If you live in Florida right now, Hurricane Fay, or most recently Tropical Storm Fay, has really been on the top of your mind.  So with the resulting fear and panic crippling the highways of the state, what better time to strike at the computer networks of a medical facility.  While this doesn’t strike you as the most sensible thing to do, that is what apparently happened at the Wuesthoff Medical Center in Brevard County Florida.  At this point, there are only limited details, although what is known is quite troubling for anyone who has used the pre-screening website that the Center uses to gain background medical information about potential patients.

The medical center was not even the company that discovered that personal information was floating around unsecured on the internet.  An insurance company in Arizona was running a profile for a potential client when they noticed all the information on the internet.  They in turn contacted the individual who contaced Wuesthoff.  In all, over 500 people have been affected by this breach.  Unfortunately, there is no time table for when these people had ties to the center, so potentially, anyone who has ever filled out the online form could be at risk right now.  The hospital said that it would provide full details about who the affected parties were later in the week.

These 500 people had their names, addresses, social security numbers, and personal medical information spread to the four winds of the internet.  This is not only prime picking for identity thieves and only nefarious criminals on the world wide web, but it is also a violation of HIPAA.  Although if the medical center’s computers were hacked, as someone who wished to remain anonymous suggested, then the government will most likely not crack down on the institution for its failure to secure the sensitive material.

A step that affected people can take is to subscribe to an ID theft service, like Lifelock.  This company, for a minimal monthly fee, monitors the credit report of a customer at all three major credit bureaus.  This includes Trans Union, Equifax, and Experian.  Whenever a new credit card application or loan paperwork is field, which are two of the most frequent ways that identity thieves use stolen names and social security numbers, Lifelocks holds the process up once it has reached the credit bureaus.  It then contacts its customer to make sure that the applications are legitimate.  If they are fraudulent, they are canceled and identity theft is prevented.

There is no word yet on whether or not the Wuesthoff Medical Center will provide free credit monitoring for the 500 affected patients.  If their system was hacked, they will have to go through and review all of their network security policies to make sure that future problems do not take place.  Because of the severity of the breach and the fact that the information lost contained medical files, it is likely that the Federal government will send in consultants to review the new security systems before they are fully implemented.

In a developing story, it has recently been reported that in the past few weeks over 200,000 people insured through Blue Cross in the state of Georgia have had their personal information compromised.  It appears that a mix up in the mailing system resulted in benefit letters being sent to the wrong people.  In some instances, people received multiple benefit letters from a number of people.  While this information is still only in its initial stages, certain people affected are already talking about pressing charges against Blue Cross while there are murmurings about the possible repercussions the company will receive for violating HIPAA regulations.

While the total number of affected individuals is over 200,000, the number of people who might have their identity stolen is a smaller figure.  Although no exact total has been given, only some of the letters contained the social security number of the patients.  However, the tradeoff is that every letter contained name, address, patient ID number, recent medical tests conducted, some diagnosis, and billing information.  This billing information can contain the full credit card or bank account number where previous transactions have taken place.

The mix up in the mailing system came about through a change in the computer system that was not adequately tested before it went into effect.  As a result, Blue Cross is working with its parent company, WellPoint, to make sure that adequate security measures are added to the computer systems so that future problems do not result.  A large concern for Blue Cross and many people is that the company represents many teacher unions and large companies throughout the state.  Blue Cross was unwilling to provide a list of these major businesses when they were contacted earlier in the day.  The company has assured the public though that they are working with investigators to limit the damage done to people’s lives.  They are compiling information about everyone affected and the names and addresses of everyone who received the information incorrectly.  The company has also set up a hotline that people can call in order to report that they have been a victim of identity theft or to report that they received a letter for someone else.  Blue Cross will then send out a postage paid envelope to get the return of that information.

Blue Cross has said that it will provide a years worth of free credit monitoring to those people whose social security numbers appeared on the letters.  This type of service is provided through ID theft services, such as Lifelock.  Lifelock and other companies maintain contacts with all three credit bureaus and alert their customer whenever a new application is filed, such as a credit card or loan.  It then verifies that the customer is the one submitting this information.  if it proves to be a fraudulent attempt, it is stopped before it goes through and prevents identity theft from happening.

The Justice Department of the United States of America announced today that they are opening a case against eleven people who are responsible for the theft, use, and selling of millions of credit card and debit card numbers which have resulted in millions of dollars of illegally purchased material.  Of the eleven individuals charged, three are from the United States, three are from Estonia, three reside in Ukraine, and two live in China.  There are other individuals whose identity remained obstructed at this time, although the Justice Department is working hard to track down these individuals.

The companies that were affected by these data breaches are numerous.  Many TJX Companies were targeted.  Businesses that fall into this sphere of influence include Marshall’s, T.J. Maxx, Office Max, Sports Authority, and Barnes and Noble.  Another major company that was targeted was the Dave & Busters Adult Restaurant Chain.  In each instance, the information about credit card and debit card numbers were obtained through sniffer programs.  These programs collected the sensitive information and then transmitted it to secure servers which were located in specified areas controlled by the three criminals operating in the United States.  These three would then encrypt the information and send it to servers located in Eastern Europe, most likely in the Ukraine and Estonia.

The information was distributed in a variety of ways.  Sometimes, the information was simply sold to buyers on the internet.  This is a frequent way of distributing credit and debit card numbers and it is difficult to track down the original source of the breach.  In other instances, the identity thieves used blank credit cards and implanted the stolen account numbers onto them.  Then they were able to go to an ATM machine and withdraw thousands of dollars at a single time.  It was this type of large scale withdrawals that first attracted the attention of the government.  They have been conducting this operation for 2.5 years and had someone working on the inside.

There is no word yet on what type of charges the individuals will be facing.  This is the largest effort made by the federal government and while no punishments have been suggested yet, industry experts are saying that those prosecuted in American courtrooms will face over 70 years in jail and those in other countries might suffer the death penalty.

Identity theft is a serious crime that has long term repercussions.  Not only does it immediately affect an individual, but the damage done to someone’s credit report can prevent them from getting a house, car, or sometimes even a job in a future.  For those who want to take a proactive stance, there are ID theft subscription services available.  These companies, such as Lifelock, provide credit monitoring at all three bureaus.  Whenever a credit card application is filed or a new loan application submitted, Lifelock contacts its customer.  It verifies the validity of the request and prevents it from being processed if it is fraudulent.

People in the world look at Google and see a behemoth. They see a company that has surpassed Microsoft in terms of power and influence. And they might very well be right. However, Google isn’t going to take over the United States and eventually the world. In fact, it takes hits just like every other company out there. In this case, it failed to secure some of the personal details of its employees and it the most recent company to note that it has suffered a data breach.

In this case, Google is really a victim as much as are the people whose information was stolen. Google uses Colt Express Outsourcing Services to take care of certain human resource functions. Therefore, when the office of Colt was broken into, it was Google information and that of other companies that was stolen. What is even worse about the May 26 break-in was that Colt does not encrypt its data, so whoever perpetrator the crime has nothing standing in between them and the personal information of Google employees. This information contains social security numbers, names, and addresses. This breach also affected CNET Networks.

As more details about this breach have come forward, it is clear that the stolen information does not contain any credit card numbers. However, a name, address, and social security number of an individual is more than enough for a criminal to open up a fake credit card account, although the charges end up being far too real for those affected by the crime. People, not only those impacted by the Colt burglary, have been turning toward subscriptions with ID theft services, such as Lifelock. Lifelock contacts all three credit bureaus, Trans Union, Equifax, and Experian and monitors credit reports for activity that includes credit card and loan applications. Whenever one of these is filed, Lifelock contacts its customer to make sure that the application is legitimate.

In the case of this specific breach at Colt, Google has said that it will pay for a year’s subscription with an identity theft service, both for its employees and the employees at CNET. Colt is not able to provide this same guarantee because it is going through financial difficulties. Those affected by this breach are those Google employees hired before December 31, 2005. Google only recently realized that its employees were at risk and has sent out letters alerting people of the danger to their private data. Google has also announced that it no longer has any association with Colt and that the company does not currently handle human resource material for the internet giant. Google has said that its separation from Colt took place long before the burglary was reported.

The world of online trading can be very profitable. It can also be dangerous. And not just in terms of having a stock fail after you’ve sunk a lot of your money into it. On a more basic note, it is dangerous if your account becomes compromised because that means that someone not only gets your personal data, they also gain the ability to control your money and invest it in a variety of stocks, with no profit coming back to you. This bizarre scenario seems to be even more likely if you work with LPL Financial because it reported yesterday that it was hacked for the second time in one year.

In this particular instance, the hack involved cracking the passwords of fourteen financial advisors and their assistances. In all, this exposed the personal data of over 10,000 clients. While it isn’t clear at this point if the hackers illegally used any of the data, it is clear that their intention was to run “pump and dump” schemes which involve penny stocks. Thankfully, despite not catching the breach with any sort of quickness, LPL was able to prevent these schemes from costing any of their customers’ money.

What was available to the hackers was not only names of investors, but also home addresses, social security numbers, some bank routing numbers, and the personal information of anyone set up as a non-client trustee on an account. This expands the number to beyond the original 10,000, but no word yet on how much wider this makes the pool of potential victims of identity theft. At a more basic level, LPL is unable to tell whether or not hackers actually even accessed the data, let alone took it and used it for other identity crimes.

While the breach began last July, it was not reported to the public until now. Internal memos released by the company show that they knew about the problem and were trying to fix in back in March. No word, yet, on why they waited so long to notify all the affected people in writing. With this being the second breach in less than twelve months, LPL has taken steps to increase all of its security measures. In created a new position, a chief security/privacy officer. Time will tell whether or not any new features implemented under this position will prove to be effective.

In the meantime, despite LPL Financial bringing in over $3 billion last year, they have not said anything about providing identity theft service subscription to its clients. These services, such as that provided by Lifelock, contact all three credit bureaus and monitor activity, such as credit card applications and the filing of loans. Lifelock then contacts the person to make sure that they are really involved and that someone else isn’t illegally using their name and social security number to try to defraud them while committing identity theft.

An employee for Wagner Research Group made a mistake. A very big and potentially devastating mistake. They opened up Limewire and decided to start sharing some files and grabbing some new songs. What they didn’t know was that while they were getting the latest hits, someone was hitting the company’s private records. It wasn’t even a hacker. It was someone who realized that the Wagner employee hadn’t specified which directories were available for people to search through which meant that the entire WRG’s database was at the disposal of anyone on Liewire. Herein lies one of the dangers of using peer-to-peer programs at work.

This story would have earned a lot of attention in its own right. The data breach exposed the personal information of around 2,000 of the firm’s clients. Most of these individuals are upper tier lawyers with big wallets and powerful friends. Yet, the media isn’t really focusing on them. It is focusing on Supreme Court Justice Stephen G. Bryer, whose personal information was also taken in the breach. An expert in the field has said that with such powerful people, “the individuals on this list are at a very high risk, almost imminent, of identity theft.”

As more details come to light about the breach, the information is damning. The breach went on for more than six months, complete unnoticed by the network and infrastructure groups of Wagner Research Group. In this period of time, there is no information about how many people accessed the data or how far it was spread. With a program like Limewire at the center of this breach, there is no telling how many people were able to download the identity data. What is known right now is that at least a dozen people, some residing in Sri Lanka, a hotbed for identity theft, and Colombia, now have the information.

Tiversa, an independent consulting firm was called in to help contain the breach. They are working with WRG to go over all their security policies to make sure nothing like this happens again. In the meantime, Warner Research Group has said that it will provide six months of free credit monitoring for everyone affected. These people should have received a letter in the mail recently. Unfortunately, this is too late for some people, including one lawyer he just was charged $9,000 by AT&T for a phone account that was illegally set up with his name and social security number, but someone else’s address. In the case of many data breaches, companies have not stepped up to offer such comprehensive credit monitoring. In those case, victims have turned to Lifelock, an identity theft service, that maintains contact with all three credit bureaus to make sure that fraudulent accounts are not taken out falsely under a client’s name.

Going to the hospital is supposed to make you feel better. Not make you sick to your stomach. Sadly, as more and more personal data gets stored on smaller and smaller mediums, the potential for ill feelings rises. With so much material on tiny electronics, it is very easy for the data to grow legs and walk away. That is the situation at the Yan Chai Hospital in Hong Kong. One of the busiest hospitals in the area, hundreds of thousands of patients pass through its doors on an annual basis. In this specific case, it isn’t current visitors who are in jeopardy, but those who came for medical attention between January 2005 and January 2006.

The data breach took place during the routine process of creating encrypted backups of files which contained the personal information of patients. The disks which contained the material went missing during the process and although the hospital staff conducted a thorough investigation of the facility, they were unable to locate the missing materials. In a letter released to the public, the hospital noted that it learned of the problem on June 20, although it did not say when the breach actually occurred and how long the material was missing before it was noticed.

In an effort to reassure the public, the hospital has stressed that there is no medical information contained on the disks. This assurance has eased the mind of some people. Much like in the United States, Hong Kong is going through a period of discontentment with plans by many hospitals to shift all medical records to online databases for this exact reason. No word yet on how this breach will affected that ongoing debate. At the same time that they announced the missing disks, the hospital also said that 23 hard copy receipts were missing. These pieces of paper contained names, addresses, identity card numbers, and some medical information about patients. An investigation to find these was also unsuccessful.

While the hospital has exhausted its resources in searching for all this missing data material, it has turned the investigation over to the police and alerted the Office of the Privacy Commissioner for Personal Data. These entities will continue the investigation into the foreseeable future. At the same time, the hospital is reviewing all of its own security and data encryption policies in an effort to prevent any future breaches from happening. Experts expect this review to take some time.

While not yet available in Hong Kong, the ID theft subscription company is attempting to expand its recognition around the world. For a minimal fee, these company maintains contact with all three credit bureaus and alerts customers whenever a new loan application or credit card is filed. It verifies that this information is valid and that no efforts at identity theft are taking place. Lifelock then either lets the bureaus approve or deny the loan, depending on if it actually being initiated by the person whose personal data is being used.

The popular website of Cotton Traders was hacked earlier this year. No details have been reported yet about when the actual breach happened or the extent of the information that was accessed, but spokesmen for the company have said that these details will be provided to the public as the case surrounding the breach continues to develop. As it stands right now, over 38,000 people have been affected, although there are varying degrees of what pieces of their private information were taken. In some cases for the 38,000 people, credit card information was taken. Other specific instances also show that personal addresses were obtained, although these have only been noted in a few isolated incidences.

The company that runs the credit card component of the site, Barclaycard, was immediately notified of the breach. As a result of this quick notification, the company was able to prevent even more people from being affected by the breach. This is considerably good news when one notes that Cotton Traders has over one million customers and that most of these people have an online account used to purchasing products. However, the investigating company notes that the threat of fraud in this instance is serious, because the data gathered was active and could be used for illegal activities at the present moment, not down the line, although this also remains a possibility.

Cotton Traders has announced that its customers should rest easy because all of the credit card information was encrypted. No word yet on whether or not this was also the case with the personal addresses and other data involving maiden names. As a result of the breach, the company has called in outside consultants to help assess the quality of Cotton Traders’ systems. These consultants have already prescribed numerous improvements and the company has been quick to act, noting that within the last few months security features for all of its websites and payment affiliates has been increased substantially. These measures now have Cotton Traders well above the standards set for the industry and they want customers to know that they will not be lax in maintaining these exacting standards.

While those who are worried about their accounts are advised to contact the customer service department of the company, others are taking other actions. Although the company caters mainly to British citizens, it also attracts considerable traffic from across the pond. Americans affected by the breach are turning to ID theft service subscription companies, such as Lifelock, to keep an eye on their credit reports. This company contacts all three major bureaus and alerts customers whenever a new credit card or loan application is opened, in an effort to prevent fraudulent activity in these matters.

In a recent press release by 1st Source Banks, based in South Bend, Indiana, the public has learned of a breach that took place within the debit systems of the bank. It appears that an unknown number of debit card numbers and pin codes were illegally hacked from a secure network at the bank’s corporate headquarters. There have been no reports at this point of any illegal activity to have resulted from this breach. The bank isn’t taking any chances though said James Seitz, a senior vice president for the firm.

In an effort to prevent any wrong doings from taking place, the bank has canceled all of the older ATM accounts of affected individuals and has sent out new account numbers and pin codes for people to use to establish their new account. While there have been no details about the number of people affected, the bank has said that these preemptive measures are costing them a considerable amount of money, although they appreciate how understanding all of their customers have been, especially while recognizing how serious of a problem identity theft has become in recent years.

While the bank continues to keep customers informed of changes taking place in the case, it was also decided that each affected individual will receive a one year subscription to an ID theft service. These companies, such as Lifelock, provide a safeguard against illegal credit activities that are reported through the major credit bureaus. Experian, Equifax, and Tran Union are contacted an alerts are placed on people’s accounts to keep an eye out for any new credit card or loan applications. These applications are then confirmed with the customer to make sure that they are legitimate.

The breach took place on May 12 and was identified that same day. Unfortunately, the people affected were not sent letters until the 28, over two weeks after the event took place. This is the result of the extensive investigation that the bank launched to uncover the extent of the damage and what the breach exposed. On May 12 when the breach was discovered, the server was set down and no other access was allowed to the system. This is what analysts believe has prevented any of the information from being illegally used. In an effort to prevent further incidences from happening, 1st Source hired an external consulting firm to review the safety features of the network. Seitz has noted that this group has contributed positive suggestions that have helped the bank update it encryption standards.

In an effort to answer all the questions of its customers, the bank has extended its customer service hours and has received favorable comments about the efforts taken by the bank. Additionally, the bank is monitoring ATM transactions on a minute by minute basis in order to detect any fraudulent activities that might occur.

Residents of Arkansas have some reason to cheer tonight.  Today both Tamara Hill and Ebony Flowers were arrested in connection to the theft of personal data from the Baptist Health Hopsital’s information system.  Hill is a former employee of the company who was released in early June as more details about security mistakes at her work terminal were reported.  Hill was found guilty of using 25 other people’s personal information to get gift cards at Walmart for use at other periods of time.  Flowers was caught doing the same thing, although she was only in possession of three people’s financial information.

It appears that Hill obtained the information while she was working at the Emergency Center in the Baptist Health Hospital.  She took screen shots images of the private data and then printed it out for later use.  No word has come from the hospital yet of security upgrades it will take to prevent similar malicious deeds from taking place in the future.  There is a rising push for background screening of individuals, although this is and of itself can have its own liabilities.

The hospital had over 970,000 visitors last year and there is no idea about the extent of the theft that took place.  There has also been no word on how Hill and Flowers are connected and if anyone else received copies of the screen shots with the personal data.  Authorities found out about the breach when a victim contacted police to say that they had not authorized the gift card charges at Walmart.  The extent of the breach is potentially so large that the U.S. Secret Service has entered the case in an effort to limit the number of affected people.

The hospital released a letter saying that some of the personal and financial information had been illegally accessed.  However, they assured their patients that none of the material that had been obtained involved their medical records or diagnosis.  This is important, because any such information would be in violation of HIPAA, the Health Insurance Portability and Accountability Act.  If this was the case, the hospital could face even greater threats of a lawsuit and sanctions by the U.S. government.  Yet, there is some confusion about what information was released.  According to Pam Dixon, executive director of the San Diego-based World Privacy Forum. she believes that all the information released in the breach falls under the protection of HIPAA and that the hospital will need to show considerable improvements before it can handle the admission of patients in the future.

In the letter sent out to patients, there is no indication of whether or not the hospital will provide credit monitoring or insurance services for its victims.  For those who don’t want to wait until it is too late, they are turning to ID theft subscription services, such as Lifelock.  Lifelock and other companies can help guard the credit reports of people by monitoring all three credit bureaus and verifying with the customer whether or not they are the person opening up a new credit card account or filing a new loan application.