When we talk about ID theft in the healthcare sector, we usually think of patients’ identities being stolen. Occasionally, though, I’ve seen reports where providers’ identities were stolen to further some other scheme such as obtaining prescription medications or insurance fraud. The National Post in Canada has this story about how common this latter type…
Encryption didn’t prevent this breach
A report to the Maryland Attorney General’s Office from ING gave me pause because I don’t remember ever seeing a security issue like this before in a breach report. In their notification, ING writes (emphasis added by me): ReliaStar Life Insurance Company (RLIC) is responsible for premium administration for RLIC insurance products purchased by employees of…
Stolen Trade Center Management Associates employee data triggered homeland security concerns
In June, Trade Center Management Associates in Washington, D.C. became aware that employee data had been stolen from a TCMA facility. Employee information on the stolen equipment included names, SSN, and in some cases, fingerprints. Among those with data on the device were 284 Maryland residents. The TCMA describes itself as a private sector…
Update: State Farm employee was selling client data
I’ve previously noted that some state logs (like NYS’s) indicated that State Farm had reported some insider wrongdoing. Their notification to Maryland, dated June 24, provides additional details. According to their letter, an employee of a Florida State Farm agent was discovered to be selling lists of customer information to a third party. State Farm…
Insider wrongdoing a low point for High Point University
In late June, High Point University in North Carolina discovered that an employee who had access to personal information of students had misused the credit card information of nine individuals for fraudulent purposes. The university notified the Maryland Attorney General’s Office on July 15 that they were notifying 634 Maryland residents of the breach. The employee…
Verizon Wireless hacked
On August 4, Verizon Wireless notified the Maryland Attorney General’s Office of a security incident. According to their letter, an investigation revealed that sometime between February 8 and May 19, 2010, someone unrelated to Verizon Wireless accessed a system containing some customer information. The types of customer information that the intruder could have accessed included…