TN: Mayor’s donation check among records found in dumpster

 Breach Incidents, Exposure, Miscellaneous, Paper, U.S.  No Responses »
Apr 292013
 

Andy Wise reports:

The director of an adult literacy charity is trying to figure out how the personal information of former associates and donors, including Memphis Mayor AC Wharton, were piled up inside the charity’s dumpster.

“It absolutely should not have happened,” said Kevin Dean, executive director of Literacy Mid-South, based in Cooper-Young. “It was a huge mistake, and we are terribly sorry to the mayor and anyone else who was affected.”

Wednesday, Cooper-Young business owner Bret James alerted The Action News 5 Investigators to the dumpster, adjacent to both his property and Literacy Mid-South on Cooper St.

James said what appeared to be computer keyboards in good condition caught his eye. When he went to inspect them, he found the records.

“People’s Social Security numbers, home addresses, bank account and checking account numbers,” James said.

The records, by our inspection, appear to be 6-year-old documents of the former Mid-South Reading Alliance and the University of Memphis’ Memphis Reads program.

Read more on WMCTV.

VA: Chesterfield mom ‘disgusted’ after personal, financial info found in dumpster

 Breach Incidents, Business Sector, Exposure, Paper, U.S.  Comments Off
Apr 242013
 

Chris Thomas reports:

A Chesterfield mom is fighting mad after learning her family’s personal information is discovered, tossed away, near a trash can.

Her credit card numbers and her child’s social security number was discovered outside their taekwondo instructor’s business. It is located in the Arch Village shopping center off Midlothian Turnpike.

We are told more than 30 folders were discovered in the back of the business near a dumpster.

Ultimate Champions Taekwondo is kicking off it’s (sic) grand opening on the wrong foot.

Read more on NBC12.

Why the heck does a tae kwon do school need Social Security numbers? And why the heck would parents or adults agree to provide that information??

Thumbs up to the police who notified all the affected parents.

Sacred Art Tattoo in Flat Rock admits tossing sensitive documents

 Breach Incidents, Business Sector, Exposure, Paper, U.S.  Comments Off
Apr 162013
 

I had no idea that tattoo parlors have to collect and retain so much personal information, did you?

Maurielle Lue reports on a breach involving Sacred Art Tattoo in Flat Rock, Michigan:

Fox 2 found company documents containing client’s personal information, including birth certificates, drivers licenses, social security numbers and credit card information.

We talked owner Steve Fisher Sunday night. He said it wasn’t intentional, and believes his girlfriend may be to blame.

She’s to blame because he gave her access to records he should have protected and disposed of properly? How is that her fault? In any event, here comes another mind-boggling statement from the owner:

“I’m just blown away that I’ll be on the news for something I didn’t do,” he said when confronted inside his shop. “My girlfriend remodeled the house and I just tried to get rid of them. How else am I supposed to get rid of them? Burn them or throw them away?”

Burning them would be better than throwing them away unshredded. And the state law requires proper disposal after mandatory data retention – which Fisher didn’t seem to have complied with, either:

Some of the documents we found are client consent forms from as recent as last year. But the State Department of Community Health clearly requires all body art facilities to keep all records for at least 3 years, so clients can be notified of a health risk.

After 3 years are up, the State says client records may be destroyed, by shredding or incinerating, or any other manner that protects the confidentiality of all client-related documents.

Read more on MyFoxDetroit.

More sensitive documents found in central Indiana dumpster

 Breach Incidents, Business Sector, Exposure, Paper  Comments Off
Apr 122013
 

NBC News filed this report last week from WTHR:

It was only a few weeks ago that 13 Investigates uncovered hundreds of personal records trashed in an open dumpster. Now, another tip has led to the discovery of more files containing private information like Social Security numbers for anyone to take.

The files were very easy for us to get to. Armed with a step ladder, we had access to the files in a matter of seconds – ankle-deep in dozens of personal files. We even found a computer tower.

We found one application with names, addresses, Social Security numbers, phone numbers, all types of personal information someone would give when applying for life insurance.

The business is GNP Consultants. They handle life insurance and tax preparation out of a Fishers office building. The owner is George Pappas and in an unexpected twist of events, Mr. Pappas happened to wheel another cartload of personal files out to the dumpster while we were there.

Read more on NBC.

NZ: Privacy breaches revealed

 Breach Incidents, Exposure, Government Sector, Non-U.S., Paper  Comments Off
Apr 102013
 

Then again, maybe the government of New Zealand should just stop using all mail altogether – postal and email.  Here’s yet another breach:

Confidential legal aid details of a Bay man accused of breaching community work were mistakenly sent to a woman in a major privacy breach.

The Katikati man’s name, address and what his case was about were contained in a letter sent to a Tauranga mother who had applied for legal aid for her daughter.

Private details of two other men from outside the region were also sent to the woman about their legal aid applications – the documents relate to legal representation at parole hearings.

The woman contacted the Bay of Plenty Times yesterday, speaking on the basis that she was not named.

She said she was “horrified” to discover the letters among documents sent to her by the Ministry of Justice’s Legal Aid Office in Rotorua. TheBay of Plenty Times has sighted the letters.

Read more in the Bay of Plenty Times.

UK: Pembrokeshire child sex abuse files ‘released in error’

 Breach Incidents, Exposure, Government Sector, Non-U.S., Paper  Comments Off
Apr 062013
 

The BBC reports:

Allegations that Pembrokeshire council wrongly disclosed sensitive reports about 10 child sex abuse victims to another victim are being investigated.

It is claimed the person wanted information about himself, but received private details about others.

Read more on BBC.

The story was initially reported earlier today in Western Mail, which provides more detail:

The Information Commissioner’s Office will seek to establish why Pembrokeshire County Council gave around 400 pages of psychiatric reports about other victims to “Steven” after he sought disclosure of material relating solely to himself.

Steven – not his real name – was himself a victim in one of the most horrific cases of child sex abuse seen in Wales.

[...]

Steven claims that when he informed Pembrokeshire council officials about the inappropriate – and potentially illegal – disclosure to him of material relating to other victims, he was asked to return it quietly and added: “I was told that if I made a fuss the council would be fined, reducing the amount of money available for child protection today.”

Not only did the council allegedly lean on “Steven” not to go public with the breach, but he alleges they tried some of the same heavy-handed techniques I’ve criticized recently in other cases:

“One council officer told me I would be entitled to a small compensation payment for the distress I suffered as a result of the reports being wrongly disclosed to me.

“But I was also told that if I didn’t hand the material back, the council would apply for a court order forcing me to give back not just the wrongly disclosed material, but everything else.

The “everything else” apparently refers to all the material he had requested – and was legally entitled to – under the Data Protection Act.

A spokesperson denied that “Steven” had been threatened with any court action, but he insists that he was.

Wisely, he turned the papers over to the ICO’s office.

Read more on WalesOnline.

The Pembrokeshire County Council reportedly has had a number of concerns raised about its child protection – and now data protection. I would not be surprised if the ICO issued a monetary penalty over this breach, if confirmed, as it involved clearly sensitive information.

 Older Entries