The Maryland Attorney General’s Office received 14 breach reports in April. Three of them revealed breaches not previously covered in the media or on this site, and a few others provided new numbers or details on breaches we already knew about.
- Utah-based StoresOnline reported that an employee misused the credit card information of several customers in March. The firm decided to notify all 1, 231 customers whose accounts the employee might have had access to in the course of his work in the credit department.
- Architectural firm Ehrenkrantz, Eckstut & Kuhn reported that on April 12, a file containing sensitive employee information was inadvertently attached to an e-mail to a former employee. When contacted, the former employee assured the firm that the file was deleted and the information had not been misused.
- Tiffany & Company reported that a package containing hard copies of customer’s sales checks may have been misplaced or lost during transfer to the sales audit department. The sales checks contained credit card numbers. The company’s records indicate that the package arrived at their facilities, but the company was unable to locate them. As a result of the incident, the company changed their procedures so that sales checks no longer contain the full credit card numbers and only use the last four digits.
Additional details on previously known breaches:
- The FedComp breach, which was also reported to Maine, affected 400 Maryland residents.
- The JPMorgan Chase e-mail attachment gaffe that affected Fox Entertainment also seems to have affected Lorillard Tobacco. To add to their woes, Lorillard Tobacco had also been affected by the Towers Watson breach in February, which Lorillard also dutifully reported to Maryland in April.
- The Famous Dave’s stolen laptop breach previously reported affected 695 Maryland residents.