Houston, you have a problem, again.  This issue does not involve people halfway to the moon, but something much closer.  This situation involves you and people who have gone to the Harris County Hospital District for medical attention.  This is especially true if you happen to suffer from HIV, AIDS, or any other of a long list of medical conditions.  It seems that an administrator at the hospital downloaded complete and very private records onto two flash drives and then lost them.  No one has any idea where the drives went, but everyone is unanimous in saying how terrible of a situation this has become for the upwards of 1,200 people affected.

Very few details about this incident have been released at this point.  The name of the employee has not been released, although an insider said that she is not available for contact and has left the area pending the investigation.  A spokesman for the hospital said that a letter was being sent out to the affected individuals.  Within the letter was a request that affected people enroll in an ID theft subscription service, like Lifelock, at the hospital’s cost.  These services provide monitoring of the three major credit bureaus.  By keeping tabs on all three bureaus, they are able to contact their customer whenever a new credit card or loan application is filed.  If the customer says that this information is legitimate, then there is nothing done.  However, if the application is fraudulent, Lifelock prevents it from being processed any further and significantly limits the possibility of credit damage and identity theft.

The reason the hospital is recommending that people subscribe to Lifelock and other services is that the information on the flash drive contained, names, addresses, social security numbers, the social security numbers of spouses, and full medical records and treatments.  Even worse is that there was no password protection or encryption on the drive.  This means that whoever finds this drive can plug it into their computer, open the files, and have instant access to all the personal data of the 1,200 people.  This blatant violation of both hospital and government policies is the reason that HIPAA may be getting involved.  Set up by the United States government, HIPAA was established to provide security for patients’ medical records.  The nameless employee in this case could be facing a $25,000 fine for her carelessness.

An equally troubling issue in this whole case is that an insider at the hospital has supplied the media with a private memo that was distributed to the company.  Apparently, three more flash drives are missing and all of them were last seen on the desk of the work guilty of the above noted data breach.  The hospital is asking for the immediate location and return of these drives, specifying that one drive contains information “very important to the district and needs to be found as soon as possible.”  There has been no word yet on whether or not these drives have been located or what information is contained on them.  Either way, hospital administrators have said that they will review and upgrade all security policies to make sure that nothing of this nature happens again in the future.

Are you a college student in Colorado?  Are you a student at a community college?  Do you attend Arapahoe Community College?  If you do, you have a problem.  A rather large problem if you listen to the statements released by ACC about the data breach which affects over 15,000 students at the college.  A flash drive containing the personal information was stolen from the personal laptop of a contract worker for ACC while he was on vacation at the Copper Mountain Resort.  No information has been released about the individual’s name.

Not only is it a large number of students affected by the breach, but the extent of the data lost is troubling.  Names, addresses, social security numbers, and credit card numbers were all contained on the flash drive.  Thankfully the three digit code on the back of the credit cards was not stored on the file, although this is only of a slight comfort to the affected souls.  A letter was sent out to the 15,000 people on Monday which was a follow up to the email that was sent on Friday.  There has been no discussion of how long it was between the breach and when it people were notified.  Among the 15,000 affected people are not the students of the main campus, which is located in Littleton, Colorado.  Most students were from the Corporate Learning Division and the records include those who attended the university from 1997 to the present.

In a statement released by ACC President Bert Glandon, he apologized to all affected students.  He noted that the contractor was in violation of the college’s policy of not having personal information stored on portable devices.  Although there has been no word at the moment, it is likely that the contractor will be terminated.  Glandon also said that the college is working to review and upgrade all of its security policies so that this type of breach would not happen again.  No one has mentioned whether or not the flash drive was password protected or data encrypted, although the lack of this mention is not a good sign for the 15,000 people whose information was stored on the drive.

Arapahoe Community College is advising its students to place a fraud alert with the credit bureaus and to request a free copy of their credit reports.  While fraud alerts are easy to start, they are only free for a limited amount of time.  A much more secure option is to subscribe to an ID theft services.  A good company to use is Lifelock.  It monitors all three credit bureaus, Trans Union, Equifax, and Experian.  Whenever a new loan or credit card application is filed, Lifelock contacts its customer.  It checks whether or not the paperwork was actually filed by the person whose name appears on it.  If it is legitimate, the application continues to be processed.  However, if it is fraudulent, it is stopped before theft can take place.

Thank goodness for dumb criminals.  Unfortunately, in this case, they were not that dumb since they were able to operate a data breach that stole upwards of two million names and social security numbers before they were caught after two years of running the fraud.  The breach is said to be within the top five largest of all time and there are still so many details about the case that information is still sketchy at this point.  The insider at Countrywide was identified as Rene L. Rebollo Jr. and he was working with Wahid Siddiqi, who were both arrested.

It appears that what was going on was that Rebollo was taking the names and social security numbers of people and downloading them 20,000 at a time.  In a statement to the FBI he said that every Sunday night he would go to a computer terminal that did not have the required security settings and download the information onto a flash drive.  He would then take this information and sell it to Siddiqi for next to nothing.  Customer profiles were sold for around 2.5 cents, well below the black market value of this information.  Siddiqi would then sell this information in bundles for around $4,500.  In all, if the two thieves had done their homework they could have made considerably larger amounts of money, since social security numbers alone sell in the $3-4 range.

At this point, it is uncertain if Rebollo and Siddiqi were selling the files to other mortgage lenders or if they were selling the information online.  Selling to other lenders is big business because it can lead to contacting customers who were denied by the larger firms and are in desperate straights.  This has become even more true with the housing market going through free fall at this point.  These other lending companies reap huge amounts of money by acting as the go betweens and are able to do this because of the files they receive from Countrywide or Lending Tree.

The case broke when the FBI bought data discs from Siddiqi.  They were able to arrest him then and learn who the insider at Countrywide was.  The FBI then moved in against Rebollo.  Rebollo was released on an $80,000 bond and is awaiting prosecution.  Siddiqi is still in custody and no bond has been set yet.  The government has stated that they are intending to bring significant charges against the pair that could result in life sentences because of the numbers of incidences.

While Countrywide has not yet begun to contact the two million individuals who are now potentially victims of identity theft, some people are not waiting around.  Knowing the severity of the issue and that tardiness can end up costing a person their financial security for the rest of their lives, people are subscribing to ID theft services.  One of the most widely used services is provided by Lifelock.  By maintaining contacts with all three major credit bureaus, Lifelock works to stop identity theft before it happens.  Whenever a new credit card or loan application is filed, Lifelock contacts its customer.  If the customer verifies they are submitting the information, it continues to be processed.  However, if the customer says that it is fraudulent activity, the application is stopped before any damage to the credit report can be done.

In three separate incidents to report on, some patients throughout England are wondering how hospitals get their clearance from the government to continue their operation.  Two incidents took place at the Stepping Hill Hospital in Hazel Groove, Stockport while one breach happened to patients at the Trinity Medical Centre in Littleborough, Rochdale.  In the most recent incident at Stepping Hill Hospital, information on 1,581 patients was stolen in a burglary.  Although it appears that the laptop was not the specific target of the break in, it was taken, along with a projector and other office supplies.  The perpetrator was caught on security cameras, although an image has not been released to the media yet.

A spokesman for the hospital said that they are working with the Manchester police and think that the individual will be caught shortly.  The laptop had names, addresses, information about billing records, and limited information about medical data of the patients.  The people whose data was on the computer were sent a letter alerting them to the breach.  They are advised that there is little chance that the information could be used for negative means because it contained a triple and complex password system that would be very difficult to break.  As a result of the break in, the hospital is upgrading its network security measures to make sure that all computers contain similar or higher levels of encryption and password protection.

On a physical note, the hospital has stepped up its efforts to monitor the building.  Since the burglar gained entry through a window, new security detectors have been placed on all windows.  Additionally, new cameras have been stationed around the premise with more expected to be added in the coming days and weeks.  All windows will now be checked to make sure that they are locked, although a police spokesman said that the burglar broke a window through a window rather than finding an open one.

Last month Stepping Hill Hospital a worker lost a memory stick containing information about patients while she was walking to her auto.  The data included, names, birth dates, addresses, medical conditions, NHS and Trust numbers.  In this specific instance, the breach was not reported to the public and was only uncovered through an investigation launched by the Manchester Evening News.  At Trinity Medical Centre, another burglary, unrelated to the one at Stepping Hill, resulted in the theft of 3,500 patients medical information.

With data breaches rising at this rate, there is good reason why so many people are subscribing to ID theft services, such as Lifelock.  This company monitors all three credit bureaus for new applications to arrive.  Whenever these credit card or loan apps are filed, Lifelock contacts it customer to make sure that they are submitting the forms.  If the applications are illegitimate, they are prevented from being processed.

Over the years many things have happened at McDonalds restaurants.  Billions of people have been served.  New techniques and policies for getting food to the consumer quickly have been produced.  Ronald McDonald and company have entertained millions of children while Grimace has caused a few to freak out a bit.  This, however, is the first time that sitting at McDonalds having a bit to eat has caused a data breach.  The interesting thing is that the breach did not even impact McDonalds, but rather Delphi.  An employee had a flash drive stolen out of her laptop while she was eating lunch at the restaurant.

The theft took place in Lebanon and impacted 2,600 former employees who had worked for Delphi in the Columbus, Ohio area.  The flash drive contained names, addresses, telephone numbers, but most alarmingly, social security numbers.  This is the exact type of information that an identity thief needs in order to create financial havoc on an unsuspecting victim.  Delphi acted quickly, according to spokeswoman Helen Jones-Kelley, in alerting the affected employees.  Letters were sent out to the individuals letting them know what had happened and that their private data had left the security of the company.

The media was not provided with a copy of a letter.  It was interesting that Jones-Kelley did not mention any credit monitoring that would be provided free by the company.  In many instances when a company loses the personal data of current or former employees they provide a year of monitoring services.  Since Delphi does not appear to be doing that in this case, an option that the 2,600 people might want to consider is enrolling in an ID theft subscription service.  One of the best companies that provides this service is Lifelock.  This company has connections with all three major credit bureaus, Trans Union, Equifax, and Experian, and monitors whenever a new application comes through.  This application is commonly a new credit card or loan form.  Lifelock contacts its customer to see whether or not the application is legitimate.  If it is a fraudulent claim, it is stopped from processing which effectively limits the possibility of identity theft.

At this point, there has been no information released about how the data was protected on the flash drive.  The fact that Jones-Kelley did not mention any password protection or data encryption is a discouraging sign.  She did note that the employee had violated company policy by walking away from the laptop and not making sure that it was secure before she left.  The unnamed employee faces a litany of punishments which might conclude with her termination from the company.  The data breach should cause the company to reconsider its computer policies and determine whether or not people should be allowed to take personal information outside of the main office where the likelihood of data breaches rises significantly.

Loyola University has slowly pulled itself out of the financial trouble it struggled through during the 1990s.  With increased revenue to create new construction on its campuses, the last thing that the university needed was any sort of negative attention in the media.  Unfortunately, this is the situation that they now find themselves in after creating a data breach of their own making.  In a way quite different from a lapse in network security or having private information stored on a flash drive, Loyola simply threw out a hard drive that had not been erased.  Contained on the hard drive were the names, addresses, and social security numbers of 5,800 students.

The desk top computer was scheduled to be destroyed and replaced with a newer model.  One of the steps in the decommissioning process was to copy the contents of the hard drive over to the new machine and then delete the information stored on the old one.  This, however, was not the case.  No one realized the error until after the desk top had been discarded.  There has been no word on whether or not the company that took the old machine destroyed it or not.  A spokeswoman for the university, Susan Malisch, said that there was little chance that any of the sensitive information was accessed by anyone else.

Nevertheless, Malisch recommended that students be vigilant in watching their credit reports.  She said that the university will provide a year’s worth of free credit monitoring.  These types of subscription based ID theft services have become popular in recent years, with Lifelock holding a large share of the market.  The company maintains contacts at Equifax, Trans Union, and Experian.  Whenever a new credit card or loan application is processed through a bureau, Lifelock contacts its customer to make sure that they are the one actually filing the paperwork.  If it the person is not involved, the application is stopped and noted as fraudulent activity.

Most of the 5,600 students were undergraduates, although there was information about a few graduate students also contained on the hard drive.  Letters were sent out to all affected students alerting them about the free credit monitoring services and other steps they should take to protect themselves.  Loyola has said that it will review all of its policies and procedures regarding electronic storage to make sure that future breaches of this type do not take place.  There is a discussion about whether or not an outside consulting company should be brought in to review the policies or if an internal audit will catch all the flaws in the current system.  The computer that was discarded was being used by the Information Technology Services Department when it was designated for replacement.

Second data breach in less than three months has people wondering what is going on at the giant pharmaceutical company.  Whether or not the frequent data breaches are coming from interested hackers, sloppy security systems, or a mixture of the two has yet to been seen.  However, within months of a delayed alert to 17,000 employees that their personal information had been compromised, another 950 people have been affected in a different breach of the security features of the network.

Connecticut state Attorney General issued a public statement stating how disgusted he was with the way that Pfizer is handling personal information of its employees and clients.  At one point Richard Blumenthal notes that “this information should be treated like cash.”  Pfizer has noticed a drop in its stocks as of late as a result of all the negative attention that it has been receiving in the national media in recent months.  In this incident, it was a consulting firm that was working with Pfizer that actually lost the sensitive information.  Two laptops were stolen from a locked car in Boston at the end of May, but a letter was not sent to the Attorney General for another three weeks and it was only now received by him, which generated his public statement about the disarray of the security in the company.

The consulting firm was Axia Ltd. and they have not issued an apology to the public about the incident.  It would appear that the information was neither password protected or encrypted, which makes the likelihood that it will be used by identity thieves even higher.  Unsecured information is unacceptable in this day and age and Pfizer has vowed that it will completely overhaul its security procedures and is bringing in industry leading experts to make sure that nothing of this sort happens again.  Unfortunately, knowing their recent track record it is difficult to believe the sincerity behind Pfizer.  The information on the laptop contained the names, social security numbers, and addresses of health industry consultants who were working to distribute Pfizer products around the world.

At this point, Pfizer has not said if it will continue to work with Axia Ltd. or if it will provide monitoring services to the nearly 1,000 newly affected individuals.  With the size of the recent breaches, a source who wished to remain anonymous has said that certain employees are considering filing a class action suit against the incompetence of the company and the delayed response before alerting people of the breach.  In the mean time, people are being advised to protect themselves by enrolling in ID theft subscription services.  One of the most popular choices has been Lifelock.  A company mainly known for its commercials with display the social security number of the owner on the side of a truck in downtown New York City, people are turning to it because of its successful track record.  By maintaining ties with Equifax, Trans Union, and Experian, Lifelock helps prevent ID theft before it happens.  While it cannot do anything about personal information getting into the hands of crooks, it can stop them from filing fraudulent loan and credit card applications.  Whenever this type of information appears at a credit bureau fro review, the company contacts its customer to make sure it is valid.  If it is a fraudulent piece of work, then it is prevented from being processed which stops the ID thieves from getting the cash or line of credit they were hoping to establish.

Medical records keep getting compromised.  It does not seem to matter where people live, although the vast majority of breaches have been taking place in the northwestern part of the United States.  Even in remote Alaska, people are realizing that their identity is not secure.  The most recent incident took place at the Providence Alaska Medical Center where a laptop with information on over 250 patients has gone missing.  At this point, a spokeswoman for the center said that the laptop was not stolen, although it has not been seen since May 31.  She gave no indication of why she believes that the laptop was not stolen despite its long absence without anyone having seen it.

The laptop contained information on 250 oncology patients.  For most of these individuals, only medical data was lost, although this is still a violation of HIPAA laws and the federal government will investigate the incident to determine whether or not the medical center should suffer any penalty in federal funding.  However, despite the limited information on most patients, some files contained social security numbers, addresses, and dates of birth.  This is more than enough information for an identity thief to ruin the life of an individual.  At this point there is no word on how the laptop was secured, although if it had been password protected or encrypted, it is likely that the spokeswoman would have mentioned this so that peoples’ fears would have been lessened.

The patients information contained on the laptop had all visited the medical center between August 2005 and May 2007.  All the other files at the center are secure.  However, there will be a continuing investigation to see if more safety measures need to be added to the electronic network to prevent this type of thing from happening in the future.  At this time, there is no word as to whether or not outside consultants will be brought in to address this matter.

Letters have been sent out to the 250 affected people.  Within the letter the medical center said that it will provide a year’s worth of free credit monitoring.  One way that monitoring gets done is to enroll people into ID theft subscription services, such as Lifelock.  This company maintains connections with Trans Union, Equifax, and Experian to deal with credit card and loan applications that get filed.  Whenever this paperwork appears, Lifelock stops the process momentarily to contact its customer.  If the customer verifies that the paperwork is legitimate, it is allowed to go through, otherwise it is stopped from going through.  Since this is one of the most common ways that ID thieves use fraudulently gained information, Lifelock helps prevent ID theft before it starts.

One bad apple.  That is all it takes to ruin the whole bushel.  In the case of companies, the same thing can be said about one employee.  At the Legacy Clinic Mount Hood in Portland, Oregon, it was recently discovered that a employee was stealing sensitive information from patients and using the information to profit from their misfortune.  Despite this breach having just been discovered, the clinic has said that it no longer employees the individual and has not for some time.  No name has been given of the individual, but officials for the clinic say that they person is being investigated by law enforcement agencies and that they are closing in on the necessary information to arrest and prosecute them.

The breach took place between January 2006 and February 2007.  It appears that when people went to make their co-pays, the individual would pocket any cash given to them, but also steal social security numbers and credit card numbers.  They were then to get dates of birth and addresses out of the computer system.  With over $13,000 in cash missing over the years, the clinic has been slow to explain why the breach took so long before it was discovered.  An investigation into the incident is underway by both the local authorities and the federal government.  The government agents are checking to see whether or not there were any violations in HIPAA.

The clinic has sent out letters to all the affected individuals.  In all the current total is around 750, although this number might increase as the investigation continues.  A call center has been set up to deal with all the calls that have been coming in with questions about the investigation and what affected people should do.  The clinic has said that they will provide up to $25,000 in identity theft insurance and will also provide credit monitoring services.  These types of services include the ID theft subscription company Lifelock.  By signing up with Lifelock, someone knows that they will have monitoring of all three major credit bureaus.  Whenever a new loan or credit card application is filed, they contact their customer to make sure that they are the person really submitting the information.  If they are not, then the application is scrapped and the identity thief does not win.

Those patients who made the co-pay that was pocketed or had extra money taken from their credit card account have already been repaid.  No word yet on why it took so long for the breach to be reported to the public.  Security officials are also wondering what measures that Legacy Clinic Mount Hood is going to take so that this type of easy access is not given to employees in the future.  This is part of the ongoing debate about digitizing more and more of the medical information about patients that come into medical facilities.  Safeguards need to be put into place so that the system is not manipulated from either the inside or the outside.

Nothing makes the government blush like getting caught with its hand in the cookie jar.  What is even worse is when they set up an organization to deal with identity theft and the head of it soon becomes the victim of a data breach.  Welcome to Norway, where few are happy with the way the government has been addressing the growing spread of ID theft that has started to grip the world.  Yet, this is the exact situation that Georg Apenes finds himself in now.

In a daring hack, over 60,000 Norwegians have been impacted by this most recent breach.  It is the largest to hit the country in a number of years and the more staggering figure is that the 60,000 affected represents over 1.3% of the national population.  The hack did not place on the national level, but came through the communications company Tele2.  The thieves were able to access the network systems to procure the personal identity numbers of people and also their addresses.  With this information, they are able to order goods online for people, access credit card information, and change addresses so that they can get in the mail any of the illegal goods that they are ordering in other peoples’ names.

At this time, no one has reported severe results because of the breach.  It is being speculated at this point by officials within the government’s ID theft prevention agency that Georg Apenes received something just to bring to everyone’s attention how lacking the security was at certain important companies in the country.  Indeed, Tele2 has been cited numerous times that its security and network systems needed to be upgraded to prevent this time of incident.  A spokesman for the company said that they have been working to improve their security measures, but now ill bring in outside consultants from the continent to help them get up to speed quickly.  They also have vowed that nothing of this sort will happen to their company again.

In the United States, stories of this nature have more and more people worrying about their own security.  As a result, individuals are taking matters into their own hands, rather than relying on the companies they interact with to provide ever continuing upgrades to their security systems.  One way that people are able to do this is to subscribe to ID theft services.  One of the most popular of these companies is Lifelock.  They maintain contacts with all three major credit bureaus, Trans Union, Experian, and Equifax.  Whenever a new loan or credit card application comes into be processed, it is temporarily held up.  Lifelock then calls its customer to see if they actually submitted the forms or if someone is attempting a fraudulent activity.  If fraud is determined, then the application is stopped and identity theft is prevented before it starts.  This is always a positive because there are countless examples of people who have been victims of ID theft and spend years trying to correct the matter with little positive result.