Some breach types are so well-known and easy to prevent that it’s hard to understand why they keep occurring. In December, the National Electrical Contractors Association (NECA) – International Brotherhood of Electrical Workers (IBEW) sent out its generic summary of benefits coverage to Family Medical Care Plan enrollees. No individual-specific medical information or details were included,…
Category: Exposure
Novato’s Academy Studios closes doors; sensitive employee records found in waste container
Richard Halstead reports: Academy Studios of Novato, which built exhibits for some of the top museums in the world, closed in April after more than 23 years in business. In a related development, an auction house scrambled to gather the company’s paperwork last week after reports that personnel records containing sensitive information on former Academy…
Utah DMV reveals data breach discovered in March
Michael McFall reports: A Utah Division of Motor Vehicles employee was fired in March after the agency discovered she allegedly gave out people’s personal information. In response to a Salt Lake Tribune inquiry, DMV spokesman Charlie Roberts confirmed that the agency first learned from the Salt Lake City Fire Department in mid-March that the employee, who was…
Council’s sensitive documents found at tip
Radio New Zealand reports: Confidential documents and other sensitive financial papers from the Buller District Council have been found dumped at a tip and the mayor admits it is a drastic mistake. Westport woman Jenny Thomas came across the pile of paperwork while looking for glass bottles at the tip at Karamea last Thursday. Ms…
Are TerraCom and YourTel the poster children for how NOT to respond to a breach?
Isaac Wolf reports: A month ago, two phone carriers participating in a federal benefit program were alerted that sensitive customer records, including Social Security numbers and bank-account records, were freely posted online. Now, Oklahoma-based TerraCom Inc. and affiliate YourTel America Inc. — the companies that collected the records — say they don’t plan to notify…
Who – if anyone – is responsible for notifying victims of some breaches?
I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…