A laptop stolen from a United Food and Commercial Workers International (“UFCW”) office on March 10 contained personal information of UFCW members, former members, and retirees including names and addresses, Social Security numbers, phone numbers, birth dates, and e-mail addresses, but no financial information, according to a notification (pdf) filed by their lawyers with the…
Deja vu all over again at Binghamton University
Robert Hadad-Zlokower of the Binghamton University Pipe Dream reports: Binghamton University announced Tuesday that it had let WHRW, the student-run radio station, members off the hook for “gaining access” this March to an unlocked room filled with students’ personal information … a few hours later, it happened again. While he was walking through an entrance…
Possible Mass Security Breach Involving LexisNexis and Investigative Professionals (Update 3)
Ariel Bashi of CBS News reports: CBS News has learned of another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access….
Heartland Payment Systems Returns to Visa’s List of PCI DSS Validated Service Providers
From the press release: Following the completion of its annual Payment Card Industry Data Security Standard (PCI DSS) assessment, Heartland Payment Systems has successfully validated its compliance with PCI DSS. As such, Heartland is returning to Visa’s List of PCI DSS Validated Service Providers. According to Visa, Heartland will appear on the list – which…
IT director pleads guilty to deleting organ donation records (updated)
Not all data losses are created equal. Grant Gross of IDG News Service reports: The former IT director for a nonprofit organ and tissue donation center pleaded guilty to a charge that she broke into the organization’s computer network and deleted organ donation database records, invoice files, and database and accounting software, the U.S. Department…
Employee snooping at Littleton Regional hospital went undetected
When the Littleton Regional Hospital received a complaint from a patient on March 25, they initiated an investigative audit that revealed that the patient’s information had been improperly accessed by a former employee on three separate occasions going back to October 2008. The breach was then promptly reported (pdf) to the patient on March 27…