Because I am Here

DC Dentist, Tax Professional, and Chiropractor Expose 16,790 Patient, Client Information on Hot Spots

Titus — Wed, 09 Apr 2008 15:06:23 +0000

Washington, DC. In three separate breaches, a Maryland Dentist, Virginia Tax Professional, and a Maryland Chiropractor have exposed the personal client and patient information of 16,970 Washington DC-area residents, including 3,270 social security numbers over public wireless networks or “Hot Spots.”

Dentist Dr. Michell Burdine-Merai’s office in Oxon Hill, Maryland exposed private information about 9,911 patients, former patients, and their families to the public through an unsecured public wireless network, including roughly 2,569 social security numbers. The information also included appointments, dental treatments, and phone numbers.

In Alexandria, Virginia, the office of Martha Yungk, EA accidentally exposed the private information of 7,003 of her clients, former clients and their families on a public wireless network after an IT professional replaced a broken router with a wireless router, without her permission. The information includes more than 700 social security numbers, 400 addresses and phone numbers, and detailed tax information for 2,796 people. Letters to the IRS about criminal tax actions, state tax information, and notes about health and alimony were among the more than 300 sensitive documents exposed on the hot spot. The wireless network was available to any member of the public with a laptop, who came within 150 feet of the office (including the parking lot).

Maryland chiropractor Prime Care exposed private information about 56 patients over its public wireless network. Most of the individuals affected are patients of Dr. Steven Boesche, though Dr. Boesche was not responsible for the posting. The Hot Spot exposed 29 files with sensitive patient information, including patient account numbers, blood pressure, date of accident, diagnoses, examination results, patient history, pulse, prognosis, and treatments.

“This is an indemic problem among independent professionals. There’s an insecure wireless network in almost every office park,” says Aaron Titus, Privacy Director of the Liberty Coalition and SSNBreach.org. “This trend is predictable if regrettable, because independent practitioners have small staffs and often outsource IT functions to people of varying skill. When they outsource it to a non-professional, it can have a devastating effect on patient and client privacy.”

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Sources:
https://www.ssnbreach.org/release.php?g=79
https://www.ssnbreach.org/release.php?g=82
https://www.ssnbreach.org/release.php?g=85

Florida State University Prof Posts 33 Students’ SSNs Online

Titus — Tue, 01 Apr 2008 14:02:16 +0000

TALLAHASSEE, Florida. The personal information of 66 Florida State University students sat on a public FSU Chemistry Department server for more than five years. Several files included names, 33 social security numbers, grades, homework and exam scores. All of the individuals affected by this breach appear to be former students of Dr. Steinbock, an FSU professor.

The Liberty Coalition discovered the files in late January, 2008 and notified the university. FSU quickly removed the files from the server, but they remained available through search engine caches until late March, 2008.

This incident falls into a nationwide pattern where university professors use public university servers to back up sensitive student personal information, either unaware of the sensitive information, or unaware that the information would be available to the public.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=73

Texas A&M Prof Posts Partial SSNs, Grades of Former Students Online

Titus — Tue, 01 Apr 2008 13:58:57 +0000

COLLEGE STATION, Texas. On November 21, 2000, someone posted the names, scores, Grades, and last five digits of 44 students’ social security numbers on a Texas A&M server. All affected students attended Dr. Clyde Munster’s Fall 1998 Hydrologic Principles in Agriculture class (AGEN 350). The Liberty Coalition discovered the files in late November, 2007. Though the university quickly removed the files from public access after notification, copies remained online through late March, 2008 in search engine caches.

This breach fits within a common pattern where university faculty or staff use university servers to store backed-up files, assuming that since the system requires a password to upload files, that the servers are private. Unfortunately, in this instance, some of Dr. Munster’s backed-up files contained sensitive information which was made available online and picked up by search engines.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Source: https://www.ssnbreach.org/release.php?g=80

UConn Prof Posts 14 Student SSNs Online

Titus — Mon, 31 Mar 2008 11:55:03 +0000

STORRS, Connecticut. On or before July 24, 2003 former UConn Economics Professor, Dr. Stiver, loaded an Excel file to his University of Connecticut home page which contained the names, last 8 social security number digits, scores, and grades of 14 students. All of the affected individuals appeared to be Dr. Stiver’s former Economics 242 students.

University officials had already discovered the file during an internal audit in early February, 2008, before the Liberty Coalition was able to notify them of the exposure. By the time the Liberty Coalition contacted the University of Connecticut, they had already deleted the file, worked with all major search engines to clear their caches, and notified each affected student. To its credit, the University also offered each student two free years of credit checking, which is not technically required by law.

This exposure falls into a national pattern where professor will use university public servers to store sensitive personal information.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Source: https://www.ssnbreach.org/release.php?g=81

Stevens Institute of Technology Posts 9 Student SSNs Online

Titus — Wed, 26 Mar 2008 11:24:31 +0000

HOBOKEN, New Jersey. Stevens Institute of Technology professor L.E. Levine posted a file with names, Social Security Numbers and Homework scores for 7 students who apparently took his course “MA681″ in the Fall of 1999. According to the server personal.stevens.edu, the files were posted on or before April, 2001. Though Dr. Levine deleted them immediately after he was notified of the exposure, the information continued to be available through March, 2008 through search engine caches.

By placing this information online, Stevens Institute of Technology has put these students at increased risk of identity theft and other forms of fraud.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=71

University of Iowa has Another Breach

Titus — Tue, 25 Mar 2008 11:05:29 +0000

IOWA CITY, Iowa. In the second exposure of sensitive information in as many months, the University of Iowa posted sensitive student information online. Two files were discovered in January, 2008 which appear to contain the names, grades, and last four digits of nine students’ social security number were posted on the Computer Sciences Department website. All of the students appear to have attended the Summer 2001 22c-112 course, taught by Aditya Kumar Sehgal, Ph.D.

According to the server, the information was posted online since at least November, 2004. Though the university acted quickly to delete the files from their servers, copies remained available through major search engine caches through late March, 2008.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=70

Shabazz Academy Posts K-5 Student Addresses Online

Titus — Mon, 24 Mar 2008 11:46:01 +0000

LANSING, Michigan. In late December, 2007 the Liberty Coalition discovered an excel file with the names, addresses, phone numbers, and emergency contact information for 125 students, parents, and others for Shabazz Public School Academy on their website. 69 of those affected are Pre-K through fifth grade students. Though no social security numbers or credit card numbers were exposed, some parents may be legitimately alarmed at the release of contact information for their young children.

The file was created on October 9, 2006. The school acted quickly to delete the file from their server and notify parents, but the file remained available through search engine caches until late February, 2008.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information and the situation surrounding the exposure, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=78

Wright State University Prof Posts 395 Grades, 38 Partial SSNs Online

Titus — Fri, 21 Mar 2008 16:45:32 +0000

DAYTON, Ohio. The Wright State University Computer Sciences Department has posted the names and last five digits of 38 students’ social security numbers on their website. All of the students affected seem to be former students of Dr. Junghsen Lieh, Ph.D. who took Materials Engineering courses between 1997 and 2005. In addition to the partial social security numbers, the individual scores and grades for roughly 395 students are also posted.

According to Dr. Lieh, the files were made during a large backup a corrupted and damaged PC in March 2006, though many of the files are considerably older than that. This breach falls within a common national pattern of faculty who use online university servers to back up files, some of which may be sensitive in nature. The Liberty Coalition notified Dr. Lieh, the Wright State University General Counsel. Though the files were deleted from the server within 24 hours, copies remained available through Yahoo’s search engine cache until late March, 2008.

Much of the information exposed in this incident may be protected by FERPA. In addition, the last four or five digits of the social security number are used by some financial institutions and businesses to extend credit, or as passwords.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Source: https://www.ssnbreach.org/release.php?g=77

Suffolk Co., NY Posts 250 Partial SSNs Online

Titus — Tue, 19 Feb 2008 11:40:47 +0000

HAUPPAUGE, New York. On or before May 22, 2007 (and as early as March 22, 2007), the Suffolk County Government Civil Service posted the names and last four digits of 250 individuals’ social security numbers on their website. The file appeared to be a copy of an old database related to the “CF Police Lottery.” The Liberty Coalition discovered the file and notified the county government on December 14, 2007. The file was not deleted from the county server until January 30, 2008, after a second notification by the Liberty Coalition.

Following the second notification, a county representative contacted the Liberty Coalition and pledged that Suffolk County plans to change its procedure, and stop using partial SSNs as an identifying number.

The last four digits of the social security number is used by businesses to extend credit, and financial institutions sometimes use it as a password. By placing this information online, Suffolk County has placed these individuals at an elevated risk of identity theft.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Source: https://www.ssnbreach.org/release.php?g=76

NJ Lawyers Post Hundreds of SSNs Online

Titus — Mon, 11 Feb 2008 11:50:13 +0000

DENVILLE, New Jersey. Confidential consumer information somehow escaped the New Jersey law offices of Collections Lawyers Pellegrino & Feldstein, and ended up posted on several websites. The Liberty Coalition discovered cached versions of an Excel file that contained the full names, social security numbers, dates of birth, addresses, account numbers, and financial information of more than 530 individuals who had interactions with Pellegrino & Feldstein in approximately 2004-2005. It also includes notes about highly private subjects, including medical conditions and employment information. The list, named “newportfolio.xls,” was posted on a number of websites, including rjrsolutions.com, cliftonrealtor.com, vdiiorio.com, cliftonrealestate.com, and anthonyc21.com on or before October 8, 2007. Although it was deleted prior to December 6, 2007, copies remained in at least two search engine caches as late as February, 2008.

All but 10 of the individuals affected by this exposure live in New Jersey. The Liberty Coalition contacted several of the victims and their attorneys, and found that the list originated from LT Asset Recovery, LLC, who in turn hired Pellegrino & Feldstein.

By allowing the personal information of these individuals to leak from their internal databases, Pellegrino & Feldstein has put these individuals at extreme risk of financial, criminal, and medical identity theft.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Source: https://www.ssnbreach.org/release.php?g=75

Former East Carolina U. Prof. Posts Info of 736 Students Online

Titus — Fri, 08 Feb 2008 11:22:21 +0000

GREENVILLE, North Carolina. On March 16, 2005 former East Carolina University math instructor Ken Butler made a temporary backup of his computer to his personal website, www.ropehouse.com. He didn’t delete the files until January 3, 2008 when the Liberty Coalition informed him that his backed-up files included the personal information of 736 students, including 412 social security numbers, in more than 60 files. Although he knew that his students’ information was backed up online, Mr. Butler believed that search engines would never find them, since he did not link directly to any of the files.

The posted files also include students’ grades, e-mail addresses. Much of the information in these files is protected by FERPA, and many of these students are at extreme risk of identity theft. Although the Liberty Coalition did not find names and social security numbers directly on ECU servers, it is alarming how so much sensitive student personal information escaped the stewardship of East Carolina University, and ended up on a private website.

While it is unclear how Google “found” the files, many people do not realize that many popular search engine toolbars act as mini “spiders” for Google when certain features are turned on. Essentially, the toolbars can report the URL of every link you visit back to the search engine, so simply by visiting a website, users can inadvertently alert Google (or other search engine) to its presence.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Source: https://www.ssnbreach.org/release.php?g=74

Salt Lake City Assisted Living Center Posts 82 Patients’ Information Online

Titus — Wed, 06 Feb 2008 11:51:56 +0000

SALT LAKE CITY, Utah. In January, 2008 Inspiration Hospice posted confidential information for 82 of its patients, and contact information for 185 caretakers on its website, inspirationhospice.com. The information was inadvertently put online in an Excel file which contained names, partial social security numbers, dates of birth, insurance numbers, medical diagnoses, addresses, phone numbers, prescriptions, and allergies, among other confidential information. The file also documented intensely personal wishes about when a patient wished to be resuscitated, family funeral plans, and even body donation. The personal nature of this exposure is particularly shocking.

When the Liberty Coalition discovered the file on January 17, 2008, it required a username and password to access, but a public copy persisted in Google’s Cache for several days. Eventually the information was deleted from inspirationhospice.com and Google’s cache. However, it is impossible to determine how many people accessed the file or search engine caches, or whether copies exist on other parts of the internet or on hard drives. By placing this information online, Inspiration Hospice has placed its patients at severe risk of identity theft, medical identity theft, fraud, or embarrassment.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Source: https://www.ssnbreach.org/release.php?g=68

Rowan University Prof. Posts 370 Students’ Personal Info Online

Titus — Tue, 05 Feb 2008 11:27:48 +0000

GLASSBORO, New Jersey. A Rowan University professor has posted several files containing personal information for 370 Rowan University students, including 172 Social Security Numbers, 95 Dates of Birth, and 310 addresses. The files also include GPAs, phone numbers, Majors, e-mail addresses, grades, phone numbers, and physical fitness information (such as Bench Press abilities, for example).

The files have been online for several months to several years, as early as November 17, 2004. By placing this information online, Rowan University has put these students at severe risk of identity theft, fraud, and other forms of risk.

Individuals affected by this exposure should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

Source: https://www.ssnbreach.org/release.php?g=65

Iowa State University Prof. Posts 26 Students’ SSNs Online

Titus — Mon, 04 Feb 2008 11:59:57 +0000

AMES, Iowa. In early December, 2007 Iowa State University posted the names, social security numbers, scores, and grades of 26 former students on its website. The students all appear to have taken the course “ME 325″ in the Spring of 2001 from Gloria Starns. The information, along with e-mail addresses has been posted on iastate.edu for six years, since January 10, 2002. Much of the information in the files may be protected by FERPA, and all of it is sensitive. By placing students’ names and social security numbers online, Iowa State University has put these 26 students at severe risk of identity theft and other kinds of fraud.

Paragraph 3.1.2. of the Iowa State University Code of Computer Ethics indicates that Iowa State University does not have a regular policy of searching text and non-text based files on public servers to determine whether they may contain sensitive information. Especially in this instance, where a faculty member accidentally posted sensitive information six years ago and had likely forgotten about the information, the University is in the best position to catch breaches when they occur, before search engines index the files.

Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=63

University of Iowa Engineering Dpt. Exposes 215 Student SSNs Online

Titus — Mon, 04 Feb 2008 11:53:15 +0000

IOWA CITY, Iowa. The College of Engineering Student Development Center has posted personal information of 321 University of Iowa students on its website, including 215 social security numbers. The social security numbers were contained in an Excel file which also included names, GPAs, e-mail addresses, student ID numbers, and other academic information. Most of the affected students appear to be seniors who applied for graduation in Spring 2006. By placing this information online, the University of Iowa has put these students at extreme risk of identity theft or other forms of fraud.

The file was created on February 27, 2006, and placed online on or before March 15, 2006. According to the web server, it was on University of Iowa’s servers for almost two years without internal detection. It was one file among course listings and curriculum information for the College of Engineering.

Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.

About SSNBreach.org

Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.

SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.

Source: https://www.ssnbreach.org/release.php?g=64