Exposure

WI: DOC Electric employees’ personal data auctioned off

The Wisconsin Office of Privacy Protection has posted notice of a breach that occurred on January 15, 2009 when DOC Electric assets were auctioned off by M&I Bank and a local auction house. Apparently the computers and file cabinets contained personal information on DOC Electric employees who were employed from the start of the...

Academic records inadvertently released

Tyler O’Neil reports: The presidents of Drake’s eight Greek fraternities were surprised to receive an e-mail in late January from the director of fraternity and sorority life with the grades of every fraternity man at Drake listed in an Excel spreadsheet. Drake’s four sorority presidents received similar e-mails with the complete listing of every...

Disabled Veteran Receives Other Veterans’ Personal Data By Mistake

Dallas Cook reports: Just a week after the Veterans Affairs Department agreed to pay $20 million to veterans for exposing them to possible identity theft in 2006 by losing sensitive personal information in a stolen laptop computer, a local veterans association mistakenly sent out personal information about disabled veterans in the mail. Gerry Sparks,...

IN: Social Security numbers leaked

Allison Suer reports: The Social Security numbers of 19 special events employees were leaked in an e-mail sent by another Ball State employee on Jan. 27, Tony Proudfoot, associate vice president for marketing and communications, said in a press release. The incident occurred because the 19 special events employees mistakenly put their Social Security...

Password Optional: Huge Security Breach Hits SpeedDate

Jason Kincaid reports: Wow. Something is seriously wrong at SpeedDate, the online dating site that throws strangers into whirlwind 3 minute dates. For at least 30 minutes this evening (and possibly more), passwords were totally optional. Type in a user name (no password needed), hit “Log In”, and you had access to every private...

MassMutual sent clients’ personal info to another client

Earlier this week, Massachusetts Mutual Life Insurance Company notified (pdf) the Maryland Attorney General’s Office that on January 6, it had inadvertently sent a report containing personal information to another client. The recipient immediately notified MassMutual of its error and reportedly shredded the document without further dissemination. The total number of individuals affected by...

JP: Hospital patient, staff info exposed on Internet

The personal information of 640 staff and inpatients of Bokuto Hospital in Sumida Ward, Tokyo, was exposed on the Internet via Winny file-sharing software a male clerical employee used on his home computer, the Tokyo metropolitan government said. The incident marked the first time the patient information of a metropolitan hospital was exposed on...

IN: Personal Info Of More Than 8,700 Posted On State Site

The Social Security Numbers of more than 8,700 current and former state employees were inadvertently posted on a state Web site last week, officials said. The information of 8,775 employees who had filed a worker’s compensation or disability claim between 2005 and 2008 was uploaded in a file to the Indiana Department of Administration’s...

P2P networks rife with sensitive health care data, researcher warns

Jaikumar Vijayan reports on the issue of p2p exposures compromising the security and privacy of health data: Eric Johnson didn’t have to break into a computer to gain access to a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients...