2007 Data Breaches Via Lost or Stolen Backup Tapes, CD’s and Hard Drives
The number of people who have had their personal information exposed in 2007 is staggering. Part one (Hackers) and part two (Stolen Laptops) of this sequence of articles mainly described how identity thief’s were stealing your information by hacking databases and stealing laptops.
This article shows how your private information is being exposed by companies and institutions that are “misplacing” or having storage devices stolen.
We understand that the theft of these devices can not always be prevented but with quite a few companies announcing their storage devices as “misplaced” or “lost” it becomes clear that better policies and procedures regarding their security needs to be put in place.
We also realize that some of these devices reported lost may in fact have been stolen but since they have no proof of this they are reporting them lost. Hopefully companies will start to see the costs associated with improper protection of personal data, the risks of identity theft, and the need for them to take an active role in preventing identity theft.
We also hope that Americans realize the ever present danger of this horrible crime and put an identity theft protection plan in place for themselves and their loved ones.
Regardless of how your information is getting compromised what we need to understand as a society is that our private information in the wrong hands can be devastating to potential identity theft victims and as such we have to pressure those who hold our personal information to treat it with the security and proper procedures that it deserves.
Unfortunately this is not being done due to costs of implementation and what we believe is a lack of understanding of identity theft and what companies and institutions need to do to protect their data from being stolen by criminals. It will be interesting to see how all the lawsuits against TJX change the mindset that data protection is not worth the cost.
Here is a partial list of data that was compromised in 2007 due to insecure data storage devices:
- 1300 California National Guards who were deployed to the Mexican border had their Social Security Numbers, birth dates and other identifying information compromised when a hard drive was stolen.
- 48,000 veterans plus 535,000 doctors and patients had their private information compromised when a hard drive was stolen from the U.S. Department of Veterans Affairs Medical Center in Birmingham, AL.
- 26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to Kansas City Hall.
- 135,000 employees and patients of John Hopkins University were affected when 8 computer tapes sent to a contractor were “misplaced”. SSN’s and bank account information of the employees were stored on the tapes.
- 196,000 customers of WellPoint’s Anthem Blue Cross Blue Shield in Virginia had their private information including SSN’s compromised when cassette tapes holding this information was stolen from a vendor.
- Hortica Insurance clients had their data compromised when backup tapes were lost in transit.
- 2,900,000 Georgia residents were put at risk when a CD with their personal information was lost by Affiliated Computer Services. Personal information included addresses, birthdates, dates of eligibility, full names, Medicaid or children’s health care recipient identification numbers, and Social Security numbers.
- 100,000 Transportation Security Administration employees, including federal air marshals and airport security officers had their private information exposed when a computer hard drive containing payroll information was stolen.
- 47,000 J.P. Morgan Chase’s bank clients were put at risk when a computer tape containing personal information went missing at a secure off-site storage facility.
- 500,000 Ohio state employees, and taxpayers, had their information including SSN’s compromised when a state agency intern had a backup data storage device stolen from his car.
- Merrill Lynch had a computer device stolen containing personal information, including Social Security numbers, of 33,000 employees.
- University of Michigan’s School of Nursing compromised 8,000 patients of two clinics when a computer hard drive was stolen.
- A flash drive stolen from an employee’s desk at the University of Cincinnati had private information, including Social Security numbers of 7,000 current and former students.
- 230,000 Hartford Financial Services policyholders in Ohio were put at risk when 3 backup tapes were “misplaced”.
- Tax Service Plus in Santa Rosa, California had a backup computer stolen which contained financial data on 4000 tax returns dating back three years.
- Hortica of Edwardsville, IL had a locked shipping case of backup tapes stolen. The tapes contained personal information including names, Social Security numbers, drivers’ license numbers, and bank account numbers.
- TSA of Arlington, VA “misplaced” a storage device with 100,000 records including historical payroll data, Social Security numbers, dates of birth, addresses, time and leave dates, bank account, routing information, and details about financial allotments and deductions.