A Great Lakes-based insurer says it has suffered a security breach that may have compromised sensitive client data. Thrivent Financial for Lutherans, Minneapolis, says it experienced a break-in at one of its offices in Pennsylvania. A laptop computer was among the items stolen. The laptop had safeguards to protect sensitive information, including strong password protection…
Author: Dissent
Wickenburg Unified School District struggles to secure sensitive student data
Pat Kossan reports that data security in the Wickenburg Unified School District was found seriously lacking in a state audit: Wickenburg Unified School District has not secured its computer system containing sensitive student data, including student addresses, birth dates and Social Security numbers, state auditors found. Staffers from the Arizona Office of the Auditor General…
Analyst Study Shows Employees Continue to Put Data at Risk
From the press release, results of the annual “Human Factor in Laptop Encryption” study by Absolute Software and the Ponemon Institute: This year’s expanded study was conducted in the United Kingdom, Canada, France, Germany and Sweden, in addition to the United States. The study found that 15% of German and 13% Swedish business managers have…
More info on the Brown University incident report
The Brown University breach, which I had just included in another blog entry this morning, now has some additional details available. Julia Kim of The Brown Daily Herald reports that Blue Cross Blue Shield of Rhode Island accidentally sent paper records of more than 500 Brown employees and their family members to another subscriber company…
Voluntary Breach Disclosure Rare But Valuable
Kelly Jackson Higgins writes: Google’s and Adobe’s disclosure in January that they had been hit by the same wave of targeted attacks were rare voluntary revelations, the likes of which may never be seen again: Most companies won’t disclose an attack unless required to by law or regulations. But security experts and forensics investigators say…
Six newly revealed breaches on HHS site
It seems that using the new HHS/OCR web site will be even more difficult than I anticipated, as they are sorting breach reports by the date of breach, not date that the incident was added to their site, so I have to review the entire list to see what’s been added instead of just looking…