DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Documents + unattended vehicles = yes, again

Posted on November 27, 2012 by Dissent

Karen Dillon reports that mortgage loan documents from Pulaski Bank  that included applicants’ tax returns and other sensitive information were stolen from an unattended vehicle in September.  The documents had reportedly been stolen from a loan official’s car while it was parked at a gym.

This type of breach is certainly not new… I’ve been covering these types of breaches since the beginning of PogoWasRight.org in 2006 and even then, this type of breach infuriated me.  If you want to risk your own personal data by leaving it in your car, that’s your business and lookout. But if you’re the guardian of other people’s information, you have a duty to protect it diligently.  Leaving it in an unattended vehicle does not meet my criteria for “diligent.”

Yet entities still suffer these types of breaches and states have yet to deal with paper records or require greater security.  Dillon reports:

Both Missouri and Kansas have been addressing the issue and both have laws that require that consumers be notified of data breaches in most cases. But the law is silent when it comes to paper records.

The bank seems to believe it was fully compliant:

Kevin King, general counsel for Pulaski Bank, said bank officials would have no comment because Overland Park police are still investigating.

“Pulaski Bank has followed all applicable internal policies in adherence to regulatory guidelines,” King said in a statement.

So what does that mean? Do their internal policies permit loan officers to leave customer financial data in an unattended vehicle while they work out a gym? Or is the bank telling us that the state and federal regulators really do not prohibit such behavior?

Read more on Kansas City Star while I go pour some more coffee and mutter to myself.

No related posts.

Category: Breach IncidentsFinancial SectorPaperTheftU.S.

Post navigation

← Sourcefire laptop with employee data stolen
CA: Cyber Hacker Steals Credit Card Numbers From EJ Phair Customers →

2 thoughts on “Documents + unattended vehicles = yes, again”

  1. Don Moffett says:
    November 27, 2012 at 1:27 pm

    Clearly, the mishandling of personal data is on the rise. Companies just do not have the due diligence or governance to manage personal data effectively. And to the point of the writer, Federal and State laws are lacking. HHS took the lead and created a “wall of shame” several states followed. Their goal was to make people report data breaches on a web site with the hopes that public humiliation will make them want to do better. Well, it is not working very well, now people just don’t report, HHS does not enforce, and once again the looser is the victims of data breaches.

    Legislators forget the basic guidelines in which American businesses and non-profits operate. Do things that make money, don’t do things that will impact the bottom line, and do the right thing if it will improve the margin. So, how do we get companies to secure information in an effective manner? The solution is simple and it helps the Federal and State deficient situations. Levy fines at the State and Federal Levels, and establish a per record damages amount for the victims. Do this, and give it 2 years, and the breaches involving mishandling and mismanagement will go away. This will also reduce the number of electronic breaches, a large number of breaches involved lost or stolen tapes which were not encrypted. You have to ask yourself, why are they not encrypted when this happens over and over again?

    1. admin says:
      November 27, 2012 at 1:56 pm

      There are lots of questions I ask myself and my readers – and Congress – over and over again. In my next life, I will be reincarnated as a broken record, no doubt.

      HHS didn’t take the lead on “wall of shame,” though. Their site went up in 2010, after states like New Hampshire, New York, and Maryland had already started publicly disclosing breach reports. Unfortunately, NYS stopped doing that. I wish more states did make the reports freely and readily available to the public.

      The notion of statutory per record damages has been kicked around for quite a while in the privacy advocacy community. So far, it hasn’t gained any traction where it counts, though.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.