By Chris Kramer
The financial information of up to 56,000 customers of Advance Auto Parts, a leading auto parts retailer, may have been exposed in a data breach. The company has begun sending letters to those who may have been affected according to a eWeek.com news report. Advance Auto Parts reported that a "network intrusion" that exposed financial information is the focus of a criminal investigation. Fourteen stores located in Georgia,Ohio, Louisiana, Tennessee, Mississippi, Indiana, Virginia and New York are believed to have been affected. The company is offering credit monitoring services for one year to all customers who were affected.
Whitier Daily News reported that about 5,000 past and current employees at Presbyterian Intercommunity Hospital in California have had their private information stolen. The stolen data included Social Security numbers, birth dates, full names and other records. These records were stored on a desktop computer that was stolen on February 11 from a Fullerton data management group. This data breach is even more far-reaching though, as the computer also contained the personal information of 35,000 other people from 18 other companies. Those who were affected in this data breach will be given a one-year subscription to LifeLock, a credit protection and monitoring service. The hospital sent letters to the employees who were affected on March 13.
A vulnerability in the PlayStation Network may have given hackers access to PSN passwords as well as the personal info of the Network's users, according to a report by Wired.com. Sony says that the loss of vital credit card info is "very unlikely and that it has fixed the vulnerability.
Antioch University says one of its computer systems that contained personal information on about 70,000 people was breached by a hacker three times last year according to an Associated Press report. An investigation by law enforcement is underway but the university says that there is no conclusive evidence yet that any personal information was stolen. The system that was hacked contains such personal information as names, Social Security numbers, academic records and payroll documents for current and former students, applicants and employees going back to 1996. The data breaches reportedly happened on June 9, June 10 and October 11 of last year. The university is mailing letters to all of the people who may have been affected by the data breach.
The personal information of 3,500 people who volunteered or visited San Quentin State Prison in a group tour was contained on an unencrypted flash memory drive that is now lost. The data on the drive contains names, birth dates and driver's license numbers according to a report by the San Francisco Chronicle. Prison officials say that the flash drive was used each evening to move the data from the administrative office to computers at the two entrance gates so that guards could identify volunteers or groups that tour the prison. The flash drive did not contain any Social Security numbers, but the prison has sent letter to anyone who may be affected and advised that they should monitor their credit files and place a fraud alert on them to prevent identity theft.
Lassell College in Massachusetts has said that a hacker was able to access computer data files containing the personal information of about 20,000 current and former students, faculty, staff and alumni. MSNBC reports that the information contained names and Social Security numbers, but that there is no indication that the information has been misused and there have been no reports of identity theft connected to the data breach. The college has sent out emails to notify those who may have been affected in the breach.
In Pennsylvania, a data breach has forced the close of a voter registration website. The website had a security breach that exposed sensitive data about Pennsylvania voters. InfoWorld reported that there was a problem in the voter registration application form that exposed the registration data of the approximately 30,000 people who used the online form. The web program error allowed anyone on the Internet to view the name, date of birth, driver's license number and political party affiliation. The last four digits of the voters' Social Security numbers were also visible on some of the applications. The Pennsylvania's Department of State disabled the registration on the website after learning of the data breach.
A university employee at Binghamton University in New York mistakenly e-mailed an attachment containing the names, grade point averages and Social Security numbers of junior and senior accounting students to another group of 288 School of Management students. The Press & Sun Bulletin reported that Brian Perry, the Coordinator of Undergraduate Advising for the School of Management, sent the e-mail. It was supposed to be delivered to accounting faculty members seeking input on student awards and should not have contained the Social Security numbers of the students. There have been no reports of misuse of the information.
The Deseret Morning News reported that unauthorized persons might have accessed the personal information of about 500 people during a security breach at the Utah Division of Finance. A spokeswoman for the Department of Administrative Services said that it is highly unlikely that the person who breached the computer system was able to access the personal information. The Department of Administrative Services will attempt all of the people potentially affected by the data breach as a matter of precaution. Utah attorney general special agents assigned to the Identity Theft Task Force are investigating the data breach.
One of the largest data breaches in history has reportedly happened at the Hannaford Bros. supermarket chain exposing millions of people to identity theft. WMUR9 reported that approximately 4.2 million credit and debit card numbers were exposed in the data breach and 1,800 cases of identity theft have already been reported. A class action lawsuit is in the works against Hannaford for mishandling customer data.
Firefighters in Minneola, Florida are now fighting more than fires. Due to a data breach that exposed the Social security numbers, phone numbers, addresses and personal information of nine firefighters, they are now fighting to keep their credit reports clean. Central Florida News 13 reports that the information contained on the firefighters' union applications was accidentally posted on the Minneola city website and remained online for more than 36 hours. The city clerk accidentally put the information on the website while she was updating the city council meeting agenda.
A laptop that contained the personal information of possibly 4,800 patients of University Healthcare in Utah was stolen, putting the patients at risk for identity theft. The laptop was stolen when someone broke into a locked office at the hospital. Authorities do not believe the intention of the theft was to retrieve patient information. KUTV News reports that the stolen laptop was password protected. The hospital is notifying all 4,800 patients of the potential data breach and will provide them with one year of free credit monitoring services.
The Buffalo News reports that 40,000 Healthnow New York members in Western and Northeastern New York may be at risk for identity theft because a former employee's laptop that may have contained confidential information was lost or stolen several months ago. Healthnow has notified the people who may have been affected. Healthnow officials are not sure what, if any, information the laptop contained but say that it could have had names, dates of birth, Social Security numbers, addresses, employer group names and health insurance identifier numbers. The computer did not contain any health or medical claims information. Anyone affected by this potential data breach will be provided with one year of free credit monitoring services at the expense of Healthnow. The information on the laptop was not encrypted but Healthnow says that going forward all laptops will be encrypted as a matter of policy.
A Harvard Graduate School of Arts and Sciences (GSAS) Web server was hacked last month and The Harvard Crimson reports that the personal information of 10,000 students may have been compromised. The information that was potentially breached included 6,600 Social Security numbers and 500 Harvard ID numbers. Harvard has begun to notify those students who may have been affected in the security and data breach after initially concluding that no personal information had been accessed. The university will give all of the potential identity theft victims access to free identity theft prevention services.
In Salt Lake City, Utah a surplus store sold a bundle of scrap paper to a local schoolteacher for her fourth grade class. KSL News reports that when the teacher took a closer look at the paper she had purchased, she realized that she had been sold the medical records of 28 Central Florida Regional Hospital patients. The medical records that were sold to the teacher included detailed medical histories, phone numbers, addresses, Social Security numbers and insurance information. Officials blame the mix-up on a shipping error. The box of medical records was one of three that had been shipped to a Las Vegas company for a Medicare audit. The box apparently got lost or could not be delivered and was sold by UPS as an unclaimed package.
A hard drive that was recently stolen from a company in Orange County, California contained the personal information of approximately 2,200 employees of Torrance Unified School District. The Daily Breeze reports that Systematic Automation Inc. of Orange County had the hard drive because it assists agencies with the administration of employee health benefits. The names, addresses, birth dates and Social Security numbers of the employees were contained on the stolen hard drive. District employees found out about the data breach through a letter from Systematic Automation Inc.
People who have bank drafts set up with Mecklenburg County, North Carolina are being warned that their bank account information may have been exposed in a recent data breach. WBTV News reports that the bank account details of 400 people in Mecklenburg County were stolen when a county employee's car was stolen. Inside the stolen car was a printout of bank draft transactions for the Park and Recreation Department during the months of January, February and June of 2006. The county is notifying people who may have been affected and advising them to contact the credit reporting agencies and their banks. The county now has a policy in place prohibiting the storage of sensitive information in vehicles.
The Wisconsin Office of Privacy Protection has reported that the office of Kurt Bischoff Tax & Accounting, Inc. was burglarized on February 21, 2008 and a desktop computer was stolen. The computer contained sensitive information such as the names, addresses, birth dates, social security numbers, and bank account numbers of approximately 600 people.
The Boston Herald has reported that the personal information of nearly 500 seniors who received flu shots in Wellesley, Massachusetts has been lost or stolen. An envelope containing the Social Security numbers, addresses and dates of birth of about 480 senior citizens who received flu shots from the town last fall was mailed from the town's health department to a Medicare office in Boston. When the envelope arrived in Boston, it was open and the contents were gone. The U.S.P.S. is trying to determine if a mechanical failure is to blame, or if the information could have been stolen. In the meantime, the seniors are being notified that their personal information may have been compromised.
Newscenter 13 has reported that 103,000 doctors' Social Security numbers were posted on a website by mistake. The doctors affected in this data breach are from Wisconsin and 10 other states. The Vice President at Marshfield Clinic confirmed that the Social Security numbers of the doctors at Marshfield and of thousands of doctors across the Midwest were posted on a website by Health Net Federal Services based in Rancho Cordova, California and remained available on the Internet for two months. The company is a government contractor that handles the health insurance administration for military families and veterans. Health Net Federal Services has notified the doctors who were affected in the breach and will provide credit monitoring services and credit restoration services to anyone affected by the breach who may become a victim of identity theft.
A woman in Washington D.C. has filed a $54 million dollar lawsuit against Best Buy because they lost her laptop and refused to let her know that it was missing until she pressured them about returning it to her. The lost laptop contained her tax information, personal information and photographs and documents related to her work with an Asian non-profit company. Best Buy violated the law in Washington D.C. by failing to inform Raelyn Campbell that her laptop, which contained sensitive personal information that could be used to steal her identity, was missing until after it had already been gone for several weeks.
A recent data breach affected employees of Lexmark International. The company informed the workers that information that could personally identify them was posted on a company file transfer site by mistake. The Herald-Leader reports that it is not known whether or not the file was accessed by anyone outside of the company, and Lexmark is being tight-lipped about what type of personal data was potentially exposed. The employees are being offered free identity-theft insurance and credit monitoring services for one year.
The Carthage Press has reported that one of the largest aid agencies in Carthage, Missouri was burglarized, with files that contained the personal data of about 2,000 families being stolen. The Crosslines Ministries of Carthage was robbed on February 15. Among the things that were stolen were paper files that contained the names, addresses, social security numbers and other personal information of 2,000 individuals served by the agency. The local police have recommended that anyone who has provided any personal data to Crosslines Ministries take steps to avoid identity theft. Since the files are missing, the agency has no way other than the media to contact those who may have been affected by this data breach.
A computer was stolen from an online benefits enrollment company in Fullerton, California that contained the Social Security numbers, names and salaries of about 4,000 employees of the Clovis Unified School District. The Fresno Bee reports that the police do not believe that the intention of the theft was to commit identity fraud. Those affected by the potential data breach have been urged to contact the credit reporting agencies to have a fraud alert put on their credit files. The school district also held two fraud-prevention seminars for employees.
The Eagle reported that the names and Social Security numbers of 3,000 current and former Texas A&M University agricultural employees were exposed when a computer file containing the information was posted online by mistake. The file was available to the public for three weeks before the error was discovered. The information was not accessible through a web page; however the information could have been retrieved by anyone with software designed to search online databases. The file was eight years old and didn't appear to contain names and Social Security numbers of A&M employees hired after May 1, 1999.
A computer stolen from a vendor in Los Angeles contained the personal information of more that 8,300 Los Angeles Department of Water and Power employees. DWP notified their employees of a potential data breach and informed them that steps were being taken to protect them from identity theft. The Daily News reported that the data contained on the stolen computer contained the names, Social Security numbers, dates of birth employee identification numbers, salaries, work locations, deferred compensation balances, insurance plan coverage and health care benefits selection.
In Fort Lauderdale, Florida, the police are investigating the discovery of a load of documents containing sensitive personal information in a garbage dumpster outside of a University of Phoenix Building. CBS News reported that the information that was discarded in the dumpster included Social Security numbers, credit card information, addresses and other personal information that could open up the possibilities for identity theft. The boxes of files and paperwork belonged to the now defunct First Magnus Financial.
A news report on WTOC11 indicates that the patients of two Low Country hospitals near Hilton Head, South Carolina could now be vulnerable to identity theft. Officials say that an employee of Tenet Healthcare Corporation, which owns Hilton Head Regional Medical Center and Coastal Carolina Medical Center, stole the private information of about 90 patients. Tenet has notified approximately 37,000 patients who may have been affected and advised them to protect themselves from identity theft.
The Daily News Journal of Murfreesboro, Tennessee has reported that the Social Security numbers of 1,500 current and former Middle Tennessee State University students may have been breached. A hacker gained access to a computer with the names and Social Security numbers of the students; however there is evidence that the computer was used to send spam e-mails and that the sensitive information may not have been accessed. A letter explaining the situation was sent to everyone who is at risk from the potential breach. No identity theft has been reported as a result of the potential breach.
Memphis Online reports that there are two laptop computers missing from Lifeblood, Mid-South's primary blood supplier. The computers contained the names, birth dates, addresses, Social Security numbers and other sensitive information of approximately 321,000 blood donors. People who donated blood as far back as 1990 are being warned about the data breach. The laptops are presumed stolen and Lifeblood has hired a private investigator and searched local pawnshops in an attempt to locate them.
The Milwaukee Journal Sentinel reports that confidential court records were mistakenly released in Milwaukee County. Officials say that the records were released and put on a citizens group's web site that details payments for tests and other costs linked to mental competency, paternity and guardianship cases. The Citizens for Responsible Government Network posted the sensitive and confidential information on its web site and was asked by the county to remove it, although it remained available to the public for some time. It is not known exactly how many people accessed the confidential information that was posted on the web site.
Long Island University has notified approximately 25,000 to 30,000 students that the tax forms that were mailed to them were in defective mailers and that problem could lead to identity theft. Newsday reports that the students have been advised to put fraud alerts on their credit reports. Apparently the annual 1098-T Tuition Statements that were mailed to students were mailed in envelopes that were missing adhesive on one side, leaving the mailer open. United States Postal Service processing machinery damaged approximately half of the envelopes further, exposing the students' names, addresses and Social Security numbers to postal workers.
The personal information of people who have shopped on Major League Soccer's MLSgear.com website has been compromised by a series of attacks on the servers that host the website. The information that has been exposed includes names, addresses, credit and debit card data, and MLSgear.com passwords according to a report by Computerworld. A letter has been sent to all customers affected by the data breach, and hopefully the situation will be amended before any involved party files bankruptcy.
A desktop computer stolen from an Administrative Systems, Inc. (ASI) office in Seattle, Washington may have contained the names, dates of birth, mailing addresses and Social Security numbers of customers or employees of several of the firm's clients including Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental according to a report by Pogowasright.org.
My Fox Colorado reports that there are concerns about sensitive student information being breached after a laptop computer and jump drive was stolen from the home of a Jeffco Public Schools school district employee. The stolen jump drive may have contained the personal information of up to 2,900 special education students including their names, date of birth, student ID number, school location and the names and contact information of the students' parents.
The Modesto Bee reports that a computer hard drive which contained the names, addresses, birth dates and Social Security numbers of 3,500 Modesto City Schools employees has been stolen from a Southern California data processing firm. The computer hard drive was stolen after a window was smashed in at Systematic Automation Inc. in Fullerton, California. The information on the hard drive was not encrypted.
The US Marine Corps Japan website has reported that officials at Camp Foster in Okinawa, Japan are investigating the theft of a laptop computer. The computer contained the personal data of up to 4,000 clients of Marine Corps Community Services' New Parent Support Program. The Marine Corps advises that the data contained on the laptop could include the names, ranks, social security numbers, dates of birth, children's names and mailing addresses of U.S. military service members, U.S. government employees and Status of Forces Agreement personnel on Okinawa and Marine Corps Air Station Iwakuni. No banking or credit card information was stored on the computer. The laptop was password protected.
The Boston Globe reports that four computers have been stolen from Diocese of Providence in Rhode Island. One of the computers that thieves made off with contains the personal data including names, addresses and social security numbers of approximately 5,000 current and former Catholic school employees. All of the computers that have been stolen were password protected.
Memorial Hospital of South Bend, Indiana has notified hospital workers that a laptop containing the names, addresses, birth dates, ID numbers and social security numbers of approximately 4,300 full and part time employees and retired workers is lost. A hospital employee lost the laptop while traveling. WSBT News reports that the laptop was not encrypted. The employee had taken the laptop on board with her during an American Airlines flight and a flight attendant took it away from her because there was no room to store it where she was sitting. The hospital has offered one free year of credit monitoring services to those people who were affected in this potential data breach.
WCCO has reported that Dr. Theodore Nagel, a doctor at the University of Minnesota's Reproductive Medicine Center, has lost a flash drive that has been used to back up data on his computer. The doctor's computer contains the sensitive details about infertility treatments for 3,100 patients who have received treatment or consultations since 1999. The information on the backup drive that has been lost is not encrypted or password protected, so anyone who finds the drive will have instant access to all of this personal patient information. According to University of Minnesota regulations, doctors are required to encode the information on flash drives, however in this case that was not done. Nagel owned up to losing the drive and has written the patients a letter of apology. The information on the flash drive does not contain financial information or social security numbers, but the clinic has set up a hotline for concerned patients to call for more information.
The Times and Democrat in South Carolina reports that a laptop with the names and Social Security numbers of about 400 state health department employees on the hard drive is lost. The South Carolina Department of Health and Environmental Control (DHEC) has said that the computer was stolen from an employee's vehicle when it was parked outside a convenience store in Spartanburg, South Carolina. The laptop computer is reportedly password-protected, but thieves often find it easy to get around such a simple method of protection. The personal information of employees of the state health department branches in Spartanburg, Cherokee, Union, Greenville and Pickens counties is at risk.
The Star-Ledger has reported that more than 300,000 members of Horizon Blue Cross Blue Shield of New Jersey are being notified that their names, social security numbers and other personal information are now potentially at risk. A laptop computer containing all of the personal information of these members was stolen in Newark, New Jersey on January 5 after being taken home by an employee who routinely works with member data. The health insurance company is advising members that there is no reason to believe that the personal data was compromised. The data on the laptop was not encrypted, but the company says that it was password protected and other security features were in place to protect the sensitive information. The computer was programmed to automatically destroy the data on January 23. The members of Horizon Blue Cross Blue Shield of New Jersey that were affected are being offered one free year of credit monitoring services to help protect them from any potential identity theft.
A sophisticated computer hacker broke into Great Falls, Montana financial services company's database and was able to access the names and Social Security numbers of 226,000 of the company's current and former clients, according to a report by the Great Falls Tribune. The Davidson Companies database also included account numbers and balances, but a company spokeswoman has said that the hacker was not able to access the accounts. The company is confident and assuring customers that their accounts are untouched and that their assets are secure, but they are warning their customers about the potential risk of identity theft and advising them how to reduce the risk of the information being misused.
Georgetown University's newspaper, The Hoya, has reported that an external hard drive containing the Social Security numbers of nearly 40,000 Georgetown University students, alumni, faculty and staff was stolen from the office of Student Affairs on January 3. This data breach potentially exposes the thousands of students to identity theft. The hard drive that was stolen had been used to back up billing information for several student services. Although the hard drive was not encrypted, there have not yet been any reports of misuse of the information that it contained.
Investment News reports that 35,000 current and former participants in many different plans with T. Rowe Price Retirement Plan Services have been notified that their names and Social Security numbers have been potentially compromised because their personal information was contained on the hard drives of computers that have been stolen. The stolen computers were taken from the office of CBIZ Benefits and Insurance Services Inc. CBIZ prepares 5500s for T. Rowe Price, and that is why they were in possession of the files and personal data of T. Rowe Price clients. The addresses and birth dates of plan participants were not contained on the computers that were stolen. T. Rowe Price is providing one year subscriptions to an online credit monitoring service and up to $25,000 of identity theft insurance to those who were affected by this data breach.
A Wake County, North Carolina Emergency Medical Services laptop computer which contained patient information disappeared from the WakeMed Emergency Department on January 24, according to a news report by WRAL. The computer was equipped with security that would make it difficult for a thief to access the information on the hard drive. EMS officials are notifying patients whose information was on the computer of the potential data breach, but they say that they have no reason to believe that the laptop was stolen for the medical information that it contained.
A recently reported data breach at an undisclosed "major retailer" may have resulted in many consumers having their debit cards forcibly reissued by their banks. Consumers have also reported getting unusual calls from their banks to verify recent purchases. This activity started around Christmas and continued well into January. The breach was apparently of all types of credit and debit cards, and there was an indication that stolen cards were used to make in-store purchases. The name of the retailer will not be revealed until the thieves are apprehended.
The personal information of approximately 650,000 J.C. Penney customers and up to 100 other retailers could be compromised because a computer tape has been lost. The missing computer tape included the Social Security numbers of about 150,000 people. The backup tape was discovered missing from a warehouse last October. There is no record of the tape being checked out, but it can not be located. There has been no indication of theft or that the information on the missing tape has been misused.
Federal investigators are blaming city officials in Kansas City, Missouri for the loss of 26 IRS computer tapes containing taxpayer information in 2006. Treasury Department's inspector general for tax administration said the city failed to follow "proper safeguards for protecting federal tax return information." The computer tapes had been delivered to City Hall in August 2006 so that revenue officials in Kansas City could verify that people who work or live in the city were paying the 1 percent earnings tax owed to the city. The tapes were discovered missing and an investigation began on December 19, 2006. The investigation went on for nearly a year, but the tapes were never located. The IRS has never disclosed the nature of the information on the tapes or how many taxpayers were affected.
The personal information of nearly 30,000 patients of Fallon Community Health Plan was contained on a vendor computer that has been stolen. The laptop computer that was stolen is believed to contain the names, date of birth, some diagnostic information and medical ID numbers that may be based on Social Security numbers of members with Fallon Senior Plan and Summit ElderCare coverage. The computer was stolen from the offices of a third-party vendor that handles medical claims management for Fallon.
OmniAmerican Bank has been targeted and attacked by an international ring of hackers. Account numbers were stolen, new PINs were created, and debit cards were fabricated and used to withdraw cash from ATMs around the world in locations including Eastern Europe, Britain, Canada and New York. OmniAmerican Bank says that although the scheme was elaborate, the losses wee minimal and no depositors will lose money. Less than 100 accounts were compromised, and all had a daily withdrawal limit of less than $1,000.
A Penn State University laptop containing archived information and the Social Security numbers of 677 students who attended the university between 1999 and 2004 has been stolen from a faculty member. The theft is believed to have been random and not connected with Penn State. There have been no reports of misuse of the data contained on the stolen computer.
A man in Seattle went dumpster diving and found that Visa Services Northwest had discarded sensitive documents containing his personal information without shredding them. Steve Gillett found documents with his name, Social Security number, credit card information and a copy of his signature in the dumpster where anyone could have retrieved them. The company had discarded documents containing similar information of hundreds of people. The company says that the information found in the dumpster was an isolated incident and that files with sensitive information are routinely shredded before being thrown out.
The University of Akron has notified 800 students and graduates of the College of Education that a portable hard drive containing their personal information is missing and may have been discarded or destroyed in December. The missing hard drive contained the Social Security numbers, names and addresses of students and graduates. University officials believe that there is a low risk of identity theft in connection with the incident.
The University of Iowa College of Engineering has notified approximately 216 of its former students to let them know that some of their personal information, including Social Security numbers, was inadvertently exposed on the Internet for several months.
The file containing the personal information was discovered in early January 2008. The information that was exposed did not include any credit card numbers, birth dates or specific grades. University officials do not think there is a high risk that the information was or will be misused, but they are advising those affected by the data breach to take precautions to protect themselves from identity theft and to place fraud alerts on their credit files with the three major credit bureaus.
A private software company has obtained the Social Security numbers, dates of birth and other sensitive information about Texas kindergarten students from the Texas school districts. The school districts insist that the information is safe and that they did not need parental consent to release the information. The software company, OZ Systems, has received at least $2.3 million in state money to create databases of preschool and kindergarten student records.
TSA has contacted a number of people who submitted personal information on their website when they filed applications online. At least 247 travelers clicked an unsecure "file your application online" link and provided their names, Social Security numbers, eye color, place of birth and other sensitive personal information. TSA has informed these people that they are at a heightened risk for identity theft because the online application process was unsecure.
The Department of Social Services in Suffolk, Virginia has mailed about 1,500 letters to warn of a "potential security breach" involving a department computer that police suspect was used to commit fraud. Officials say that they don't think that any clients' personal information was compromised, and there is no evidence the data used for the fraud was retrieved from the computer. A woman who worked at the Department of Social Services is charged with credit card fraud and forgery and is accused of using her work computer to apply for a credit card using her landlord's information.
The names and Social Security numbers of 990 Tennessee Tech University students were contained on a portable storage drive that has been lost. The school has notified students who lived in Capital Quad and Crawford residence halls during the fall 2007 semester that their information could be at risk.
Dahlgren base workers have been warned that they could become victims of identity theft. Two pages of a 13-year-old report listing names, Social Security numbers and birth dates for Navy employees were found when four people were arrested in Bensalem Township, Pennsylvania for attempted identity fraud. A Navy employee was notified by police that someone had stolen his identity and was trying to use his credit card to buy a television.
As homeowners in Maryland attempted to register online for a property tax exemption, a security flaw on a Maryland government website left 900 Social Security numbers unprotected. Residents who were applying for the homestead-tax credit at the Maryland Department of Assessments and Taxation website may have had their Social Security numbers exposed on December 31st because the application system did not encrypt the information before sending it. A spokesperson for the department said that the numbers may have been briefly exposed, but they were transferred to a secure server within "a minute or so" and that the chance of a data breach, while possible, is improbable.
The Pan American Center has reported that a computer hard drive that contains the names and Social Security numbers of current and former New Mexico State University employees has been stolen. A NMSU official said that it is highly improbable that the information on the external hard drive could be accessed. The hard drive was stolen from an office at the NMSU Special Events Department at the Pan Am sometime between December 20th and January 2nd.
Even geeks sometimes have security breaches. Geeks.com has notified an unspecified number of customers that there was an intrusion by a hacker on their website and their personal and financial data may have been breached. Genica Corp., the owner of Geeks.com, discovered the security breach on December 5th. The hacker may have been able to access the names, addresses, telephone numbers and Visa credit card numbers of some customers who have shopped at Geeks.com.
A vendor hired by the state of Wisconsin printed Social Security numbers on about 260,000 informational brochures sent out to recipients of SeniorCare and other state programs. This error marks the second time in 13 months that Social Security numbers have been included on mailings from state departments in Wisconsin. In December 2006, the Wisconsin Department of Revenue mailed out 171,000 tax booklets with the recipients Social Security numbers printed on the address labels. EDS, the vendor responsible for the most recent data breach, will provide free credit monitoring to those who were affected.
A New Jersey resident has filed a $5 million class action lawsuit against Sears, following the news that Sears' ManageMyHome.com website provided customer purchase data to any online visitor who asked about it. Plaintiff Christine Desantis filed a complaint in Cook County, Illinois alleging that Sears' exposure of consumer data represents a breach of contract and a violation of the Consumer Fraud Act. Desantis is seeking $5 million to cover payments to affected Sears' customers, lawyers and the cost of injunctive relief. The lawsuit alleges that Sears failed to take reasonable steps to make sure that their customers' private data was kept secure.
A hacker was able to gain access to a University of Georgia server containing the personal information, including the Social Security numbers, of more than 4,000 current, former and perspective residents of a university housing complex. UGA officials are attempting to contact anyone who may have been affected by the security breach that happened sometime between December 29th and December 31st. Officials say that a computer with an overseas IP address gained access to the personal information contained on the university server.
Court papers filed by the Texas attorney general accuse a facility owned by a Pennsylvania-based physical therapy company of violating state identity theft protection laws. Investigators in the attorney general's office allege that Select Physical Therapy operates a rehabilitation center that dumped around 4,000 intact pieces of sensitive customer information in garbage cans behind its facility in Levelland, Texas. The information that was dumped contained Social Security numbers, credit and debit card account numbers, names, addresses and telephone numbers of customers. The trash cans were also stuffed with sensitive medical information and copies of checks from large corporations that had contracted with the facility for employee physicals and drug tests.
A hacker was able to access the administration site for Robotics Online on or about December 10th, 2007. Robotics Industries Association announced that the hacker had gained access to individual orders which contained customers' credit card information. The company did not announce exactly how many customers had their credit card information breached, but it is known that seven New Hampshire residents were affected. After the incident, all of the credit card information was deleted from the Robotics Online website database and the site temporarily stopped accepting credit card orders.