Recaps of a few more breach reports I recently read:
Diman Regional Vocational Technical High School in New Hampshire joined the ranks of those who have made email attachment errors that exposed employee information to other employees and staff. Information in the spreadsheet included information on current and former employees: names, gender, Social Security numbers, benefit codes, dates of hire, dates of birth, salary, whether the employee had insurance through the school, and employee premium percentage.
The error occurred on May 4, and the school recalled the e-mail and notified all staff of the incident on May 5. Investigation revealed that four recipients had already forwarded the email to their personal email accounts. The school contacted those individuals and had them confirm that all electronic copies of the email had been deleted and any hard copies were to be returned to the school. Those whose information was exposed were notified by letter on May 14 and offered one year of credit monitoring and identity restoration services with Experian. In response to the breach, the school is also installing data loss prevention software on its firewall and mail server to scan traffic and block transmission of personally identifiable information.
* * *
On March 25, Hotel Beacon in New York City confirmed that guests who stayed at the hotel between January 8, 2015 and March 25th plus 141 other guests whose information was stored in the hotel’s system had their names and credit card information (including expiration date and CVV) acquired by an intruder. Notification letters were mailed to affected guests on May 15, 2015, and they were offered one year of complimentary credit monitoring and identity restoration services. In response to the incident, the hotel replaced the affected server and taken other steps to prevent a recurrence.
* * *
Tennessee-based LifeView Outdoors suffered a payment card system breach between January 1, 2015 and April 18, 2015 that compromised names and payment card data. Upon discovery of the breach, the system was shut down immediately and replaced with a more secure system. Customers who made purchases during the critical period were notified by letter on May 20, 2015, and urged to monitor their accounts and credit reports.
* * *