Feds Require Financial Firms to Take Identity Theft Prevention Steps
National News • October 31, 2007
Federal regulators are requiring that every financial institution have a program to detect and prevent identity theft on consumer accounts.
The federal financial institution regulatory agencies ...
Insurance Journal is not responsible for the content of the message below.
Subject: 2007 Data breaches
Posted On: November 1, 2007, 10:34 am CDT
Posted By: Lock the barn door-NOW
Comment:
A Record of Incidents
As the crime of identity theft occurs every 79 seconds, it is the fastest growing crime in United States. Consumers' personal information is exposed on a daily basis and because of tougher legislation, organizations are now required to report that a breach has occurred if it meets certain criteria.
The following is a list of data breaches that have occurred in 2007. Much like the Data Breaches in 2006 article, the data that was compromised was of such a nature that it could potentially lead to identity theft and other crimes of fraud. For those breaches that affect thousands of people and may be of particular interest to my readers, more detail on the breach is provided.
• Ohio State University, Columbus Ohio- Reported April 18, 2007. Approximately 17,5,00 current and former staff members had their personal information compromised as a two laptops were stolen from a faculty members home. The information compromised Social Security numbers, employee ID numbers and dates of births. Risk = med
• Georgia Secretary of State, Atlanta Georgia- Reported April 12, 2007. Approximately 75,000 voter's of Fulton County Georgia had their personal information compromises as their voter registration cards were found thrown in the trash. The information contained in the registration cards were their names, addresses and Social Security numbers. Risk = High
• Georgia Department of Community Health, Atlanta Georgia- Reported April 10, 2007. Affiliated Computer Services (ACS) loses a computer disk with the personal information of 2,900,000 health care claimants for the State of Georgia. This compromise occurred as the result of a lost computer disk and isn't the first breach suffered at the hands of ACS. The Department of Education Data Breach occurred as the result of an error in code written by ACS. In this instance ACS has the contract to handle health care claims for the state and a computer disk containing the names, birth dates and Social Security numbers Medicaid and children's health care recipients went missing. Risk = High
• Chicago Public Schools- Reported April 5, 2007. The personal information of approximately 40,000 current and former employees of the Chicago Public School system was compromised when two laptop computers were stolen. The laptops contained the names and Social Security numbers of these employees and was stolen from the CPS Central Office at 125 S. Clark St. The laptops belong to the accounting firm of McGladrey and Pullen and its subcontractor which who were doing a review of contributions to the Chicago Teacher Pension Fund. The laptops contain the names and Social Security numbers of employees who contributed to the Chicago Teacher Pension Fund between 2003 and 2006. Risk = Medium
• Fort Monroe, Virginia- Reported March 26, 2007. A laptop computer containing the names, Social Security numbers and payroll information for up to 16,000 civilian employees was stolen from an employee's personal vehicle. The employee will not face any disciplinary action as she was authorized to work from home. Risk = Medium
• Group Health Cooperative Health Care System (Seattle, WA)- Reported March 23, 2007. Two laptops were stolen that contained the names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees. Those affected in this breach were approximately 31,000. Risk = Medium
• Johnny's Selected Seeds in Winslow, Maine- Reported March 3, 2007. Approximately 12,000 people affected in this breach as a hacker accesses credit card information of their online customers. According to Alisa Keimel, the Marketing and PR Manager of Johnny's Selected Seeds, a keylogging Trojan virus on their internal systems was the cause of the breach. They are not sure who installed the Trojan nor exactly when it occurred, however they claim that their systems are very secure.Risk = High: Account information has already been used fraudulently.
• Fruit of the Loom Data Breach - Reported February 28, 2007. 2,000 present and former employees of five Fruit of the Loom facilities were affected in this breach as their names and SSNs were posted to a company Web site.RISK = MEDIUM
• SpeedMark (Mystery Shopping Company), Woodland Texas - Reported February 10, 2007. 35,000 employees and contractors of this mystery shopping company were affected after computers were stolen that contained the names, addresses and SSNs RISK = MEDIUM
• East Carolina University, Greenville NC - Reported February 10, 2007. 65,000 students, staff and alumni affected in this breach as the names, addresses, SSNs and in some instances, banking information (credit card numbers) was displayed on a Web site due to a programming error.past RISK = MEDIUM
• Johns Hopkins University and Johns Hopkins Hospital - Reported February 7, 2007. Approximately 135,000 past and present employees and patients affected in this data breach. The university reports that 9 backup tapes are missing including payroll information, SSN's and in some instances banking information. There was also one tape that contained patient information, though it is not clear just how sensitive that information really is. RISK = HIGH
• U.S. Department of Veteran's Affairs- Reported February 3, 2007. They are at it again, this time with approximately 500,000 veterans and 1 million non-va physicians having their personal, or otherwise sensitive, information compromised. This information consisted of SSNs of veterans and medical billing information of these physicians that occurred as the result of a hard drive of a VA employee at a Department facility in Birmingham, Alabama, is either lost or stolen. RISK = HIGH
• Vanguard University- Reported January 27, 2007. Approximately 5,000 financial aid students have their personal information such as names, addresses, drivers license and date of birth compromised as (2) computers are stolen from the universities financial aid office. RISK = HIGH
—————————————————————————————————
• Washiawa WIC program, Honolulu, HI- Reported January 25, 2007. Approximately 11,000 current and former clients had their personal information such as names, addresses and SSNs stolen by an agency employee. The employee then went on victimize three of those clients perpetrating identity theft and other crimes of fraud. RISK = HIGH
• Ohio Board of Nursing- Reported January 25, 2007. Approximately 3,000 recently license nurses had their names and SSNs posted to a Web site. This is the second time that this has occurred. As normal practice the newly licensed nurses are posted to a Web site however personal information such as SSN should have been removed prior to being posted.RISK = MEDIUM
• KB Home - Charleston South Carolina- Reported January 17, 2007. Approximately 3,000 people had their personal information such as names, addresses, phone numbers, social security numbers and other identifying information stolen when a computer was stolen from the sales office of this home builder. Those affected were those that had visited the sales office for Foxbank Plantation near the Charleston area. The system was not protected with ay encryption technology.RISK = MEDIUM
• Department of Revenue - North Carolina- Reported January 14, 2007. Approximately 30,000 people had their personal information tax payer information which included names, SSNs, federal tax information compromised when a laptop was stolen from an employee of the NC Department of Revenue. RISK = HIGH
• MoneyGram International- Reported January 12, 2007. Approximately 79,000 people had their personal information such as names, addresses, phone numbers and in a few cases--bank account information. The breach occurred as it was discovered that the data was illegally accessed over the Internet. The matter is under investigation.RISK = HIGH
• University of Idaho- Reported January 11, 2007. The names, addresses and SSN's of at least 70,000 alumni, donors, employees and students of the University was exposed as (3) computer systems were stolen.
• Altria- Reported January 09, 2007. When a former employee (allegedly) stole (5) laptops that contained personally identifiable information approximately 18,000 people were affected. The personal information on the computers consisted of names, SSN's and other benefit related data.
• MoneyGram International- Reported January 12, 2007. Approximately 79,000 people had their personal information such as names, addresses, phone numbers and in a few cases--bank account information. The breach occurred as it was discovered that the data was illegally accessed over the Internet. The matter is under investigation.RISK = HIGH
Source: About.com: Identity Theft
http://idtheft.about.com/od/databreaches2007/a/Databreaches07.htm
Subject: 2007 Data breaches
As the crime of identity theft occurs every 79 seconds, it is the fastest growing crime in United States. Consumers' personal information is exposed on a daily basis and because of tougher legislation, organizations are now required to report that a breach has occurred if it meets certain criteria.
The following is a list of data breaches that have occurred in 2007. Much like the Data Breaches in 2006 article, the data that was compromised was of such a nature that it could potentially lead to identity theft and other crimes of fraud. For those breaches that affect thousands of people and may be of particular interest to my readers, more detail on the breach is provided.
• Ohio State University, Columbus Ohio- Reported April 18, 2007. Approximately 17,5,00 current and former staff members had their personal information compromised as a two laptops were stolen from a faculty members home. The information compromised Social Security numbers, employee ID numbers and dates of births. Risk = med
• Georgia Secretary of State, Atlanta Georgia- Reported April 12, 2007. Approximately 75,000 voter's of Fulton County Georgia had their personal information compromises as their voter registration cards were found thrown in the trash. The information contained in the registration cards were their names, addresses and Social Security numbers. Risk = High
• Georgia Department of Community Health, Atlanta Georgia- Reported April 10, 2007. Affiliated Computer Services (ACS) loses a computer disk with the personal information of 2,900,000 health care claimants for the State of Georgia. This compromise occurred as the result of a lost computer disk and isn't the first breach suffered at the hands of ACS. The Department of Education Data Breach occurred as the result of an error in code written by ACS. In this instance ACS has the contract to handle health care claims for the state and a computer disk containing the names, birth dates and Social Security numbers Medicaid and children's health care recipients went missing. Risk = High
• Chicago Public Schools- Reported April 5, 2007. The personal information of approximately 40,000 current and former employees of the Chicago Public School system was compromised when two laptop computers were stolen. The laptops contained the names and Social Security numbers of these employees and was stolen from the CPS Central Office at 125 S. Clark St. The laptops belong to the accounting firm of McGladrey and Pullen and its subcontractor which who were doing a review of contributions to the Chicago Teacher Pension Fund. The laptops contain the names and Social Security numbers of employees who contributed to the Chicago Teacher Pension Fund between 2003 and 2006. Risk = Medium
• Fort Monroe, Virginia- Reported March 26, 2007. A laptop computer containing the names, Social Security numbers and payroll information for up to 16,000 civilian employees was stolen from an employee's personal vehicle. The employee will not face any disciplinary action as she was authorized to work from home. Risk = Medium
• Group Health Cooperative Health Care System (Seattle, WA)- Reported March 23, 2007. Two laptops were stolen that contained the names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees. Those affected in this breach were approximately 31,000. Risk = Medium
• Johnny's Selected Seeds in Winslow, Maine- Reported March 3, 2007. Approximately 12,000 people affected in this breach as a hacker accesses credit card information of their online customers. According to Alisa Keimel, the Marketing and PR Manager of Johnny's Selected Seeds, a keylogging Trojan virus on their internal systems was the cause of the breach. They are not sure who installed the Trojan nor exactly when it occurred, however they claim that their systems are very secure.Risk = High: Account information has already been used fraudulently.
• Fruit of the Loom Data Breach - Reported February 28, 2007. 2,000 present and former employees of five Fruit of the Loom facilities were affected in this breach as their names and SSNs were posted to a company Web site.RISK = MEDIUM
• SpeedMark (Mystery Shopping Company), Woodland Texas - Reported February 10, 2007. 35,000 employees and contractors of this mystery shopping company were affected after computers were stolen that contained the names, addresses and SSNs RISK = MEDIUM
• East Carolina University, Greenville NC - Reported February 10, 2007. 65,000 students, staff and alumni affected in this breach as the names, addresses, SSNs and in some instances, banking information (credit card numbers) was displayed on a Web site due to a programming error.past RISK = MEDIUM
• Johns Hopkins University and Johns Hopkins Hospital - Reported February 7, 2007. Approximately 135,000 past and present employees and patients affected in this data breach. The university reports that 9 backup tapes are missing including payroll information, SSN's and in some instances banking information. There was also one tape that contained patient information, though it is not clear just how sensitive that information really is. RISK = HIGH
• U.S. Department of Veteran's Affairs- Reported February 3, 2007. They are at it again, this time with approximately 500,000 veterans and 1 million non-va physicians having their personal, or otherwise sensitive, information compromised. This information consisted of SSNs of veterans and medical billing information of these physicians that occurred as the result of a hard drive of a VA employee at a Department facility in Birmingham, Alabama, is either lost or stolen. RISK = HIGH
• Vanguard University- Reported January 27, 2007. Approximately 5,000 financial aid students have their personal information such as names, addresses, drivers license and date of birth compromised as (2) computers are stolen from the universities financial aid office. RISK = HIGH
—————————————————————————————————
• Washiawa WIC program, Honolulu, HI- Reported January 25, 2007. Approximately 11,000 current and former clients had their personal information such as names, addresses and SSNs stolen by an agency employee. The employee then went on victimize three of those clients perpetrating identity theft and other crimes of fraud. RISK = HIGH
• Ohio Board of Nursing- Reported January 25, 2007. Approximately 3,000 recently license nurses had their names and SSNs posted to a Web site. This is the second time that this has occurred. As normal practice the newly licensed nurses are posted to a Web site however personal information such as SSN should have been removed prior to being posted.RISK = MEDIUM
• KB Home - Charleston South Carolina- Reported January 17, 2007. Approximately 3,000 people had their personal information such as names, addresses, phone numbers, social security numbers and other identifying information stolen when a computer was stolen from the sales office of this home builder. Those affected were those that had visited the sales office for Foxbank Plantation near the Charleston area. The system was not protected with ay encryption technology.RISK = MEDIUM
• Department of Revenue - North Carolina- Reported January 14, 2007. Approximately 30,000 people had their personal information tax payer information which included names, SSNs, federal tax information compromised when a laptop was stolen from an employee of the NC Department of Revenue. RISK = HIGH
• MoneyGram International- Reported January 12, 2007. Approximately 79,000 people had their personal information such as names, addresses, phone numbers and in a few cases--bank account information. The breach occurred as it was discovered that the data was illegally accessed over the Internet. The matter is under investigation.RISK = HIGH
• University of Idaho- Reported January 11, 2007. The names, addresses and SSN's of at least 70,000 alumni, donors, employees and students of the University was exposed as (3) computer systems were stolen.
• Altria- Reported January 09, 2007. When a former employee (allegedly) stole (5) laptops that contained personally identifiable information approximately 18,000 people were affected. The personal information on the computers consisted of names, SSN's and other benefit related data.
• MoneyGram International- Reported January 12, 2007. Approximately 79,000 people had their personal information such as names, addresses, phone numbers and in a few cases--bank account information. The breach occurred as it was discovered that the data was illegally accessed over the Internet. The matter is under investigation.RISK = HIGH
Source: About.com: Identity Theft
http://idtheft.about.com/od/databreaches2007/a/Databreaches07.htm