Thanks to Dave Shettler of OSF, 131 breach reports submitted to Maine in 2008 are now uploaded and available to the public as primary sources. Our efforts to obtain more breach reports under FOI continue, but OSF could really use some volunteers to help enter all of the newly acquired records in the database. If you’re willing to pitch in, I encourage you to contact Dave or just start reading primary sources and creating entries for them.
I went through the Maine reports last night and found that 85% of the incidents had been previously reported on PogoWasRight.org, this site, or the companion site, PHIprivacy.net. There were 21 incidents that had not been posted previously to any of the PogoWasRight.org family of sites. A recap of those 21 breaches, by sector, with links to the reports filed with Maine, appears below. Maine’s notification law can be found here.
Education Sector:
- Rochester Institute of Technology reported that 3 laptops were stolen from a locked storage area. The laptops contained NA, DOB, and SSN of 1,000 individuals. This breach occurred a few months after another breach they reported and that was previously publicized.
- Moravian College reported a ““security breach of a database” affecting less than 600 individuals nationwide.
Financial Sector:
- LEAF Financial and Merit Capital Advance somewhat casually reported a “A few laptops were stolen.” The laptops were reportedly password-protected and contained NA and SSN on 3 Maine residents.
- IMS Mortgage reported unauthorized access to customer mortgage applications that contained NA, ADD, SSN, DOB, ACCT NUMBER of 4 Maine residents.
- Highland Capital Brokerage reported an email error leading to exposure of NA and TAX ID or SSN of insurance agents.
- United Student Aid Funds, Inc. reported that an internal report with information on 14 student borrowers wound up on the web.
- Putnam Fiduciary Trust Company reported that for less than 24 hours, logged-in customers could view other customers’ account information: NA, ADD, SSN.
Business Sector:
- National Institute for Trial Advocacy reported that a coding error on one page enabled a hack of customer CC numbers.
- Unilever reported that its SlimFast.com web site was breached, and 12,000 customers’ NA, ADD, TEL, GEN, DOB, and HEIGHT data was accessed.
- Horizon Lines reported that FedEx lost one its servers containing information on employees; 91 Maine residents were affected.
- Cabela’s reported that a HR laptop was stolen, but was recovered within 24 hours. The password-protected laptop contained employment applications for 120 individuals, including NA, SSN, DOB, TEL.
- Northern Utilities reported web exposure of customer data including NA, ADD, ACCT, and BALANCE; 1 Maine resident was affected.
- Cavender’s reported a web site breach affecting 567 Maine residents. Accessed data included NA, ADD, CC, purchase histories.
- Automatic Data Processing reported an email error in which they sent Oldcastle Precast, Inc. payroll data on 9,078 employees to another ADP client. Information included NA, ADD, TEL, DOB, SSN, GEN, HR info.
- Toshiba reported unauthorized access to Connect2Success.com, affecting 1,250 resellers’ NA and SSN.
- Automotive Events reported that a password-protected laptop containing employee and vendor information was stolen from an employee’s vehicle. information included NA, ADD, SSN, TAX ID of EMP, Vendor, or Contractor; 1 Maine resident was affected.
- Best & Company reported a hack accessing NA, ADD, and CC; 5 Maine residents were affected.
- AARLA (American All-Risk Loss Administrators, Inc.) reported a burglary of their office. Worker’s compensation data for claims submitted to Clarendon National Insurance Company was stolen. The data included NA, DOB, ADD, SSN, and general medical information.
- Crabtree & Evelyn reported that a stolen laptop contained names and SSN of 4 Maine residents.
Medical Sector:
- DCI Donor Services reported that a laptop stolen from an intern’s home contained the SSN of 1 Maine resident who was a donor recipient.
Government Sector:
- Finance Authority of Maine reported a mailing error that exposed 57 College Investing Plan account holders’ completed Matching Grant forms to other applicants.