First 3 Days of This Week Bring Several Newly Reported Data Breaches

| No Comments | No TrackBacks

Social Security Numbers Exposed On Hospital Bills

April 23, 2008 -Some 2,000 medical bills were mailed around East Texas last week with patients' Social Security numbers visible on the envelope after a technical glitch skewed billing at the collection agency used by the University of Texas Health Science Center at Tyler.

Chief Operating Officer Rob Marshall at UTHSCT said the problem was quickly addressed and fixed, but his disappointment in collection agency CBE Group Inc. might not be repairable.

"We're in negotiations ... I can't confirm or deny that we'll be with (CBE) in the future," he said Tuesday evening. "But we do have a different set of rules on handling issues like this and have already said how to safeguard this in the future."

Boots customer bank details taken...stolen in early April

April 22, 2008-Personal details of thousands of customers of Boots' dental plan have been stolen after a courier car was broken into in Bristol.

The information from Boots Dental Plan included customer bank account details, but officials claimed it was "highly unlikely" these could be accessed.

The details of 27,000 customers and 7,000 employees were stolen on 3 April.

Boots and Medisure, who administer the plan for the company, said all customers had been informed.

The Financial Services Authority said it had been given details of the theft and would be looking at the case.

LendingTree tells clients of breach

Improperly accessed files included information on mortgage customers

April 22, 2008-Adding to a growing list of companies suffering data breaches, LendingTree notified mortgage customers Monday that some of their personal information may have been inappropriately accessed.

In a letter, the Charlotte-based company said that outside loan companies may have accessed the information, including Social Security numbers, between October 2006 and early 2008 and used it to market their own mortgages to LendingTree customers.

LendingTree would not say Monday when it learned of the incident or how many people were potentially affected. It sent e-mails to alert customers it believes may be at risk of having their information accessed.

The company said it does not believe the disclosure led to identity theft or fraudulent financial activity, but recommended customers check their credit reports for suspicious activity.

In the letter, the online loan finder and lender said its internal security uncovered the incident, prompting an internal investigation and a report to authorities.

According to a Q&A sent to customers, "several former employees" may have shared confidential passwords with "a handful" of lenders that were not approved by the company.

The lenders then used those passwords to access customer information files that contained mortgage request data such as name, address, e-mail address, phone number, Social Security number, income and employment information. The files did not contain credit card information, LendingTree said.

10,000 bank account details stolen

April 22, 2008 -POTENTIALLY invaluable personal and account details of 10,000 Bank of Ireland customers, including passwords and medical histories, are missing.

Last night Data Protection Commissioner Billy Hawkes said the matter had been brought to his attention last Friday while the data . gathered by the bank's life assurance division and contained in four laptop computers - has been missing since last year.

Mr Hawkes said Bank of Ireland personnel had told his office that they became aware of the sensitive nature of what was contained in the stolen laptops last week.

The computers had not been encrypted.

The four computers that held the information on bank customers, including home addresses, bank account details and medical records, were stolen between June and October of last year.

One of the laptops was taken in a break-in at the home of a bank employee. The other three are understood to have been stolen from parked cars.


Server Theft Exposes Data on 700,000 Consumers

Break-in at debt collection company puts Indiana citizens' personal information at risk

APRIL 21, 2008 | Some 700,000 consumers' personal data is at risk today after the theft of a server and eight PCs from a debt collection company in Indiana last month.

The owner of the company, Central Collection Bureau, revealed the breach this weekend and said it is working with police and the Indiana attorney general's office, according to a report. CCB says it has improved security at its office, but 700,000 names stored on a handful of computers are now in the hands of thieves.

The computers contain the names of hundreds of thousands of people, as well as their addresses, Social Security numbers, and in some cases, medical codes. The collection company was hired by hundreds of doctors and some utility companies to collect on delinquent bills. Every name is a customer or a patient.

"Obviously, we need to be notifying those that could have potentially had information on there. We are recommending that they put credit freezes on or at least monitoring on their credit reports," said Chet Klene, Central Collection Bureau.

"Our server was password protected," Klene said. "We have obviously spoken to some IT people who feel that a good computer hacker could get through those passwords."

For more info see: Data Breach blogs:

No TrackBacks

TrackBack URL:

Leave a comment

A memoir exposing the steep price consumers pay when facing mortgage servicing errors, inaccurate credit reporting, illegal debt collection practices, identity theft and weak consumer protection laws. THE BOOK » DENISE'S STORY »