We really need stronger laws protecting the security and disposal of paper records. Today’s example is from Beaverton, Oregon: Seven large boxes filled with personal information of clients from the Sylvan Learning Center, including names, birth dates, Social Security numbers and credit card information, were found in a Dumpster in Beaverton. Read more on KOIN….
Category: U.S.
US Airways resets passwords for Dividend Miles accounts, notifies customers of breach (updated)
When I saw “US Airways” appear on California’s public breach report site, I thought it was going to be the ADP-related breach I reported last week. But no, it seems that US Airways had another breach, this one discovered on July 12. In an undated letter with a file creation date of August 2, Fernand…
Huntington’s Disease Society of America notifies employees and donors of possible compromise of their information
On May 3, an intruder compromised the web mail account of an HDSA executive. The purpose was likely to facilitate a fraudulent wire transfer from HDSA’s bank account, as the transfer could only occur if an email sent to the executive’s account was approved. The attempt failed, as the executive discovered the compromise on May…
Bridgewater Associates notifies former employees that their information was accessed by unknown individual
Bridgewater Associates, LP offers employees continuing health coverage (COBRA) when they separate from the firm. That coverage is administered by Ceridian, who maintain a database with the employees’ and their dependents’ names, addresses, dates of birth, Social Security numbers, and other benefit plan information (but no medical information). On or about April 11, a Bridgewater…
Man who tries to report breach to Sears finds himself talking to someone in India?
Here we go again. It’s bad enough to have an easily avoidable breach. It’s worse when you make it difficult for people to report it to you. Today’s entry in this Hall of Shame is Sears. Nesita Kwan reports personal information of hundreds of former Sears employees, including their Social Security numbers, photos, records with…
Employees of five client firms notified by Fidelity Investments that their data were exposed to the wrong parties
Fidelity Investments has reported a number of breaches this year, all involving exposure of information to the wrong people: On June 17, Fidelity notified the NH Attorney General’s Office that information (names and Social Security numbers) of Apria Healthcare plan members was accidentally included in a secure email sent to three employees of another client…