Identity theft in the US in 2013 (so far)
January 30, 2013 |
The Privacy Rights Clearing House performs the valuable task of advising on privacy issues, considering and acting on complaints and recording privacy breaches.
In 2013 alone the Clearing house recorded 27 breaches involving 22,031 records. Those breaches are categorised and described as:
| January 26, 2013 | Wilton Brands LLC, www.wilton.com Woodridge, Illinois |
BSR | HACK | Unknown |
| Customers who made purchases on www.wilton.combetween October 8, 2012 and January 8, 2013 may have had their credit or debit card information exposed. A Wilton service provider discovered the issue on or around January 8, 2013. A malicious user accessed the website information and payment card numbers, expiration dates, and security codes may have been exposed. Customer names, addresses, and telephone numbers are also at risk.This incident is in addition to the hacking incident that took place between July and October of 2012. That incident was reported on December 12, 2012. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 24, 2013 | Brentwood Primary Care Clinic Jacksonville, Florida |
MED | INSD | 261 |
| A dishonest intern was caught using a cell phone to illegally photograph patient Social Security numbers and names. The photos were then sent to another person; presumably for fraudulent activity. The office intern was charged with fraudulent use of personal identification information. It is unclear when the breach was discovered since the photos were taken between May 7 and June 19. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 261 | |||
|
|
||||
| January 24, 2013 | Eastern Illinois University Charleston, Illinois |
EDU | DISC | 430 (No SSNs or financial information reported) |
| At least 65 students received information about the grade point average of 430 students during early January 2013. The breach occurred when a spreadsheet that contained the information and the E-number of 430 students was accidentally made available online. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 22, 2013 | NECA/IBEW Family Medical Care Plan Rockville, Maryland |
MED | DISC | Unknown |
| NECA/IBEM Family Medical Care Plan (FMCP) participants received disclosure documents related to benefits coverage and modifications. The outside of the envelopes in which the documents arrived displayed participant Social Security numbers. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 18, 2013 | Stanford School of Medicine, Lucile Packard Children’s Hospital Palo Alto, California |
MED | PORT | Unknown |
| Those with questions may call 1-855-731-6016.The January 9 theft of a laptop from a physician’s car may have exposed sensitive information. The laptop may have contained some combination of patient names, dates of birth, and contact information.UPDATE (01/22/2013): A total of 57,000 patients are being notified. Medical information and medical record numbers were exposed. A limited number of patients had their contact information exposed. Most of the information on the laptop was from 2009. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 17, 2013 | St. Mark’s Medical Center La Grange, Texas |
MED | HACK | 2,988 |
| An employee’s computer was found to contain malware. The malware infection began on May 21, 2012 and was discovered on November 15, 2012. Files stored on the computer contained billing information with patient names, Social Security numbers, account numbers, medical record numbers, dates of birth, gender, treatment dates, insurance provider names, and account balances. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 2,988 | |||
|
|
||||
| January 12, 2013 | Zaxby’s Athens, Georgia |
BSR | HACK | Unknown |
| Over 108 Zaxby’s restaurants experienced a breach related to customer credit and debit cards. A number of people experienced credit card fraud and an investigation led to Zaxby’s as a common point of purchase. Suspicious files were found on Zaxby’s system during the subsequent investigation. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 12, 2013 | Florida Department of Juvenile Justice Tallahassee, Florida |
GOV | PORT | 100,000 (No SSNs or financial information reported) |
| A press release can be found here: http://www.djj.state.fl.us/news/press-releases/press-release-detail/2013/01/11/information-security-breach-reported-at-djjA mobile device that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed. The device was taken from a Department of Juvenile Justice office and was neither encrypted nor password-protected. Department of Juvenile Justice policy requires such devices to be encrypted. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 12, 2013 | Florida Department of Juvenile Justice Tallahassee, Florida |
MED | STAT | Unknown |
| On September 6, 2012 it was reported that three computers that contained information from the Florida Department of Juvenile Justice were stolen from an apartment site earlier in the week. A television was also taken at the time of the theft. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 11, 2013 | EJ Phair Brewing Company and Alehouse Concord, California |
BSR | HACK | Unknown |
| Customers who used credit or debit cards at EJ Phair discovered fraudulent chargers on their payment cards. A hacker or hackers managed to access and misuse payment card numbers once they ran through EJ Phair’s system. It appears that customers who used cards at the location between September and late November of 2012 may have been affected. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 10, 2013 | City of Macon Georgia Macon, Georgia |
GOV | STAT | Unknown |
| A computer repair shop bought used computers on govdeals.com in 2011. The computers were found to have information from city employees when they were removed from storage on January 5. Social Security numbers, pension information, and other personal information from Macon police officers were on the computers. Information from local businesses that was used for city purposes was also on the computers. A total of 39 hard drives, two servers, and two CPUs were purchased and may have contained sensitive information. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 10, 2013 | KTSU Texas Southern University Houston, Texas |
EDU | INSD | Unknown |
| Texas Southern University’s radio station KTSU gave a volunteer position to a person with a criminal history of credit card fraud. The volunteer was later arrested for allegedly using the radio station’s donation drive to steal credit card information. The dishonest volunteer faces up to 300 counts of credit card fraud for attempting to misuse the information on donor pledge sheets. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 10, 2013 | Office of Dr. Sandra Bujanda-Wagner Aurora, Colorado |
MED | PHYS | Unknown |
| Employees accidentally threw out hundreds of patient records. The dental records were found by someone looking through a dumpster and the incident was reported to a local news team. Names, Social Security numbers, dates of birth and addresses were exposed. Employees from Bujanda-Wagner’s office came to recover the documents. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 8, 2013 | Morgan Road Middle School Hephzibah, Georgia |
EDU | PORT | Unknown |
| An unencrypted flash drive was stolen from a teacher’s car. It contained student Social Security numbers and other information. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 8, 2013 | Charlotte-Mecklenburg Schools Charlotte, North Carolina |
EDU | PHYS | 80 |
| An employee working in human resources was robbed while transporting information between school districts. The employee stopped for lunch and discovered that personnel files containing names, Social Security numbers, addresses, dates of birth, and driver’s license numbers had been stolen from their car. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 80 | |||
|
|
||||
| January 8, 2013 | Texas Department of Health and Human Services Austin, Texas |
MED | INSD | Unknown |
| A dishonest employee was arrested on suspicion of misusing client information to apply for credit cards. The dishonest employee was able to pose as different clients seeking immunizations and other services. She was charged with fraudulent use or possession of identifying information and credit card abuse. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 7, 2013 | Centric Group, LLC St. Louis, Missouri |
BSR | UNKN | Unknown |
| It is not clear if this breach is related to the August 2010 theft of a laptop from Centric Software in Campbell, California.Those with questions may call 1-800-416-4601.Anyone who purchased items on www.accesscatalog.com using a credit card may have been affected by a breach that began in August 2010. An unauthorized party may have obtained names, credit or debit card numbers, expiration dates, and payment card verification codes. Centric Group learned of the incident on or around December 13, 2012. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 7, 2013 | Office of Dr. Calvin L. Schuster Reedley, California |
MED | STAT | 532 (No SSNs or financial information reported) |
| Those with questions may call Dr. Schuster’s office at 1-855-638-1443.A computer was stolen during an office burglary that occurred sometime around November 5, 2012. The computer contained patient names, dates of birth, and a minimal amount of patient medical information. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 7, 2013 | Woodwinds Hospital Woodbury, Minnesota |
MED | INSD | Unknown |
| An employee kept 200 pages of confidential information in an effort to prove that Woodwinds Hospital was trying to conceal evidence of medical misconduct. The employee was discharged in 2010 for reasons unrelated to removing the information. She claims to have taken them home after being ordered to destroy any information related to incidents that could damage Woodwinds Hospital’s reputation. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 6, 2013 | Oldcastle APG, Inc. Atlanta, Georgia |
BSR | PORT | 5,083 |
| A laptop was stolen from an employee’s car on or around December 10. APG employees may have had their names, Social Security numbers, bank account information, and other information exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 5,083 | |||
|
|
||||
| January 4, 2013 | Reyes Beverage Group Rosemont, Illinois |
BSR | DISC | Unknown |
| Those with questions may call Reyes Holdings Ethics Hotline at (888) 295-6392 or email ethicshotline@reyesholdings.comA report containing the names and Social Security numbers of a group of Reyes Beverage Group’s California employees was accidentally sent to the personal email address of an employee of Reinhart Foodservice. Reinhart Foodservice is a Reyes Holdings company as well. It is unclear how the email was accidentally sent and why it ended up in the personal email of an employee at a different division. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 4, 2013 | Healing Hearts Jacksonville, North Carolina |
MED | INSD | Unknown |
| The owner of a group of childcare services pleaded guilty to defrauding Medicaid of $8 million. She and a co-defendant targeted medicaid recipients in order to enroll them in a program and make fraudulent Medicaid claims for mental and behavioral health services. Additionally, the owner pleaded guilty to misusing at least one therapist’s credentials in order to make the claims for mental and behavioral health services. The scheme took place between 2008 and 2012. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 3, 2013 | Mission Hospital, St. Joseph Health Mission Laguna Beach, California |
MED | PORT | Unknown |
| Someone called Mission Hospital on August 28, 2012 and claimed that he found a flash drive with sensitive patient information in his garage. The flash drive was returned to Mission Hospital via mailed envelope on September 11, 2012. Patients who received services at Mission Hospital between September and November of 2008 may have had their information exposed. The notice that was sent to patients was dated September 14, 2012. It appears that a contractor or employee misplaced the unencrypted flash drive.The flash drive contained names, medical record numbers, and account numbers. Additionally, the flash drive may have contained some combination of date of admission, age, birth date, vital readings, physical examination, gender, race, name of physician, medical history, past and current treatment and illnesses, history of substance use, family history, lab tests and results, imaging tests and results, body weight, physician notes on patient, care plan, employment status and employer, prognosis, diagnosis, treatment recommendations, allergies, medications, comments about patient’s appearance, patient health complaint, symptoms, reason for referral, and reason for admission information. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 3, 2013 | King Drug & Home Care Owensboro, Kentucky |
MED | PORT | 13,619 |
| An employee reported that a portable hard drive was missing on November 23, 2010. The device had last been seen sometime around November 19. The data on the device included information from before July 31, 2009. Client names, Social Security numbers, medical record numbers, account numbers, dates of service, race, insurance carriers and insurance numbers, addresses, phone numbers, sex, dates of birth, diagnosis information, allergies, initial referral forms, patient assessments/plans of care, physician orders and/or delivery ticket information may have been on the hard drive. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 13,619 | |||
|
|
||||
| January 2, 2013 | Rosenthal Collins Group Chicago, Illinois |
BSF | HACK | Unknown |
| Anyone who suspects they were a victim of identity theft because of this incident should report it to Rosenthal Collins Group at creditprotection@rcgdirect.com.An unauthorized intrusion was detected on the morning of Tuesday November 27. The unauthorized access began on November 26 and access to the breached web application was immediately shut down upon discovery. Customers who completed Rosenthal Collins Group account forms online may have had their names, Social Security numbers, addresses, dates of birth, range of net worth and income, bank names, passwords for accessing the web application, and email addresses exposed. | ||||
| Information Source: California Attorney General |
records from this breach used in our total: 0 | |||
|
|
||||
| January 2, 2013 | Mid America Health, Inc. (MAH) Greenwood, Indiana |
MED | PORT | Unknown |
| The location of the breach is listed as the corporate headquarters of MAH.Those with questions or concerns may contact the MAH Compliance Department at 1-855-224-0004.The theft of a laptop resulted in the exposure of patient information. Names, Social Security numbers, dates of birth, residential facility names, and digital oral x-ray images may have been exposed. Specific details of the case are being withheld until the breach investigation has concluded. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 2, 2013 | Hospice of North Idaho (HONI) Hayden, Idaho |
MED | PORT | 441 (No SSNs or financial information reported) |
| Read the full agreement between HHS and HONI here: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/honi-agreement.pdfThe June 2010 theft of an unencrypted laptop from an employee’s car resulted in the exposure of patient information. The HHS Office for Civil Rights investigated the breach and found that HONI had not conducted a risk analysis to safeguard electronic protected health information. It was also discovered that HONI did not meet a HIPAA Security Rule that required them to have policies or procedures in place to address mobile device security. HONI agreed to pay the U.S. Department of Health and Human Services’ (HHS) $50,000 regarding potential Health Insurance Portability and Accountability Act of 1996 Security Rule violations. HONI also began taking extensive steps to improve their HIPAA Privacy and Security compliance program since the June 2010 breach. | ||||