Data breaches affect million state residents

[Jake Kouns <jkouns () opensecurityfoundation org>]

As a quick note DataLossDB currently has 274 primary sources for
Massachusetts at this point.  We do have an additional open FOIA
request and are waiting for a response.  For more information or if
you would like to assist please visit:
http://datalossdb.org/primary_sources
--Jake

----------------------------

Data breaches affect million state residents
http://www.boston.com/business/technology/articles/2010/01/03/data_breaches_affect_million_state_residents/

One million Massachusetts residents - or 1 in 6 people - have had
their credit card numbers, medical records, or other personal
information leaked or stolen over the past two years, according to
records provided to the Globe by state officials.

Many thousands of the leaks were first reported between June and
November - including confidential data on customers of Blue Cross Blue
Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank, and other
major institutions, documents released by state regulators revealed.

The breaches occurred in a variety of forms, including theft of laptop
computers and the loss of a computer data tape. But most involved
successful hacker attacks on computer centers, where large amounts of
personal data are stored.

It is unclear whether any of the incidents of leaked or stolen data
resulted in any instances of identity theft. The state’s records
reflect only that the information was exposed.

Barbara Anthony, undersecretary of consumer affairs and business
regulation, said that businesses, schools, and government agencies
must cultivate “a culture of security’’ to protect the millions of
sensitive personal documents under their control.

Under a state law passed in 2007, all such institutions must inform
consumers and state regulators about security breaches that might
result in identity theft. Such leaks involve the release of a person’s
name along with sensitive information such as Social Security numbers,
driver’s license numbers, or bank account, credit card, and debit card
numbers.

As of November, the state had received 807 data breach notifications
from a variety of institutions that collect personal information, from
companies to banks and colleges. In most cases, only a few consumers
were affected, but in other instances, information on thousands of
people was compromised.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php