Under the media radar: recently reported breaches

In a recent press release, the Identity Theft Resource Center (ITRC) pointed out that in some cases, we only find out about breaches because a state lists the reports it receives online. Some recent submissions to the New Hampshire Attorney General’s Office are a case in point. Although most of the breaches reported below would probably be considered “minor,” they do suggest that focusing mainly on stolen laptop cases may yield an incorrect impression about the nature of most breaches.

1. Attorneys for Nix Check Cashing recently notified the New Hampshire Attorney General’s Office that during a burglary, a computer was stolen from one of the firm’s branches. The computer contained personal information on customers, including their names, addresses, phone numbers, and Social Security Numbers or driver’s license numbers. The burglary was reported to law enforcement on May 17, and letters were sent out the week of June 30 to those affected. The firm offered those affected free credit monitoring services. Over one hundred New Hampshire residents were being notified, but the total number of affected individuals was not reported.
2. NBTY, a manufacturer of vitamins and supplements, notified the New Hampshire Attorney General’s Office on July 7 that an e-mail containing some current and former employees’ and plan participants’ personal information had been sent to the wrong recipient on June 15. Information included names, dates of birth, and Social Security Numbers. Those affected were notified by letter on July 2 and offered free credit monitoring services.
3. Alcoa recently notified the New Hampshire Attorney General’s Office that an electronic folder containing personal information on current and former expatriates as well as others who received assistance from Alcoa’s Global Mobility Group had been inadvertently shared as a public folder within its network. Information on individuals included names, dates of birth, family members’ names and dates of birth, salary compensation, Social Security Numbers, and in some cases, medical information.  Alcoa discovered its error in permissions on the file on May 7 and has notified everyone affected although they say there is no indication that anyone accessed or viewed the file inappropriately and the file was not shared outside of its own internal network.
4. Equifax reported that someone had compromised the access and request information for Takapu International Exports. Takapu is a customer of Equifax Mortgage Services and the account was misused to make obtain merged credit reports, i.e., reports from Equifax, TransUnion, and Experian. It is not clear from Equifax’s notification how many people, total, may have had their information accessed by misuse of the account. Equifax reports that it suspended Takapu’s login information at the time and was working with Takapu to determine what had happened and to prevent future recurrences.