Government institutions have suffered a number of very public data breaches over the last couple of years. There was the large loss of VA data and there was the theft of personal information on patients at Walter Reed. In this case, tucked away in the state of Washington, is Fort Lewis. Housed at this base are a number of army units. While there are no numbers provided for the total amount of soldiers at the base, in this specific incidence anywhere from 800-900 active army personnel has been affected. As if these troops who serve overseas didn’t have enough to worry about, the threat of identity theft can now be added to the list.

The breach took place over the July 4th weekend. A civilian contractor who is working for the Army on a project which has not been announced had the personal data on an external hard drive and a laptop computer. He left this material in his truck on the evening of July 3 and reported the theft around 10 AM the next morning. In the statement that he gave to the police he admitted that he had left all the electronic material in plain sight on top of his passenger seat and that he had failed to lock his truck. Investigations are continuing into this theft, both by the military police and the Lacey Police Department.

While there has been no word about what all the private data consisted of, authorities are taking the matter very seriously. The contractor, whose name has been withheld by both Lacey and military police, said that the laptop and hard drive contained no secret or top secret information, although this is of little concern to those who might now be the victims of identity theft. As of the writing of this article, there have been no confirmed cases of misuse of the information, although this might change in the future. The Army and other government institutions have been focusing on increasing security to prevent this type of breach from happening. Standard regulations and policies exist to prevent the transfer of private data off-site. It appears that the contractor was within his rights, having received the approval of his supervisor to move the material on a portable external hard drive. There is no word on how the contractor will be reprimanded by the Army for his careless placement of the data once he was outside the base.

The individuals were impacted by this breach were contacted on the phone by Fort Lewis personnel to alert them of the theft. Everyone was supposed to be reached by last Wednesday. Although emails and phone calls have been the method at this point, letters will be sent in the mail providing follow up information. Those who are worried that they might be victims of identity theft can subscribe to Lifelock, an ID theft service that monitors all three credit bureaus. They keep an eye out for loan and credit card applications, two frequently employed methods of identity thieves, and contact the person whose name appears on the paperwork. Lifelock verifies that the applications are legitimate and if not, prevents them from going through the system.

At first it was only college students who were hit hard by a lack of security. Now it has sunk down all the way to second graders. The youth have been impacted and might have to deal with the threat of identity theft for the rest of their life while those who just took the ACT and are beginning their college careers are also affected. Williamson County school board officials recently announced that a former school board official illegally posted a breach of student social security numbers, names, and addresses on the internet.

The person responsible for posting the information on the internet is former Student Assessment Director Chris Nugent. It appears that, without consent, he copied the information to a jump drive and then was using the information for a college project he was working on. Although he had no intention of posting the private data online, it was inadvertently uploaded while he was working on his project. Unfortunately, this breach went unnoticed for over a year. It was only discovered after a student was searching for information about themselves on the internet that the news of the breach spread.

In all, around 5,000 student had their social security numbers released, while another 10,000 students had their names and ACT scores posted online. The school superintendent, Rebecca Sharber, found out about the breach on June 26, but waited until July 9 before alerting the wider school community. She has explained this delay in notifying the affected parties as a way of making sure that she had all the facts straight before addressing the litany of questions she knew she would face from parents. While she might have been better prepared for the questions, she has also drawn fire from parents who think she waited too long before announcing the breach.

Other school board members were also upset about the delay. One parent noted that there was such inconsistency with the information provided by everyone. At one point it was 15% of all students in the district, then it was 3rd-8th graders and then it was finally the correct information about second graders and those who took the ACT last year. Some parents have expressed their concern about this incident haunting the lives of their kids for years to come and are worried with all the paperwork that now needs to be filed to take care of everything. One way that people can avoid this type of paranoia is to subscribe to ID theft services, such as Lifelock. These companies contact all three credit bureaus and alert their customers whenever a new application, such as a credit card or loan, is filed. Lifelock verifies that these are being opened by the real person and are not an attempt at identity theft.

People in the world look at Google and see a behemoth. They see a company that has surpassed Microsoft in terms of power and influence. And they might very well be right. However, Google isn’t going to take over the United States and eventually the world. In fact, it takes hits just like every other company out there. In this case, it failed to secure some of the personal details of its employees and it the most recent company to note that it has suffered a data breach.

In this case, Google is really a victim as much as are the people whose information was stolen. Google uses Colt Express Outsourcing Services to take care of certain human resource functions. Therefore, when the office of Colt was broken into, it was Google information and that of other companies that was stolen. What is even worse about the May 26 break-in was that Colt does not encrypt its data, so whoever perpetrator the crime has nothing standing in between them and the personal information of Google employees. This information contains social security numbers, names, and addresses. This breach also affected CNET Networks.

As more details about this breach have come forward, it is clear that the stolen information does not contain any credit card numbers. However, a name, address, and social security number of an individual is more than enough for a criminal to open up a fake credit card account, although the charges end up being far too real for those affected by the crime. People, not only those impacted by the Colt burglary, have been turning toward subscriptions with ID theft services, such as Lifelock. Lifelock contacts all three credit bureaus, Trans Union, Equifax, and Experian and monitors credit reports for activity that includes credit card and loan applications. Whenever one of these is filed, Lifelock contacts its customer to make sure that the application is legitimate.

In the case of this specific breach at Colt, Google has said that it will pay for a year’s subscription with an identity theft service, both for its employees and the employees at CNET. Colt is not able to provide this same guarantee because it is going through financial difficulties. Those affected by this breach are those Google employees hired before December 31, 2005. Google only recently realized that its employees were at risk and has sent out letters alerting people of the danger to their private data. Google has also announced that it no longer has any association with Colt and that the company does not currently handle human resource material for the internet giant. Google has said that its separation from Colt took place long before the burglary was reported.

The world of online trading can be very profitable. It can also be dangerous. And not just in terms of having a stock fail after you’ve sunk a lot of your money into it. On a more basic note, it is dangerous if your account becomes compromised because that means that someone not only gets your personal data, they also gain the ability to control your money and invest it in a variety of stocks, with no profit coming back to you. This bizarre scenario seems to be even more likely if you work with LPL Financial because it reported yesterday that it was hacked for the second time in one year.

In this particular instance, the hack involved cracking the passwords of fourteen financial advisors and their assistances. In all, this exposed the personal data of over 10,000 clients. While it isn’t clear at this point if the hackers illegally used any of the data, it is clear that their intention was to run “pump and dump” schemes which involve penny stocks. Thankfully, despite not catching the breach with any sort of quickness, LPL was able to prevent these schemes from costing any of their customers’ money.

What was available to the hackers was not only names of investors, but also home addresses, social security numbers, some bank routing numbers, and the personal information of anyone set up as a non-client trustee on an account. This expands the number to beyond the original 10,000, but no word yet on how much wider this makes the pool of potential victims of identity theft. At a more basic level, LPL is unable to tell whether or not hackers actually even accessed the data, let alone took it and used it for other identity crimes.

While the breach began last July, it was not reported to the public until now. Internal memos released by the company show that they knew about the problem and were trying to fix in back in March. No word, yet, on why they waited so long to notify all the affected people in writing. With this being the second breach in less than twelve months, LPL has taken steps to increase all of its security measures. In created a new position, a chief security/privacy officer. Time will tell whether or not any new features implemented under this position will prove to be effective.

In the meantime, despite LPL Financial bringing in over $3 billion last year, they have not said anything about providing identity theft service subscription to its clients. These services, such as that provided by Lifelock, contact all three credit bureaus and monitor activity, such as credit card applications and the filing of loans. Lifelock then contacts the person to make sure that they are really involved and that someone else isn’t illegally using their name and social security number to try to defraud them while committing identity theft.

An employee for Wagner Research Group made a mistake. A very big and potentially devastating mistake. They opened up Limewire and decided to start sharing some files and grabbing some new songs. What they didn’t know was that while they were getting the latest hits, someone was hitting the company’s private records. It wasn’t even a hacker. It was someone who realized that the Wagner employee hadn’t specified which directories were available for people to search through which meant that the entire WRG’s database was at the disposal of anyone on Liewire. Herein lies one of the dangers of using peer-to-peer programs at work.

This story would have earned a lot of attention in its own right. The data breach exposed the personal information of around 2,000 of the firm’s clients. Most of these individuals are upper tier lawyers with big wallets and powerful friends. Yet, the media isn’t really focusing on them. It is focusing on Supreme Court Justice Stephen G. Bryer, whose personal information was also taken in the breach. An expert in the field has said that with such powerful people, “the individuals on this list are at a very high risk, almost imminent, of identity theft.”

As more details come to light about the breach, the information is damning. The breach went on for more than six months, complete unnoticed by the network and infrastructure groups of Wagner Research Group. In this period of time, there is no information about how many people accessed the data or how far it was spread. With a program like Limewire at the center of this breach, there is no telling how many people were able to download the identity data. What is known right now is that at least a dozen people, some residing in Sri Lanka, a hotbed for identity theft, and Colombia, now have the information.

Tiversa, an independent consulting firm was called in to help contain the breach. They are working with WRG to go over all their security policies to make sure nothing like this happens again. In the meantime, Warner Research Group has said that it will provide six months of free credit monitoring for everyone affected. These people should have received a letter in the mail recently. Unfortunately, this is too late for some people, including one lawyer he just was charged $9,000 by AT&T for a phone account that was illegally set up with his name and social security number, but someone else’s address. In the case of many data breaches, companies have not stepped up to offer such comprehensive credit monitoring. In those case, victims have turned to Lifelock, an identity theft service, that maintains contact with all three credit bureaus to make sure that fraudulent accounts are not taken out falsely under a client’s name.

Going to the hospital is supposed to make you feel better. Not make you sick to your stomach. Sadly, as more and more personal data gets stored on smaller and smaller mediums, the potential for ill feelings rises. With so much material on tiny electronics, it is very easy for the data to grow legs and walk away. That is the situation at the Yan Chai Hospital in Hong Kong. One of the busiest hospitals in the area, hundreds of thousands of patients pass through its doors on an annual basis. In this specific case, it isn’t current visitors who are in jeopardy, but those who came for medical attention between January 2005 and January 2006.

The data breach took place during the routine process of creating encrypted backups of files which contained the personal information of patients. The disks which contained the material went missing during the process and although the hospital staff conducted a thorough investigation of the facility, they were unable to locate the missing materials. In a letter released to the public, the hospital noted that it learned of the problem on June 20, although it did not say when the breach actually occurred and how long the material was missing before it was noticed.

In an effort to reassure the public, the hospital has stressed that there is no medical information contained on the disks. This assurance has eased the mind of some people. Much like in the United States, Hong Kong is going through a period of discontentment with plans by many hospitals to shift all medical records to online databases for this exact reason. No word yet on how this breach will affected that ongoing debate. At the same time that they announced the missing disks, the hospital also said that 23 hard copy receipts were missing. These pieces of paper contained names, addresses, identity card numbers, and some medical information about patients. An investigation to find these was also unsuccessful.

While the hospital has exhausted its resources in searching for all this missing data material, it has turned the investigation over to the police and alerted the Office of the Privacy Commissioner for Personal Data. These entities will continue the investigation into the foreseeable future. At the same time, the hospital is reviewing all of its own security and data encryption policies in an effort to prevent any future breaches from happening. Experts expect this review to take some time.

While not yet available in Hong Kong, the ID theft subscription company is attempting to expand its recognition around the world. For a minimal fee, these company maintains contact with all three credit bureaus and alerts customers whenever a new loan application or credit card is filed. It verifies that this information is valid and that no efforts at identity theft are taking place. Lifelock then either lets the bureaus approve or deny the loan, depending on if it actually being initiated by the person whose personal data is being used.

Whenever anyone goes to the DMV, they see signs reminding everyone to sign the back of their license so that they can be an organ donor. The system as it stands in the United States is in desperate straits and there are now more and more commercials on television showing the stories of people whose lives have been saved by organ donation. So for those great individuals who make this commitment in the state of Florida, you should get a pat on the back. You should also get Lifelock to make sure that no one is committing identity theft with your personal information.

It was reported today that there was a data breach at the Organ and Tissue Donor Registry, which is housed by The Agency for Health Care Administrations. It appears that up to 55,000 people might have had their private information, such as names, addresses, social security numbers, and drivers license numbers, stolen. There are still only limited details at this point, although it is clear that the state is taking the breach seriously.

Those who were affected by the breach should receive a letter in the mail in the next few days. The Agency for Health Care Administrations wants to make clear that it is only contacting people by mail and not phone or email. If anyone gets asked for their social security number of other private information over the phone or in an email, they should be weary of responding since this might be a phishing attempt to further extend identity theft. In the letter that was sent out to people, it explains that the breach took place on June 20 and was discovered the next day and corrected. There is no explanation given for how the issue was so quickly resolved or solutions to prevent this type of breach from taking place in the future.

At this point, according to a statement by AHCA Secretary Holly Benson, there is no indication that any of the information was illegally obtained. At the same time though, since the investigation is still ongoing and the story developing, people are advised to keep an eye on their credit reports and look out for any suspicious activity. One way to ensure that you are protected is to invest in an ID theft subscription service, such as Lifelock. The company, famous for its founder who lists his social security number of a drunk and drives it around downtown New York because he is confident in the protection his company gives, monitors all three credit bureaus. It keeps tabs and is notified whenever a new credit card or loan application is filed. It then contacts its customer to make sure this is a valid application. It then can stop or allow the file to continue. Since many victims of identity theft are subjected to long periods of trying to cleanup their credit records after the fact, taking a proactive step before any illegal activities occur is advised.

Everyone hates jury duty. For a few hundred people living in Clark County, Nevada, there is a whole new reason to dislike the process. It was reported today that a data breach has occurred with the potential jurors list. It seems that an outside contractor that handles the information illegally sent this sensitive information to the private email address of one of its employs. There is no reason that this information should have left the secure server of the company and this fact launched an investigation into the incident. The investigation is still in progress, although some details have been released to the media.

The court sent out letters to the 380 affected individuals. Unfortunately, these letters did not specify whether or not the investigation suspected that the transfer of the sensitive material was an accident or if it was deliberate. At the same time, there was no discussion of when the breach occurred and how long it took the court to act on the information. In many of the recent data breaches, there has been considerable delay before notifying the affected parties, which has caused considerable amounts of stress to people once they learn of the crime.

It was originally feared that the information contained in the private email listed names, addresses, social security numbers, and birth dates. As the investigation has continued, this fear has decreased, as many of the accounts had personal data included, although it was incomplete and thus not nearly as large of a problem in terms of identity theft. However, this only applies to some of the affected people, although there are no further details about what percentage of the 380 falls into this category. The court did try to assure the public with the knowledge that there are a total of 1.7 million people on the juror list and that this breach is, fortunately, of a small nature.

While the court continues its investigation, it has announced that it is changing some of its policies. It will no longer list any private data on the forms that are supposed to be printed out about potential jurors. No word yet on how they plan to secure their system so that no future incidences occur, with sensitive material being sent to an inappropriate location. Authorities will determine what measures need to take place, since the court is a central component of the state government and needs to meet certain informational security criteria.

For those affected, officials are suggesting they contact the credit bureaus and place a free initial alert on their account. Knowing these alerts are only free at the beginning, more and more people are looking into ID theft subscription services, such as Lifelock. This company monitors all three credit bureaus for a minimal monthly fee and alerts its customers whenever a new credit card or loan application is opened. It then verifies that this is a legitimate application before allowing it to be approved.

Despite its beautiful campus and ivy covered buildings, Stanford is not immune to the problems of educational institutions in the 21st century. It was reported yesterday that the university recently was the victim of a series of thefts, one of which involved a laptop computer. Although the break-in occurred a few weeks ago, it was only noted today that the laptop contained personal data which could allow someone to perpetrate identity theft among any of the individuals listed in the database. Unfortunately, this breach not only hits a well respected institution in the United States, but it also has the potential to affect upwards of 60,000 people.

While this 60,000 people does not actually included any students, the university has not addressed whether or not research assistance or any student who has served as an aid to a professor happens to fall under this category. As it stands at the moment, the 60,000 is all former or current employees, across all departments and divisions, and without any end date for the window of information contained on the laptop. The laptop contained “confidential personal material” although there is no indication if this includes social security numbers, addresses, bank routing numbers, or anything along those lines.

While more details are continuing in the investigation, Stanford has assured its faculty and staff that it takes serious all of its required security measures. Although there is no word yet on how the data on the laptop is protected, a press released by the university to the media said that it is secure and that it will be difficult for anyone to access. Also in the release is the recognition that the individual or individuals who are responsible for the crime might not even know the material is on the laptop and that everyone should keep an eye on their credit report all the same.

Vice President for Business Affairs and Chief Financial Officer Randy Livingston wrote a letter that was sent out to all the affected parties. In the letter he laid out that Stanford has many rules in place that are supposed to prevent private data from being stored on computer systems that are mobile. He said that in light of this most recent incident, these efforts will be strengthened to prevent any future problems from taking place.

Unlike Harvard, which experienced its own data breach earlier in the year (link), Stanford has not spelled out whether or not it will set up any sort of subscription services for the potentially 60,000 affected people. These subscription services involved ID theft companies, such as Lifelock, that monitor the three major credit bureaus. Equifax, Trans Union, and Experian are all notified and Lifelock contacts its customers whenever a new credit card or loan application is filed. By contacting the consumer at this early phase, it significantly limits the likelihood that any identity theft will take place under the affected person’s account. While the letter to the affected employees does not contain any reference to these services, experts in the field of identity theft solutions recognize their benefit, whereas stopping the problem before it starts is much easier than the hassle of having to go through and deal with a large number of fraudulent charges.

Watch out students. No where seems to be safe on campus anymore. Not even the private offices of workers who handle the confidential data of many students. No wonder there is always such a flurry of signs reminding students at the end of the semester that they need to be mindful of their belongings, since people are stealing everything that isn’t bolted down to profit from at book sell back time. Even those things that are bolted down can walk away as was the case earlier in the month when a desktop computer was taken from an administrative office. There has been no word yet on which specific office was robbed or the exact material contained on the hard drive.

What is clear at this point is that over 6,200 students have been notified of the breach, although this was only made clear to the media through the outreach of the father of a student who was affected. It isn’t understood why the university did not approach the media and own up to its responsibility that its systems had been breached. Some have speculated that the East Tennessee State University is fearful that it will be found in violation of some of its safety and security policies. No word yet on how the university has responded to these accusations.

The breach not only affects current students, but also alumni. Unfortunately there hasn’t been any discussion about how far into the past the data goes, so there is no window of time that we can report to the public to let them know whether or not they should be concerned. The best thing to do is to keep an eye out for a letter from the university that deals with this case. Those seeking more information can contact the university’s Department of Safety.

The information contained on the desktop was encrypted and it met the standards that educational institutions are expected to have. At the same time, university officials have noted that there is a slight chance that the data could still be accessed, although there have been no reports of this happening. As the investigation continues, the university says that it will keep everyone posted and that it will assess its security settings to determine whether or not they need to be upgraded.

In the meantime, those affected are advised to contact one of the credit bureaus to place a fraud alert on their accounts. There are some ID theft subscription services, one being Lifelock, that provides continuous monitoring services. They contact all three credit bureaus, Equifax, Trans Union, and Experian and monitor for new loan and credit card applications. Whenever one of these applications appears, Lifelock contacts its customer to make sure that the application is legitimate and not some effort at identity theft.