NYSEG and RG&E Notify Customers of Unauthorized Access to Customer Data
From NYSEG: New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E), subsidiaries of Iberdrola USA, today began sending precautionary notifications to customers advising them of unauthorized access to customer data. This situation involves an employee at an independent software development consulting firm (contracted by NYSEG and RG&E) who allowed unauthorized access to one of the companies’ customer information systems. The customer records contain Social Security numbers, dates of birth and, in some cases, financial institution account numbers. There is no evidence that any customer data has actually been misused, or that there was any malicious intent. NYSEG and ...
(Follow-up) Agreement Reached With Metropolitan Life Insurance Co. Over Release of Some Customers’ Personally Identifiable Information
Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein have reached an agreement with Metropolitan Life Insurance Co. to provide additional protections to the current and former customers whose personal information was made public. Information of current and former MetLife customers was part of a spreadsheet posted to the Internet by an employee of the company. When one of the customers saw the information in November, 2009, he contacted the employee who then notified the company, which took responsibility for correcting the problem and provided credit monitoring and identity theft insurance for the affected customers. “The company acted voluntarily to correct ...
Zappos hacked; notifying 24+ million Zappos.com and 6pm.com customers of breach and to reset passwords
Online retailer Zappos has been hacked. Its CEO, Tony Hsieh, posted a copy of an email notification explaining the breach to all employees with a copy of the email notification sent to customers: The following email was sent to our employees today: Subject: Important - Security Dear Zappos Employees - Please set aside 20 minutes to carefully read this entire email. We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with the FBI to undergo an exhaustive investigation. Because of the nature of the investigation, the information ...
Commentary: Morally bankrupt hacktivism
One of the blogs that I check every day for news on data breaches is an incredible resource called cyberwarnews.info. Lee's blog has been the source of a number of recent entries in DataLossDB. Today, Lee posted a commentary on his blog where he writes, in part: So to all the hackers, CWN continues to ask for you to stop attacking innocent people and company’s (sic) and start focusing on the real troubles out there like, illegal porn, illegal human trafficking and drugs and stop causing extra work for the authorities so they can to focus on real world troubles We will not be publishing any further credit card ...
Recent News of Note
NYSEG and RG&E Notify Customers of Unauthorized Access to Customer Data
From NYSEG: New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E), subsidiaries of Iberdrola USA, today began sending precautionary notifications to customers advising them of unauthorized access...
Read more of this article
(Follow-up) Agreement Reached With Metropolitan Life Insurance Co. Over Release of Some Customers’ Personally Identifiable Information
Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein have reached an agreement with Metropolitan Life Insurance Co. to provide additional protections to the current and former customers whose...
Read more of this article
Zappos hacked; notifying 24+ million Zappos.com and 6pm.com customers of breach and to reset passwords
Online retailer Zappos has been hacked. Its CEO, Tony Hsieh, posted a copy of an email notification explaining the breach to all employees with a copy of the email notification sent to customers: The following email was sent...
Read more of this article
Commentary: Morally bankrupt hacktivism
One of the blogs that I check every day for news on data breaches is an incredible resource called cyberwarnews.info. Lee’s blog has been the source of a number of recent entries in DataLossDB. Today, Lee posted a commentary...
Read more of this article
UK: Crossing a line that should not be crossed: 8 officers resign over misuse of police database
Russell Myers reports: Eight police staff have lost their jobs after illegally accessing the confidential records of dozens of people on the Police National Computer. Of the eight, one police officer and one community support...
Read more of this articleKnow About a Breach I’ve Missed?
If you know about a breach that should be included on this site, please let me know:breaches[at]databreaches.net. It's especially helpful if you can provide links to documentation or scan in a copy of any notification you received.