May 2006

You are currently browsing the articles from numbrX Security Beat written in the month of May 2006.

FIU Student Records Compromised

If you're new here and like what you read, you may want to subscribe to my email alerts or RSS feed. Thanks for visiting!

Two months ago, Florida International University discovered that a database containing student and applicant names and social security numbers was breached by hackers. Last week, they notified the thousands of people affected via postcard sized letters. Students are concerned both by the delay of notification as well as the method, which can easily be mistaken as junk mail due to its size.

If you have received a warning letter, “university officials recommend you check your credit report with the three main credit reporting agencies to make sure you have not become the victim of identity theft.”

Source: CBS4 News – South Florida

Written by MCruz on May 31st, 2006 with no comments.
Read more articles on Identity Theft and Students and Universities.

Red Cross Employee Terminated after Identity Theft Discovery

A telephone blood-drive recruiter for the Missouri-Illinois Blood Services Region of the American Red Cross was terminated last March, when four identity theft incidents were linked to her.

The former worker had access to 8,000 blood donors in a database she used in her job, all of whom were notified by mail of possible identity theft problems on March 17, according to the agency. But after the original warning letters went out, the Red Cross decided to expand the identity theft warnings to all 1 million donors in the Missouri-Illinois region because of concerns that she may have accidentally accessed other records in the larger group.

The former employee, 20-year-old Lonnetta Shanell Medcalf of St.Louis is scheduled for trial on June 19. Medcalf has been indicted on three felony counts of aggravated identity theft, which carries a mandatory two years in prison if convicted. She was also indicted on one count of credit card fraud with a maximum penalty of 10 years in prison and/or a fine of $250,000.

Those who may have been affected by this incident should visit the site setup by the Red Cross for more information.

Source: Computerworld

Written by MCruz on May 26th, 2006 with no comments.
Read more articles on Employees and Identity Theft and Organizations.

M&T Bank Data Breach Notification Letter

Earlier this week I posted an entry about an M&T Bank customer who received a letter disclosing an information security incident. With her permission, I am attaching a faxed copy of the notification advising Portfolio Architect Account holders of what to do next.

In the letter to customers, M&T Bank is offering free membership to PrivacyGuard. They also suggest customers closely monitor their accounts for the next 24 months.

There are still open questions about where and when the theft took place. The number of accounts involved was never disclosed.

If you are affected by this breach and know any additional information, please leave a comment below.

MT Bank Letter P1of2MT Bank Letter P2of2

Additional facts:

Written by MCruz on May 26th, 2006 with 4 comments.
Read more articles on Banks and Customers and Identity Theft.

University of Delaware Computer Security Breach

An undisclosed number of names, Social Security Numbers and driver’s license numbers stored in the University of Delaware Department of Public Safety computer server have been compromised. The department’s main records management system was breached with the intention of copying personal information.

According to James J. Flatley, UD director of public safety, “It appears that the intruders were interested in copying at least some of the information in the database, and therefore it is possible that information that could lead to identity theft is in the hands of an unauthorized person.”

After the discovery on April 8th, 1,076 letters were sent out to notify those individuals whose information has been compromised. Officials are not sure if any personal information was actually obtained by the offenders. The Delaware State Police and the FBI are investigating.

Source: UDaily – University of Delaware

Written by MCruz on May 24th, 2006 with 1 comment.
Read more articles on Identity Theft and Universities.

Stolen laptop exposes M&T Bank customer information

Exclusive: A reader of this blog contacted me stating that she had received a letter reporting the data loss.

I received a letter from M & T Bank indicating that a laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T’s Portfolio Architect accounts was stolen from a vehicle. Clients’ account numbers, social security numbers, last name and the first two letters of their first name were stored in the computer.

Details of the incident are a bit sketchy. The bank’s website has no mention of the security breach. There is enough information stolen to commit credit card fraud or identity theft. Anyone with more information is encouraged to enter a comment to this blog post below.

Written by MCruz on May 23rd, 2006 with 4 comments.
Read more articles on Banks and Customers and Identity Theft.

Millions of Veterans Data Exposed to Identity Theft

The Department of Veterans Affairs today announced that a computer containing personal, identifying data for over 26 million American veterans was stolen from a VA employee’s home this month. They have set up a site to help those affected by this data breach. The compromised data included names, social security numbers and the dates of birth. This is enough information for unscrupulous individuals to use for identity theft.

A VA employee took files home as part of department work on a data collation project to simplify some VA processes. Subsequently, someone broke into the employee’s home and stole the data. The career employee, a data analyst, was not authorized to take the files home, said VA secretary Jim Nicholson in a teleconference with reporters.

Update: There are currently two companies who are providing discounted identity theft protection for veterans, LifeLock and MyPublicInfo.

Source: Government Computer News

Written by MCruz on May 22nd, 2006 with no comments.
Read more articles on Employees and Government and Identity Theft and Veterans.

« Older articles

No newer articles