With all the advice we see these days about hardening security, this might be a good time to remember the importance of both having stringent security standards written into any contractor agreements and actually monitoring compliance with any contracts or policies. A recent breach reported by Vonage serves as a useful example. On December 23,…
Category: U.S.
Lehigh Hanson payroll data exposed on the Web
Building materials supplier Lehigh Hanson notified the New Hampshire Attorney General on December 8th of a breach involving employee payroll data. The breach began with a former employee downloading data to take with him to a new employer. The downloaded data, however, turned out to be more than just the forms and templates the employee…
Emergency Medical Associates of New Jersey security breach
On November 4th, lawyers for Emergency Medical Associates of New Jersey (“EMA”) notified the New Hampshire Attorney General’s office that in mid-July, the Secret Service had notified them that during the course of an independent investigation, the Secret Service had identified a total 27 American Express credit cards that were possibly the subject of identity…
Malware blamed in latest SAIC breach
Science Applications International Corporation (“SAIC”), recipient of a number of large government contracts, notified the New Hampshire Attorney General on December 9th of a security breach involving malware. The specific malware was not named, but was described as “designed to provide backdoor access.” The breach was detected on October 28th. In its letter to an…
Express Scripts extortionist sends Toyota data on 188 employees
On November 11, Express Scripts announced that some its clients had received extortion attempts, presumably from the same person or persons who had contacted them with the threat to expose personal information if Express Scripts did not meet their demands. On November 21, Toyota Motor Sales notified the New Hampshire Attorney General that: […] Early…
TD Banknorth notifies over 3,000 customers of stolen data
On November 26th, TD Bank, N.A. notified the New Hampshire Attorney General that on October 27, computer equipment containing names, addresses, dates of birth, social security numbers, bank account numbers and balances was removed without authorization from two TD Banknorth branches that were being consolidated into TD Bank Stores in Hillsdale and Park Ridge, New…