Archive for January, 2016

An interactive graphical history of large data breaches

Article source:


No Comments

Local towns notified about possible tax agency data breach

About 200 people in Clark and Champaign counties might have had their personal information exposed by a regional agency that several local communities use to collect income taxes.

The Regional Income Tax Agency of Ohio (RITA), released a public notice Dec. 31 revealing a DVD containing tax documents went missing from its storage location.

“On Nov. 10, 2015, while in the process of preparing a limited number of DVDs for secure destruction, RITA discovered that one DVD case was empty and the DVD missing,” the statement said.

An investigation revealed that the DVD was part of a former system back-up process and contained copies of income tax documents submitted on or before June of 2012.

It might have contained names, addresses, Social Security numbers, and dates of birth of approximately 50,000 individuals statewide.

That represents about two percent of the tax accounts handled by RITA, the organization said.

RITA collects and administers income taxes for municipalities in Ohio who don’t want to staff their own tax department.

In Clark County, Catawba, South Charleston and Tremont City are members. In Champaign County, RITA collects income tax for the villages of Mechanicsburg, Woodstock, St. Paris and North Lewisburg.

Larger cities like Bellefontaine and Fairborn also use the service.

All member municipalities were notified of the incident on Dec. 31, according to Amy Arrighi, chief legal counsel for RITA. The agency has also sent individual letters to everyone whose information may have been exposed.

They are offering free credit monitoring and identity protection services to those individuals through Experian.

No Catawba residents were affected, according to RITA, but letters were sent to fewer than 50 people each in Mechanicsburg, North Lewisburg, St. Paris and South Charleston.

Fewer than 10 people were possibly affected in Tremont City and Woodstock, Arrighi said.

The largest group sent letters in the area was in Fairborn, where RITA said up to 650 people might be affected.

Bellefontaine Mayor Ben Stahler said the city looked into the issue after being notified and was told by its RITA representative that the agency is confident the DVD was actually destroyed, but it had to send out notifications since they couldn’t be 100 percent sure.

“They have to treat it as if it might have been exposed,” Stahler said. “We didn’t lose any confidence because of this story… I do think they handled it right.”

In a question and answer section on its website, RITA said its policy when an unlabeled DVD is found is to destroy it by shredding. The agency believes that is likely what happened when this DVD became separated from its case.

The DVDs were being disposed of because the agency was moving to an improved data backup system, which should prevent any future incidents of this nature.

“We discovered the DVD was missing because we had already changed our backup system to a more secure process. This new process no longer requires the use of DVDs to backup this type of data,” RITA’s statement said.

Leaders in South Charleston, North Lewisburg and Bellefontaine all said they have not had any residents contact them about the possible breach. St. Paris and Catawba government representatives both said they weren’t aware of receiving any notification.

Most local municipalities reached about the incident said they were not provided with a number of local residents that may have been affected.

Bellefontaine only joined RITA recently so no tax returns from the city would have been on that DVD, but RITA informed them that one person who previously lived elsewhere and now resides in the city is on the list of individuals impacted.

North Lewisburg discussed the notice at a January council meeting and has worked to make is residents aware by posting it, Administrator Andy Yoder said.

“RITA’s been really good for the village,” he said. “There have been a lot of big companies that have had data (breaches) bigger than this.”

Article source:


No Comments

AFGE Data Breach Attorney Named Lead Counsel for Consolidated Complaint

WASHINGTON, Jan. 29, 2016 /PRNewswire-USNewswire/ — The attorney handling the American Federation of Government Employees’ lawsuit against the Office of Personnel Management in response to last year’s massive data breach has been named lead counsel for the consolidated case.

On Thursday, U.S. District Judge Amy Berman Jackson named Daniel Girard, managing partner of Girard Gibbs in San Francisco, as lead counsel to represent everyone whose personal information was stolen during the two data breaches into personnel and background investigation files maintained by OPM.

American Federation of Government Employees National President J. David Cox Sr. applauded a decision by a federal district judge to name attorney Daniel Girard as lead counsel for lawsuits that AFGE and other organizations have filed against the Office of Personnel Management in response to last year's massive data breach. Girard was already handling AFGE's lawsuit and will bring his expertise fighting cybersecurity attacks to bear in representing millions of current, former and prospective federal employees whose information was stolen.
American Federation of Government Employees National President J. David Cox Sr. applauded a decision by a federal district judge to name attorney…

“AFGE was out in front in representing the interests of the 22 million current and former federal employees, job applicants, and their family members whose information was stolen during this unprecedented data breach,” AFGE National President J. David Cox Sr. said. “It’s only fitting that the attorney handling our lawsuit serve as the lead counsel for everyone who has been victimized by the government’s failure to protect their personal information.”

AFGE was the first organization to file a class-action lawsuit against the federal government in response to the data breach. Subsequently, at least 18 other lawsuits have been filed. In October, a judicial panel consolidated all of the lawsuits in the U.S. District Court for the District of Columbia, where Judge Jackson presides.

As lead counsel, Girard will work with other attorneys assigned by Jackson as part of a plaintiffs’ steering committee. The first task is to file an amended consolidated complaint by March 14.

Girard Gibbs LLP is a national litigation firm that has vast experience with cases involving cybersecurity attacks and data breaches. Mr. Girard served as one of the lead attorneys in a class action brought on behalf of Sony Pictures Entertainment employees following the alleged North Korean cyberattack on the company.

The American Federation of Government Employees (AFGE) is the largest federal employee union, representing 670,000 workers in the federal government and the government of the District of Columbia.

For the latest AFGE news and information, follow us on Facebook, Twitter, and YouTube.

Photo –
Logo –

SOURCE American Federation of Government Employees

Related Links

Article source:


No Comments

Landry’s Provides Update on Data Breach

Shutterstock photo

Landry’s Inc. provided more details about data breaches at several of its brands including Landry’s Seafood, Golden
Nugget and Bubba Gump Shrimp.

The restaurant, casino and entertainment company said last month that it had received reports of unauthorized charges
on credit cards.

On Friday, the company said an investigation found that a program installed on some payment-processing devices was
designed to search for information like names and card numbers on magnetic stripes.

“Enhanced security measures, including end-to-end encryption, have been implemented to prevent a similar issue from
occurring in the future,” the company said.

Landry’s Chief Executive Tilman J. Fertitta took the company private in 2010 for about $1.4 billion. The company has
expanded via acquisitions including Mastro’s Restaurants.

High-profile attacks against retailers such as Home Depot Inc. and Target Corp. led to renewed calls for merchants to
upgrade checkout terminals to accept cards embedded with computer chips that are more difficult to replicate.

Write to Josh Beckerman at [email protected]

  (END) Dow Jones Newswires
  Copyright (c) 2016 Dow Jones  Company, Inc.

Article source:


No Comments

Fraternal Order of Police asks FBI to investigate data breach

The nation’s largest police union said on Thursday that it’s asked the FBI to investigate a computer breach that allowed hackers to steal hundreds of internal documents that have since been published online.

Chuck Canterbury, the president of the Fraternal Order of Police, said in a statement posted on Facebook that hackers managed “a complete breech [sic] of our data,” taking hundreds of megabytes worth of bargaining contracts and other records.

“We have contacted the office of the assistant attorney general in charge of cyber crime, and officials from FBI field offices have already made contact with our staff,” Mr. Canterburytold The Guardian. Federal investigators did not immediately respond to the newspaper’s requests for comment.

The website for the FOP, which represents roughly 330,000 police officers across the U.S., was still offline the following afternoon. Mr. Canterbury said in a statement that it could take several days for the site to be fully restored.

The stolen data has since resurfaced online, however, and is now being hosted on the server of a British technology and privacy activist who uses the alias “TheCthulhu.”

On the activist’s personal website, he said they had released the data “on the grounds the information is within the scope of public interest, in light of an ever increasing [sic] divide between the police groups and the citizens of the U.S.”

“My role in this is to ensure the information is accessible to all so that a proper analysis may be done by both established media outlets and individual investigators who wish to expose any wrongdoing,” he added.

Following a preliminary review of the stolen data, The Guardian described the 2.5 gigabyte trove on Thursday as containing bargaining contracts as well as the personal information of police officers, along with archived posts from a members-only forum that had been hosted by the police union.

“Some names and addresses were taken,” Mr. Canterbury told the paper. “It concerns us. We’re taking steps to try to notify our members, but that is going to take some time.”

In a statement, the union president said the hacktivist group Anonymous was to blame for the breach, and said the initial intrusion had been traced to a computer in the U.K. He failed to elaborate further on the alleged Anonymous attribution, however, and the activist who is hosting the data has made no claims to suggest the involvement of the amorphous Internet movement.

“Our professional Computer experts have identified how the hackers made access but that information cannot be distributed at this time for obvious reasons. Suffice it to say that the level of sophistication was very high,” Mr. Canterbury said in the statement.

Article source:


No Comments

Yukon still waiting for details on BC education data breach

Judy Arnold

Judy Arnold, Yukon’s deputy education minister, said in a statement that Yukon is still waiting for B.C. to provide all the Yukon student data that may have been compromised. (CBC)

The Yukon government says it’s still waiting for B.C. to provide information on what Yukon student records were compromised in a data breach last fall.

In September, B.C.’s Ministry of Education lost a hard drive with millions of student records, including information on thousands of people who attended school in Yukon from 1986 to 2009. The records included names, dates of birth, and addresses. There was also information on some students’ test and exam results.

B.C.’s privacy commissioner issued a report on the data breach Thursday, saying B.C. ministry workers contravened a series of security policy directives and protocols by transferring information from the ministry server onto mobile hard drives, one of which was then lost.

Judy Arnold, Yukon’s deputy education minister, also issued a statement Thursday, detailing her department’s response to the data breach. She said the department is reviewing a number of its policies, including those that deal with managing breaches of privacy, and sharing information with B.C. The department is also reviewing its own data collection and storage policies.

Arnold also said Yukon is still waiting on details from B.C. about the data breach, including specific information about what Yukon student data was involved. Once that information is received, the department intends to notify people affected, and decide whether new privacy safeguards are needed.

Yukon’s Information and Privacy commissioner took aim at the Yukon government on Thursday, saying she didn’t know whether the education department was doing anything in response to the data breach. 

Article source:


No Comments

In era of data breaches, businesses need strong document policies

As a consumer, I think about how my information may still reside with a tax preparer or doctor that I have not done business with in 10 years, especially when I read stories of a data breach because of inactive customer information being stolen from an unsecure environment.

Businesses, especially small to medium-sized businesses, need to incorporate a formal document retention and destruction policy. Next, communicate your policy to employees so they understand their responsibility in safeguarding customer information, and to customers so that they have confidence in conducting business with you.

High-profile data breach events are just one part of the identity-theft epidemic in the United States. Your past business relationships where your personal information resides is another high-risk factor.

For example, how many of you have worked for the same company your entire life? I suspect very few of you have had only one job. Think about all of the personal information we have left with our past employers including name, address, Social Security number, driver’s license and even bank account information (for direct deposit).

And it’s not only past employers, but also their vendors, such as health insurance, dental insurance and supplemental insurance companies, along with payroll service and others where your personal information and even the personal information of your family have been used.

But there is more. Think of any past relationship, including every doctor, dentist, tax-preparation service, auto dealer, bank, school, mortgage broker, student loan servicer and any organization to which we have submitted personal information. Ask yourself, where is your sensitive information being stored today, how is it being secured, and what are the document retention and destruction policies of these organizations?

A great resource for business owners is ARMA International, a non-profit professional association and authority on managing records and information. ARMA developed and published principles to foster general awareness of information governance standards.

You can learn more about ARMA’s “Generally Accepted Recordkeeping Principles,” which detail  how to properly retain information as organizations are creating and storing more information than ever before, mostly in electronic form.

In addition to document retention, the shredding of documents containing sensitive employee and customer information has become a high priority because of identity theft, data breaches and stolen trade secrets and client information.

Here are some basic shredding tips that your business should include in its information security and governance best practices:

Mark’s most important: Identity theft and data breach can bring a business down. Review and update your document retention and destruction policy each year and communicate your policy to employees and customers.

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., an ID theft-background screening company based in Phoenix. Contact him [email protected]

Article source:


No Comments

California Lawyer Named Lead Counsel in OPM Data Breach Case

Your (Article, Chart, Blog) was successfully saved to your folder My Default Folder

Don’t forget you can visit My Briefcase to manage your folders at any time.

Article source:


No Comments

NCH Healthcare suffers data breach

Another healtchare provider has suffered a data breach.

NCH Healthcare Systems, which operates two hospitals in the Naples, Fla. area, notified employees and medical staff last week that two servers containing some personal information were accessed by unauthorized personnel.

Debbie Curry, NCH Healthcare System, director of marketing, told in an email Thursday that the data was taken from servers residing at the Cerner Data Center in Kansas City, Mo. The two computer servers in question were isolated and contained contained an employee information database and a medical staff credentialing database, Curry said.

Specifics on what content was exposed was not provided nor did NCH state how the breach occurred. But Curry said patient information or medical records were involved.

The healthcare company does not know if any of the data has been misused, but NCH is providing free credit monitoring for those affected.

Article source:


No Comments

Hotel hosting security conference was the victim of a data breach


Article source:


No Comments