m4s0n501

Telstra Customers Impacted by Massive Data Breach

December 12th, 2011

Telstra Data Breach under Investigation by Privacy Commissioner

What Happened? Account details and phone numbers of telecommunications company Telstra’s customers were potentially compromised in a newly reported data breach. The Privacy Commissioner, Timothy Pilgrim, launched an investigation into Telstra’s data breach which occurred when its customer service website was openly accessible online.

Date of Breach: December 2011

Size of Loss: The grocery chain admits over 100 people who used the self-checkout counters in 23 of their northern California Lucky stores (and one SaveMart).

Affected Individuals: About one million

Geographic Focus: National

Data Contained: Account details including account numbers, phone numbers and credit card details of just fewer than one million Telstra customers were potentially compromised by the breach.

Additional Information: As a precaution, the company reset the passwords of around 60,000 customers and notified the Privacy Commissioner.

Lucky Supermarket Targeted by Identity Thieves

December 12th, 2011

What Happened? Bay Area Lucky supermarkets have been targeted by identity thieves, who used credit card “skimmers” attached to the terminals to collect the account numbers and PIN codes of everyone who used them to pay for their groceries. The company found out about the scam when routine maintenance at 19 locations turned up suspicious devices attached to the self-service scanners.

Date of Breach: December 2011

Size of Loss: The grocery chain admits over 100 people who used the self-checkout counters in 23 of their northern California Lucky stores (and one SaveMart).

Affected Individuals: Lucky customers

Geographic Focus: California

Data Contained: Credit card data

Additional Information: While Lucky now insists that the machines at all of its over 200 locations are now safe, the company is urging customers who used self-checkout at any of the compromised locations in October or November to immediately close their bank accounts or else risk having their identities stolen.

United Nations Server Hacked

December 5th, 2011

What Happened?: Hacktivist group TeaMp0isoN hacked into the website of the United Nations Development Programme, stealing sensitive data and dumping it into Pastebin.

Date of Breach: November 2011

Size of Loss: Hundreds

Affected Individuals: Individuals working for the UNDP, the Organisation for Economic Co-operation and Development, UNICEF, the World Health Organisation and other groups

Geographic Focus: Global

Data Contained: Hundreds of email addresses, user names, and plain-text passwords

Additional Information: The hack revealed lax password security at the agencies. Some of the accounts appeared to have a blank password and many more have easily guessable login credentials. And storing passwords in plain-text (rather than an encrypted form) is an even bigger mistake. TeaMp0isoN said that it carried out the attack as a protest against what it sees as corruption at the UN.

Sutter Medical Foundation Breach

December 1st, 2011

What Happened?: A Sutter Medical Foundation data breach occurred in mid-October, when a computer that held information on more than 4 million patients was stolen.

Date of Breach: October 2011

Size of Loss: 4 million

Affected Individuals: Patients, dating back to 1995

Geographic Focus: United States

Data Contained: Names, addresses, email addresses, dates of birth, telephone numbers and names of patients’ health insurance plans dating from 1995 were contained in the computer’s database, as well as dates of services and description of medical diagnoses or procedures used for business operations.

Additional Information: Patients concerned about their information can go to Sutter Health’s website, www.sutterhealth.org, to find a list of affected health providers or call toll-free at (855) 770-0003 between 8 a.m. and 5 p.m.

More Information: Sacramento Bee

Viriginia Students at Risk of ID Theft Following Data Breach

November 21st, 2011

What Happened?: Sensitive data  for more than 176,000 current and former students and employees at Virginia Commonwealth University may have been stolen when an attacker hacked a university server in October, 2011.

Date of Report: October 2011

Size of Loss:176,00

Affected Individuals: Current and former students and employees

Geographic Focus: Virginia

Data Contained: This server contained personally identifiable information, including Social Security numbers, names, school and personal email addresses and in some cases dates of birth, job titles and contact information.

Additional Information: The university has emailed all potential victims, sent letters to the same group, and developed a website about the incident to inform the community.

Tricare Data Breach Affects Millions

November 21st, 2011

What Happened?: The names and personal data of 4.9 million Tricare beneficiaries  were stolen in Texas in September. Tricare has notified recipients that their information was compromised and provided instructions for getting free credit monitoring.

Date of Report: September 2011

Size of Loss: 4.9 million

Affected Individuals: Beneficiaries

Geographic Focus: Texas

Data Contained: Names, Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions. There is no financial data, such as credit card or bank account information, on the information that was taken.

Additional Information: Tricare reported the breach on its website; both Tricare and SAIC say the risk of identity theft is low.

Military Patients Affected by Data Breach

November 7th, 2011

What Happened?: The Department of Defense says 4.9 million patients treated at military hospitals and clinics during the past 20 years might be victims of a massive data breach.

Date of Report: September 2011

Size of Loss: 4.9 million

Affected Individuals: Patients treated at military facilities in the past 20 years.

Geographic Focus: Texas

Data Contained: Medical records from a four-year period, July 2007 to July 2011. The Defense Department says the data involved in the breach may contain names, Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions. There is no financial data, such as credit card or bank account information, on the information that was taken.

Additional Information: Letters are being sent to potential victims.

UCLA Hospital Data Stolen in Burglary

November 5th, 2011

What Happened?: UCLA’s system of hospitals and clinics warned more than 16,000 patients that their personal information was on a computer hard drive stolen in the burglary of a doctor’s home.

Date of Report: October 2011

Size of Loss: 16,000

Affected Individuals: UCLA medical patients

Geographic Focus: Los Angeles, CA

Data Contained: medical records from a four-year period, July 2007 to July 2011.

Additional Information: The UCLA Health System warned 16,288 that they might be possible identity theft victims and giving them instructions on what to do. Someone using the documents for identity theft was “very unlikely,” but there was a possibility, the statement said.

Swedish Hacks Leak 400,000 Accounts

October 30th, 2011

The details of more than 400,000 user accounts in Sweden were leaked online, following a series of attacks that affected about 60 websites.

Last week, a Twitter account belonging to Swedish politician William Petzäll was used to publish passwords to email accounts belonging to journalists. Petzäll said that his Twitter account had been hijacked and closed the account. The source of the passwords turned out to be blogging site Bloggtoppen.se, which was hit by an SQL injection attack. Its user database, which included details for approximately 94,000 accounts, was published in September on a site called Flashback, and then distributed via Twitter, too. A day later, account details from another 57 sites were publicized, making the number of affected accounts rise to 180,000. Add another 210,000 accounts from Gratisbio.se, whose database with user names and passwords was made public last week.

The intrusion is one of the largest to ever take place in Sweden, based on the number of accounts affected.

Tricare Reports Massive Data Breach

October 10th, 2011

What Happened?: The sensitive data of 4.9 million Tricare beneficiaries could be at risk after a contractor reported that backup tapes to electronic medical records were missing. Tricare is the federal government’s health care coverage for active and retired military personnel and their families.

Date of Report: October 2011

Size of Loss: 4.9 million

Affected Individuals: Tricare beneficiaries

Geographic Focus: San Antonio, TX, U.S.

Data Contained: May include Social Security numbers, addresses and phone numbers, and some personal health data. There is no financial data, such as credit card or bank account information, on the backup tapes.

Additional Information: According to the company, the breach was on a backup system that contains electronic patient data from 1992 through Sept. 7, 2011 from patients that were treated at San Antonio area military treatment facilities (MTFs).

m4s0n501