October: A Busy Month for Data Breaches
Every company, no matter what industry it is aligned with or what country it is based in, is vulnerable to losing sensitive data, either accidentally or by malicious endeavors. The Ponemon Institute has found that the average cost of a data breach in 2009 was an incredible $3.4 million. And, unfortunately, the frequency with which these breaches occurs appears to be increasing. Let’s take a look at some of North America’s more notorious breaches for October 2010:
October 14: In Lake County, Florida, a credit union employee stole customer’s credit information to take out loans — money which was used to help finance the attorney fees of her son, who is on death row for murder. The employee, Nazreen Mohammed, was accused of attempting to take $430,000 from banks such as RBC and Fairwinds Credit Union.
October 14: An employee of Accomac, Virginia had his laptop computer stolen while on vacation in Las Vegas. The computer held the names and Social Security numbers of approximately 35,000 county residents. The employee took the laptop on a personal vacation without permission from his superiors.
October 14: Though the incident occurred in August, it wasn’t recognized until October when the Veterans Benefit Administration Office in Boston realized they sent 6,299 benefit letters to the wrong address. All nine digits of Social Security numbers were on 3,936 of the letters. A Veteran’s Affairs report blamed the incident on programming error.
October 15: On this date, the University of North Florida reported that more than 100,000 people could be affected by a security breach. UNF stated that a file containing personal information on prospective students was possibly accessed by someone outside the United States. The university is working with the FBI “to determine the cause and intent of the breach.”
October 20: The personal information of 280,000 Medicaid members in Pennsylvania was compromised when a portable hard drive belonging to Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan was lost. “The insurers said they have beefed up security practices and will provide free credit-monitoring assistance to the people whose Social Security numbers, either in whole or in part, were on the missing hard drive.”
October 21: The Thames Valley District School Board in Ontario, Canada shut down its online student portal after it realized that the internet passwords of more than 27,000 high school students were compromised. The culprit in this incident posted a link on Facebook that directed users to a site that listed the names and passwords of students.
This, however, is only a partial list. More incidents can be found at DataLossDB.org.
Does your company have a solid cybersecurity strategy? If not, check out the article, The 5 Steps of a Cybersecurity Risk Assessment, by Peyton Engel, a data security expert at CDW.