Security Breaches: August 2007 Archives

The personal information of 106,000 Connecticut state taxpayers was put at risk when a laptop was stolen from the state's Department of Revenue Services. The laptop contained the names and Social Security numbers of 10% of the state's taxpayers.

The Department of Revenue Services has set up a toll-free number for victims and the state plans to launch a section on their web site for taxpayers to determine if they are affected by the theft. The web site will also attempt to educate victims on how to alert the three major credit reporting agencies.

If you believe you may have been affected by this incident please contact the Connecticut Department of Revenue Services or go to http://www.ct.gov/drs

A burglar broke into the IT department at Loomis Chaffee School in Windsor, Connecticut and stole computer equipment containing the personal information of several hundred past students.

The school notified victims in a letter sent August 3rd advising them to monitor their credit reports despite their claim that the data was encrypted.

Source: "Loomis Chaffee grads warned about potential identity theft after thieves steal school computer equipment," Aug. 23, Journal Inquirer.

The personal financial data of almost 300,000 New York City retirees could be in the hands of identity thieves after a laptop was stolen from a midtown Manhattan restaurant.

The computer belonged to a private consultant working for the City's Financial Information Services Agency.

The information possibly included the names, addresses, Social Security numbers and pension amounts.

There is potentially some good news for affected retires. It is believed that the sensitive information on the computer may have been encrypted. This has yet to be confirmed.

Source: "Laptop stolen containing city retirees' data," Aug. 23, New York Daily News.

California State Pension System Exposes Social Security Numbers on Print Brochures

The California Public Employees' Retirement System (CaIPERS) exposed all or part of the recipient's SSN on the address panel of a brochure sent to retirees. The error occurred when the staff did not recognize that the file contained social security numbers.

Approximately 445,000 retirees are affected.

Source: "Apology sent over CaIPERS privacy error," August 22, Sacramento Bee.

Patient records were available by web search during a four-week period after Sky Lakes Medical Center (Oregon) shut down its online bill-payment system, and a third-party, Verus, Inc., transferred the data from one server to another to perform maintenance.

The information included patient names, addresses and Social Security numbers. The hospital sent letters to 30,000 patients to disclose the problem.

The records were discovered online when a patient at another hospital was able to access his records while searching the internet.

Source: Klamath Falls Herald and News, Aug. 15, "Online bill pay at Sky Lakes shut down"

A small computer drive containing Social Security numbers and personal information about every Army National Guard soldier in Idaho was stolen.

The device containing information on aproximately 3,400 soldiers was stolen Monday night out of a soldier's car.

Affected National Guard members are being notified by phone and mail.

"You name it, it was on there," Dowling said of the USB drive.

On Tuesday evening the guard activated a phone tree normally used for natural disasters or state emergencies to contact all the soldiers.

Last year, Veterans Affairs lost data on 26.5 million veterans when computer equipment was stolen in Maryland. In January, a VA hospital in Birmingham, Ala., lost sensitive data on more than 1.5 million people when a hard drive vanished.


www.idahoarmyguard.org

Two laptops were stolen on May 31 from a locked car in Boston. The laptops were in the possession of management-consulting firm Axia Ltd.

The laptops contained the personal information of 950 health care professionals - including taxpayer identification numbers, home and business addresses, telephone and fax numbers, email addresses and compensation information. The personal information belongs to health care professionals who were providing or considering providing, contract services for Pfizer.

Source: The Day of New London, Aug. 14, "Pfizer reports laptops stolen in second breach in two months"