Archive for February, 2008
Suffolk Co., NY Posts 250 Partial SSNs Online
Posted by Titus in Data Breaches on February 19, 2008
HAUPPAUGE, New York. On or before May 22, 2007 (and as early as March 22, 2007), the Suffolk County Government Civil Service posted the names and last four digits of 250 individuals’ social security numbers on their website. The file appeared to be a copy of an old database related to the “CF Police Lottery.” The Liberty Coalition discovered the file and notified the county government on December 14, 2007. The file was not deleted from the county server until January 30, 2008, after a second notification by the Liberty Coalition.
Following the second notification, a county representative contacted the Liberty Coalition and pledged that Suffolk County plans to change its procedure, and stop using partial SSNs as an identifying number.
The last four digits of the social security number is used by businesses to extend credit, and financial institutions sometimes use it as a password. By placing this information online, Suffolk County has placed these individuals at an elevated risk of identity theft.
Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.
NJ Lawyers Post Hundreds of SSNs Online
Posted by Titus in Data Breaches on February 11, 2008
DENVILLE, New Jersey. Confidential consumer information somehow escaped the New Jersey law offices of Collections Lawyers Pellegrino & Feldstein, and ended up posted on several websites. The Liberty Coalition discovered cached versions of an Excel file that contained the full names, social security numbers, dates of birth, addresses, account numbers, and financial information of more than 530 individuals who had interactions with Pellegrino & Feldstein in approximately 2004-2005. It also includes notes about highly private subjects, including medical conditions and employment information. The list, named “newportfolio.xls,” was posted on a number of websites, including rjrsolutions.com, cliftonrealtor.com, vdiiorio.com, cliftonrealestate.com, and anthonyc21.com on or before October 8, 2007. Although it was deleted prior to December 6, 2007, copies remained in at least two search engine caches as late as February, 2008.
All but 10 of the individuals affected by this exposure live in New Jersey. The Liberty Coalition contacted several of the victims and their attorneys, and found that the list originated from LT Asset Recovery, LLC, who in turn hired Pellegrino & Feldstein.
By allowing the personal information of these individuals to leak from their internal databases, Pellegrino & Feldstein has put these individuals at extreme risk of financial, criminal, and medical identity theft.
Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.
Former East Carolina U. Prof. Posts Info of 736 Students Online
Posted by Titus in Data Breaches on February 8, 2008
GREENVILLE, North Carolina. On March 16, 2005 former East Carolina University math instructor Ken Butler made a temporary backup of his computer to his personal website, www.ropehouse.com. He didn’t delete the files until January 3, 2008 when the Liberty Coalition informed him that his backed-up files included the personal information of 736 students, including 412 social security numbers, in more than 60 files. Although he knew that his students’ information was backed up online, Mr. Butler believed that search engines would never find them, since he did not link directly to any of the files.
The posted files also include students’ grades, e-mail addresses. Much of the information in these files is protected by FERPA, and many of these students are at extreme risk of identity theft. Although the Liberty Coalition did not find names and social security numbers directly on ECU servers, it is alarming how so much sensitive student personal information escaped the stewardship of East Carolina University, and ended up on a private website.
While it is unclear how Google “found” the files, many people do not realize that many popular search engine toolbars act as mini “spiders” for Google when certain features are turned on. Essentially, the toolbars can report the URL of every link you visit back to the search engine, so simply by visiting a website, users can inadvertently alert Google (or other search engine) to its presence.
Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.
Salt Lake City Assisted Living Center Posts 82 Patients’ Information Online
Posted by Titus in Data Breaches on February 6, 2008
SALT LAKE CITY, Utah. In January, 2008 Inspiration Hospice posted confidential information for 82 of its patients, and contact information for 185 caretakers on its website, inspirationhospice.com. The information was inadvertently put online in an Excel file which contained names, partial social security numbers, dates of birth, insurance numbers, medical diagnoses, addresses, phone numbers, prescriptions, and allergies, among other confidential information. The file also documented intensely personal wishes about when a patient wished to be resuscitated, family funeral plans, and even body donation. The personal nature of this exposure is particularly shocking.
When the Liberty Coalition discovered the file on January 17, 2008, it required a username and password to access, but a public copy persisted in Google’s Cache for several days. Eventually the information was deleted from inspirationhospice.com and Google’s cache. However, it is impossible to determine how many people accessed the file or search engine caches, or whether copies exist on other parts of the internet or on hard drives. By placing this information online, Inspiration Hospice has placed its patients at severe risk of identity theft, medical identity theft, fraud, or embarrassment.
Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.
Rowan University Prof. Posts 370 Students’ Personal Info Online
Posted by Titus in Data Breaches on February 5, 2008
GLASSBORO, New Jersey. A Rowan University professor has posted several files containing personal information for 370 Rowan University students, including 172 Social Security Numbers, 95 Dates of Birth, and 310 addresses. The files also include GPAs, phone numbers, Majors, e-mail addresses, grades, phone numbers, and physical fitness information (such as Bench Press abilities, for example).
The files have been online for several months to several years, as early as November 17, 2004. By placing this information online, Rowan University has put these students at severe risk of identity theft, fraud, and other forms of risk.
Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.
Iowa State University Prof. Posts 26 Students’ SSNs Online
Posted by Titus in Data Breaches on February 4, 2008
AMES, Iowa. In early December, 2007 Iowa State University posted the names, social security numbers, scores, and grades of 26 former students on its website. The students all appear to have taken the course “ME 325” in the Spring of 2001 from Gloria Starns. The information, along with e-mail addresses has been posted on iastate.edu for six years, since January 10, 2002. Much of the information in the files may be protected by FERPA, and all of it is sensitive. By placing students’ names and social security numbers online, Iowa State University has put these 26 students at severe risk of identity theft and other kinds of fraud.
Paragraph 3.1.2. of the Iowa State University Code of Computer Ethics indicates that Iowa State University does not have a regular policy of searching text and non-text based files on public servers to determine whether they may contain sensitive information. Especially in this instance, where a faculty member accidentally posted sensitive information six years ago and had likely forgotten about the information, the University is in the best position to catch breaches when they occur, before search engines index the files.
Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.
University of Iowa Engineering Dpt. Exposes 215 Student SSNs Online
Posted by Titus in Data Breaches on February 4, 2008
IOWA CITY, Iowa. The College of Engineering Student Development Center has posted personal information of 321 University of Iowa students on its website, including 215 social security numbers. The social security numbers were contained in an Excel file which also included names, GPAs, e-mail addresses, student ID numbers, and other academic information. Most of the affected students appear to be seniors who applied for graduation in Spring 2006. By placing this information online, the University of Iowa has put these students at extreme risk of identity theft or other forms of fraud.
The file was created on February 27, 2006, and placed online on or before March 15, 2006. According to the web server, it was on University of Iowa’s servers for almost two years without internal detection. It was one file among course listings and curriculum information for the College of Engineering.
Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.