Since I started this blog in January 2004, I have noted a few incidents related to inappropriate release of personal information. After an e-mail exchange with Rob Hyndman, I thought it would be interesting to figure out how many incidents I've blogged about. So here is a brief catalog of what I've picked up over the last year and a bit.

Hacking and inappropriate disposal rank highly as the reasons for ending up on this list. But, if there is one thing to learn from all of this: inadequate security of personal information is the one practice that is the most likely to put your company on the front pages of the paper and to destroy any customer trust you've managed to develop.

• 200401- Incident: Hackers may have accessed personal info for 20,000 Georgia students
• 200401 - Incident: Computer containing airline ticketing info stolen
• 200402 - Incident: Computers (likely containing personal information) stolen from Whitehorse probation office
• 200402 - Incident: Softbank Says Data on 4.52 Million Subscribers Leaked
• 200402 - Incident: Shred first, then discard!: "Files containing property tax information and receipts for parking tickets and business licences were mistakenly left overnight Thursday in a recycling bin outside Port Coquitlam city hall"
• 200402 - Incident: Computers (likely containing personal information) stolen from Whitehorse probation office
• 200403 - Incident: Net firm admits leak of data about 1.4 M clients
• 200403 - Incident: Equifax admits that more than a thousand credit reports have been compromised
• 200405 - Incident: Computer System at U.C. San Diego Hacked: " Hackers broke into the computer system of the University of California, San Diego, compromising confidential information on about 380,000 students, teachers, employees, alumni and applicants. "
• 200407 - Article: Suit charges Prozac privacy violations -: "A deposition filed in a privacy suit brought by some of the recipients of the anti-depressant said the companies got the names and addresses from physicians."
• 200407 - Incident: Intuit warns of credit card risk: "'Intuit is warning 47,000 customers that their credit card data may be at risk after computers were stolen from a company office."
• 200408 - Incident: Highly Personal Information Found In Trash - Collection agency throws out personal information
• 200408 - Incident: Highly Personal Information Found In Trash: "personal information found behind a Columbus collection agency."
• 200408 - Incident: Identity theft alert for CSU students and staff: "The auditor of California State University lost a hard-drive, containing 23,000 names and social security numbers."
• 200409 - Not again: Medical records found on street: "The medical records of about three to five patients at San Diego's Kaiser Hospital were found in the street outside of the hospital. According to a hospital representative, the papers fell out of a recycling bin that was being picked up by the Edco Recycling company. Kaiser is reviewing its contract with Edco and working to prevent any future incidents. "
• 200409 - Incident: Hacker taps into CSUH Server: "HAYWARD -- A computer hacker somehow gained access to the records of about 2,000 Cal State Hayward students earlier this month, prompting campus officials to send out letters warning students that their personal information may have been compromised. "
• 200410 - Incident: Purdue computers hacked - General systems hacked into and users are urged to change their passwords
• 200410 - Data protection watchdog distributes email mailing list (The Register): "In a recent incident, slightly tinged with irony, the Dutch Data Protection Authority did the same thing: "
• 200410 - UC Berkeley reports massive security/privacy breach: "'The FBI is investigating the penetration of a university research system that housed sensitive personal data on a staggering 1.4 million Californians who participated in a state social program, officials said Tuesday. "
• 200410 - Incident: Confidential Medical Records Found In Dumpster Behind Building: "'Suspected burglary at the Community Counseling Center leaves boxes of confidential files exposed. News 3 Investigator Darcy Spears tells us about the unlikely place the files were found. Counseling center staff were shocked when we showed them dozens upon dozens of private files in a wide open dumpster behind their building. They recovered everything, then called police to find out who would want to hurt those in the business of helping. "
• 200410 - Dutch prosecutor leaves crime files on dumped PC: "'Dutch public prosecutor Joost Tonino was condemned yesterday for putting his old PC out with the trash. It contained sensitive information about criminal investigations in Amsterdam, and also his email address, credit card number, social security number and personal tax files."
• 200411 - Incident: Massive leak of personal information in Edmonton, Alberta: "Police in Edmonton, Alberta are investigating a curious (and scary) leak of personal information when forms containing sensitive information related to the provinces top bureaucrats was discovered at the scene of a meth bust. "
• 200411 - Incident: Candian bank's internal faxes went to West Virginia for three years
• 200411 - Incident: New York schools dump sensitive records on sidewalk (NY Daily News)
• 200411 - Woman's medical file used as a prop; woman sues
• 200411 - Documents sent for shredding left blowing around in Toronto
• 200411 - Incident: UK online bank security glitch exposes customer accounts: "'A security loophole at internet bank Cahoot briefly allowed customers to access other people's accounts, a BBC investigation has revealed. '"
• 200412 - Canadian Privacy Firsts: Misdirected faxes leads to joint investigation and report by Alberta and Federal Commissioners: "In July 2004, it was reported in the Edmonton Journal that a couple who managed an apartment building had received facsimile transmissions in error from various sources. These transmissions contained personal medical information. "
• 200412 - Red cross employee implicated in ID theft of blood donors: "'A Red Cross employee and two other people were accused Friday of stealing the identities of about 40 blood donors and using the information to obtain about $268,000 in cash and merchandise.... '"
• 200412 - Glitch lets you mess with the phone book
• 200412 - Another privacy breach to round out the week: "twenty seven thousand welfare cheques were distributed this week with the social insurance numbers of others written on them"
• 200501 - Incident(s): Hacker breaches T-Mobile systems, reads US Secret Service email
• 200501 - Incident: Identity Theft Concerns Over UNC Lost Hard Drive
• 200501 - Incident: More hacking of university computers containing personal information - UCSD computers hacked into, compromising PI of 3500 university students and alumni
• 200501 - Incident: Harvard Hacked - Harvard University that allowed access to student numbers and student drug prescriptions
• 200501 - Another university hacked; personal information breached: "'Campus administrators detected a low-level breach of computers within the UCSD Extension network, which has stored more than 4,800 files of students' personal information. "
• 200501 - Incident: Identity Theft Concerns Over UNC Lost Hard Drive
• 200502 - Incident: Impostors obtain personal information on thousands of Americans - ChoicePoint Hacking Incident
• 200502 - Incident: Personal data on nearly 25,000 subscribers leaked by Japanese Telco
• 200502 - Incident: Bank of America loses data on 1.2 MILLION customers
• 200503 - Incident: Personal information of 32,000 stolen from LexisNexis
• 200503 - Incident: Shoe chain says customer data stolen
• 200503 - "Disgruntled" employee said to have posted confidential personal health information of insureds online - Kaiser Permanente employee said to have posted member personal information online
• 200503 - Incident: Personal information taken in Nevada DMV office break-in
• 200503 - Incident: Boston College alumni database breached
• 200503 - Incident: NWU's Kellog School of Management systems hacked
• 200503 - Incident: Purdue warns hackers hit some computers
• 200503 - Incident: Stolen Berkeley Laptop Exposes Data of 100,000
• 200503 - Incident: Data from 270,000 Japanese bank accounts lost
• 200503 - Incident: Encrypted tapes containing health information on hundreds of thousands of Albertans missing or tampered with
• 200504 - Incident: Chico, Berkeley and now Davis: UC-Davis computer hacked, personal information compromised

Last updated - 20050405

Labels: alberta, cardsystems, choicepoint, health information, identity theft, information breaches, laptop, law enforcement, privacy