The information was first made available on a Friday and was accessible for two days before it was taken down by a concerned employee.  Thankfully the short nature of the exposure is potentially limiting to the threat of any identity theft, but this is not to say that the regulating agency is completely clear.  In the current world, there are bots that troll the internet looking for sensitive information that might be used for sale on illegal black market chat rooms in dark corners of the internet.  The information from the Commission’s site was just that type of material: names, social security numbers, birth dates, and addresses.  All of this is prime fodder for identity thieves.

A full scale investigation has been launched, but the state government has advised people to be patient.  In light of the recent damage caused by Hurricane Gustav, many government agencies are diverting all of their energies to making sure that the problems from the storm remain minor.  All the same, at least two different law enforcement agencies have been contacted to investigate the breach.  At this point, no one is thinking that there was any malice on the part of the person who uploaded the information.  This person has yet to be determined, but that is part of the investigation process.  An outside consulting firm has been called in to review all the electronic security measures of the company and to see what recommendations they can make to prevent future occurrences of this nature.  One possible consideration is to install a filter on the server that strains out personal information before it is sent out to the internet.

At this point, many realtors are scared, but know that there is little they can do to change the past.  One option that they have to help them continue well into the future is to enroll into an ID theft subscription service, such as Lifelock.  For a minimal monthly fee, customers are protected from major efforts of identity theft, such as fraudulent credit card and loan applications.  Lifelock provides this protection by maintaining contacts at all three major credit bureaus, Trans Union, Equifax, and Experian.  Whenever these applications are sent in for processing, they are temporarily held until a Lifelock representative can contact the person whose name appears on the documents.  If they verify that they are responsible for the submission, it continues through processing.  However, if they have no idea of what is going on, the documentation is discarded as fraudulent and this significantly limits the possibilities of identity theft.

All in all, around 8,000 employees of the government have been affected.  Within the material that was lost were names, birth dates, social security numbers, cellular phone numbers, and IDs to access secure government servers and files.  This last piece of information not only has the potential for identity theft, but for much larger implications toward the security of some important government material.  Some of the details also show that students at Seoul University might have been exposed, although this is still part of an ongoing investigation and there has not been a definitive word if this is the case or not.

It appears that someone within the Education Ministry discovered the breach a few weeks back and had deleted the source code which led to most of the material.  It was only after the American consultant said that there was still more available from Google and other search engines, did technicians within the government go back to clear more paths and remove the files from public access.  This left a window of two weeks when the data was still online after security experts thought that everything was protected.  What can be said at this point is that the government has launched a full investigation to find out what is responsible for the problem and to seek any legal actions against people who intended to create this breach.

A security expert familiar with the case said that it most likely took place because the government servers at these ministries do not have a filter that limits the spread of personal information.  Upon further question, a spokesman for the government said that budget concerns last year had delayed the purchase of such a filter until the next fiscal year.  In the mean time, they did recognize that their servers were more vulnerable to data breaches.

At this point, those who have been affected are advised to look into ID theft subscription services, such as Lifelock.  This company monitors all three credit bureaus to keep an eye and a limit on identity theft.  Whenever paperwork comes through that involves one of its customers, Lifelock halts the information and consults the person named on the documents to make sure they are legitimate.  Fraudulent claims are deleted and not processed.

In this particular case, the most troubling factor is that the memory stick had information on 10,000 repeat criminals – those who have committed at least six crimes in the last year, as well as information about all 84,000 individuals who are locked up in the federal detention system in Wales and England.  The detail about these people includes names, addresses, birth dates, medical information, and in some cases, release dates that have been kept secret for safety reasons.  Now all of this information has been spread somewhere into the ether or the internet for who knows what purposes.

The Home Office has launched a large scale internal investigation and is working closely with PA Consulting to figure out how this data breach happened.  The Information Commission has also been notified, as have local police agencies.  All told, there are over seven organizations working to resolve this matter and get the black eye the government has suffered out of the light of day.  Security measures will be reviewed to make sure that this type of breach does not happen in the future.  The information on the stick was not password protected or encrypted, which is a violation of government policy.  As a result, all work with the contracting firm has been suspended until the investigation concludes and they can be cleared of any intentional wrongdoings.

Once this news reached the public, there was a substantial outcry about the whole situation.  While there is some irony that a few of the repeat criminals are identity thieves who may soon be preyed upon, there are more serious criminals, such as murderers and rapists whose information was contained on the stick.  If they become the victims of identity theft, the government and ultimately the British taxpayers will have to pay for it.  This is not sitting well with people who see the government failures as piling up and the prospect of having to compensate the leeches of society to be an absolutely appalling and demoralizing prospect.

While in this case few are pushing for those who had their information stolen, since they are multiple felony criminals, still there is some need to alert people to what options they have available in this situation.  ID theft subscription services, like Lifelock, exist to help people tie up all the loose ends surrounding this type of incident.  Rather than being overwhelmed with everything, enrolling in Lifelock takes care of all the guess work.  Two of the most frequent ways that people become victims is through fraudulent credit card or loan applications.  Since Lifelock monitors all three credit bureaus, these applications are processed only once they have been filtered through the company.  If they verify with the person whose name appears on the documentation and finds that it is not them filing the paperwork, the company stops the applications before any damage can take place.

The New York Times reported this week that the company had a flaw on its website that had pulled the files and put them on display for anyone visiting the main website who decided to click on a link.  What is interesting about this incident is that it was reported to the Times by a company which identified itself as a competitor to the Princeton Review.  Most people are assuming this is the Kaplan company, although there has been no confirmation on this assumption.  It appears that whatever business submitted the information the Review, they were trying to take advantage of the negative publicity generated against Princeton to boost their own sales.

When the Times contacted the Princeton Review to report the breach, they immediately took the information off the website and closed the hole that was creating the initial problem.  However, at this point, no one knows for how long the information was up for how many people accessed it.  The Review has said that they are looking into these details in addition to launching an internal investigation to see who posted the information.  While there is no suspicion of an intent to defraud the company or commit identity theft at this point, the company wants to see if any security regulations were violated by any of its employees.  The Review has sworn that it will instituted a sweeping security policy to make sure that this type of incident does not happen in the future.  It will also start deleting the information of students after it is no longer needed, rather than storing it as it has currently been doing.

While it is unlikely that enough information has been taken in this case to perpetrate the stealing of someone’s personal identity, since young adults are involved, one cannot be too cautious.  A suggestion has been to enroll in an ID theft subscription service, such as Lifelock, although the Review has not yet agreed to pay for such services.  Lifelock monitors all three major credit bureaus for loan and credit card applications.  These applications are then verified with the person whose name appears on the documents to make sure they are not fraudulent.  This helps prevent ID theft before it takes place.

Credit card companies have said that they are trying to help people protect their information and that they want to work with consumers to make the process easier.  Someone should remind the customers of Barclaycard that such a dialogue has taken place.  It would seem that Barclaycard has accidentally sent out all the information on 17,000 of its customers to other customers.  While printing out a monthly balance, something went awry between the account statement printer and the mail label printer, resulting in everything being off when it was supposedly sent to the right recipient.

The most damaging thing about this data breach is that the statements not only show the name of another customer, but also their address,, credit card number, limited password information, and previous billing habits.  Not only is this a violation of financial security, but the privacy of all of these people has been torn asunder.  Barclaycard has said that it will be sending out the correct account statements later this week and it will also be issuing a written apology to everyone affected by the incident.

Although there has been no confirmed word on the content of this apology, an insider who wished to remain anonymous, said that the apology will provide a guarantee that this type of mistake will not happen again.  While this is a great promise, it may be a difficult one to keep, although some security firms offer services that are supposed to prevent this exact type of incident.  Either way, steps will be taken to prevent any identity theft from resulting from this breach.  The Information Commissions Office has demanded to know what steps Barclaycard is taking for the future and has threatened to file a legal claim against the company.

Some of the card holders are actually American and have a Barclaycard as part of their business transactions.  While the extent of this connection is not yet known, it is advised that these individuals look into an ID theft subscription service.  Lifelock, one of the most popular companies that provides this service, has a record acknowledged for its success.  It maintains connections at the three major American credit bureaus and monitors member accounts for any new credit card or loan applications.  When these are found, they are verified with the named individual to make sure they are legitimate, at which point they are processed.  However, if they are fraudulent, they are stopped before identity theft takes place.

It appears that the largest singular incident involved the Ministry of Justice and some contractors who were working on a variety of projects for the institution.  Part of the project required the contractor to have personal data about people within the ministry on discs.  Although the ministry was supposed to get these discs right back once the job was complete, it seems that no one remembered until about six months after the completion of the work.  At that point, the contractor was contacted and he returned the discs.  It is this window of six months which is having some security experts worried.  The discs contained names, addresses, birth dates, and some bank account information.  This is the type of material that an identity thief could use to steal the financial benefits of an individual.

Another incident involved a laptop that was lost from the main offices of the ministry.  No police reports were filed about the lose, so the possibility of theft was ruled out in the beginning, although no spokesman for the organization has come forward to explain why this was the decision.  The laptop contained information on over 14,000 people who had defaulted on payments that they received as part of their sentences.  As a result of the loss of this laptop, the defaulters have not been charged the last few months and the ministry is working quickly to make sure that no one is loosed from their legal responsibilities of paying for their crimes.

The ministry also reported that it has had at least two times in the last year where it has lost paperwork which contained sensitive data.  Efforts are being made to tighten up regulations so that such loses do not happen in the future.  Other possibilities to prevent further accidents involves switching to a paperless system and making sure that anyone with access to sensitive material does not download the material onto discs or flash sticks.

In all of this, while the breaches are not necessarily considered severe, it is easy to see why so many people are investing in ID theft subscription services, such as Lifelock.  With these subscriptions, costing only a minimal amount of money every month, customers can get a piece of mind involving their personal information.  Lifelock works by having monitors at all three major credit bureaus.  Whenever a new credit card or loan application is filed, it has to go through a bureau.  Once the paperwork is received, the company puts a temporary hold on the processing until it can verify that the information is legitimate and not a fraudulent attempt.  If this proves to be a case, the application is canceled and identity theft is prevented.

One thing that is certain is that the information on the laptops contained personal information on over 9,000 Charter employees around the country.  These records were not only for current workers, but also those no longer employed by the company.  Unfortunately, there is no timeline for when the workers were with Charter, so at this point anyone who worked for the company might be at risk of identity theft.  The company was planning to send out a letter to affected employees, both former and current, although there has been no time table released for this information’s dissemination.  The laptop contained names, addresses, social security numbers, and some bank routing numbers from direct deposit accounts.

At this point, a spokesman for the company said that there is no indication that any of the private information has been used for fraudulent means.  However, experts suggest not taking any chances.  While Charter is providing up to a years worth of free credit monitoring services, some employees are reluctant to enroll in this service.  A former employee, who wished to remain anonymous, said that she did not trust the company to pay for the enrollment because that would involve giving them her personal information again, and Charter has already shown they are not capable of insuring the security of that type of data.

An option for disenchanted workers like this is subscribing themselves into an ID theft service program, such as the one offered by Lifelock.  For only a minimal monthly fee, the company works to provide potential victims of identity theft with some piece of mind.  By establishing contacts with the three major credit bureaus, Trans Union, Experian, and Equifax, Lifelock is ideally situated to stop identity theft before it starts.  One frequent effort by ID thieves is to open up new credit cards or take out loans using the social security number of a victim.  When this information goes to be processed through the credit bureaus, Lifelock temporarily halts it and contacts its customer.  If the customer verifies these applications as legitimate, then they are sent through to continue being reviewed by the bureaus.  However, if the customer says that it is fraudulent activity, Lifelock prevents the applications from going to the review process and consequently prevents identity theft from taking place.

The Minister for the Department of Social and Family Affairs, Mary Hanafin, has expressed her disappointment in the Comptroller and stated that she will investigate the matter further to see what types of problems this delay in information has caused.  Over the next two weeks, the department will be contacting the 100,000 recipients whose files on the laptop contained financial information.  This contact will take place by telephone.  The other 280,000 affected individuals will receive a letter from the department informing them of steps they should take to ensure that their private information has not been used for fraudulent means.

The information on the laptop was password protected, but not encrypted.  As a result of this revelation, the department is taking steps to ensure that all laptops and desktop computers have encrypted and password protected files from here on out.  Data Protection Commissioner Billy Hawkes said that all regulations regarding the electronic storage of files will be reviewed and efforts will be made to make sure that personal information is not stored on portable devices.  He also said that this is a serious breach and that he would continue to meet with the Comptroller, John Buckley, to further discuss his actions and what steps his office can take to prevent this type of problem in the future.

In a surprising revelation, it is being reported that since 1999, the Office of Comptroller and Auditor General has had sixteen laptops stolen.  This frequency is far and away higher than any other department in the government and an investigation is ongoing about these incidents.  For people who feel that their financial records have been fraudulent used, they can contact the Bank of Ireland and also use the hotline that was set up by the Department of Social and Family Affairs.

Ireland is not alone to this type of breach.  Such occurrences are frequent in the United States, which is why people are enrolling in ID theft subscription services.  One good company to consider is Lifelock.  This company has contacts with Trans Union, Equifax, and Experian where it monitors the credit activity of its customers.  Whenever a new loan or credit card application is submitted, Lifelock contacts its customer to determine the legitimacy of the forms.  If they are fraudulent, they are prevented from being processed.

Very few details about this incident have been released at this point.  The name of the employee has not been released, although an insider said that she is not available for contact and has left the area pending the investigation.  A spokesman for the hospital said that a letter was being sent out to the affected individuals.  Within the letter was a request that affected people enroll in an ID theft subscription service, like Lifelock, at the hospital’s cost.  These services provide monitoring of the three major credit bureaus.  By keeping tabs on all three bureaus, they are able to contact their customer whenever a new credit card or loan application is filed.  If the customer says that this information is legitimate, then there is nothing done.  However, if the application is fraudulent, Lifelock prevents it from being processed any further and significantly limits the possibility of credit damage and identity theft.

The reason the hospital is recommending that people subscribe to Lifelock and other services is that the information on the flash drive contained, names, addresses, social security numbers, the social security numbers of spouses, and full medical records and treatments.  Even worse is that there was no password protection or encryption on the drive.  This means that whoever finds this drive can plug it into their computer, open the files, and have instant access to all the personal data of the 1,200 people.  This blatant violation of both hospital and government policies is the reason that HIPAA may be getting involved.  Set up by the United States government, HIPAA was established to provide security for patients’ medical records.  The nameless employee in this case could be facing a $25,000 fine for her carelessness.

An equally troubling issue in this whole case is that an insider at the hospital has supplied the media with a private memo that was distributed to the company.  Apparently, three more flash drives are missing and all of them were last seen on the desk of the work guilty of the above noted data breach.  The hospital is asking for the immediate location and return of these drives, specifying that one drive contains information “very important to the district and needs to be found as soon as possible.”  There has been no word yet on whether or not these drives have been located or what information is contained on them.  Either way, hospital administrators have said that they will review and upgrade all security policies to make sure that nothing of this nature happens again in the future.

Not only is it a large number of students affected by the breach, but the extent of the data lost is troubling.  Names, addresses, social security numbers, and credit card numbers were all contained on the flash drive.  Thankfully the three digit code on the back of the credit cards was not stored on the file, although this is only of a slight comfort to the affected souls.  A letter was sent out to the 15,000 people on Monday which was a follow up to the email that was sent on Friday.  There has been no discussion of how long it was between the breach and when it people were notified.  Among the 15,000 affected people are not the students of the main campus, which is located in Littleton, Colorado.  Most students were from the Corporate Learning Division and the records include those who attended the university from 1997 to the present.

In a statement released by ACC President Bert Glandon, he apologized to all affected students.  He noted that the contractor was in violation of the college’s policy of not having personal information stored on portable devices.  Although there has been no word at the moment, it is likely that the contractor will be terminated.  Glandon also said that the college is working to review and upgrade all of its security policies so that this type of breach would not happen again.  No one has mentioned whether or not the flash drive was password protected or data encrypted, although the lack of this mention is not a good sign for the 15,000 people whose information was stored on the drive.

Arapahoe Community College is advising its students to place a fraud alert with the credit bureaus and to request a free copy of their credit reports.  While fraud alerts are easy to start, they are only free for a limited amount of time.  A much more secure option is to subscribe to an ID theft services.  A good company to use is Lifelock.  It monitors all three credit bureaus, Trans Union, Equifax, and Experian.  Whenever a new loan or credit card application is filed, Lifelock contacts its customer.  It checks whether or not the paperwork was actually filed by the person whose name appears on it.  If it is legitimate, the application continues to be processed.  However, if it is fraudulent, it is stopped before theft can take place.