Employees of the California Department of Consumer Affairs aren’t very happy today.  But things could be a lot worse.  Over 5,000 contractors and workers of the organization have become the victims of identity theft.  While the file that was misplaced contained titles and salaries, which are all public record, the real concern is that it also lists the social security numbers of everyone.  Russ Heimerich, a spokesman for the DCA, has said that the organization is taking all necessary steps to prevent anyone from using the information for fraudulent purposes.

The breach occurred on June 6 when a word document was incorrectly sent outside of the network.  No word has been given on why the file was not encrypted or how it was able to leave the system’s mainframe.  There are supposed to be security features enabled to prevent this type of breach from occurring.  According to Heimerich, officials at the DCA acted quickly to contain the breach. They sent out letters and emails to the affected contractors and workers to let them know of the data loss and to alert everyone to keep an eye out for identity theft.

This breach has struck some individuals as ironic, because the DCA is in charge of protecting consumers in the state of California.  Up through 2007, it was also responsible for educating people in the state about how to avoid fraudulent activity and deal with credit theft and misuse of personal information.  With the breach being made public, Heimerich was able to reassure people that there isn’t much to worry about.  The recipient of the email with the word attachment hasn’t even opened the file yet.

Heimerich has also assured those affected that the DCA will provide a year of credit monitoring services.  One of these services, Lifelock, locks your credit reports with all three credit bureaus.  The DCA has also said that it will pay for up to $25,000 worth of fraudulent activity that might take place on someone’s credit.  While the Lifelock services will alert consumers about new credit card and loan applications, it is good that the state is being so proactive in their efforts to fix any problems before they start.

In total, of the 5,000 affected individuals, only 2,800 of the people are still currently employed with the DCA.  The other 2,200 people are old contract workers, consultants, and people who are serving in only part time functions.  Other individuals are employed by various agencies throughout the state of California.  Members of the Office of Private Protection are not included in this alert, because their files are no longer stored in the same database as other agencies.  Experts note that the DCA has been very quick in taking all necessary precautions and that if anyone notices fraudulent activity, they should contact the DCA directly.

Southeast Missouri State University is at the center of a crime that has roamed across two states and along the lines of connectivity into the internet.  William Elum was arrested in Atlanta earlier this week in connection with stolen data which he obtained while at SMSU.  While employed at the university, he was a hall director, which gave him access to the personal files of students residing in his dorm.

University officials were first alerted to the breach when two students reported their information was used in the course of credit fraud.  Thankfully, neither of the attempts was successful.  While there has been no word about other criminal activities, university officials advise students to be on the lookout for any inappropriate charges appearing on their credit reports.  While students are able to put a fraud alert on their account or a credit freeze, they are also able to purchase a subscription to an ID theft service.  One such company is Lifelock, which provides a similar service with all three credit bureaus.

Once the initial activity was reported, officials went through the old security logs to see if there were any other fraudulent incidences.  The review of the logs showed that reaching back to April of this year, there had been a number of attempts to use students’ personal data to enter the university’s computer system.  The userid and passwords of the students were compromised and the userid was the same as the social security number of the affected person.

Students were alerted of the breach, by letter, on Thursday of last week.  Although there was a delay of over two weeks between the recognition of the breach and the sending of the letter, university officials say this was a result of finding out which students had been affected.  There were problems with the file logs and some of the data had been corrupted, slowing down the entire notification process.

Elum had left SMSU in 2007 and spent the 2008 school year working at Georgia Tech.  There has been no word if GT will examine its own files to see if Elum committed any similar criminal activity.  The data breach was brought to the attention of authorities in Georgia, where it is a felony to be in possession of unauthorized personal data.  According to insider accounts, Elum is scheduled to appear before the Superior Court of Fulton County on June 30.

The breach occurred during a time when the university was creating a new userid system that did not use social security numbers.  At the time, Elum was able to download the information to his personal laptop.  No word has been released by university officials about security features they have made to their network to prevent the transference of private data to personal computers.

This is hardly the type of attention that Sir Richard Branson wanted for his company.  Virgin Media, the portion of the larger Virgin Group that controls the entertainment and communication fields, reported a data breach the other day.  In all, over 3,000 customers of the company have been affected.  Details are still pending, although the extent of the breach is not expected to increase beyond the original 3,000 people whose personal information was contained on a CD.

The CD, unfortunately, was not encrypted.  No one for Virgin Media has come forward to explain why this sensitive material was not secured with any extra features.  It seems that burning the data to a CD goes against company policy.  In previously press releases issued by the company, they have emphasized that all private data is transferred only through secure FTP sites.  No one is sure if their policy has changed or if this is an isolated incident.  More information will be provided as it is given to the media.

The 3,000 people affected by the theft were involved with the Carphone Warehouse stores.  The material covered from January 2008 to the present.  Originally, the breach was discovered on May 29, although it was only announced today.  No one is sure why there was such a delay in notifying the public about the incident.  A company spokesman has said that they are working closely with the Information Commissioners’ Office to alert everyone affected.  Those who are concerned about their personal security should keep an eye out for letters or emails detailing future steps.  Virgin Media has promised to take care of any issues that arise from the problem.

With this not being the first data breach in England, more and more people are investing in ID theft services.  These subscription based companies, such as Lifelock, monitor the credit reports of all three companies, TransUnion, Equifax, and Experian.  Whenever a new credit card application or loan is opened in someone’s name, Lifelock is there to ensure the credit activity is legitimate.

According to the spokesman, the CD contained names and personal addresses.  No other information was on the disc, which has some experts optimistic that no damage will be done to people’s personal credit records.  As a result of the breach, Virgin Media has said they will reinvestigate all of their current security measures and make appropriate changes.  They are dedicated to making sure that their customers continue to have safe transactions and confidence in the company.  More and more companies have turned to electronic data transfers to alleviate this type of information breach.  The same can be said for the encryption practices and security measures that are continually updated to meet the current threat levels.

The scholastic and athletic fans at the University of Florida have one less thing to be excited about.  It seems that with all the money spent on a football team that recently won a national championship; someone forgot to create a new manual that reminded system administrators of what they’re not supposed to do.  This small oversight resulted in a data breach that exposed the personal data of over 11,000 students.  While some of the students are still in attendance, the majority of individuals have graduated and move on to areas outside of academia.

For those who are worried about the breach, the affected individuals come from a select number of people.  The majority of the people affected were involved with the Office for Academic Support and Institutional Service.  This office is also known as OASIS.  People who participated in this program between 2003 and 2005 and filled out the online application need to be on alert.  One might suspect that people who fall into this category may be some of the university’s athletic stars.  Although the university has said that the affected students or alumni have received a letter from the school with more details about the case.

There has been no word about how long the material was available to the public.  There has been an equally quiet front about how the breach was discovered and if the university took any delay before having the problem dealt with.  This reporter has checked the public database that the material used to be in and happily reports that the site has been closed and the private data removed.  Investigations will continue in to the matter to insure the safety of everyone’s personal identity.  It is also expected that the university will update its security systems and implement new policies to prevent breaches in the future.  Hopefully they do not take a page out of Columbia University’s (link) playbook, where two breaches have occurred in the last year.

While the university has made every effort to contact affected individuals, Florida officials say that there are over 500 people who cannot be reached.  This is through a failure of the university to maintain contact with some of its alumni and former students who do not keep in touch with their Alma Mater.  If you believe that you fall into the at risk category of online applicants through OASIS in the years listed above, contact the university as soon as possible.

In the meantime, representatives from Florida have not said how they plan to protect their alumni.  Some institutions provide free ID theft services when data breaches occur.  One of the companies that most corporations and schools deal with is Lifelock. While it is available to individuals, many larger institutions also use the service because they find that its policy of maintaining ties with all three credit bureaus is a wise approach.  Lifelock monitors personal credit reports and alerts consumers whenever a new loan or credit card application is taken out with their personal data.

You pay enough at the pump, don’t you?  While most of the public seems to be in agreement on this point, some companies have decided that they think they can still squeeze more money out of our pockets.  Not by raising their prices any higher (yet), but by being irresponsible with the financial records that oil companies keep.  The guiltiest culprit in this investigation is Petroleum Wholesale.  Petroleum Wholesales operates convenience stores in ten states and while you might not have heard of them, if you’ve driven in Texas, you know the name Sunmart Convenience Store and Travel Center.

There are no specific details about the number of people affected by this data breach, although authorities are saying it is rather large.  It appears that the company has been disposing of people’s financial records in a very unprofessional manner – they dump the material, un-shredded, into a public dumpster on the street.  No company spokesman was available to make a comment about how long this has been the company’s operating practice.  Also, because there is no notion of how many people have been affected, experts in the field of identity theft and personal security are advising frequent customers of the Sunmart locations to invest in ID theft services.

One of the largest providers, in the United States, of such services is Lifelock.  For a small monthly fee, the company maintains connections with the three major credit bureaus in America.  Each of these companies receives certain financial information about consumers and then maintains a score and record about the individual.  Lifelock steps in by monitoring these bureaus to find out whenever a new loan is filed or an application for a new credit card is entered into the system.  Lifelock then contacts its customer to make sure that they are the person who is submitting these applications and if it is an example of identity theft, they handle the next steps of tracking down the individuals.

In the case of the Petroleum Wholesale breach, the material found in the dumpsters contains more than enough data to allow someone to steal an identity.  Financial records that include names, home addresses, social security numbers, credit card and debit card numbers, along with their expiration dates, was all readily available.  There were also forms that contained drivers’ license numbers.  Additionally, returned checks, with bank routing numbers, were also found in the debris.  Authorities have not released how they found out about the material and if the person who reported the breach has been questioned.

Charges are already pending against the company.  While details are still sketchy, authorities say that Petroleum Warehouse will face charges about its failure to live up to the regulations of the 2005 Identity Theft Enforcement and Protection Act.  The company also failed to meet the agreements that all businesses reach over Chapter 35 of the Business and Commerce Code.  This chapter forces companies to develop and maintain secure methods for destroying secure information.  The fine associated with Chapter 35 includes a $500 fee for every financial record illegally disposed.  It looks like the Petroleum company might finally take a hit to its bottom line.

It is not a good time to be a student at Columbia University.  This is a report about the second data breach that they’ve suffered in the last 12 months.  And it is the same type of problem.  All in all, the problem revolves around access to social security numbers.  For some reason, the university doesn’t seem to recognize the importance of keeping this data secure.  Perhaps the school’s administration hasn’t heard of the crime known as identity theft.  Maybe they have and just don’t care.

What has set the students into an uproar was the announcement that 5,000 of their social security numbers have been available on an online database that anyone could access.  Not only was the data on the web, but it was also in a searchable format, which leaves the door open for even more specifically malicious activities.  The topper though, if that is possible, is that the breach has been occurring for the last 16 months.  Over that time period, there is no figure for how many people have accessed the data.  There is also a lack of accountability among the network security administrators of the university.

Students were alerted in an email on Tuesday to bring the matter to their attention.  The university found out about the breach when an alumni contacted the school about the website.  Apparently a student in the housing department posted the material without realizing that it was unsecured.  Upon request, Google took down the website and the university believed that the threat had been contained.  Unfortunately, on Wednesday, students alerted university officials that the data for over 200 students was still available.  A petition has begun circulating around campus to show the discontentment of the student body with what appears to be an inept administration.  This is only emphasized when people think back to a similar problem that developed in April 2007 in the housing department.  Demands listed in the petition involve criminal investigations behind the people responsible for posting the private data online, in addition to a detailed description of how the university plans to increase their electronic security.

While university officials have sworn to not rest until this issue gets resolved and the security features of all Columbia systems updated, no one appears to be holding their breath.  The university has agreed to provide subscriptions to ID theft services for two years.  These companies, such as Lifelock, monitor all three credit bureaus for illicit activity.  For a nominal fee, that the university is picking up in this specific case, customers are alerted whenever a new loan is opened or a credit card application is filed.  These ID theft services are available on a personal basis too and not just for people involved in large sized data breaches.

School children need to perk up their ears and listen to their teachers. Some school boards need to follow a similar path. Yet again, a data breach has struck the educators of America. This time around, the guilty party resides somewhere in Dickson, Tennessee. Unfortunately, while the crime took place there, the ease of spreading personal information on the internet means that private material may already be spread around the globe.

Laptop computers do not just grow legs and walk away. With that said, theft is the only way to account for the disappearance of a Dickson County school official’s personal computer. In fact, the laptop was taken from the office of Johnny Chandler, the superintendent of the district. It contained the personal data of all employees of the school district between 2006 and 2007. In total, this breach puts around 850 people at risk. The material on the laptop contained addresses, license numbers, maiden names, and social security numbers. It also has tax information in addition to yearly wage data.

While police are still investigating the threat, there are some details of the case that are clear. Chandler just recently became superintendent of the district. The laptop was last accounted for on Friday. Authorities cannot find any signs of forced entry and are investigating the possibility that this was an inside job. Over the weekend, numerous people were in the building, including a cleaning crew, school staff members, and some students who were attending a retirement party. There is no motive to the crime at this point.

Chandler advises that everyone who was employed by the district keep an eye on their personal information. While a letter went out to inform people of the problem, some are not confident that their personal finances will remain unharmed. Some of these people are investing in an ID theft services. Subscriptions to such companies, such as Lifelock, allow members to have a peace of mind, knowing that their credit reports are being constantly monitored at all three bureaus. Unlike other companies, Lifelock recognized the importance of keeping an eye on credit at Equifax, TransUnion, and Experian, since some companies do not report to all three.

Chandler has vowed that a similar problem will never take place. New security procedures are being instituted for the district, including the policy that no personal information can be stored on laptops. Additionally, new security measures are in place at the district’s office, although specifics could not be obtained. The superintendent assured the media that the stolen laptop is covered by multiple encryption and security features. While there is optimism that the security will prevent any illegal access on the computer, people are advised to be vigilant. From now on, at the school district all laptops are to be locked up in a secure vault when they are not in use.

Texans beware.  Like most people in the United States, the fine citizens of this state submit insurance claims to their companies all the time.  Whenever any of us do this, we assume that what we’re handing over will be treated with care, quickness, and most importantly, confidence.  None of us want our private information to be floating around in the world without our knowledge.  Yet, this is the exact situation that people in Richardson, Texas are waking up to.

Late last week, authorities were called to investigate the scene at a dumpster outside of the Texas Insurance Claims Services building.  Within the container were hundreds of files that contained private information.  These are the types of data breaches that people fear more and more on a daily basis.  The worst part is that the files in the trash bin contained personal addresses, phone numbers, maiden names, social security numbers, and insurance claim numbers.  All of this material would easily allow someone to steal the identity of anyone who filed a policy with the company.  Early reports said that the files related to claims that had been resolved, but this has not been verified.  Regardless of the status of the files, the personal information is still valid and dangerous to leave exposed.

The man responsible for finding the files and reporting them to the police was Mike McCarty.  Rather than finding them on his own, he noticed a man taking pictures of the trash.  Once he pulled his car over, McCarty saw that it was a cache of private data, just waiting for some data thief to exploit the breach.  The man who was taking pictures of the files claimed he was searching for moving boxes.  That does not explain why he decided to photograph the event.  Police have not questioned him and do not assume him to be a suspect of any wrongful deeds at this point.

In an effort to track down more information about this data breach, reporters contacted Texas Insurance Claims Services.  Although a spokesman would not provide his name, he did let the media know that legally, the company is only required to hold on to claim files for five years.  All the information that ended up in the dumpster fell within this time period.  While the company is responsible for the private data of its customers, the representative said that this is common practice and that shredding services are used only on occasion.  However, he did admit that this negative publicity would make his company reconsider their practices.

With such breaches becoming more common, many individuals are investing in ID theft services.  One of the most popular choices is Lifelock.  The company is widely known and provides protection from identity theft.  It monitors all three credit bureaus and lets people know when a loan or new credit card is opened under their name.  This allows people to stay informed without having to constantly check with the bureaus and paying costly processing fees.

It seems that no one can catch a break anymore. Instead of students bringing an apple for the teacher everyday, they might want to pool their money and get their instructor some sort of identity theft service. Yet another school district in the United States has fallen prey to the wide-spread crime of data theft. Of course, like most unfortunate turn of events, the data breach impacted hard working educators and staff. This breach occurred on the east coast, in the Harrisonburg City Schools of Virginia.

At this point, the information regarding the data breach is extremely unclear. The investigation has only recently begun and there are no suspects yet named. The breach occurred through the theft of a laptop by a consultant for BB&T Insurance. BB&T provides dental coverage for the school district’s staff and faculty. The laptop was stolen out of the car of the contractor while he was in Ohio working on another client’s case. No word on why the consultant had the personal material on his private laptop. The material stolen contained limited medical records, addresses, names, and social security numbers. Authorities report that this is more than enough material to successfully steal someone’s identity.

In an effort to calm fear about the possibility of the data breach, a spokesman for BB&T assured the media that there are numerous security settings on the laptop to prevent it from being illegally accessed. He would not go in to more detail, saying only that “there are multiple levels of encryption and security which we believe will deter any criminal elements from accessing private files.” The spokesman was also reluctant to announce when the breach was first reported, since the school district was only notified in the middle of May. Once again, the spokesman told the media that he could not share any more details about the ongoing investigation, except that more details would be made clear in a press release.

At this time, there is no estimate about the number of individuals who might be affected by this breach. Mike Loso, assistant superintendent for the school district, said that an email was being sent out to the entire district to let people know about the potential risk to their personal data. A.C. MacGraw, the spokesman for BB&T said that the company plans to contact the affected individuals directly, once a number has been determined. The insurance company will offer its customers a subscription in Equifax’s Credit Watch until the threat has passed.

While a subscription to the Credit Watch is a good first step, it does not cover victims as well as other ID theft services, such as Lifelock. While Equifax monitors the credit reports of a client as seen by their system, there are still two other credit bureaus which are not included in the Credit Watch. Lifelock provides a system that monitors all three bureaus and alerts people if someone attempts to open a new credit card account or take out a loan in that person’s name.

People used to go to the hospital because something ailed them physically. One wonders how long the string of medical related data breaches will continue before people start complaining to their doctors about worry-based ulcers. The most recent hack on a medical institution’s files wasn’t even a hack. It was a simple hit and run job. University Healthcare Hospital in Utah reported that it lost a laptop and jump drive that contained personal data. In this instance there was no corrupt employee or system breach. Someone simply entered one of the offices, pocketed the jump drive and walked out with the laptop underneath their coat.

While investigators are hoping to use an image captured on the security cameras to find the perpetrator, hospital administrators are still assessing the damage. After consulting their files, they alerted the media that 4,800 medical records had been on the laptop that was stolen. These records include personal data, such as addresses, driver’s license numbers, and social security numbers. Authorities report that these are the pieces of information that are most commonly used to commit identity theft and that individuals should be attentive to their records.

A spokeswoman for the hospital assured the media that the information was password protected. In addition to the files being encrypted, there was an additional security system on the laptop itself that should prevent anyone from being able to access the confidential material. Network security officials remain optimistic, although skeptical, that the thief will not be able to access the material. Despite the crude nature of the theft, there are many programs available for free on the internet that are able to break simple encryption and security features on laptops. The hospital also announced that the recent criminal activity on their premise has caused them to reevaluate their security procedures. As a result, they are upgrading all encryption settings and are making it illegal for employees to download personal information on to their own laptops to conduct work at home.

Although the breach took place in February, victims were not alerted until the middle of March. Hospital officials have not explained the delay in notifying affected individuals, although there is hope that they will fill in these details as the investigation continues. In mid-March, letters were sent out to all 4,800 people whose information had been compromised. While the case is still open, the hospital has agreed to provide identity theft services to all victims.

ID theft services, such as Lifelock, work to protect against illegal activity in the personal financial records of individuals. For a minimal monthly fee, which the hospital is paying in this case, members are alerted whenever activity is taken to open a new credit card in their name or efforts are made to get a loan. Lifelock has contact with all three major credit bureaus and monitors each for any activity that might not show up on the others.