Lorenzo's Security Blog

PORTLAND, Ore. – A laptop belonging to an Oregon National Guard member was stolen this week and the military is contacting service members who might be affected by the theft. According to the Oregon National Guard, the laptop was stolen from a vehicle on Monday. The Guard member had been using the laptop to conduct work from home. “Although this laptop is password protected, with potential exposure of individual personal information, we are doing everything possible to notify individuals about the theft,” Capt. Stephen Bomar, Chief of Public Affairs for the Oregon National Guard, said in a news release. The Oregon National Guard and The National Guard Bureau are individually contacting service members whose sensitive information may be compromised. Legal services are also available in the event a service member needs it through the Oregon National Guard Office of the Staff Judge Advocate. The Oregon National Guard also filed a report with the Portland Police Bureau.

Because of an incorrect security setting,[which security setting was the student even allowed to access?] an Ocean Lakes High School student was able to access a temporary file [Why was this temporary file not deleted after is was used? ] on a server that contained the names, addresses and Social Security numbers of students at 22 schools. [22 schools?, Holy crap! What was the total number of students?] The breach was discovered when the student tried to print some of the information in the school library. In addition to names, addresses and Social Security numbers, the student files also contained parent names, phone numbers, class schedules, birth dates and student ID numbers. [Someone in the school system needs to fry on this error]

Related articles by Zemanta

• Identify Theft Cases Spike, but Hackers Aren’t to Blame (newser.com)
• Hackers Aren’t Only Threat to Privacy [Voices] (voices.allthingsd.com)

The University of Louisville in Kentucky on June 2 posted a public notice of a data breach in which protected health and financial information from its kidney disease program was posted on a publicly accessible Web site for 19 months.

 According to local media reports, a physician who set up the site believed it was protected. Because of a programming error, the physician and an assistant entered data in October 2008 without knowing it was going on a public page. The site was not accessible without typing in the specific address, which would not be available through a search engine, a spokesperson told television station WLKY. What follows is the university‘s notice:

Data Breach at U-Louisville

Related articles by Zemanta

• Louisville Kentucky One Night Only Jon Hammond Quartet (hammondcast.wordpress.com)

WASHINGTON — The Financial Industry Regulatory Authority (FINRA) announced today that it has imposed a monetary sanction of $1.5 million against Citigroup Global Markets Inc. for supervisory violations relating to its handling of trust funds belonging to cemeteries in Michigan and Tennessee. The sanction represents a $750,000 fine and disgorgement of $750,000 in commissions, which is being returned to the cemetery trusts as partial restitution. “Firms have a duty to protect customer funds by taking prompt and meaningful action when they encounter indications of possible fraud or misappropriation,” said James S. Shorris, FINRA Executive Vice President and Executive Director of Enforcement. “That duty is particularly critical when firms handle trust funds where the beneficiaries may be unsophisticated investors who are unaware of how the funds are being handled.” Citigroup consented to findings that, from September 2004 through October 2006, Citigroup broker Mark Singer and two of his customers were involved in a scheme to misappropriate an amount alleged in various legal actions to be over $60 million in cemetery trust funds. One of Singer’s customers, Clayton Smart, is currently facing criminal charges arising from the scheme in Tennessee and in Michigan. Singer’s criminal trial in Tennessee recently ended in a mistrial. He still faces criminal charges in Indiana. Smart and the second customer, Craig Bush, have been named in civil litigation arising from the scheme. Singer’s two customers, Smart and Bush, were successive owners of a group of Michigan cemeteries from which funds were believed to be stolen. Read the rest of this entry »

A cabinet full of documents with sensitive information was found sitting on the side of the road. A woman made the discovery about a month ago, she gave the documents to investigators with Aetna Insurance Co. The woman said she saw a bureau on the side of the road in front of Admiral Storage in South Windsor with a sign that said “free.” She brought it home and inside and discovered the documents. Eight bags of nothing but Social Security numbers and names, death benefits. People that went into hospitals, what kind of medication they were on. Aetna responded saying, “Aetna is committed to protecting the privacy of our members and we take this situation seriously. We have policies for properly safeguarding our members’ information, and we are investigating how this incident occurred, but it appears to be human error. The woman contacted us via e-mail on the evening of May 5, and we immediately responded the next morning. She has consistently declined to give us her name or phone number, or to make arrangements to allow us to retrieve the documents at a place convenient for her, or to return them to us. Read the rest of this entry »