Who's careless with your information?
Data breaches are increasingly making headlines these days, thanks to "breach notification" laws that many states now have on the books.
Here in Maryland, the law requires businesses alert consumers when their personal information --- names, dates of birth, Social Security numbers, credit card numbers or other identifiers --- has been compromised by a lost backup tape, theft of a laptop or hard drive or the inadvertent posting of a file on a Web site.
Sometimes the breaches arise due to human error or deliberate action, such as the hacking of an online store or the incident at LendingTree.com I wrote about in today's paper. More than 56,000 Maryland consumers got letters from the company stating that former employees shared passwords for LendingTree's consumer database --- loaded with their names, social security with three mortgage brokerages.
Consumer advocates such as Jeannine Kenney of the Consumers Union have said that such laws even the playing field for businesses because everyone has to 'fess up when there's been a problem. And because the incidents generate negative publicity, it creates incentive for companies to do a better job safeguarding your info.
"The reputational black eye could cost some future business, as well as the financial burden of notification,” she said.
The identity theft program of the Maryland Attorney General's office now lists on its Web site the businesses that have reported security breaches. Take a look at the 67 incidents since the law took effect in January and click the link above to read copies of the letters the companies sent about the incidents:
| Case Number | Date Received | Business Name (click to see notice) | No. of MD residents | Total breach size | Information breached | How breach occurred |
| 150963 | 04/23/08 | Verizon Wireless | 450 | name, SSN, address, verizon wireless acct # | info stolen by former employee | |
| 150960 | 04/21/08 | SwimwearBoutique.com | 186 | name, address, credit card # | hacking of e-commerce website | |
| 150843 | 04/21/08 | LendingTree.com | 56873 | 5600 | name, address, e-mail address, phone #, SSN, incom | former employees allowed access to unauthorized mo |
| 150841 | 04/21/08 | Sterling Commerce | 13 | name, address, date of birth, SSN, premiums and co | unencrypted laptop stolen from 3rd party venndor e | |
| 150839 | 04/21/08 | Columbia Capital, LLC | 13 | name, address, SSN, banking information, Columbia | password protected laptop stolen from office | |
| 150956 | 04/21/08 | Central Collection Bureau | 96 | 700000 | name, address, SSN, date of birth, dates of servic | server stolen from locked office |
| 150712 | 04/17/08 | SPX Corporation | 1 | 329 | name, SSN, bank account #, routing #, account type | laptop computer stolen from subcontractor's home |
| 150623 | 04/14/08 | Gerdau Ameristeel | 13 | name, SSN, address | hacking, unauthorized access to electronic files b | |
| 150513 | 04/14/08 | Stryker Corporation | 23 | SSN | Hacked internal virtual private network | |
| 150451 | 04/10/08 | Interbank FX, LLC | 177 | SSN, Driver's License #, Passport info, name, Inte | File accidentally uploaded to unprotected server | |
| 150333 | 04/09/08 | Agilent Technologies, Inc. | 261 | 27000 | name, address, SSN, equity compensation info | laptop stolen from employee's car |
| 150512 | 04/08/08 | Walnut Street Securities, Inc. | 17 | Name, address, SSN, phone # | subcontractor accidentally sent client account rep | |
| 150253 | 04/04/08 | Unicare | 17 | member ID numbers (included SSN), pharmacy/medical | accidental exposure to internet by 3rd party contr | |
| 150114 | 04/04/08 | Siemens Healthcare Diagnostics Inc. | 199 | 3542 | name, date of birth, SSN | laptop stolen from employee's home |
| 150111 | 04/01/08 | GMAC Insurance | 6 | 2802 | Name, SSN< employee ID number | stolen laptop from contactor's home, files not enc |
| 150110 | 04/01/08 | Synovus Financial Corp. | 3 | Name, SSN, account info | loss of backup tape | |
| 149990 | 03/31/08 | Okemo LLC | 18401 | name, credit card # and expiration date | hacking: intrusion into computer network | |
| 150109 | 03/31/08 | Marriott International, Inc. | 20 | Name, SSN | Lost data tapes | |
| 149986 | 03/31/08 | Antioch University | 596 | Name, SSN, academic records, payroll records | hacking: inauthorized access to computer between 6 | |
| 149989 | 03/28/08 | Museum of Science | 1 | Name, address, credit card #'s, expiration dates | Open File inadverantly accessible through the Inte | |
| 149988 | 03/27/08 | THQ, Inc. | 72 | Name, SSN, address, employee stock purchase progra | strolen laptop, password protected, not encrypted | |
| 149861 | 03/26/08 | IInfinity Pharmaceuticals, Inc. | 2 | 725 | name, address, SSN, equity compensation info | laptop computer stolen from employee's car |
| 149630 | 03/25/08 | Genica Corporation | name, address, phone #, e-mail address, credit car | hacked e-commerce site | ||
| 149859 | 03/24/08 | BNY Mellon Shareowner Services | 4690 | name, address, SSN, account information, transacti | lost box of backup data tapes | |
| 149858 | 03/24/08 | Genworth Life and Annuity Insurance Company | 15 | name, address, date of birth, SSN | computers stolen from office | |
| 149848 | 03/21/08 | Pfizer Inc | 13 | 800 | name, credit card #, expiration date, address, pho | laptop computer stolen from home of contractor |
| 149573 | 03/13/08 | Education Management, LLC | 7 | 764 | name, SSN, Address, date of birth | laptop stolen from office, recovered |
| 149854 | 03/13/08 | Genworth Financial Trust Company, Inc. | 69 | name, address, SSN, account # | accidentally visible through window in envelope | |
| 149180 | 03/13/08 | Central Licensing Bureau | 2 | name, SSN, address, Nebraska insurance license # | report accidentally sent to wrong clients | |
| 149590 | 03/13/08 | Lasell College | 267 | 20000 | name, SSN | unauthorized employee accessed database |
| 149587 | 03/13/08 | Education Management, LLC | 3 | 12 | name, address, SSN | accidentally sent spreadsheet to list of 12 stuede |
| 149851 | 03/12/08 | |||||
| 149853 | 03/12/08 | MTV Networks | 2 | 5000 | name date of birth, SSN, compensation data | hacking of employee's computer |
| 148976 | 03/11/08 | 3M | 13 | 1500 | name, SSN | laptop computer stolen from employee's car |
| 150129 | 03/10/08 | The Dental Network | 69976 | 74000 | Name, SSN, DOB, address | Posted on company website in error |
| 148851 | 03/07/08 | Wolters Kluwer | 72 | name, address, phone #, e-mail address, credit car | Hacking: unauthorized intrusion into e-commerce we | |
| 148849 | 03/06/08 | Starling Insurance and Associates | name, address, SSN, DL# | server stolen from office | ||
| 148848 | 03/05/08 | Bob Davidson Ford Lincoln Mercury, Inc. | name, address, SSN, wages | storage tape lost enroute to payroll company | ||
| 148986 | 03/04/08 | DaVita Inc. | ||||
| 148979 | 02/28/08 | Nestle Waters North America | 197 | 8245 | name,. date of birth, SSN, | computer stolen from office |
| 148988 | 02/26/08 | Kraft Foods, Inc. | 39 | name, SSN | stolen laptop | |
| 148994 | 02/15/08 | Syda Foundation | 19 | Name, credit card number, expiration date, securit | hacking | |
| 148025 | 02/15/08 | J. Lohr Vineyards & Wines | 1 | name, SSN | computers stolen from office | |
| 147704 | 02/12/08 | Cross Country Staffing | 76 | name, SSN | laptop computer stolen from employee's car | |
| 147545 | 02/12/08 | Drexel University College of Medicine | 1 | name, SSN | laptop computer stolen | |
| 147642 | 02/08/08 | Salesforce.com | 9 | name, SSN, date of birth | theft of unencrypted external storage device | |
| 147163 | 02/06/08 | NSK Americas, Inc. | 2000 | name, SSN, salaries | employee database accidentally left unsecured on i | |
| 147544 | 02/05/08 | Administrative Systems, Inc. | 14126 | name, date of birth, SSN, bank account info for 34 | desktop computer stolen from office | |
| 147100 | 02/05/08 | DCI Donor Services | 18 | name, SSN | laptop stolen from Intern's home | |
| 147639 | 02/05/08 | Davidson Companies | 230000 | hacking: gained access to a company database by sp | ||
| 147387 | 02/04/08 | MLSGear.com | 1613 | name, address, credit and/or debit card # and expi | Hacking: used an SQL injection program to gain acc | |
| 147132 | 02/01/08 | Kiwanis International | 257 | name, credit card # and expiration date, billing/s | hacking: used an SQL injection virus to gain acces | |
| 146598 | 01/28/08 | Invitrogen Corporation | 1004 | name, address, SSN | laptop stolen from employee's home | |
| 146573 | 01/28/08 | GE Aviation Systems | 5 | name, SSN | stolen laptop from employee's car | |
| 146571 | 01/28/08 | Philips Lighting Company | 2 | name, address, SSN, date of birth | malware virus, unauthorized access to files on lap | |
| 146566 | 01/28/08 | Target Financial Services | 19 | name, address, credit card #, SSN, phone # | unauthorized access by employees of Target Nationa | |
| 146394 | 01/24/08 | Mariner Healthcare | 2199 | name, address, SSN, date of birth, salary info, 40 | laptop computers stolen from office | |
| 146391 | 01/24/08 | Sava Senior Care | 2199 | name, address, SSN, date of birth, salary, 401(k) | password protected but unencrypted laptops stolen | |
| 146177 | 01/22/08 | American Academy of Pediatrics | 4 | name, SSN, address | laptop computer lost during office move | |
| 146156 | 01/22/08 | Science Applications International Corporation (SAIC) | 3 | credit card # and security code, name, billing and | malicious software, hacking | |
| 145976 | 01/16/08 | BJ's Wholesale Club, Inc. | 13 | name, SSN | unencrypted flash drive lost | |
| 145974 | 01/15/08 | T. Rowe Price Retirement Plan Services, Inc. | 1470 | name, SSN | unencrypted computers stolen from office | |
| 146162 | 01/10/08 | Johns Hopkins Health System Corporation | 190 | name, address, date of birth, telephone #, SSN, ge | file stolen from employee's car |
Posted by Liz Kay at 12:35 PM | Permalink
| Comments (0)
Categories: Consumer protection, Naughty businesses/NBotW, Technology
Categories: Consumer protection, Naughty businesses/NBotW, Technology
