Information security analytics

A supplier of point-of-sale (POS) equipment based in northwest US has informed its clients of a security breach in the remote access system it uses to log into clients' networks, meaning hackers could have used the system to intrude into the clients' machines and potentially harvest customer payment card data,

Stanford Credit Union informed 18,000 members this week that their personal information was accidentally sent to another member. The incident, which was outlined in a June 9 letter, occurred on April 30. The data was a list of members who were pre-approved for loans. An employee sent the list to a longtime credit union member who had the same first name as the staff person who should have received the list. The employee was communicating with the member at the time regarding a different matter.

Woai.com reports that a laptop with up to 300 patients’ personal information was stolen last month from Metro Health [San Antonio's Metropolitan Health District].

Experian is notifying some consumers of a breach that resulted in their credit reports being accessed by criminals. The breach occurred on May 14. In this case, the client whose login credentials were compromised and used to access Experian’s database was the Bluegrass Community Federal Credit Union in Ashland, Kentucky. Experian and law enforcement are reportedly investigating how that compromise occurred.

Confidential details of thousands of job applicants were mistakenly sent via e-mail by the University of Nottingham. An attachment sent to users of the university’s job site contained the names of 4,751 people who had applied for a job there. It also listed whether they had been successful. A spokesman for the university said they apologised and confirmed that an internal investigation had been launched while the Information Commissioner has also been notified.

Files containing clients' Social Security numbers and bank account information were found dumped outside the former office of Thomas Rasmussen near 4700 S. Highland Drive. One of those files contained Shell's information. “This is big. This is a violation of my privacy and of my security,” Shell said. "You just don’t know what’s going to come back to bite you.” State statute requires businesses to notify customers of electronic data breaches, but if the data are on paper and it is stolen or discarded, there's no such requirement.

Mistakes can happen in any organization, but when the office of the federal privacy commissioner loses an unencrypted hard drive with personal information it must sting. But that’s what happened on Feb 14 during the agency’s move to Gatineau, Que. from its home across the river in Ottawa.

Penryn College has apologised after accidentally emailing confidential pupil details to all students. A weekly summary of all students’ commendations and behaviour incidents was sent before the start of the Easter holidays. Headteacher Marie Hunter asked anyone who had received a copy of the information: “Please delete it immediately as you will be in breach of data protection if you knowingly share it with another person.”

According to the authorities, data involving some 50,000 clients have been stolen from Citibank Korea Inc. and Standard Chartered Bank Korea. The authorities said the additionally leaked data do not include critical information such as credit card numbers or passwords, making it unlikely that they would be used by financial scammers.

Los Angeles County officials said Thursday that 170,200 additional victims have been identified in a theft of medical data from a county contractor's office. The total number of county patients affected now stands at 338,700. The data was stored on eight computers taken in a February break-in at the Torrance office of Sutherland Healthcare Solutions, a company that handles medical billing and collections.