On June 19, Auburn University in Alabama learned that spreadsheets containing donor and alumni information had been accidentally uploaded to a public server. The spreadsheets contained an undisclosed number of donor and alumni’s names, maiden names, postal and email addresses, telephone numbers, and Social Security numbers. The spreadsheets also contained former students’ years of attendance,…
Category: U.S.
Personal identity records found in dumpster along downtown Cleveland sidewalk
Today’s education sector breach: Personal identity records were discovered Tuesday in a dumpster alongside the former Cleveland school administration building. The building is undergoing renovations for a new hotel and the school district says it has been moving decades of records out for safekeeping or shredding. Even so, some personal information has found its way…
How much did that meal really cost you?
Some days, it’s just disheartening how little progress we seem to have made in preventing some of the most common types of breaches. Today’s example is from Glenmont, New York: … everybody who has eaten at the Golden Town Buffet since June 15th through August 5th and used either a credit or debit card to…
Boxes with personal info found in trash
We really need stronger laws protecting the security and disposal of paper records. Today’s example is from Beaverton, Oregon: Seven large boxes filled with personal information of clients from the Sylvan Learning Center, including names, birth dates, Social Security numbers and credit card information, were found in a Dumpster in Beaverton. Read more on KOIN….
US Airways resets passwords for Dividend Miles accounts, notifies customers of breach (updated)
When I saw “US Airways” appear on California’s public breach report site, I thought it was going to be the ADP-related breach I reported last week. But no, it seems that US Airways had another breach, this one discovered on July 12. In an undated letter with a file creation date of August 2, Fernand…
Huntington’s Disease Society of America notifies employees and donors of possible compromise of their information
On May 3, an intruder compromised the web mail account of an HDSA executive. The purpose was likely to facilitate a fraudulent wire transfer from HDSA’s bank account, as the transfer could only occur if an email sent to the executive’s account was approved. The attempt failed, as the executive discovered the compromise on May…