Because I am Here

Washington, DC. In three separate breaches, a Maryland Dentist, Virginia Tax Professional, and a Maryland Chiropractor have exposed the personal client and patient information of 16,970 Washington DC-area residents, including 3,270 social security numbers over public wireless networks or “Hot Spots.”

Dentist Dr. Michell Burdine-Merai’s office in Oxon Hill, Maryland exposed private information about 9,911 patients, former patients, and their families to the public through an unsecured public wireless network, including roughly 2,569 social security numbers. The information also included appointments, dental treatments, and phone numbers.

In Alexandria, Virginia, the office of Martha Yungk, EA accidentally exposed the private information of 7,003 of her clients, former clients and their families on a public wireless network after an IT professional replaced a broken router with a wireless router, without her permission. The information includes more than 700 social security numbers, 400 addresses and phone numbers, and detailed tax information for 2,796 people. Letters to the IRS about criminal tax actions, state tax information, and notes about health and alimony were among the more than 300 sensitive documents exposed on the hot spot. The wireless network was available to any member of the public with a laptop, who came within 150 feet of the office (including the parking lot).

Maryland chiropractor Prime Care exposed private information about 56 patients over its public wireless network. Most of the individuals affected are patients of Dr. Steven Boesche, though Dr. Boesche was not responsible for the posting. The Hot Spot exposed 29 files with sensitive patient information, including patient account numbers, blood pressure, date of accident, diagnoses, examination results, patient history, pulse, prognosis, and treatments.

“This is an indemic problem among independent professionals. There’s an insecure wireless network in almost every office park,” says Aaron Titus, Privacy Director of the Liberty Coalition and SSNBreach.org. “This trend is predictable if regrettable, because independent practitioners have small staffs and often outsource IT functions to people of varying skill. When they outsource it to a non-professional, it can have a devastating effect on patient and client privacy.”

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Sources:
https://www.ssnbreach.org/release.php?g=79
https://www.ssnbreach.org/release.php?g=82
https://www.ssnbreach.org/release.php?g=85

TALLAHASSEE, Florida. The personal information of 66 Florida State University students sat on a public FSU Chemistry Department server for more than five years. Several files included names, 33 social security numbers, grades, homework and exam scores. All of the individuals affected by this breach appear to be former students of Dr. Steinbock, an FSU professor.

The Liberty Coalition discovered the files in late January, 2008 and notified the university. FSU quickly removed the files from the server, but they remained available through search engine caches until late March, 2008.

This incident falls into a nationwide pattern where university professors use public university servers to back up sensitive student personal information, either unaware of the sensitive information, or unaware that the information would be available to the public.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=73

COLLEGE STATION, Texas. On November 21, 2000, someone posted the names, scores, Grades, and last five digits of 44 students’ social security numbers on a Texas A&M server. All affected students attended Dr. Clyde Munster’s Fall 1998 Hydrologic Principles in Agriculture class (AGEN 350). The Liberty Coalition discovered the files in late November, 2007. Though the university quickly removed the files from public access after notification, copies remained online through late March, 2008 in search engine caches.

This breach fits within a common pattern where university faculty or staff use university servers to store backed-up files, assuming that since the system requires a password to upload files, that the servers are private. Unfortunately, in this instance, some of Dr. Munster’s backed-up files contained sensitive information which was made available online and picked up by search engines.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=80

STORRS, Connecticut. On or before July 24, 2003 former UConn Economics Professor, Dr. Stiver, loaded an Excel file to his University of Connecticut home page which contained the names, last 8 social security number digits, scores, and grades of 14 students. All of the affected individuals appeared to be Dr. Stiver’s former Economics 242 students.

University officials had already discovered the file during an internal audit in early February, 2008, before the Liberty Coalition was able to notify them of the exposure. By the time the Liberty Coalition contacted the University of Connecticut, they had already deleted the file, worked with all major search engines to clear their caches, and notified each affected student. To its credit, the University also offered each student two free years of credit checking, which is not technically required by law.

This exposure falls into a national pattern where professor will use university public servers to store sensitive personal information.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=81

HOBOKEN, New Jersey. Stevens Institute of Technology professor L.E. Levine posted a file with names, Social Security Numbers and Homework scores for 7 students who apparently took his course “MA681″ in the Fall of 1999. According to the server personal.stevens.edu, the files were posted on or before April, 2001. Though Dr. Levine deleted them immediately after he was notified of the exposure, the information continued to be available through March, 2008 through search engine caches.

By placing this information online, Stevens Institute of Technology has put these students at increased risk of identity theft and other forms of fraud.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=71

IOWA CITY, Iowa. In the second exposure of sensitive information in as many months, the University of Iowa posted sensitive student information online. Two files were discovered in January, 2008 which appear to contain the names, grades, and last four digits of nine students’ social security number were posted on the Computer Sciences Department website. All of the students appear to have attended the Summer 2001 22c-112 course, taught by Aditya Kumar Sehgal, Ph.D.

According to the server, the information was posted online since at least November, 2004. Though the university acted quickly to delete the files from their servers, copies remained available through major search engine caches through late March, 2008.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=70

LANSING, Michigan. In late December, 2007 the Liberty Coalition discovered an excel file with the names, addresses, phone numbers, and emergency contact information for 125 students, parents, and others for Shabazz Public School Academy on their website. 69 of those affected are Pre-K through fifth grade students. Though no social security numbers or credit card numbers were exposed, some parents may be legitimately alarmed at the release of contact information for their young children.

The file was created on October 9, 2006. The school acted quickly to delete the file from their server and notify parents, but the file remained available through search engine caches until late February, 2008.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=78

DAYTON, Ohio. The Wright State University Computer Sciences Department has posted the names and last five digits of 38 students’ social security numbers on their website. All of the students affected seem to be former students of Dr. Junghsen Lieh, Ph.D. who took Materials Engineering courses between 1997 and 2005. In addition to the partial social security numbers, the individual scores and grades for roughly 395 students are also posted.

According to Dr. Lieh, the files were made during a large backup a corrupted and damaged PC in March 2006, though many of the files are considerably older than that. This breach falls within a common national pattern of faculty who use online university servers to back up files, some of which may be sensitive in nature. The Liberty Coalition notified Dr. Lieh, the Wright State University General Counsel. Though the files were deleted from the server within 24 hours, copies remained available through Yahoo’s search engine cache until late March, 2008.

Much of the information exposed in this incident may be protected by FERPA. In addition, the last four or five digits of the social security number are used by some financial institutions and businesses to extend credit, or as passwords.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=77

HAUPPAUGE, New York. On or before May 22, 2007 (and as early as March 22, 2007), the Suffolk County Government Civil Service posted the names and last four digits of 250 individuals’ social security numbers on their website. The file appeared to be a copy of an old database related to the “CF Police Lottery.” The Liberty Coalition discovered the file and notified the county government on December 14, 2007. The file was not deleted from the county server until January 30, 2008, after a second notification by the Liberty Coalition.

Following the second notification, a county representative contacted the Liberty Coalition and pledged that Suffolk County plans to change its procedure, and stop using partial SSNs as an identifying number.

The last four digits of the social security number is used by businesses to extend credit, and financial institutions sometimes use it as a password. By placing this information online, Suffolk County has placed these individuals at an elevated risk of identity theft.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=76

DENVILLE, New Jersey. Confidential consumer information somehow escaped the New Jersey law offices of Collections Lawyers Pellegrino & Feldstein, and ended up posted on several websites. The Liberty Coalition discovered cached versions of an Excel file that contained the full names, social security numbers, dates of birth, addresses, account numbers, and financial information of more than 530 individuals who had interactions with Pellegrino & Feldstein in approximately 2004-2005. It also includes notes about highly private subjects, including medical conditions and employment information. The list, named “newportfolio.xls,” was posted on a number of websites, including rjrsolutions.com, cliftonrealtor.com, vdiiorio.com, cliftonrealestate.com, and anthonyc21.com on or before October 8, 2007. Although it was deleted prior to December 6, 2007, copies remained in at least two search engine caches as late as February, 2008.

All but 10 of the individuals affected by this exposure live in New Jersey. The Liberty Coalition contacted several of the victims and their attorneys, and found that the list originated from LT Asset Recovery, LLC, who in turn hired Pellegrino & Feldstein.

By allowing the personal information of these individuals to leak from their internal databases, Pellegrino & Feldstein has put these individuals at extreme risk of financial, criminal, and medical identity theft.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=75