Everyone hates jury duty. For a few hundred people living in Clark County, Nevada, there is a whole new reason to dislike the process. It was reported today that a data breach has occurred with the potential jurors list. It seems that an outside contractor that handles the information illegally sent this sensitive information to the private email address of one of its employs. There is no reason that this information should have left the secure server of the company and this fact launched an investigation into the incident. The investigation is still in progress, although some details have been released to the media.

The court sent out letters to the 380 affected individuals. Unfortunately, these letters did not specify whether or not the investigation suspected that the transfer of the sensitive material was an accident or if it was deliberate. At the same time, there was no discussion of when the breach occurred and how long it took the court to act on the information. In many of the recent data breaches, there has been considerable delay before notifying the affected parties, which has caused considerable amounts of stress to people once they learn of the crime.

It was originally feared that the information contained in the private email listed names, addresses, social security numbers, and birth dates. As the investigation has continued, this fear has decreased, as many of the accounts had personal data included, although it was incomplete and thus not nearly as large of a problem in terms of identity theft. However, this only applies to some of the affected people, although there are no further details about what percentage of the 380 falls into this category. The court did try to assure the public with the knowledge that there are a total of 1.7 million people on the juror list and that this breach is, fortunately, of a small nature.

While the court continues its investigation, it has announced that it is changing some of its policies. It will no longer list any private data on the forms that are supposed to be printed out about potential jurors. No word yet on how they plan to secure their system so that no future incidences occur, with sensitive material being sent to an inappropriate location. Authorities will determine what measures need to take place, since the court is a central component of the state government and needs to meet certain informational security criteria.

For those affected, officials are suggesting they contact the credit bureaus and place a free initial alert on their account. Knowing these alerts are only free at the beginning, more and more people are looking into ID theft subscription services, such as Lifelock. This company monitors all three credit bureaus for a minimal monthly fee and alerts its customers whenever a new credit card or loan application is opened. It then verifies that this is a legitimate application before allowing it to be approved.

Watch out students. No where seems to be safe on campus anymore. Not even the private offices of workers who handle the confidential data of many students. No wonder there is always such a flurry of signs reminding students at the end of the semester that they need to be mindful of their belongings, since people are stealing everything that isn’t bolted down to profit from at book sell back time. Even those things that are bolted down can walk away as was the case earlier in the month when a desktop computer was taken from an administrative office. There has been no word yet on which specific office was robbed or the exact material contained on the hard drive.

What is clear at this point is that over 6,200 students have been notified of the breach, although this was only made clear to the media through the outreach of the father of a student who was affected. It isn’t understood why the university did not approach the media and own up to its responsibility that its systems had been breached. Some have speculated that the East Tennessee State University is fearful that it will be found in violation of some of its safety and security policies. No word yet on how the university has responded to these accusations.

The breach not only affects current students, but also alumni. Unfortunately there hasn’t been any discussion about how far into the past the data goes, so there is no window of time that we can report to the public to let them know whether or not they should be concerned. The best thing to do is to keep an eye out for a letter from the university that deals with this case. Those seeking more information can contact the university’s Department of Safety.

The information contained on the desktop was encrypted and it met the standards that educational institutions are expected to have. At the same time, university officials have noted that there is a slight chance that the data could still be accessed, although there have been no reports of this happening. As the investigation continues, the university says that it will keep everyone posted and that it will assess its security settings to determine whether or not they need to be upgraded.

In the meantime, those affected are advised to contact one of the credit bureaus to place a fraud alert on their accounts. There are some ID theft subscription services, one being Lifelock, that provides continuous monitoring services. They contact all three credit bureaus, Equifax, Trans Union, and Experian and monitor for new loan and credit card applications. Whenever one of these applications appears, Lifelock contacts its customer to make sure that the application is legitimate and not some effort at identity theft.

It isn’t only laptop computers that seem to grow legs and walk away anymore. Even desktops have become a popular target for thieves looking for some easy money. Sure, more and more people are stealing catalytic converters and while it is a pain to have to spend $200-$1000 to get a new one it is a lot cheaper than having someone on the internet buy your identity for next to nothing and creating headaches for you for the rest of your life. Whether or not the person who stole the computer from the office at the Moore School of Business at the University of South Carolina had the intention of just a few easy bucks for a computer or identity theft, it isn’t clear at this point yet.

What is clear as the facts have been coming in is that over the Memorial Day weekend one of the offices at the Moore School was broken into and many items were stolen, including the desktop computer. The computer was the workstation of Deputy Dean Dr. Scott Koerwer. While there is no information at this point that any of the personal data on the computer was actually accessed, the university is taking a proactive stance and alerting the affected people. In total over 130 staff and faculty have been notified and 7,000 students need to keep an extra eye on their financial status. The faculty and staff is only currently employed, so if you had worked at the Moore School in the past, your data is not at risk. As for the student body, the 7,000 students were registered for classes in the business department in the last year, both undergraduates and graduate students.

The break-in is under investigation by the university’s department of public safety and there are currently no leads. This issues has raised the question of USC’s security policy for private information. Although no official would speak on the record, one person familiar with the security systems at the university said that files are encrypted and that procedures are set in place so that private data is contained only on stationary computers that remain on campus at all times. This is in an effort to prevent this type of breach from happening at the homes of individuals who deal with sensitive material. Students and faculty were sent a letter which advised them to keep an eye out for suspicious activities and steps that they should take to safeguard their finances.

One of the measures that is recommended is placing a fraud alert with one of the credit bureaus. Companies, like Lifelock, offer this type of ID theft subscription service. They alert all three credit bureaus and make sure that credit card and loan applications are actually being opened by the person named on the account. If anyone associated with the USC break-in has more questions, they are advised to contact the department of public safety.

The popular website of Cotton Traders was hacked earlier this year. No details have been reported yet about when the actual breach happened or the extent of the information that was accessed, but spokesmen for the company have said that these details will be provided to the public as the case surrounding the breach continues to develop. As it stands right now, over 38,000 people have been affected, although there are varying degrees of what pieces of their private information were taken. In some cases for the 38,000 people, credit card information was taken. Other specific instances also show that personal addresses were obtained, although these have only been noted in a few isolated incidences.

The company that runs the credit card component of the site, Barclaycard, was immediately notified of the breach. As a result of this quick notification, the company was able to prevent even more people from being affected by the breach. This is considerably good news when one notes that Cotton Traders has over one million customers and that most of these people have an online account used to purchasing products. However, the investigating company notes that the threat of fraud in this instance is serious, because the data gathered was active and could be used for illegal activities at the present moment, not down the line, although this also remains a possibility.

Cotton Traders has announced that its customers should rest easy because all of the credit card information was encrypted. No word yet on whether or not this was also the case with the personal addresses and other data involving maiden names. As a result of the breach, the company has called in outside consultants to help assess the quality of Cotton Traders’ systems. These consultants have already prescribed numerous improvements and the company has been quick to act, noting that within the last few months security features for all of its websites and payment affiliates has been increased substantially. These measures now have Cotton Traders well above the standards set for the industry and they want customers to know that they will not be lax in maintaining these exacting standards.

While those who are worried about their accounts are advised to contact the customer service department of the company, others are taking other actions. Although the company caters mainly to British citizens, it also attracts considerable traffic from across the pond. Americans affected by the breach are turning to ID theft service subscription companies, such as Lifelock, to keep an eye on their credit reports. This company contacts all three major bureaus and alerts customers whenever a new credit card or loan application is opened, in an effort to prevent fraudulent activity in these matters.

In a recent press release by 1st Source Banks, based in South Bend, Indiana, the public has learned of a breach that took place within the debit systems of the bank. It appears that an unknown number of debit card numbers and pin codes were illegally hacked from a secure network at the bank’s corporate headquarters. There have been no reports at this point of any illegal activity to have resulted from this breach. The bank isn’t taking any chances though said James Seitz, a senior vice president for the firm.

In an effort to prevent any wrong doings from taking place, the bank has canceled all of the older ATM accounts of affected individuals and has sent out new account numbers and pin codes for people to use to establish their new account. While there have been no details about the number of people affected, the bank has said that these preemptive measures are costing them a considerable amount of money, although they appreciate how understanding all of their customers have been, especially while recognizing how serious of a problem identity theft has become in recent years.

While the bank continues to keep customers informed of changes taking place in the case, it was also decided that each affected individual will receive a one year subscription to an ID theft service. These companies, such as Lifelock, provide a safeguard against illegal credit activities that are reported through the major credit bureaus. Experian, Equifax, and Tran Union are contacted an alerts are placed on people’s accounts to keep an eye out for any new credit card or loan applications. These applications are then confirmed with the customer to make sure that they are legitimate.

The breach took place on May 12 and was identified that same day. Unfortunately, the people affected were not sent letters until the 28, over two weeks after the event took place. This is the result of the extensive investigation that the bank launched to uncover the extent of the damage and what the breach exposed. On May 12 when the breach was discovered, the server was set down and no other access was allowed to the system. This is what analysts believe has prevented any of the information from being illegally used. In an effort to prevent further incidences from happening, 1st Source hired an external consulting firm to review the safety features of the network. Seitz has noted that this group has contributed positive suggestions that have helped the bank update it encryption standards.

In an effort to answer all the questions of its customers, the bank has extended its customer service hours and has received favorable comments about the efforts taken by the bank. Additionally, the bank is monitoring ATM transactions on a minute by minute basis in order to detect any fraudulent activities that might occur.

Today, officials at the University of Nebraska at Kearny released a press release that informed current and former students of a data breach that took place last month on nine computers on campus. Although all the computers were affected were desktops, there are going to be an increase in the data regulations and security policies implemented on campus computing facilities. In all, over 2,000 people are now potential victims of identity theft.
According to the press release, the breach took place on June 8 and was noticed and responded to on June 9. No word on why the university took almost a month to alert its students and alumni of the breach, although the release did note that a thorough and complete investigation of the matter had taken place. After this investigation, the breach was traced back to individuals in the Republic of Slovenia. The departments affected by this intrusion include History, Biology, Psychology, Computer Science, Math, and Sociology. Two computers in History, Biology, and Psychology were affected, while only one computer was accessed in each of the other departments. Students impacted by this were either History advisees in 2002-2003, or deciding students in 2001-2002, or students enrolled in the Masters of Science in Biology program that takes place online.

At this point, there have been no reports of any illegal activities taking place from the data gathered illegally. Such information included social security numbers, names, addresses, and bank routing numbers. The release said that there is no indication that there was any effort to use the information for illicit purposes or if it was even stolen from the systems. One proposed possibility for the breach was to use the computer’s processing power to help spread spam to all computers on campus, although the validity behind this claim has yet to be proven. Letters to this affect and that spell out necessary actions to take are being sent out to the 2, 035 people involved in the breach.

The university has spelled out that this is the first breach of its kind to affected Kearny. Officials with the information systems and services department have assured the student body that they have numerous security features in place to prevent this type of intrusion, including firewalls and encryption services.

Those affected will only receive a letter. The university will not contact anyone by email or phone and individuals are advised to not give their social security number out to anyone inquiring for the information over the phone or online. Authorities suggest that students file fraud alerts with credit card companies and the credit bureaus. For those now familiar with how to go about these procedures, they can contact the FTC. There is also the possibility of subscribing to ID theft services, such as Lifelock. Lifelock contacts all three credit bureaus and alerts consumers whenever a new credit card or loan application is filed, which helps stop identity theft before it starts.

Residents of Arkansas have some reason to cheer tonight.  Today both Tamara Hill and Ebony Flowers were arrested in connection to the theft of personal data from the Baptist Health Hopsital’s information system.  Hill is a former employee of the company who was released in early June as more details about security mistakes at her work terminal were reported.  Hill was found guilty of using 25 other people’s personal information to get gift cards at Walmart for use at other periods of time.  Flowers was caught doing the same thing, although she was only in possession of three people’s financial information.

It appears that Hill obtained the information while she was working at the Emergency Center in the Baptist Health Hospital.  She took screen shots images of the private data and then printed it out for later use.  No word has come from the hospital yet of security upgrades it will take to prevent similar malicious deeds from taking place in the future.  There is a rising push for background screening of individuals, although this is and of itself can have its own liabilities.

The hospital had over 970,000 visitors last year and there is no idea about the extent of the theft that took place.  There has also been no word on how Hill and Flowers are connected and if anyone else received copies of the screen shots with the personal data.  Authorities found out about the breach when a victim contacted police to say that they had not authorized the gift card charges at Walmart.  The extent of the breach is potentially so large that the U.S. Secret Service has entered the case in an effort to limit the number of affected people.

The hospital released a letter saying that some of the personal and financial information had been illegally accessed.  However, they assured their patients that none of the material that had been obtained involved their medical records or diagnosis.  This is important, because any such information would be in violation of HIPAA, the Health Insurance Portability and Accountability Act.  If this was the case, the hospital could face even greater threats of a lawsuit and sanctions by the U.S. government.  Yet, there is some confusion about what information was released.  According to Pam Dixon, executive director of the San Diego-based World Privacy Forum. she believes that all the information released in the breach falls under the protection of HIPAA and that the hospital will need to show considerable improvements before it can handle the admission of patients in the future.

In the letter sent out to patients, there is no indication of whether or not the hospital will provide credit monitoring or insurance services for its victims.  For those who don’t want to wait until it is too late, they are turning to ID theft subscription services, such as Lifelock.  Lifelock and other companies can help guard the credit reports of people by monitoring all three credit bureaus and verifying with the customer whether or not they are the person opening up a new credit card account or filing a new loan application.

For some teachers, summer vacation can’t come quickly enough.  For over 800 educators in Texas, this might be a summer they wish they could forget.  After an issue with insurance companies in the state and their policies of destroying confidential records, and the theft of personal information from one of the largest gas station chains in the state, now those who teach our children have to worry even more about their personal identity because they were following state laws.

It was reported yesterday that a lockbox containing the personal data was stolen from an office located inside a home in the community of Wichita Falls.  The name of the company is L-1 Identity Solutions.  It seems that the company will need to find its own solutions to prevent any future breaches from taking place at its offices.  According to a spokesman for the company, letters have been sent out in the mail to notify the people affected by the theft.  Unfortunately, those connected to this case have had their names, addresses, social security numbers, and license numbers stolen.  This is more than enough information for someone to assume the identity of another person.

A representative from the Association of Texas Professional Educators, Doug Rogers, noted that there have been concerns with the state’s policy about conducting background checks on teachers.  While there is no debate that parents should be confident in the safety of the instructor teaching their children, the methods used to conduct the checks need to be modified.  Thefts of this nature are what educators feared.  It appears that L-1 shared this concern and has laid out measures for future finger print screenings that do not require that material to be accompanied by mounds of private data.  No word has been issued on whether or not their proposal has been accepted.

In the letter that the company sent out to affected parties, they have promised to provide a year of identity theft insurance and credit report monitoring.  In other data breaches, the affected business has not been so upfront about the danger and has not provided similar guarantees.  In those cases, people turn toward companies, such as Lifelock, that provide ID theft subscriptions.  Lifelock and others provide monitoring services with all three credit bureaus.  Unlike some companies, Equifax, Trans Union, and Experian all are in touch with members of Lifelock’s staff.  These staff members alert their customers whenever a new credit card application or loan is filed in their name, actions frequently undertaken by criminals involved in identity theft.

As time goes on, more details about this case hope to be made available to the public.  L-1 will continue to look for new measures to insure the safety of their office locations, in addition to the material contained within.  As data breaches of this type become more common, state agencies will have to reevaluate their policies regarding background checks to ensure that those in compliance with the law are not inadvertently punished with the exposure of their private data.

Employees of the California Department of Consumer Affairs aren’t very happy today.  But things could be a lot worse.  Over 5,000 contractors and workers of the organization have become the victims of identity theft.  While the file that was misplaced contained titles and salaries, which are all public record, the real concern is that it also lists the social security numbers of everyone.  Russ Heimerich, a spokesman for the DCA, has said that the organization is taking all necessary steps to prevent anyone from using the information for fraudulent purposes.

The breach occurred on June 6 when a word document was incorrectly sent outside of the network.  No word has been given on why the file was not encrypted or how it was able to leave the system’s mainframe.  There are supposed to be security features enabled to prevent this type of breach from occurring.  According to Heimerich, officials at the DCA acted quickly to contain the breach. They sent out letters and emails to the affected contractors and workers to let them know of the data loss and to alert everyone to keep an eye out for identity theft.

This breach has struck some individuals as ironic, because the DCA is in charge of protecting consumers in the state of California.  Up through 2007, it was also responsible for educating people in the state about how to avoid fraudulent activity and deal with credit theft and misuse of personal information.  With the breach being made public, Heimerich was able to reassure people that there isn’t much to worry about.  The recipient of the email with the word attachment hasn’t even opened the file yet.

Heimerich has also assured those affected that the DCA will provide a year of credit monitoring services.  One of these services, Lifelock, locks your credit reports with all three credit bureaus.  The DCA has also said that it will pay for up to $25,000 worth of fraudulent activity that might take place on someone’s credit.  While the Lifelock services will alert consumers about new credit card and loan applications, it is good that the state is being so proactive in their efforts to fix any problems before they start.

In total, of the 5,000 affected individuals, only 2,800 of the people are still currently employed with the DCA.  The other 2,200 people are old contract workers, consultants, and people who are serving in only part time functions.  Other individuals are employed by various agencies throughout the state of California.  Members of the Office of Private Protection are not included in this alert, because their files are no longer stored in the same database as other agencies.  Experts note that the DCA has been very quick in taking all necessary precautions and that if anyone notices fraudulent activity, they should contact the DCA directly.

Southeast Missouri State University is at the center of a crime that has roamed across two states and along the lines of connectivity into the internet.  William Elum was arrested in Atlanta earlier this week in connection with stolen data which he obtained while at SMSU.  While employed at the university, he was a hall director, which gave him access to the personal files of students residing in his dorm.

University officials were first alerted to the breach when two students reported their information was used in the course of credit fraud.  Thankfully, neither of the attempts was successful.  While there has been no word about other criminal activities, university officials advise students to be on the lookout for any inappropriate charges appearing on their credit reports.  While students are able to put a fraud alert on their account or a credit freeze, they are also able to purchase a subscription to an ID theft service.  One such company is Lifelock, which provides a similar service with all three credit bureaus.

Once the initial activity was reported, officials went through the old security logs to see if there were any other fraudulent incidences.  The review of the logs showed that reaching back to April of this year, there had been a number of attempts to use students’ personal data to enter the university’s computer system.  The userid and passwords of the students were compromised and the userid was the same as the social security number of the affected person.

Students were alerted of the breach, by letter, on Thursday of last week.  Although there was a delay of over two weeks between the recognition of the breach and the sending of the letter, university officials say this was a result of finding out which students had been affected.  There were problems with the file logs and some of the data had been corrupted, slowing down the entire notification process.

Elum had left SMSU in 2007 and spent the 2008 school year working at Georgia Tech.  There has been no word if GT will examine its own files to see if Elum committed any similar criminal activity.  The data breach was brought to the attention of authorities in Georgia, where it is a felony to be in possession of unauthorized personal data.  According to insider accounts, Elum is scheduled to appear before the Superior Court of Fulton County on June 30.

The breach occurred during a time when the university was creating a new userid system that did not use social security numbers.  At the time, Elum was able to download the information to his personal laptop.  No word has been released by university officials about security features they have made to their network to prevent the transference of private data to personal computers.