The Kansas Department on Aging has recently reported a hardware theft that caused a data breach affecting about 7,000 of its customers. A laptop, a flash drive and paper files were stolen out of an employee’s vehicle, putting thousands of senior customers at risk.

The stolen files contained personal and protected health information belonging mainly to customers located in Sedgwick, Harvey, and Butler counties. The theft was immediately reported to the Wichita Police Department. The Kansas Department on Aging says it is cooperating with the police, but the stolen hardware has not yet been recovered.

Fortunately, there is no evidence to indicate that the information has been accessed and misused. The stolen data and documents may include full customer names, complete addresses, dates of birth, social security numbers, gender, in home services program participation information, Medicaid identification numbers, case management location and case manager names and telephone numbers.  No banking, credit card, or driver license information was stored on the stolen devices.

The Kansas Department of Aging has confirmed that at least 100 customers have had their Social Security Numbers stolen and trying to inform those affected through phone calls. They will further notify everyone affected by the breach through letters explaining the situation.

“We are immediately reviewing policies and procedures relevant to information security, especially for those employees whose duties require travel off-site to prevent a similar situation from recurring,” stated Secretary Shawn Sullivan of the Department on Aging.

The Department of Aging also advised their customers to contact their banks and credit card companies and let them know they are victims of a data theft, prompting them to keep an eye on any suspicious activity in the following months.

A data breach affecting 1.8 million customers of two New York utilities companies has recently been made public by the  New York State Public Service Commission. The investigation into this data breach was initiated after an employee from a third party IT company contracted by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) was given unauthorized access to the company’s databases.

It is not clear if accessing the customer databases had any malicious intent, both affected companies claiming there was no proof of any data having been misused as a consequence of the breach. But, to stay on the safe side, they have decided to send out notifications regarding the data access, as it exposed Social Security Numbers, dates of birth and financial account information, as shown in the official press release sent out by the NY Commission.

“This investigation will seek a complete understanding of the root causes for this security breach, and the measures in place to protect against such a breach,” said the Commission’s Chairman Garry Brown.

NYSEG and RG&E have  also partnered with credit service group Experian to offer free credit card monitoring to the 1.8 million customers affected by the data breach. They also promised their full cooperation to forensics experts and law enforcement.

Mid-August seems to have been the perfect time for a fresh increase in hacking incidents that lead to sensitive data being lost or exposed. Maybe the security incidents have been powered by all the news on Anonymous and LuizSec of late, or maybe companies still don’t know what they’re facing. The truth is the simplest hacks seem to get straight to the sensitive information they store on their projects, their partners and mostly their clients.

The first such incident targeted Epson Korea, where a website hack managed to compromise the details of about 350,000 customers. The data accessed by hackers included names, user IDs, passwords and resident registration numbers.

Another company where hackers ran amok was Vanguard Defense Industries. One of their contractors’ personal email accounts was breached, exposing internal memos and personal details on employees. Of course, the ever sensitive defense info the person in question emailed about was also accessed by hackers.

GOM TV also fell victim to a hack which revealed their users’ login ID and passwords, and other details such as country, email address and real names. And because those related to law enforcement never manage to stay safe, the Bay Area Rapid Transit (BART) Police Officers Association was also targeted. The security breach exposed the personal details of 100 police officers that were part of BRAT.

Last in our roundup of data breaches caused by hacking is the Purdue University incident. Over 7000 former students and faculty members have been affected, the hackers exposing their social security numbers.

This is all for now and I wholeheartedly wish you a safe and hacker-free week!

The Alaska Department of Education and Early Development issued a warning for school districts across the state announcing that a computer hard drive containing information on 90,000 students was stolen from Juneau.The Juneau Police Department is currently investigating the theft.

“Alaska law requires government agencies that collect personal information to notify you if your information is lost or stolen,” Commissioner Mike Hanley wrote in a news release. “This theft has unfortunately resulted in the release of some of your personal information to an unauthorized third party.”

Personal information such as names, birth dates, id numbers and more could have been accessed with the help of the stolen equipment.

The information on the stolen hard drive referred to 12,099 students from all 54 districts, who participated in the state Standards Based Assessments in April 2010 and another almost 77,000 students in grades from 3 through 10 that have participated in High School Graduation Qualifying Examination.

Also, 279 students with disabilities from the Northwest Arctic Borough School District and 269 students with disabilities from the Fairbanks North Star Borough School District may have been affected by this theft.

According to the department’s news release, “the key piece of personal information required for identity theft,” – the social security numbers, were not disclosed.

As the information was not available in a universal format, nor easily recognized by file names, the actual threat is deemed minor, but the department is willing to change the Alaska Student Identification Numbers if asked.

The Department of Education and Early Development can be contacted at 465-8727. So far only 6 calls have been made regarding this issue. Also, the Fairbanks school district will be sending letters to the parents of the potentially affected students.

Printed, stored on computers or on flash drives, your data is just not safe. Your personal details that you entrust to companies you work with, doctors and other third parties will just end up exposed. If you are lucky enough, they might get in the hands of someone who won’t use your address, social security number or card details to harm you on their quest to get fast and easy money. If you’re unlucky, your accounts will just turn empty one day, your identity will be used to commit felonies or crimes and you will have years of paperwork and bad credit records in front of you.

Let’s check the recent data breach news. We have a stolen computer that contained names, ages, addresses and medical conditions of 700 children. Next come rushing in: backup tapes and other media containing cord blood bank customer information stolen from car, which ended up exposing about 300,000 records; and 113 patients’ names and Medicare numbers on a document stolen from a vehicle…

Of course, not all private details are stolen! Some of them are merely lost! You can read all about a lost flash drive with 2777 names, medical record number and test results or another lost flash drive with 59 patients’ name, age, diagnosis, admission date and brief treatment notes as well as some ID card numbers on it!

Data breaches cost. First customers, then companies. You need to pay for your deed and there are fines, law suits and the big elephant in the room – loosing all your customers! Sounds like fun!

It actually does not. Data breaches are dead serious and you should try to prevent them. It’s always cheaper than dealing with the consequences. So take your time to find out about and then invest in an effective data loss protection and endpoint security solution. And try to do that soon!

Four women living in the Waco area have been charged and arrested as a result of their conspiracy to commit identity theft. They have developed a scheme scheme involving stolen Fingerprint Applicant Services of Texas (FAST) applications required by licensing and certification entities such as the Texas Education Agency.

A seven count federal grand jury indictment, that was unsealed yesterday afternoon, charges 32-year-old Angela Cuellar, 38-year-old Yolanda Ramos, 33-year-old Diane Rivera and 29-year-old Christine Elifritz with one count of conspiracy to commit identity theft. Angela Cuellar has also been charged with six substantive aggravated identity theft counts while Elifritz and Ramos, with only one aggravated identity theft count.

The indictment alleges that while being employed as a Live Scan Operator by Integrated Biometrics Technology (IBT), between March 10, 2008, and July 27, 2008, Angela Cuellar has used her position to gain access to the earlier mentioned applications, which included personal information such as social security numbers and dates of birth.

When leaving IBT, Cuellar stole thousands of background check applications she had processed, in a direct violation of company policy that required her to destroy them. The indictment also alleges that the women used the stolen information to fraudulently obtain credit and other financial services across the USA.

The 4 defendants remain in federal custody until the pending hearing scheduled on December 21, 2010. If convicted on the conspiracy charge, each defendant faces up to 15 years in federal prison. Each aggravated identity theft charge adds a two-year federal prison term for Cuellar, Elifritz and Ramos.

New York-based Lincoln Medical and Mental Health Center is the center of attention in security news after exposing sensitive patient information. The lost data was the result of a failed FedEx delivery – CDs with unencrypted data was sent to the Center but never made it to its destination.

The lost data included medical and psychological diagnoses and procedures for over 130 000 patients, as stated in an official notification. An investigation trying to locate the missing CDs was launched back in April, but it failed to recover the data: names, addresses, social security numbers medical record numbers, dates of birth and more, enough for any half-decent identity thief to have a blast.

According to the Register, Licoln is at least note alone in this mess:

Lincoln’s notification to the US Department of Health website came the same day officials at the University of Maine said sensitive details for 4,585 individuals who sought services at the school’s counseling center have been stolen by hackers who compromised two servers. The exposed data included names, clinical information and social security numbers for people who used the service over an eight-year span ending last week.

Other medical facilities to fess up to losing patient data in the past 24 hours, according to the Department of Health website, include Silicon Valley Eyecare Optometry and Contact Lenses, with 40,000 people affected, Kentucky’s Our Lady of Peace Hospital, with 24,600 affected, and the Cincinnati Children’s Hospital Medical Center, which affected 60,000.

In a new incident proving – as if more evidence was needed – that one of the biggest data security threats comes from the inside, an administrative tech of the Texas Child Protective Services in Houston decided to steal data on potential foster care and adoptive parents and use it to apply for credit cards. Together with an outside accomplice, they had used the stolen information to apply for said credit cards at various stores.

Luckily enough, the credit card issuers noticed some discrepancy in the way formed were filled out and the two were discovered and arrested after stealing data on only 70 individuals. The two accomplices charged with fraudulent possession of identifying information could face up to 10 years in prison and a 10,000 US dollar fine. Not quite worth it for some extra stolen cash that probably never came through.

As of now it is unclear if any of their identity theft attempts was successful. We do hope they have failed miserably.