensboro, North Carolina

Victims:
Patients

Number Affected:
"more than 2,500 individuals"

Types of Data:
"names, addresses, social security numbers, dates of birth, telephone numbers, insurance companies, insurance ID numbers, group numbers, diagnosis codes, procedure codes and charges"

Breach Description:
"GREENSBORO, N.C. (AP) — Officials at the University of North Carolina at Greensboro say computer security breaches at two clinics allowed unauthorized access to information on about 2,500 people."

<< MORE >>

Lost DVD affects over 11,000 pharmacy patients

Share |

Date Reported:
8/4/10

Organization:
Walsh Pharmacy of Fall River, MA

Contractor/Consultant/Branch:
McKesson Pharmacy Systems

Location:
Undisclosed, lost/stolen in transit

Victims:
Patients

Number Affected:
"approximately 11,440"

Types of Data:
Personal information, including "names and in some instances social security, health care and driver’s license numbers, as well as prescription information"

Breach Description:
Walsh Pharmacy has notified the New Hampshire Attorney General as well as local news outlets about a breach involving a lost/stolen DVD that contained sensitive personal information belonging to the pharmacy's patients.

<< MORE >>

Portland Community College notifies victims of lost flash drive

Share |

Date Reported:
8/12/10

Organization:
State of Oregon

Contractor/Consultant/Branch:
Oregon Department of Human Services
Portland Community College
Oregon Food Stamp Employment Transition Program, also known as OFSET

Location:
One or more campuses

Victims:
"Multnomah County participants in the Oregon Food Stamp Employment Transition Program"

Number Affected:
"an estimated 2,900"

Types of Data:
Personal information including "names and Social Security numbers"

Breach Description:
"A car owned by an employee of Portland Community College was broken into on Thursday, Aug 5. Among the stolen items was a data-storage device containing the names and Social Security numbers of an estimated 2,900 Multnomah County participants in the Oregon Food Stamp Employment Transition Program, also known as OFSET."

<< MORE >>

Benefits consultant loses backup tape containing employee personal information

Share |

Date Reported:
8/4/10

Organization:
Marsh & McLennan Companies

Contractor/Consultant/Branch:
Seabury & Smith, Inc.
Mercer
Marsh
Undisclosed third-party courier

Location:
Undisclosed

Victims:
Employees and employee dependents of client companies

Number Affected:
Undisclosed

Types of Data:
"personal information, such as name and Social Security Number"

Breach Description:
Mercer Health & Benefits LLC and its affiliates (Mercer) has updated the New Hampshire Attorney General about a breach that occurred in April, 2010.  The breach was the result of a lost (or stolen) backup tape.

<< MORE >>

Local break-in at allergy clinic results in 25,000 stolen patient records

Share |

Date Reported:
8/6/10

Organization:
Fort Worth Allergy and Asthma Associates

Contractor/Consultant/Branch:
None

Location:
Fort Worth, Texas

Victims:
Patients

Number Affected:
25,000

Types of Data:
Personal information including Social Security numbers, birth dates, addresses, and diagnoses

Breach Description:
FORT WORTH -- In June, employees at a Fort Worth allergy clinic discovered that the office door had been kicked in and four computers containing patients' personal information including Social Security numbers and birth dates had been stolen.

<< MORE >>

More than 150 people affected by Doherty Hotel breach

Share |

Date Reported:
8/13/10

Organization:
Doherty Hotel & Convention Center

Contractor/Consultant/Branch:
None

Location:
Clare, Michigan

Victims:
Customers

Number Affected:
"more than 150"

Types of Data:
Credit and/or debit card information

Breach Description:
"CLARE – More than 150 credit card holders who frequented a local business that had its database accessed have seen fraudulent charges appear on their cards in a case that is being investigated by the U.S. Secret Service, according to authorities."

<< MORE >>

Destination Hotels in 12 states affected in massive card breach


Date Reported:
8/6/10

Organization:
Destination Hotels & Resorts ("DHR") *

*This is an update and continuation of a previous Breach Blog post; see: More than 700 upscale hotel guests affected by credit card breach

Contractor/Consultant/Branch:
None

Location:
Various

Victims:
Patrons of 22 DHR properties

Number Affected:
Undisclosed*

*There is no disclosure of the total number, but according to the New Hampshire Attorney General letter there are approximately 470 New Hampshire residents affected.

Types of Data:
"credit or debit card information, including card numbers and expiration dates"

Breach Description:
"Between April 2009 and June 2010, the computer systems of some DHR hotels were accessed without authorization.  As a result, credit or debit card information, including card numbers and expiration dates, may have been subjected to unauthorized access by third parties."

<< MORE >>

Littleton Regional Hospital employee fired for inappropriate information access

Share |

Date Reported:
6/29/10

Organization:
Littleton Regional Hospital

Contractor/Consultant/Branch:
None

Location:
Littleton, New Hampshire

Victims:
Patients

Number Affected:
"several"

Types of Data:
Personal demographic and diagnostic information, including:
  • Name, Address, and Phone Number,
  • Date of Birth and Age,
  • Insurance Information,
  • Primary Care Provider and Referring Physician names,
  • Medical History and Allergies,
  • Date, Time, Type, Provider name and Reason for visit, and;
  • Provider notes regarding the visit in question
Breach Description:
Littleton Regional Hospital has notified the New Hampshire Attorney General of a breach concerning unauthorized employee access to personal health information belonging to patients who visited the hospital during "the spring months of 2010".

<< MORE >>

Laptop lost during airport layover affects more than 32,000 employee candidates

Share |

Date Reported:
7/27/10

Organization:
CoreLogic

Contractor/Consultant/Branch:
First Advantage
First Advantage Tax Consulting Services ("TCS")

Location:
An undisclosed airport

Victims:
Job applicants from TCS clients

Number Affected:
32,842

Types of Data:
Personal information including "names and Social Security numbers"

Breach Description:
"Through its lawyers, Indianapolis-based First Advantage Tax Consulting Services (TCS) has notified the New Hampshire Attorney General’s Office that on June 10, a laptop containing sensitive personal information was lost during an airport layover. "

<< MORE >>

Cooper University Hospital flash drive with personal info goes missing

Share |

Date Reported:
7/27/10

Organization:
Cooper University Hospital

Contractor/Consultant/Branch:
None

Location:
Camden, New Jersey

Victims:
"graduate medical education residents and fellows for the current and prior academic years"

Number Affected:
Undisclosed

Types of Data:
Personal information including "Social Security numbers, addresses, and phone numbers"

Breach Description:
"A thumb drive that contained personal data about current and past graduate medical education residents and fellows at Cooper University Hospital has gone missing. Hospital sources tell Action News the thumb drive went missing on July 8th."

<< MORE >>

Who is to blame in Regeneron / Ceridian breach?

Share |

Date Reported:
7/26/10

Organization:
Regeneron Pharmaceuticals, Inc.

Contractor/Consultant/Branch:
Ceridian Corporation

Location:
Undisclosed/Web-based

Victims:
Current and former employees

Number Affected:
Undisclosed

Types of Data:
"names and bank account numbers"

Breach Description:
Regeneron has notified the New Hampshire Attorney General of a breach concerning unauthorized access to their payroll provider's (Ceridian Corporation) system.  Once access was gained to the system, the "hackers" attempted to redirect employee paychecks to fraudulent accounts.

<< MORE >>

Thomas Jefferson Hospitals notifies 21,000 patients of stolen laptop

Share |

Date Reported:
7/23/10

Organization:
Jefferson Health System

Contractor/Consultant/Branch:
Thomas Jefferson University Hospitals

Location:
Philadelphia, Pennsylvania

Victims:
Patients who "received inpatient care at Thomas Jefferson University Hospitals in 2008 between March 9 and June 9 and between August 1 and November 1"

Number Affected:
"approximately 21,000"

Types of Data:
"name, birth date, gender, ethnicity, diagnosis, social security number, insurance information, hospital account number and other internal and administrative coding"

Breach Description:
"Thomas Jefferson University Hospitals has notified approximately 21,000 patients that there was a theft of a laptop computer containing personal information."

<< MORE >>

Resnick Investment Advisors is victim of unauthorized intrusion


Date Reported:
7/21/10

Organization:
Resnick Investment Advisors, LLC

Contractor/Consultant/Branch:
None

Location:
Westport, Connecticut

Victims:
Clients

Number Affected:
Undisclosed

Types of Data:
Account information

Breach Description:
Resnick Investment Advisors, LLC has notified the New Hampshire Attorney General of an "electronic intrusion" of their computer network that could have exposed client account information to an unauthorized third party.  The alleged incident took place sometime in June, 2010.

<< MORE >>

Contact Us!

Click here!

Want email updates?

Enter your email address


Privacy News

Calendar

September 2010
SuMoTuWeThFrSa
1234
567891011
12131415161718
19202122232425
2627282930

Subscribers

Bookmarks

Add to Technorati Favorites



Add to Google Reader or Homepage

Subscribe in NewsGator Online

Subscribe in Bloglines

Archive List

ANALYTICS