DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

21 more business sector breaches from 2009 (update 2)

Posted on February 27, 2010 by Dissent

Maryland has updated its web site to provide breach notifications that it has received since its last update.  The newly posted notifications are for the period ending December 31, 2009, so there will likely be more to come for 2010. Some of the breaches described in the notifications were reported in the media at the time,  but I spotted a number from the business sector that had not been reported in the media or on this site at the time.  So here is a brief roundup on another 21 breaches from the business  sector last year:

  • AT&T reported that an employee of an unnamed service provider improperly removed paper documents containing  personal and/or  credit card  information on customers from the service provider’s office.   The information may have included SSN, driver’s license numbers, and/or credit card information as well as names and addresses. Because the employee was described as a “former employee,” it would seem that the employee may have been terminated for violating AT&T’s policies and agreement with its service provider.  AT&T notes that there is no indication that the removal was intended for misuse, nor any indication that it had been or would be misused.  They elected to report the incident to the state and affected individuals and offered the individuals free credit monitoring services.
  • Bristol-Myers Squibb Company reported that it had discovered that an external hard drive  missing from a BMS facility in Puerto Rico contained names and SSN of some employees at the Puerto Rican facility.
  • Coffee.org reported that it had been hacked and customer data, including credit card data, had been accessed between June 20 and July 19, 2009.   A total of 8,058 customers were affected by the breach.
  • FCI USA reported that a laptop stolen from an employee may have contained a spreadsheet with names, dates of birth, and Social Security numbers for 2000 employees.
  • Feeney Agency reported that a computer stolen from its office contained unencrypted personal information that included SSN and driver’s licenses as well as birth dates and contact information.   As a result of the burglary, the agency subsequently purchased a motion-sensitive security system for the office and a computer with encryption.
  • Genworth Life Insurance Company of New York reported that an unauthorized individual had somehow obtained the login details for a third party agent authorized to access Genworth’s website where insurance agents can obtain policy information on customers.  The information includes their name, address, and SSN.
  • Group M reported that 8 laptops stolen from its NY office contained unencrypted information on 1501 employees,  likely including their names, Social Security numbers and/or bank account information.
  • Hotels.com reported that a computer stolen from the employee of one of an unnamed vendor contained unencrypted information on 200 Hotel.com’s  customers, including their  names, addresses, phone numbers, and credit card/debit card information.
  • InterContinental Hotels Group reported in December that in September, they had detected malicious software that was capturing payment processing information during payment transactions at the Willard InterContinental Hotel in Washington, D.C. The total number of individuals affected was not indicated, but 428 Maryland residents were affected.
  • Kraft Foods reports that a laptop and flash drive containing unencrypted personal information of employees and benefit plan participants were stolen from an accounting and payroll department employee’s car.  The information included SSN.
  • LitCon Group reported that a laptop stolen from an employee’s vehicle contained unencrypted employee information including names, addresses, dates of birth, and SSN.  LitCon indicated that in the future, all personal information would be encrypted and in the interim, all laptops would be kept only in the office, which is protected by keyed locks and an alarm system.
  • McGraw-Hill Construction (a division of The McGraw-Hill Companies) reported that a laptop stolen from its finance office in Utah contained unencrypted information, including SSNs, on some independent contractors.
  • Nordstrom reported that an employee at its Farmington, Connecticut store had skimmed credit card information of customers using a hand-held skimmer.
  • Nuance Communications reported that a stolen laptop contained personal information, including SSN used for employment and business purposes.
  • Priceline.com reported that an unauthorized individual may have accessed customer data, including names, addresses, email addresses,  credit card numbers, credit card expiration date, and  credit card  verification number through a third party call center.
  • Scarborough & Associates reported an email error in which one customer’s insurance policy information, including date of birth and SSN was sent to an erroneous email address.  They attempted to learn whether the address was still a working email address and emails bounced back, but not the one containing the customer data.  In the future, the firm will not include personal information in email and is considering encrypting all email.
  • T-Mobile USA reported that an employee misused or attempted to misuse 10 customers’ credit card numbers to pay his own bills or his friends’ T-Mobile bills.  The employee was terminated and the matter referred to law enforcement.
  • Thermo Fisher Scientific Co. reported that a laptop stolen from an employee’s car contained personal information and SSN for a credit applicant in Maryland.   The company did not tell the individual that their sensitive data had been left in the trunk of a car, however, merely saying that the information “may have been acquired without authorization by a party not related to Thermo Fisher Scientific.”
  • Uniformed Services Benefit Association reported that a stolen laptop contained personal information, including SSN, of customers. As a result of the breach, USBA reports that it removed all personal information from all remaining laptops, reduced the number of laptops in use, and discontinued synchronizing laptops to the network server.
  • United Guaranty Residential Insurance Company reported that mortgage insurance loan file data on 20 customers was exposed. The data included names, addresses, SSN, FICO scores, and “other information required to apply for a mortgage.” United Guaranty does not describe how the exposure occurred but informs those affected that “The incident did not involve a compromise of any United Guaranty systems.”
  • Wolters Kluwer reported that a laptop of a CCH employee was stolen.  CCH is a Wolters Kluwer business.  The laptop contained CCH customer data including names, addresses, and credit card numbers and expiration dates for customers who made purchases between January 2009 and July 2009.

Updated 3-10-10: Make that 22 more breaches.  The Center for American Progress, which had reported one breach on April 30, sent a second breach notification in August, this one involving a breach of an unnamed  third-party vendor that handles its Action Fund online payments.   As a result of the breach, credit card information may have been acquired as well as names, addresses, and email addresses.
Updated 3-13-10: Coverage in The Boston Globe indicates that the laptop stolen from Nuance Communications was stolen from a car and contained information on 1,191 Massachusetts residents; the total number affected was not indicated.

No related posts.

Category: Breach IncidentsBusiness SectorOf NoteU.S.

Post navigation

← And yet 2 more breaches
19 more financial sector breaches from 2009 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.