A breach involving paper records just became my last breach post for 2010. It seems somehow appropriate, as breaches involving paper records constitute over 20% of breaches I find out about but they’re often not taken as seriously, it seems, as breaches involving large electronic databases. Yet these types of breaches, which often go unreported,…
Category: Of Note
110,000 customers of CitySights NY notified of credit card breach
Lawyers for Twin America LLC (d/b/a CitySights NY) have notified the New Hampshire Attorney General’s Office that an SQL injection attack on their client’s web server resulted in the acquisition of 110,000 customers’ credit card data. The security breach was discovered on or about October 25, when the firm’s web programmer noticed that unauthorized script…
Ohio State notifies 760,000 of unauthorized access to university server
Earlier this year, Ohio State University (OSU) noted that they had been averaging about data breaches per year, usually minor, but involving SSN. Yesterday, they revealed another breach. I’m not sure how you try to minimize access to a server containing PII on 760,000 people or a finding that your server was used to launch…
Do Walgreens, McDonald’s, and deviantART breaches have common point of compromise? (updated)
Dan Goodin reports: FBI agents looking into the theft of customer data belonging to McDonald’s are investigating similar breaches that may have hit more than 100 other companies that used email marketing services from Atlanta-based Silverpop Systems . “The breach is with Silverpop, an email service provider that has over 105 customers,” Stephen Emmett, a…
Starbucks May Be Aren’t Liable for Workers’ ID Theft Risk (updated)
Tim Hull reports the latest on a lawsuit that stemmed from a case involving a stolen laptop in 2008: Starbucks employees whose personal information was stolen with a company laptop can sue the coffee kahuna for negligence, the 9th Circuit ruled Tuesday. About 97,000 current and former Starbucks employees were exposed to identity theft in…
Judge Won’t Alter Award in Equifax ID Theft Case
Maria Dinzeo reports the latest development in what is probably one of the most well-known ID theft cases: A cancer survivor who won more than $1 million from Equifax for improperly handling his identity theft report can keep the full award, a federal judge ruled. U.S. District Judge Susan Illston rejected the credit reporting agency’s…