I just read a notification to the New Hampshire Attorney General’s Office that is both thorough in its description of the event and steps taken, but also needlessly increased the risk to those affected. In a letter dated October 28, ValueOptions, Inc. described how a container of tapes containing unencrypted data went missing after being…
Author: Dissent
Fannie Mae notifies 1,100 of a security breach – but it’s a puzzlement
On October 28, Fannie Mae notified the New Hampshire Attorney General’s Office of a security incident involving personal information of over one thousand individuals. In their letter, they explain that in mid-October, they became aware that an employee may have been attempting to sell handwritten copies of the financial information of approximately 1,100 people. The…
OH: Rash Of ID Thefts Linked To Delaware County Store
Donna Willis reports: As many as 444 credit-card numbers are stolen during transactions at a Delaware store, detectives say. A Delaware police investigation into a rash of identity thefts revealed that one source of the thefts is transactions at the Habitat for Humanity of Delaware County ReStore. Detectives, working with information developed within the past…
Medical Records Stolen From Unlocked Hospital Boxes
Colleen Henry reports on a breach involving Columbia-St. Mary’s Ozaukee Hospital in Wisconsin that highlights some recurring problems with both breaches and breach notifications. I’m excerpting her excellent reporting to make a few points: Investigators said a janitor fed patient records to gang members. The lead investigator said a sworn statement that a janitor had…
SC: Confidential Patient Information Found on Hard Drive
Ouch. Jeff Brush reports: Officials at Behavioral Health Services of Pickens County are trying to figure out exactly how a computer hard drive with confidential patient information made it outside the facility. John Schafer, of Easley, a retired elevator repairman who fixes computers as a hobby, made a shocking discovery recently when he installed a…
(update) Computershare Says No Customer Data Exposed In Breach
Paul Roberts reports: The investor services company told Threatpost that an investigation has determined that data stolen by a rogue employee didn’t contain shareholder data. However, the company still hasn’t retrieved two USB drives containing company email and documents that outline some of Computershare’s closely held business plans. The statement came in response to a Threatpost…