NC_Breaches by 2dn8vE

VIEWS: 0 PAGES: 42

									      Company Name          Date Notified     Breach Date                       Event
                                                             laptop stolen from water dept
                                                             containing fire fighters' personal
City of Selma                     1/9/2007                   info
                                                             laptop stolen from locked church
Newhope Church                   1/10/2007          1/9/2007 office
Altria Group, Inc./Towers                                    laptops (5) stolen from Towers
Perrin                           1/11/2007         12/1/2006 Perrin (Altria vendor) offices

                                                            laptop stolen -- secured property
NC Dept of Revenue               1/12/2007 week of 12/11/06 of ee broken into and laptop taken

Mercer Health & Benefits          1/9/2007                       laptop stolen from locked vehicle

                                               12/1/06 (first
Prudential                                       reported to laptops (5) stolen from Towers
Financial/Towers Perrin          1/17/2007 Prudential 1/3/07) Perrin (Altria vendor) offices
                                                                 unauthorized intrusion into
TJX                              1/17/2007         mid Dec 06 computer system

Nationwide Health Plans                                      computer back-up tapes stolen
(NHP)/ Concentra                 1/17/2007        12/11/2006 from office of Concentra
                                                                 customer's Lexis ID potentially
LexisNexis                         2/1/2007                      compromised

                                                              unauthorized access to electronic
                                                              company personnel files located at
Public Storage, Inc.             1/29/2007         12/11/2006 corporate HQ in CA
                                                 12/1/06 (first
                                                   reported to
Bertelsmann, Inc./Towers                          Bertelsmann laptops (5) stolen from Towers
Perrin                             2/3/2007            1/4/07) Perrin (Altria vendor) offices
                                                               personal info on 21 former ees of a
                                               notice to those company released to other 21
NC ESC                             2/6/2007   affected 1/29/07 former ees
                                                12/1/06 (first
                                                  reported to laptops (5) stolen from Towers
Unilever/Towers Perrin             2/6/2007   Unilever Jan 07) Perrin (Altria vendor) offices
                                                                 programming error associated w/
                                                                 computer program designed to
ECU                                2/2/2007      1/22-29/2007    reduce internal use of SSN
                                                                 computer backup tape sent to
                                                                 contractor to make microfiche but
Johns Hopkins University           2/7/2007 discovered 1/18/07   never arrived
                                                                 computer backup tape sent to
                                                became aware     contractor to make microfiche but
Johns Hopkins Medicine             2/7/2007          1/26/07     never arrived
                                                                 customer's user ID potentially
LexisNexis                       2/16/2007                       compromised
                                                          customer's user ID potentially
LexisNexis                  2/16/2007                     compromised
                                                          laptop computer stolen from
Nationwide Insurance        2/16/2007           1/22/2007 associate's car
                                                          in Apr 2005 an unauthorized
Mercury Marine Div of                                     person accessed server and
Brunswick Corp              2/16/2007           Dec. 2006 obtained ee info
                                                          third party contractor put info on
                                                          shared server instead of secure
Fruit of the Loom           2/21/2007           2/17/2007 server

                                                          CS converted loans into mortgage-
                                                          backed security requiring SEC
                                                          filing; filing on 3/15/06 included
                                                          personal info and was made
Credit Suisse               2/20/2007           3/15/2006 available on SEC website
Flex Compensation, Inc.     2/26/2007           2/14/2007 laptop stolen from office
                                                          equipment/file theft from Wachovia
Wachovia                    2/14/2007                     distribution center

H&R Block                    3/2/2007             2/7/2007 tax records left on private property
                                                            personal info allegedly thrown in
                                                            trash and removed by inmate
NC Dept. of Correction       3/6/2007                       janitor
                                                            new mail system malfunction;
Nationwide Retirement                                       resulted in 40 checks mailed to
Solutions                   3/12/2007            2/22/2007 wrong address
                                                            names/SSNs of employees on
NC DENR                     3/19/2007            3/19/2007 server searchable on google
                                             suspected on
                                        1/24/07; confirmed name, bank act info, routing info,
                                               with outside and/or drivers' license info exposed
                                             forensic team when there was unauthorized
Merchant America            3/26/2007                2/6/07 intrusion into a database

                                                          laptop stolen -- employee of vendor
Commerce Banc Insurance                                   (Schivall Systems LLC) was victim
Services                     4/3/2007            3/2/2007 of residential burglary in Fla
                                                          data tapes lost in transport by
IBM                          4/6/2007           2/23/2007 vendor
                                                          paper files in surplus file cabinet to
                                                          be auctioned were temporarily
                                                          stored in a warehouse where
Guilford Technical                                        personal info could have been
Community College            4/3/2007           3/26/2007 compromised
                                                          website accessed by unauthorized
vFinance Investments         4/9/2007                     person

ACS, Inc (vendor for GA
Dept of Community Health)    5/3/2007             4/6/2007 CD containing info lost in transit
New Hanover Correctional                                   inmate obtained documents with
Center                      5/16/2007             4/7/2007 personal info about employee
Greenline Media, Inc dba
Mountain Xpress             5/23/2007             5/7/2007 attack on server
                                                 computer disc containing personal
                                                 info could not be located; lost or
                                                 stolen while being shipped between
Lucent Technologies, Inc   5/24/2007    5/7/2007 vendors
                                                 security breach on server
                                                 containing backup copy of
NC DOT                     5/25/2007             database

                                                 unauthorized searches where two
                                                 user IDs of law enforcement
LexisNexis                 5/31/2007             customer potentially compromised

                                                 unauthorized searches where
                                                 customer's used ID was potentially
LexisNexis                 5/31/2007             used in unauthorized manner
                                                 employee loaded unauthorized
                                                 software onto company laptop;
                                                 allowed outsiders to access files
                                                 (including names and SSNs) of
                                                 affected current and former
Pfizer                     5/30/2007             employees
                                                 then-ee of UPS (now former ee)
                                                 downloaded info on current &
                                                 former employees, including
                                                 names, SSNs, ee ID ##s, job
                                                 classification, job status;
UPS                        6/21/2007   2/22/2007 downloaded to UPS computer
                                                 laptop of claims assoc stolen from
                                                 vehicle; contained names and
                                                 SSNs; password protected but not
Nationwide Mutual Ins Co   6/25/2007   4/11/2007 encrypted

                                                 ee of WH Gill & Assoc Inc, a
                                                 Nationwide Ins Agency, exceeded
                                                 authorized usage of personal info;
                                                 ee has been terminated; info
                                                 affected included checking acct #
                                                 and/or credit/debit card # that was
Nationwide Mutual Ins Co   6/25/2007   4/11/2007 used to make payments

                                                 former ee among suspected
                                                 participants in identity theft
                                                 acitivites being investigated by fed
                                                 task force; info of 127 memers (3
                                                 from NC) were found in suspect's
                                                 possession; info included name,
                                                 address, DOB, SSN; no reason to
                                                 believe health info disclosed;
                                                 notified 17000 members whose info
                                                 the former ee had accessed during
                                                 normal course of business while
United Healthcare          6/26/2007             employed for 2 1/2 yrs
                                                     high level ee who had access to
                                                     electronic systems missing;
                                                     requested by US Sec Service to
                                                     delay notification b/c of
City Harvest, Inc.             6/29/2007   4/24/2007 investigation and possible arrest

                                                     former ee misappropriated and sold
                                                     consumer info to a data broker who
                                                     sold to direct marketing orgs;
                                                     maintains bank acct info for check
                                                     authorization business; maintains
                                                     check and credit card info in
                                                     gaming operations; ee terminated
                                                     and filed suit against ee; data
                                                     included names, addresses, &
                                                     telephone #s, and in many cases a
                                                     DOB and bank acct or credit card
                                                     info; 8.5 million affected (some only
                                                     identifying info) in total, of that 5.7
                                                     million included checking acct info
Certegy Check Services,                              and 1.5 million included credit card
Inc. (subsidary of Fidelity)     7/4/07     6/27/07 info
                                                     breach in computer system;
                                                     personal info included name,
                                                     address and credit card ## for
Kingston Technology                                  purchases made at
Company, Inc.                     7/9/07   Sept 2005 www.shop.kingston.com

                                                     2 laptops stolen from lacked cars;
                                                     Axia mgmt consulting co for Pfizer
                                                     and laptops had Pfizer info;
                                                     personal info on 950 that provide or
                                                     considering providing contract svcs
                                                     for Pfizer; SSNs or EINs, phone #s,
                                                     addresses, email addresses, info
Axia                             7/20/07     5/31/07 about compensation
                                                     paper breach - disability info mailed
                                                     to incorrect individual; mailed
                                                     policey to wrong person which
                                                     included STD application with
                                                     name, SSN, DOB, address &
                                                     phone #, and answers to health
                                                     question; have started redacting
Standard Life and Casualty                           SSN on policies being mailed to
Insurance Co.                    7/18/07     7/13/07 insureds; 4 affected in total
                                                     external hard drive stolen -- theft of
                                                     luggage during airline travel; ACS
                                                     under contract w/ DE court system
                                                     to implement automated case
                                                     mgmt system; stolen hard had
                                                     sampling of data from cases in
                                                     superior court, family court, ct of
ACS, Inc (vendor for DE                              common pleas between 2002 and
court system)                    7/25/07     6/21/07 2004
                                                    former ee misappropriated and sold
                                                    consumer info to a data broker who
                                                    sold to direct marketing orgs;
                                                    related to Certegy breach (above);
                                                    investigation revealed portion of
                                                    stolen credit card info was devired
                                                    from its credit issuance business
Fidelity National Card                              so submitted separate breach form
Services, Inc.           7/31/07            7/20/07 for this portion of the breach
                                                    letters mailed with SSN showing
                                                    through envelope window; SSN
                                                    included on letter in error instead of
BCBS of NC                8/7/07            7/31/07 BCBSNC id number
                                                    3 computers stolen from Lee
                                                    County office; one had reports with
                                                    names and SSNs; one hard drive
                                                    had reports from 2004 with names
NC ESC                   8/13/07            7/28/07 at SSNs

                                                    4 external hard drives used to back
                                                    up info were missing from locked IT
                                                    workroom; 2 of 4 hardrives
                                                    contained personal info of current
                                                    and former ees in system as of
                                                    12/12/06 including name, address,
                                                    phone ##, SSN, DOB, bank or
                                                    financial acct info, compensation
Celgene Corp.            8/15/07            7/24/07 info, and in some cases DL #
                                                    laptop lost during business trip to
                                                    Atlanta in late July 07; laptop
                                                    contained names, SSNs, address,
                                                    DOBs, citizenship, and
                                                    compensation info for Mercury
HP                       8/16/07 early August       Interactive former ees
                                                    stolen laptop from car of claims
                                                    rep; contained personal info for 140
                                                    people; 3 notification letters
                                                    depending on group - policyholder,
                                                    claimant, or person whose info was
                                                    on laptop as part of fraud
                                                    investigation involving customer;
                                                    personal info included names, SSN
Nationwide Ins Co        8/15/07            5/22/07 and/or DL #
                                   ee (now former ee) copied
                                   database with personal info; ee
                                   suspected of fraud w/ regard to
                                   travel exp and upon being
                                   invesitgated gave resignation; had
                                   leave remaining and access to
                                   computer system; before leaving
                                   copied database; got job with
                                   competitor; again suspected of
                                   fraud and either was fired or
                                   resigned; new er found Pfizer info
                                   on computer and mailed it to Pfizer;
                                   investigation revealed personal
                                   info; competitor er now
                                   investigating ee's computer to look
                                   for more info; talked to federal
                                   prosecutor and trying to put case
                                   together against former ee, but
                                   don't want to put too much info
                                   about breach out so he is not
Pfizer         8/23/07   Dec. 2006 tipped off
                                   stolen laptop from ee of
                                   professional services firm working
AT&T           8/20/07     7/31/07 for AT&T

                                   hacked into ecommerce store and
                                   created phishing site; discovered in
                                   July 07 that encrypted credit card
                                   data could have been accessed;
                                   numbers were encrypted but key
                                   was not well protected; only data up
                                   hrough June 19-20 could have
Voxant         8/29/07     6/20/07 been affected
                                   third party accessing customer's
                                   contract info through website;
                                   believe third party had SSN, DOB,
                                   and annuity contract number to
The Hartford   8/31/07     8/29/07 gain access
                                   theft of two computers containing
                                   personal info; some info encrypted
                                   but can't confirm all personal info
                                   was secured; co administers
                                   patient assistance program for
                                   various drug manufacturers and
                                   has 9 different notice letters for
                                   different drug manufacturers
McKesson       8/29/07     7/18/07 customers
                                                         laptop stolen from ee of Larson
                                                         Allen (external auditor) containing
                                                         excel spreadsheet listing personal
                                                         info of FirstHealth ees; laptop and
                                                         excel spreadsheet were password
                                                         protected; file containined name,
                                                         SSN, date of hire, DOB, address,
                                                         dept name, and ee status; did not
                                                         contain payroll info or bank acct
FirstHealth of the Carolinas   9/10/07           8/31/07 info

                                                         misplaced computer tape; believe it
                                                         was accidentally destroyed; ACS is
                                                         vendor of Caremark (administers
                                                         Kraft prescription drug benefits
                                                         plan) and received data tape with
                                                         names, address, DOB and SSNs of
Kraft (ACS is vendor of                                  current ees and small number of
Caremark)                       9/5/07         Aug. 2007 former ees or dependents
                                                         customer login/password
                                                         compromised; Merlin is a data
                                                         provider for law enforcement and
                                                         info search companies;
                                                         unauthorized person had access to
Merlin                         9/25/07           8/31/07 name, address & SSN

                                                          hacked into compuer and accessed
                                                          HR info; info included names,
                                                          home addresses, SSNs, and
The Nature Conservancy         9/24/07 discovered 9/12/07 possible financial acct numbers
                                                          2 laptops stolen from office of
                                                          vendor that managed job applicant
                                                          data; info on 1 laptop included
                                                          names, SSNs of people who
                                                          applied for job between July 2006
Gap, Inc.                      9/28/07            9/19/07 and June 2007

                                                         departing ee copied confidential
                                                         info of current and former ees and
                                                         did not return info upon termination;
                                                         demanded return and person said it
                                                         had been thrown out and belived
                                                         destroyed; forensic computer exam
                                                         on 8/18/07 showed that info was
                                                         copied amd removed; info included
                                                         names and either SSN or EIN, as
                                                         well as home address, phone
                                                         number, bonus or compensation
                                                         info for small subset; have filed
                                                         legal claim against person
                                                         responsible to prevent futher
                                                         disclosure in case hasn't bee
Pfizer                                                   destroyed
                                          data back up tapes misplaced;
                                          back up tapes sent to secure, off
                                          site facility for temp storage but
                                          were misplaced; data includes
Hartford Fire Ins Co    10/4/07   9/27/07 name, SSN, and DL #
                                          sent secure electronic file
                                          containing personal info of clients
                                          to another client by mistake; other
                                          client notified MM of receipt of info;
                                          deleted it at request of MM and
                                          sent confirmation that it had been
                                          deleted; info included names and
MassMutual              10/3/07   8/10/07 SSNs

                                          ee inadvertently accessed
                                          unsecured files containing ee stock
                                          option plan info; immediately
                                          notified supervisor and steps taken
                                          to secure files to prevent further
Daymon Worldwide        10/5/07   9/10/07 unauthorized access
                                          missing laptop containing personal
                                          info; laptop contained info about
                                          people who were Administaff
                                          worksite ees during calendar year
                                          2006; info included names, SSNs,
Administaff            10/15/07   10/3/07 addresses
                                          PT ee gained unauthorized access
                                          using another ee's password; ee
                                          discovered there were
                                          unauthorized charges to credit
                                          card; reported incident to police
                                          and discovered it was a PT ee
                                          using credit card; ee had given PT
                                          ee password so PT ee had
                                          unauthorized access to personal
                                          info of employees; no evid of
                                          intrusion into system; police
                                          investigating and learned of other
Central Piedmont                          instances of PT ee using other's
Community College      10/16/07   9/17/07 info
                                                    ee transmitted electronic copies of
                                                    databases containing insurance
                                                    related info to his home computer
                                                    in Feb. 07; possibility databases
                                                    disseminated to person not
                                                    currently employed or associated
                                                    with hospital; ee had access as part
                                                    of job but was not authoried to
                                                    transmit database outside control
                                                    of hospital; info of current and
                                                    former patients including name,
                                                    DOB, acct #, ins carrier info, ins
                                                    claim #, ins policy #; do not think
                                                    med info included or credit card or
St. Vincents Catholic                               bank acct info; some SSNs were
Medical Centers of NY   10/15/07             6/1/07 included as part of ins policy #
                                                    unauthorized intruder penetrated
                                                    system and obtained access to
                                                    database of cardholder acct
                                                    records (containing SSNs); payroll
                                                    passport/IC settlement database
                                                    breached; contained SSNs
                                                    provided by ers for certain
iWire, Inc.             10/18/07            10/1/07 cardholders

                                                       computer stolen; contained names
                                                       and SSNs for fund participants;
                                                       computer requires power pack
                                                       rather than cord and power pack
                                                       not stolen; must order power pack
                                                       from dell with comptuer serial
                                                       number and customer acct
                                                       number; dell has been alerted to
YWCA Retirement Fund    10/25/07            10/1/07    anyone trying to buy power pack
                                                       ee accidently posted elctronic file
                                                       containing certain personal info on
                                                       generally-accessible internal
                                                       location of MeadWestvaco
                                                       computer network; file contained
MeadWestvaco             11/6/07           10/12/07    ees names, address and SSNs
                                                       breach of online ordering system;
                                                       info included customer name,
                                                       address and credit card ## from
KimsCraft                11/6/07   8/13/07 - 10/1/07   online ordering site.
                                                       notebook computer lost or stolen;
                                                       last seen on rear bumper of
                                                       ambulance; double password
                                                       protected; info included names,
                                                       addresses, phone #, SSNs; also
                                                       had med info on 58 people who
                                                       had received treatment between
Cabarrus County          11/9/07           10/28/07    10/13 and 10/28
                                                       E-mail accts accessed; credentials
                                                       of one of the contractor's (Convio)
                                                       ees was stolen, which allowed theif
                                                       to long onto contractor's system
                                                       and access e-mail addresses
Military Officers                                      owned by members of MOAA and
Association of America       11/9/07           11/1/07 members of dozens of other orgs

                                                          speech therapist's car broken into
                                                          and laptop stolen; contained names
Scotland County Schools     11/15/07          11/13/07    and SSNs for 100 students
                                                          flash drive lost then recovered;
Wake Technical                                            contained students' SSNs and
Community College           11/16/07          10/18/07    other personal data
                                                          ee in TX transmitted via email the
                                                          names, addresses, SSNs, and
                                                          possible corporate card ##s of
                                                          other ees; disclosure made to
                                                          person ee was residing with at the
                                                          time; possible other attempts at
                                                          disclosure may have occurred;
                                                          affected 6000 current and former
                                                          ees across US and in a few
Celanese                    11/20/07   7/15/05; 2/15/07   international locations
                                                          former ee has been charged with
                                                          stealing personal info and id theft;
                                                          police requested delayed
                                                          disclosure; notifed by police that
                                                          former ee was subject of
                                                          investigation; believe former ee
                                                          took names, addresses, DOBs,
Prudential Financial        11/30/07           9/27/07    SSNs, and bank acct info
                                                          ee of IKON Office Solutions
                                                          (vendor) had laptop stolen from
                                                          car; contained names, SSNs,
                                                          DOBs, other personnel info of
Deloitte & Touche USA                                     current and former partners,
LLP                          12/5/07          11/19/07    prncipals, and ees
                                                          electronic intruders; SSNs for 1380
                                                          prospective applicants stored on
                                                          webserver that was compromised;
                                                          not clear whether actually
                                                          downloaded or acquired; data not
Duke University School of                                 encrypted but was password
Law                          12/6/07          11/29/07    protected

                                                       hacker accessed system but credit
                                                       card info was encrypted and no
                                                       CVV or CVC info was accessed;
                                                       will not included in breach numbers
Art.com                     12/12/07          10/12/07 because info encrypted
                                                unauthorized person hacked into
Robotic Industries                              admin. portion at website and
Association                 12/20/07   12/11/07 obtained credit card information.
                                                stolen laptop from ee's car at ee's
                                                residence; included names, email
                                                addresses, SSNs, EINs, salary info
Wendy's                     12/21/07    12/3/07 of certain ees
                                                lost backup tape; set of 9 backup
                                                tapes delivered to storage vendor;
                                                checked into security system and
                                                never checked out but 1 of the 9
                                                can't be located; 15372 instances
                                                of active account number tied to
                                                NC resident's name w/ less than
                                                450 cases where SSN was
GE Money                      1/3/08       2007 included

                                                  file with info inadvertently placed on
                                                  web server; info included names,
                                                  SSNs, term and class info, email
                                                  addresses, univ ID number;
Franklin University           1/7/08    12/7/07   possible for info to be viewed online
                                                  stolen computers; provide
                                                  recordkeeping services for
                                                  retirement plans (T. Rowe Price);
                                                  info included names and SSNs on
CBIZ Benefits & Insurance                         unencrypted harddrives but not
Services, Inc.               1/22/08   12/26/07   address or DOB
Sava Senior Care                                  discs sent to outside vendor lost
Administrative Services                12/31/07   and never left distribution center
                                                  laptop stolen from sub-contractor's
                                                  office, later recovered; included
                                                  name, address, SSN, DOB, salary
                                                  info, 401(k) acct ## and balance
Mariner Health Care, Inc               12/31/07   info
                                                  hackers broke into on-line
                                                  webstore; gathered personal
                                                  inforamtion including names, credit
                                                  card #'s, expiration dates,
Kiwanis International        1/28/08     1/4/08   billing/shipping addresses
                                                  co does benefits for Wendy's ees;
                                                  benefit confirmation statements for
                                                  some Wendy's ees contained
Mercer Out Sourcing (Life                         dependent information for other
Choice Service Center)       1/29/08   11/29/07   ees
                                                  laptop lost/stolen from hospital
Wake County EMS              2/11/08    1/17/08   docking station

                                                theft of unencrypted storage device
Salesforce.com                2/8/08    1/30/08 with ee data from an ee's car
                                                       release/display; former faculty
                                                       member put course data on a
                                                       website; included SSNs (of 44
                                                       people), test scores, full name,
                                                       ECU email ID, pirate ID, final
                                                       course score, 234 had internet
ECU                            2/6/08                  exposure
                                                       former ees were accessing
                                                       computer system; believe intent
                                                       was to get proprietary business info
                                                       to get competitive advantage for
                                                       new er; computer access has been
                                                       revoked and nationwide will contact
Nationwide Financial          2/13/08          1/23/08 new er about situation
Cross Country Staffing         2/8/08           2/1/08 computer stolen from ee's car
Kraft Foods                   2/28/08          1/16/08 computer stolen from ee's car

                                                          internal auditor's car stolen from
                                                          county parking lot and in trunk was
                                                          printout of bank draft transactions
                                                          for aquatics center members from
                                                          06; car recovered but info missing
                                                          from trunk; included names and
Mecklenburg County            2/27/08                     bank acct info
                                                          desktop stolen out of office; bldg
                                                          broken into after hours with a
                                                          crowbar; data included consumer
                                                          names, DOB, address, SSN and in
                                                          some cases bank account #'s;
Administrative Systems, inc                               KMG America and Kanawha
(subsidiary of National                                   insurance co also notified officer
Financial Partners)           2/21/08         12/31/07    about this incindent
                                                          laptop stolen from vendor's facility
                                                          (Systematic Automation Inc.) in
Nestle Waters N.A.            2/26/08          2/11/08    Fullerton, CA
DaVita Inc.                    3/3/08           2/4/08    laptop stolen from ee's vehicle
                                                          consumer data left unprotected on
The Dental Network            3/10/08          2/20/08    website

                                                          laptop stolen from central office;
Employment Security                                       encrypted and password protected
Commission of NC              3/14/08          3/10/08    so not technicaly a breach
                                                          laptop stolen from independent
                                                          contractor that arranges travel for
Pfizer, Inc.                  3/21/08          2/11/08    Pfizer ees
                                                          30 laptops and desktops stolen;
The Heritage Group            3/19/08            3/9/08   servers not affected
                                                          SSNs unprotected on internet;
                                                          name and SSNs viewable to those
                                                          that accessed
                                                          connect2success.com and
                                                          bypassed noraml entry point and
                                                          went directly to administrator
Toshiba                       3/20/08   1/24/08-2/12/08   access.
                                              data backup services missing
                                              several boxes of tapes; archieve
                                              services vendor for company states
                                              it can not account for one of
                                              several boxes of data backup tapes
BNY Mellon Shareowner                         that the vendor was transporting to
Serivces                    3/19/08   2/27/08 an off-site storage faciity
                                              laptop stolen from ee's home in
                                              Ohio; laptop owned by contracted
GMAC Insurance               4/2/08   3/25/08 vendor

                                              vendor (Pershing) generated a
                                              client acct report, and inadvertently
                                              sent to the wrong Walnut Street
                                              Securities manager; branch
                                              manager and two people outsidde
                                              of firm may have had access to the
                                              report because they help service
Walnut Street Securities     4/7/08    2/7/08 his clients business

                                              ee uploaded clients' personal files
                                              to a computer not protected by
                                              company's firewalls and other
                                              security system; file data available
Interbank Fx                 4/7/08    4/2/08 on the internet for period of time

                                              stolen laptop; teacher noticed
                                              computer stolen from locked closet
Stokes County High School    4/9/08    4/7/08 upon return from spring break
                                              postcard sent out reminding
                                              consumers to activate their
                                              Heealthcare FSA Debit Cards with
                                              with SSNs on them (not identified
Aon                         4/14/08    4/7/08 as SSN and no dashes)
                                              laptop stolen from external auditor
                                              (Ernest & Young); may have
                                              contained personal info of some
Ryerson, Inc.               4/16/08    4/3/08 current and former ees
                                              electronic files accessed by third
                                              party without authorization;
                                              decommissioned server was
                                              inadvertantly left unprotected by
Gerdau Ameristeel           4/11/08           company's firewall

                                              unauthorized user gained access to
                                              some its computer systems; does
Stryker Instruments         4/10/08   2/18/08 not think user was after SSNs
                                              thieves stole 8 computers and 1
                                              server; server password protected
                                              and behind 3 locked doors (break
Central Collection Bureau   4/17/08   3/21/08 in)
                                                    SSN inadvertently placed in
                                                    customer's address field and sent
Nationwide Mutual Ins Co   4/24/08           4/9/08 to customer
                                                    4 laptops stolen; 2 of the laptops
                                                    contained names, addresses, Saks
                                                    credit card acct # and/or Saks/MC
                                                    co-branded card account numbers;
                                                    DID NOT include SSNs, card
                                                    expiration dates, PIN or other
Saks Fifth Avenue          4/30/08   mid April 2008 sensitive data

                                                   former ee accessed disc contianing
                                                   personal info or ees prior to Dec
                                                   2003 and attempted to email info
                                                   on disc to another person; retained
                                                   disc when employment ended in
                                                   violation of co. policies and
Purdue Pharma LP           4/30/08         3/26/08 confidentiality agreement
Nationwide Mutual Ins Co   5/15/08         3/19/08 laptop stolen from ee's car
                                                   computer hacker gained access to
1st Source Bank            5/29/08         5/12/08 debit and ATM card info
                                                   back up tapes missing; contained
                                                   images of checks and other
                                                   payment/remittance docs that bank
The Bank of New York                               processed between Feb 25 and Apr
Mellon                     5/30/08          5/8/08 25, 2008
                                                   thieves broke into Irving, TX
                                                   regional office and stole laptop
R.E. Moultan               5/23/08          3/7/08 computer
                                                   State Street B&T aquired Investors
                                                   B&T and requested info; Investor
                                                   B&T loaded data onto computer
                                                   equipment; equipment
Investor Bank & Trust      3/29/08         4/30/08 subsequently stolen
                                                   on-line store website caught an
                                                   external virus (SQL virus) which
                                                   accessed server and may have
                                                   attacked credit card info of
Altman Weil, Inc            6/4/08         5/16/08 customers
United Transportation                              2 laptops reported missing during
Union Insurance                                    transport; one had customer
Association                 6/9/08          5/8/08 personal info
                                                   data entry mistake led to SSNs
Nationwide Mutual                                  being displayed in address
Insurance Company           6/6/08          5/6/08 windows of mailings
National Farmers Union
Property and Causalty                              laptop stolen from ee; stolen on
Company                    6/13/08          5/2/08 5/2/08 but not noticed until 5/28/08
                                                   Hacker accessed consumer accts
                                                   of small business using IBO
                                                   identification# and password
                                                   combinationthe business got from
Quixtar, Inc.              6/11/08         5/27/08 an external website
Ebara Technologies, inc.                          break-in and theft of computers;
Employee Medical Benefits                         consumer health info possibly
Plan                          6/18/08   5/27/08   compromised
Aon                           6/18/08   5/30/08   laptop stolen from ee
                                                  computer with sub-contractor (Colt
                                                  Express) stolen from office during
JDS Uniphase Corp.            6/23/08   5/26/08   non-working hours
                                                  computer lost by traveling ee; left
Newedge USA                   6/24/08    6/6/08   laptop in cab while in FL

                                                mailed tax reports to wrong
                                                customers; some of the 5498 tax
                                                reporting statements sent out in
National Western Life                           late May were included with 5498s
Insurance Co.               6/26/2008   5/30/08 mailed to other policyholders
                                                break-in to computer system of
                                                third party benefits provider (Colt
                                                Express Outsourcing Services) for
                                                Google; various pieces of computer
                                                equitment stolen from Google
Google (COLT)                  6/2/08   5/26/08 property
Nationwide Mutual
Insurance Company             6/26/08   5/21/08 stolen laptop from ee's car
Nationwide Mutual
Insurance Company             6/26/08    5/6/08 stolen laptop from employee's car
                                                Electronic back-up disk lost in
                                                transit because of damage to the
Fischbach, LLc                6/30/08   3/21/08 shipping container
                                                hacker breached security system of
                                                online bookstore and "hacked" into
Xlibris Corp.                 6/19/08   6/20/08 database
                                                Colt Express Outsourcinng
                                                Services (COLT), thid party vendor,
Zhone Technologies                              was burglarized and certain
(COLT)                        6/16/08   5/26/08 computers were stolen
                                                Colt Express Outsourcinng
                                                Services (COLT), thid party vendor,
                                                was burglarized and certain
Bebe (COLT)                   6/16/08   5/29/08 computers were stolen
                                                ee of Phase3, which processes
                                                trade data for retail / institutional
                                                brokerage firms, left a bag
                                                containing a laptop in a taxi at Ft.
SunGaurd Data Systems,                          Lauderdale-Hollywood International
Inc.                          6/19/08   5/11/08 Airport.

                                                internal report that distributed via e-
                                                mail; Internal report that contained
Highland Capital                                certain personal information was
Brokerage, Inc.               6/12/08           inadvertently distributed via e-mail
                                                Colt Express Outsourcinng
                                                Services (COLT), thid party vendor,
                                                was burglarized and certain
Nielson Mobile (COLT)         6/26/08   5/26/08 computers were stolen
Nationwide Mutual                               A thief broke into a Nationwide
Insurance Company            6/20/08    5/20/08 employee's car and stole a laptop
                                                Colt Express Outsourcinng
                                                Services (COLT), thid party vendor,
                                                was burglarized and certain
Sidley (COLT)                6/24/08    5/26/08 computers were stolen
                                                Colt Express Outsourcinng
Washington Government                           Services (COLT), thid party vendor,
Environmental Servics,                          was burglarized and certain
LLC (COLT)                    7/1/08    5/27/08 computers were stolen
                                                Colt Express Outsourcinng
                                                Services (COLT), thid party vendor,
California Banker's                             was burglarized and certain
Benefits (COLT)              6/30/08    5/26/08 computers were stolen

Nationwide Mutual                               A thief broke into a Nationwide
Insurance Company             7/3/08    6/24/08 employees car and stole a laptop.
                                                in Dec. '07 DSMI discovered that
                                                hackers had accessed DSMI
                                                computers that potentially
                                                contained customers' name,
                                                address and credit card information
                                                between Oct. 9. 2007 and Dec. 28,
Digital Marketing Services    7/3/08   12/28/07 2007.

                                                  back-up data tape containing BMS-
                                                  related electronic data stolen while
Bristol-Myers Squibb Co.     7/11/08     6/4/08   being transported from storage
                                                  Paper documented were lost in
4pm Raftlatac, Inc.          7/11/08    7/10/08   transit
Oakland University           7/10/08    5/19/08   external hard drive stolen
                                                  lost of computer backup tapes
                                                  containing confidential client info
                                                  when tapes were being transported
Willis                       6/10/08     6/9/08   to off site storage
                                                  hacker accessed database that
                                                  contains the products information
Pearson Educational                               used by website including credit
(Heinemann-Raintree)         7/11/08     1/1/07   card numbers
                                                  ee's car broken into; she was
Greensboro Gynecology                             transporting back up tapes with
Associates, P.A.             6/16/08    5/29/08   consumer information on it

                                                third party benefits administrator
                                                inadvenrtently misplaced tapes
                                                while in transit to a storage facility
                                                in India; ees had insurance benefits
Tele Atlas                   7/14/08     6/9/08 through TeleAtlas
Nationwide Mutual
Insurance Company            7/18/08     7/2/08 laptop stolen from ee's car
                                                Colt Express Outsourcinng
                                                Services (COLT), thid party vendor,
Pillsbury Winthrop Shaw                         was burglarized and certain
Pittman (COLT)               7/25/08   5/26/08 computers were stolen
                                                     theft of computer equipment from
                                                     third party vendor; info
The Goldman Sachs Group     7/24/08          5/28/08 electronically encrypted
                                                     archive services vendor notified
                                                     that it could not account for one of
BNY Shareowner Services,                             several boxes of data back-up
on behalf of The Walt                                tapes being transported to off-site
Disney Co.                  7/24/08          2/27/08 storage facility
                                                     Laptop stolen during building break
Anheuser Busch              7/21/08           6/6/08 in

                                                     ee in reservation center who was
                                                     responsible for processing
                                                     customers' requests for changes to
                                                     their reservations misused the
                                                     payment card system to make the
                                                     changes but divert the extra
                                                     charges to his personal account
Alaska Airlines              8/5/08          6/11/08 instead of the companies account.
Affiliated Mortgage D/B/A
YSU Lending                  8/5/08          7/14/08 Computer stolen during break-in

                                                     A computer virus infected certain
                                                     computers that may have resulted
                                                     in the compromise of personal
Honeywell International     7/16/08          6/24/08 information of some employees
                                                     zip drive deposited with USPS and
                                                     arrived with package open and zip
                                                     drive missing; contained mortgage
                                                     apps with SSN, wage statements,
Territory Mortgage          8/11/08          7/29/08 credit info, etc
Nationwide Mutual                                    ees searching database beyond
Insurance Company           8/14/08          7/17/08 authorized use

                                                     Unknown and unauthorized third
                                                     party hacked into and gained
                                                     access to company computer
                                                     server; server used to store
Interactive Financial                                information about consumers
Marketing Group                                      through website but no credit card
(Dominion Enterprises)      8/18/08   11/2007-2/2008 numbers were stored on server
                                                     Colt Express Outsourcinng
                                                     Services (COLT), thid party vendor,
Intuit (Colt Express                                 was burglarized and certain
Outsourcing Services)        9/5/08          5/26/08 computers were stolen
                                                     Stolen laptop with employee
US Foodservices              9/3/08                  personal information
                                                    Allsup Inc., contract service
                                                    provider for Aetna Disability,
                                                    performs functions related to admin
                                                    of disability benefits; notified by a
                                                    mgr of an apt building that docs
                                                    including personal info for some
                                                    disability claimants had been left in
                                                    an apartment after the tenant
Aetna Life Insurance Co.      9/16/08      8/4/08   moved out
Rochester Institute of                              Laptop stolen from National
Technology                    9/16/08     8/25/08   Technical Institute for the Deaf
                                                    Stolen laptop with employee
Howard University             9/10/08     8/30/08   personal info
                                                    Unauthorized access to company's
Pss World Medical, Inc.       9/17/08     8/30/08   career board website

                                                    computer payment system,
                                                    including payment card info, may
                            11/26/03 -              have been hacked on nine different
Forever 21                   10/24/05     9/16/08   occassions over number of years
NACCO Materials Handling                            An access database availble on
Group Inc.                    9/15/08     8/10/08   unsecure intranet computer drive
                                                    back up tapes containing personal
Regal Entertainment Group     9/17/08     8/29/08   information lost
                                                    laptop stolen from auditor's
Carneiro, Chumney & Co.       9/17/08      8/8/08   residence

                                                    Employee used customer info to
AmeriCredit                   9/25/08               illegally obtain goods & services
                                                    A point of service server, which
TPC Las Vegas f/k/a TPC                             transmits info related to credit card
Canyons                       10/8/08     5/23/08   purchases, was stolen
                                                    Information viewed by those that
                                                    should not have access to that
City of Coral Springs         9/24/08               information.
                                                    investigation IT team detected
                                                    unusual activity on a server located
Wyndham Hotels &                                    in Phoenix, AZ; redit card numbers
Resorts                      10/15/08     9/12/08   exposed to hacker
                                                    hacker accessed a file on company
                                                    server which contained personal
                                                    info on ees from 1998 to March
Cole National Group, Inc.    10/13/08      4/1/08   2005
                                                    Laptop and external hard-drive
Fiserv Health Plan                                  stolen from ee's personal car in
Adminisrator                 10/31/08     9/25/08   San Antonion, TX; ee terminated
Division of Aging & Adult                           laptop stolen from ee traveling to
Services                     10/31/08    10/25/08   training conference
                                                    personal info contained on laptop
Starbucks Corp.              11/18/08    10/29/08   that was stolen
                                                    laptop stolen from Manhattan office
The Nielsen Company          10/20/08    11/13/08   some time over a weekend
                                                         hackers exploited an SQL injection
                                                         vulnerability in web servers to
                                                         compromise electronic info stored
Shamrock Corp.               11/7/08           8/15/08   therein
                                                         ee of Affinitas, vendor managing
                                                         outbound telephone sales of
                                                         products for Kraft's Gevalia
                                                         subsidiary, copied personal info
                                                         regarding 11 customers, including
Kraft Foods                 11/12/08          10/16/08   names and credit cards
                                                         hackers exploited an SQL injection
                                                         vulnerability in web servers to
Helen Grace Chocolates,                                  compromise electronic info stored
Inc.                         11/7/08           8/15/08   therein
                                                         received an anonymous letter
                                                         requesting money or they would
                                                         hack into company's computer
                                                         system and expose the personal
                                                         info of all of its consumers; under
Express Script              11/12/08          10/28/08   criminal investigation
                                                         ee believed to have circumvented
                                                         existing controls to sell the info to
Countrywide Home Loans       4/28/08          11/20/08   third parties
                                                         Laptop with personal info about
                                                         some participants in HP benfits
Hewlett-Packard Co.          12/4/08           6/26/08   program stolen

                                                       laptop stolen from a car; contained
Stanlex, Inc.d/b/a Home                                personal data about patients
Care of the Carolinas       11/21/08           11/9/08 receiving home care services
                                                       A sales agent's office was broken
Nationwide Mutual                                      into; thief stole cash and the
Insurance Co.                12/5/08          11/23/08 policyholder's check
                                                       acct created for demonstration of
                                                       features of pension website
Nationwide Mutual                                      inadvertently contained real
Insurance Co.                12/5/08           11/5/08 customers' information.

                                                        network security breach on website
                                                        exposing name, address, credit
Cavender's Boot City         12/2/08   1/1/08 - 10/1/08 card # and purchase history
Rochester Institute of                                  Three laptops stolen from storage
Technology                   12/8/08          11/17/08 area.
                                                        Hacker accessed an elctronic file
                                                        located on a company file transfer
                                                        protocol server; file contained
                                                        payroll information for ees of
                                                        Things Remebered from 1998
Cole National Group, Inc.   12/12/08            9/11/08 through early 1995.
                                                       laptop owned by Creditek, LLC, a
                                                       company which provides billing
                                                       services to DJO, was stolen from a
                                                       locked home in the Bahamas,
DJO, LLC                    12/12/08          11/14/08 where the employee was staying
                                                 Malicious software infecting
                                                 consumers personal computers;
                                                 online bill payment website was
                                                 redirected to a website based in
                                                 Ukraine capable of infecting some
                                                 but not all users' computers,
                                                 depending on their computer's
                                                 operating system and virus
Fiserv, Inc.                 12/12/08    12/2/08 protection
                                                 former ee downloaded data,
                                                 believed to be forms and
                                                 templates, to take to a new
Lehigh Hanson Heidelberg                         employer, but it included payroll
Cement Group                  12/8/08    9/30/08 info
                                                 A malware virus was discovered on
                                                 a computer in Payroll and
UNC - Greensboro             12/16/08   12/11/08 Accounting Services Dept.

                                                   paper breach; company hired to
                                                   convert paper pension files to an
                                                   electronic format, ISSI,
                                                   experienced a theft of info from
Norfolk Southern Coorp.      12/17/08   10/29/08   files as they were being processed
                                                   laptop stolen from locked office;
Federated Mutual                                   thief broke office window to gain
Insurance Co.                12/23/08   11/24/08   access
                                                   2 laptops stolen that contained
                                                   sensitive information on current
North Pacific Life Group     12/23/08    12/1/08   and former ees
                                                   e-mail server compromised - file on
UNC School of Arts             1/5/09    12/9/08   P2P network
Winston-Salem State
University                    12/3/08    10/1/08
                                                   vendor informed co that there was
                                                   an intrusion into a part of the online
                                                   system that could have resulted in
Ameriprise Advisor                                 unauthorized access to client
Services Inc.                 1/13/09   12/17/08   account info
                                                   service provider inadvertantly
                                                   transmitted loan data to an
                                                   unauthorized provider; third party
Student Loan Xpress, Inc (                         involved claims to have destroy the
a CIT Company)                1/29/09   12/11/08   data
                                                   malicious spyware used to access
                                                   intransit, unencrypted payment
                                                   card data while it was being
Heartland Payment                                  processed by companies card
Systems                       1/30/09    1/12/09   authorization system
                                                   hacker installed a key logger in
                                                   payment system of restaurant to
Fuddruckers                    2/5/09   11/30/08   obtain electronic card data
                                               Cashier used her own handheld
                                               card skimming device to steal
                                               customer credit cards (incident in
Best Buy                      2/5/09    1/5/09 West Palm Beach, FL store only)

                                                payroll dept. ee downloaded certain
                                                unencrypted personal info onto a
                                                portable data storage device in
                                                connection with an audit of payroll
Pepsi                       12/23/08    12/8/08 info; device was lost
                                                lost or stolen hard drive (used for
Blue Ridge Community                            data backup) with personal data on
Action, Inc.                  2/4/09     1/2/09 it
                                                laptop stolen from the accounting
Jet Direct Aviation          2/10/09   2/2-3/09 area

                                               Website that allows purchases (to
                                               mostly businesses) of software
                                               products was not secure; password
Motorola, inc.               2/10/09   1/15/09 protected but not encrypted

The Home Depot, Inc.          2/6/09    2/6/09 Tax forms mailed to wrong vendors

                                               former ee kept a laptop containing
BlackRock Inc                2/11/09    1/2/09 employeess personal info
Hertford Gates Home
Health Agency                2/16/09   1/12/09 Stolen laptop
Employment Security                             notices mailed with mis-matched
Commission of NC             2/20/09   2/19/09 personal information
Colonial Life & Accident                        A USB drive lost and later
Insurance Co.                2/19/09    2/4/09 recovered in the same parking lot
                                               dividend disbursing agent
                                               inadvertently mailed tax forms to
                                               the wrong shareholders; some
                                               shareholders forms with personal
                                               info about other shareholders
                                               including their names, addresses,
Developers Diversified                         social security numbers and other
Realty Corp.                 2/27/09    2/2/09 dividend related information.
                                               service provider inadvertently
                                               transmitted unencrypted personal
                                               info of credit union ees to another
                                               of the service provider's clients; the
                                               client confirmed in writing that the
                                               info it mistakenly received was
Navy Federal Credit Union    3/13/09   2/25/09 deleted and destroyed
                                               some user files inadvertently
                                               available on a publicly accessible
LifeWatch Corp.              3/19/09   2/20/09 company website
NC Residents
 Impacted



           20

           25

        2,801



       33,973




          286




           14

           56




          171




          865


           21



        1,714


       65,000


          193


          352

               1
   26

    1


    8


  471




   19
  682

4000+

   90


   16


    1

 2,700




 3,237




  117

53,529




  550

 1,100


  172

    1

 5,980
17,000


25,000




 3,226




   60




  569




  871




    8




    5
    22




145,197




   578




    36




     2




    22
16,446




 1,424




  274




   10




    7




   34
 976


6,700




 320




   3




3,757
 3,850




  370




   99




  290




24,000




    4
1,700




 195




3,050




3,280
   12




   95




  299




  652




   74




28,000
9,843




 100


1,870




2,437




 566




 189




 200
   38




   14




15,372




   73




 2,282

 4,405




 7,048




  570




   27

 4,733


    8
 2,538




   19
  202
   32




  400




13,236


   15
  260

   95




 1,771


   21

   47




   21
248,000


  1,268




    17




   235




   800




    29




   410




  1,157




    34




   309
    1




 1,051




  248
    1

  267




 3,863


19,000




  700




   14


  593


    7


    1




   32
  8
152


674

570




824




 1

39


 9


87




42




316




570




18
   52




  100




   12




    2




 1,442




 5,526

   42
    2




 1,578




   34


40,000




    4

    2




   10
   26




19,189

 1,020




 1,505

 2,300




 1,617




  180

    9




 2,972




   59

 1,532
       21

      205

       78

      171




    98,930

      990

     1,819

        1


       71


?


      140




     5,297




     1,477


     1,082

    52,391

     1,522

       14
 1,336




    7




    2




31,710


63,051




 1,329


    1




    1




 3,516

   25




 1,477




 2,184
3,225




1,240


2,500




 415


1,969


2,249

1,444




 494




 211




1,300
   11




 1,077


15,033

    4




   58

   45


   23

 2,000

 1,615

 2,271




  339




  111


  204

								
To top