There were numerous breaches but no accidents could be called serious this week. 3 out of 7 breaches were accidental, while intentional breaches didn’t aim personal data (rather than hardware). The data-leaking organization list was also common: universities, governmental and medical services.
Breaches of the week:
Date Data Loss Organization Canal Cause 20.12.2008 2700 University of North Carolina School of Arts Internet Accidental 20.12.2008 22000 Lorain County Community College Internet Intentional 19.12.2008 8000 Oak Tree Health Centre Magnet Tape Intentional 19.12.2008 750 Austin Peay State University Notebook Intentional 17.12.2008 3000 Bar Council Notebook Intentional 17.12.2008 9300 New Hampshire Health Department E-mail Accidental 15.12.2008 299 Louisiana Department of Revenue Paper letters Accidental Итого 46049Data on 300 Louisiana taxpayers compromised due to printer error
The week started with the news from WXVT.The Louisiana Department of Revenue accidentally divulged the personal information of 299 taxpayers to other people with tax debts. Letters mailed to taxpayers who owe money also listed the name, address, Social Security number and debt for a different taxpayer on the other side of the paper.
New Hampshire agency released client data
On December 17 Associated Press reported a breach at the New Hampshire health department. The department mistakenly released 9,300 names and Social Security numbers of Medicare recipients. Their information was mistakenly attached to a Dec. 1 e-mail sent to 61 providers and health-related organizations, such as nursing homes and home health care agencies. The attachment contained names, addresses, Medicare Part D plan information, Social Security numbers and the amount of each person's monthly premiums.
Bar Council hit by London break-in: 3000 personal entries lost
On the same day, Legalweek told about the breach in UK. Personal information on barristers (type of lawyer)across England and Wales has been stolen following a break-in at the London office of the Bar Council. Contact details and other data – including bank details and information on 3000 barristers – was taken from the Bar Council’s offices in Central London
Data on 750 students lost with stolen laptop
On December 19, Msnbc informed about the breach in Austin, Tennessee.750 letters are being sent out to Austin Peay State University students after someone stole two computers containing personal information. One of the computers stored Social security numbers and names of the students.
Raider stole medical files of 8000 patients
On the same day, Oxfordmailreported another breach in UK. The confidential medical records of 8,000 patients have been stolen in a break-in at a Didcot health centre. The medical notes of every person registered at Oak Tree Health Centre, in Ladygrove, were stolen on an encrypted tape.
University of North Carolina accidentally published data on 2700 students
On December 19, University of North Carolina officially announced the breach that took place recently. Students’ names and Social Security numbers have been accidentally exposed in a security breach involving a university computer server.
Hacker attack on Lorain Community College: 22000 personal entries may have been misused.
On December 21, Chronicle Online told about the largest incident of the week. A sophisticated computer hacker was able to breach the security system of two Lorain servers. Allegedly the hacker was not attempting to steal information or identities, but rather to pirate available server space. One of the hacked servers contained the records of approximately 22,000 students, community users, and employees and their Social Security numbers. That server hosted the college’s library card system.