If you follow me on Twitter (@pogowasright) or follow @datalossdb, you’ll know that over the past few months, I’ve started just sending some items directly into the database without reporting them on this blog. A few nights ago, I added a bunch to the database – some of which I tweeted – after discovering that California had started making breach reports publicly available on their web site. The only reports on California’s site are incidents that affect over 500 individuals, so we don’t have a complete sense of how many breaches were disclosed during the same time period, but it’s a definite improvement over having no central reporting in California.
One of the breaches that was disclosed on their site and that I had tweeted about and added to the database involved Rubio’s. The media also found the report noteworthy, it seems. Matt Potter reports:
Rubio’s, the well-known Mexican fast food chain based in Carlsbad, says that a computer disk containing personal information on individuals, including the social security numbers of some company shareholders, has gone missing.
“On February 5, 2012, a CD-ROM containing a list of certain people who owned equity shares in Rubio’s Restaurants, Inc. was taken offsite by a third-party vendor, BDO USA, LLP,” according to a February 18 letter to those affected by the privacy breach.
[…]
“The CD-ROM contains a partial equity roll, which includes names and social security numbers,”
Read more on San Diego Reader.
It was not just shareholders who were affected. As Matt reports, workers compensation claimants also had data on the CD, but the presence of their data – and notification to them – was later than the notification to shareholders. There were no Social Security numbers involved in the employee portion of the data.