It’s early but it has been a bad year for personal data exposure already
The Identity Theft Resource Center, which tracks disclosed data breaches, has recorded 131 for the first three months of 2013, with 874,667 personal records related to medical, Social Security numbers, payment card and other information exposed.
Cbr Systems, a blood-bank operator in California that stores what’s known as cord blood from newborn infants for healthcare purposes, settled Federal Trade Commission charges that inadequate security practices contributed to a breach in 2010 related to stolen equipment that exposed Social Security numbers and payment-card information on about 300,000 individuals.
In February, Twitter’s director of information security Bob Lord, said in a blog item that Twitter had detected "unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data" and "one live attack" that Twitter shut down, leading Twitter to suspect "extremely sophisticated" attackers may have access to usernames, e-mail addresses, session tokens and encrypted/salted versions of passwords for 250,000 users. Twitter, as a precautionary measure, reset passwords and revoked session tokens for these accounts.
Central Hudson Gas & Electric in New York determined about 110,000 customers may have been impacted by a cyber-security attack, and is working with law enforcement to try and find out if customer personal and financial information was stolen.
The Florida Department of Juvenile Justice reported a data breach to the Florida Department of Law Enforcement that occurred because a mobile device — neither encrypted nor password-protected — with records on up to 100,000 employees and youth offenders was taken from a secure DJJ office.
Lucile Packard Children’s Hospital at Stanford notified patients that a password-protected laptop containing 57,000 records of medical information on pediatric patients was stolen from a physician’s office.
The Department of Health and Human Services in North Carolina disclosed that Computer Sciences Corp., the contractor on its Medicaid billing system, had lost a thumb drive containing information on 50,000 Medicaid providers nationwide.
Froedtert Hospital in Wisconsin disclosed a computer hacker may have information on 43,000 patients at its hospitals and some of its clinics.
An outside accountant working for the Central Laborers’ Pension Fund and related fund organizations in Illinois lost information on about 30,000 beneficiaries.
North Carolina officials warned that Social Security numbers for about 26,000 retired government employees may have been exposed to public view due to the envelopes used in a mailing by the N.C. Department of State in January. Schneider Electric disclosed a similar bulk-mail mistake impacting some of its employees.
Salem State University in Massachusetts disclosed a data breach that may have compromised the personal information of an estimated 25,000 current and former employees.
The Department of Energy, Savannah River Site, which runs sensitive programs related to nuclear-material storage and energy, said they’re investigating a security breach that allowed access to the personal information of at least 12,000 Savannah River site workers.
Baltimore-based Lee Miller Rehabilitation Associates disclosed to the Deptartment of Health & Human Services that theft of a network server resulted in the loss of 10,480 records.
At the Palm Beach County Health Department, a senior clerk was arrested and charged with using her job to steal identity information on more than 2,800 patients.