Data theft roundup: More laptops stolen, roughly 300,000 at risk

By Bill Brenner, Senior News Writer 05 Jun 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Instead of hacking into company databases, thieves are making off with personal data on hundreds of thousands of people the old-fashioned way -- by stealing machines from cargo holds, cars and offices.

The latest wave of data thefts started last month when someone broke into the home of a U.S. Department of Veteran's Affairs (VA) employee and stole computer hardware containing the names, Social Security numbers and dates of birth for 26.5 million U.S. veterans.

Late last week came news of three stolen laptops with data on the former employees of three supermarket chains, customers of Hotels.com and members of the YMCA.

More on data theft Congress considers several data protection bills Veterans Affairs data theft should be 'call to arms' Blood donors' info compromised (third item) Ohio University suspends technician after data theft (third item) Financial firms scramble over massive online heist (second item)

In the first case, a laptop with pension data on former employees of supermarket chains Stop & Shop, Giant and Tops was reportedly stolen during a commercial flight. The information included Social Security numbers and was stored on a laptop belonging to an employee with Electronic Data Systems Corp. (EDS), a contractor that does business with the supermarkets' Dutch parent company, Royal Ahold.

Ahold USA spokesman Barry Scher told The Associated Press (AP) that current employees are not affected.

EDS spokeswoman Kimberly Walton told the AP she couldn't disclose how many former employees of Ahold subsidiaries were affected because it "would put the information at greater risk." She said the computer was password-protected but that the sensitive information wasn't encrypted. She added that the employee violated EDS policy by checking the computer with baggage instead of taking the computer onboard as carry-on luggage.

The second case involved a laptop stolen during a car theft earlier this year. The computer belonged to an employee with Ernst & Young LLP, the auditor for Expedia Inc.'s Hotels.com. The laptop contained credit card data for 243,000 Hotels.com customers, according to published media reports.

The third case involved a laptop with data on more than 65,000 Rhode Island and Massachusetts YMCA members that was stolen from a locked office of the Providence, R.I., YMCA.

The computer was used by administrators of the organization's daycare program and contained bank account numbers, credit card information and names, addresses and personal family and medical details, the Providence Journal reported Friday.

There's no indication that the stolen information has been accessed or used, YMCA spokeswoman Michelle Riendeau told the newspaper.

Tags: Identity Theft and Data Security Breaches,  Enterprise Data Governance,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Enterprise Data Governance How to protect distributed information flows Interpreting 'risk' in the Massachusetts data protection law Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary