Noteworthy Computer Security Breaches: Sept 2013

These computer breach news items are listed here to remind IT professionals, particular developers, designers, networking and database administrators how important it is to encrypt hard drives and sensitive data such as social security numbers, medical patient IDs, credit card numbers and so on. The following results came from a PrivacyRights.org website search.

Date Made Public Name Entity Type

Total Records

September 15, 2013 International SOS
Philadelphia, Pennsylvania
GOV HACK

Unknown

An unauthorized user or users accessed at least one U.S. system that hosts traveler information.  The type of information that may have been accessed was not reported and International SOS is still investigating the incident.  
Information Source:
Media

records from this breach used in our total: 0


September 13, 2013 MNsure
St. Paul, Minnesota
MED DISC

2,400 

An agency employee accidentally sent the information of 2,400 insurance agents to two other MNsure employees via email.  MNsure instructed the employees to delete the information.  Names, Social Security numbers, and addresses were part of the breach.  
Information Source:
Media

records from this breach used in our total: 2,400


September 13, 2013 Argotec
Greenfield, Massachusetts
BSR UNKN

Unknown

An unspecified incident occurred on or around July 26 that may have exposed the confidential information of current and former employees.  Names, Social Security numbers, and bank account information may have been exposed.  Current employees were sent notification on August 6.  
Information Source:
Media

records from this breach used in our total: 0


September 11, 2013 Edgewood Partners Insurance Center (EPIC)
San Mateo, California
BSF PORT

Unknown

Five laptops were stolen during a July 16 office burglary.  The laptops contained confidential information and were password-protected but unencrypted.  Current and former employees and their beneficiaries and dependents, contractors, and job applicants were affected. Names, Social Security numbers, addresses, dates of birth, drivers’ license numbers, benefits information, bank account information, and health information were exposed.  
Information Source:
Media

records from this breach used in our total: 0


September 11, 2013 Kaiser Permanente
Oakland, California
MED DISC

Unknown

Participants in a Wellness Screening competition pilot may have had their information exposed.  A Kaiser Permanente employee accidentally included confidential information in an email sent to a member of the pilot planning team. In addition to a summary of the competition, it included names, Kaiser Permanente medical record numbers, phone numbers, email addresses, names of employers, department names, and dates and times of health screenings.  The pilot planning team member was not authorized to receive the confidential information.  
Information Source:
California Attorney General

records from this breach used in our total: 0


September 11, 2013 FSV Payment Systems, Paymast’r Services
Boulder, Colorado
BSF HACK

Unknown

Between July 22 and July 28, an unauthoried party accessed a website that contained sensitive information.  Names, Social Security numbers, addresses, drivers’ license numbers, and Payroll Card numbers may have been accessed.  The website was shutdown once the breach was discovered.  
Information Source:
California Attorney General

records from this breach used in our total: 0


September 10, 2013 Pierce County Housing Authority
Tacoma, Washington
BSO DISC

979

A human error resulted in the exposure of client information.  A client found a file with Social Security numbers on the website.  The site was shut down while the file was removed.  It is unclear how long the information was available and the error was caused by a former employee.   
Information Source:
Media

records from this breach used in our total: 979


September 10, 2013 Outdoor Network, LLC, Boats.net, Partzilla.com
Lake Placid, Florida
BSR HACK

Unknown

Those with questions may call (888) 829-6550.

A website breach exposed an unspecified number of customer names, addresses, credit card numbers, credit card expiration dates, and CVV codes.  Hackers put malware on Outdoor Network’s Boats.net and Partzilla.com websites and were able to access information from credit card transactions between December 2012 and July 2013.

 
Information Source:
Media

records from this breach used in our total: 0


September 10, 2013 University of South Florida (USF) Health
Tampa, Florida
EDU INSD

140

Police searched the car of a University custodial employee and found USF Physicians Group patient billing information.  Names, Social Security numbers, and dates of birth had been exposed.  The employee no longer works for the University and patients were sent a notification letter in late July.  
Information Source:
Media

records from this breach used in our total: 140


September 7, 2013 Rockland Federal Credit Union
Rockland, Massachusetts
BSF HACK

Unknown

Those with questions may call 781-878-0232.

Rockland Federal Credit Union is sending customers new debit cards with new PINs as a result of a merchant who discovered a breach in their computer system.  All old debit cards will be deactivated on September 26.

 
Information Source:
Media

records from this breach used in our total: 0


September 6, 2013 Georgia Department of Labor
Marrieta, Georgia
GOV DISC

4,457

An employee accidentally emailed a document with the names and Social Security numbers of 4,457 Cobb-Cherokee Career Center customers to 1,000 people.  Recipients were notified and instructed to delete the email immediately without reading it.

UPDATE (09/06/2013): The employee who accidentally sent the email attachment was suspended. The Georgia Department of Labor is also reviewing its internal policies for handling sensitive information.

 
Information Source:
Media

records from this breach used in our total: 4,457


September 6, 2013 Office of Dr. Hankyu Chung
San Jose, California
MED PORT

Unknown

A June 17 office burglary resulted in the theft of two laptops.  One of the laptops contained names, telephone numbers, dates of birth, visit dates, health complaints, physical examination notes, diagnoses, testing information, medication information, and other medical record information.  The thief or thieves were able to get into the office by opening an unlocked door.  No identity theft protection services are being offered to affected patients.  
Information Source:
California Attorney General

records from this breach used in our total: 0


September 6, 2013 Conexis, State of Virginia
Blacksburg, Virginia
EDU DISC

13,000

Employees of the state of Virginia who are enrolled in the Commonwealth’s 2014 Flexible Spending Account had their information exposed.  Conexis erroneously sent summary reports of Blue Cross/Blue Shield Flexible Spending Account Services to 11 state human resources and payroll employees.  The reports included participants from across the state rather than from specific locations related to the human resources and payroll employees’ work.  The human resources and payroll employees who received information that was not intended for them signed a certification confirming that they had deleted or destroyed the information.  
Information Source:
Media

records from this breach used in our total: 13,000


September 6, 2013 James A. Haley Veterans Hospital
Tampa, Florida
MED INSD

106

A volunteer allegedly stole the names and Social Security numbers of 106 patients and used the information to file $550,000 worth of fraudulent tax returns.  The volunteer had a co-conspirator and the breach began in late January of 2012.    
Information Source:
Media

records from this breach used in our total: 106


September 6, 2013 Illinois Department of Healthcare and Family Services
Springfield, Illinois
MED DISC

Unknown

A contractor sent Family Health Network ID cards to the wrong addresses in July of 2013.  A total of 3,100 clients had their names, Medicaid numbers, and dates of birth exposed.  
Information Source:
Media

records from this breach used in our total: 0


September 5, 2013 Medical University of South Carolina (MUSC), Blackhawk Consulting Group
Charleston, South Carolina
MED HACK

10,000 (7,000 from MUSC)

A hacker from outside of the United States accessed customer information from Blackhawk Consulting Group, a credit card processing vendor.  The information included financial information from customers who paid the Medical Univeristy of Southern Carolina with a credit card online or over the phone between June 30 and August 21. No patient information was accessed. Some of Blackhawk Consulting Group’s other customers were affected and a total of 10,000 people may have had their information exposed.

UPDATE (09/09/2013): Specifically, names, billing addresses, email addresses, payment card numbers, expiration dates, and CCV2 numbers were exposed by a Blackhhawk Consulting Group hack in August. 

 
Information Source:
Media

records from this breach used in our total: 7,000


September 5, 2013 Boston Public School (BPS), Plastic Card Systems
Boston, Massachusetts
GOV PORT

20,000 (No SSNs or financial information reported)

Boston Public School students across 36 schools may have had their information compromised by the loss of a flash drive.  The flash drive was misplaced sometime around August 9 by BPS’s ID card vendor Plastic Card Systems.  
Information Source:
Media

records from this breach used in our total: 0


September 5, 2013 North Texas Comprehensive Spine and Pain Center
Sherman, Texas
GOV INSD

3,000 (No SSNs or financial information reported)

A former employee stole an external hard drive that contained the medical information of patients.  There has been no evidence that the information on the hard drive was improperly used.

UPDATE (09/15/2013): Close to 3,000 patients were notified of the potential breach.

 
Information Source:
Media

records from this breach used in our total: 0


September 3, 2013 InterContinental Mark Hopkins San Francisco
San Francisco, California
BSO PORT

Unknown

A July 4 burglary resulted in the exposure of guest information.  The names, addresses, email addresses, phone numbers, and credit and debit card numbers of guests were on a computer hard drive that was stolen.  The hotel learned of the possibility of a breach of guest data on July 14 and alerted guests around August 8.  
Information Source:
Media

records from this breach used in our total: 0


September 3, 2013 St. Anthony
St. Louis, Missouri
MED PORT

2,600 (No SSNs or financial information reported)

Patients with questions may call 800-524-7262 extension 1575.  

The July 29 car burglary of a laptop computer and flash drive resulted in the exposure of patient information.  Patient names, dates of birth, and other information contained in medical records were exposed.

 
Information Source:
Media

records from this breach used in our total: 0


September 2, 2013 Creative Banner Assemblies
Minneapolis, Minnesota
BSO HACK

232

A website breach that occurred on June 1 and was discovered on July 22 resulted in the exposure of customer informaiton.  Names, addresses, phone numbers, unencrypted credit card information, and other information stored on temporary data files may have been accessed due to malicious code on the website.  
Information Source:
Media
       
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s