Data theft roundup: More laptops stolen, roughly 300,000 at risk

By Bill Brenner, Senior News Writer 05 Jun 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Instead of hacking into company databases, thieves are making off with personal data on hundreds of thousands of people the old-fashioned way -- by stealing machines from cargo holds, cars and offices.

The latest wave of data thefts started last month when someone broke into the home of a U.S. Department of Veteran's Affairs (VA) employee and stole computer hardware containing the names, Social Security numbers and dates of birth for 26.5 million U.S. veterans.

Late last week came news of three stolen laptops with data on the former employees of three supermarket chains, customers of Hotels.com and members of the YMCA.

More on data theft Congress considers several data protection bills Veterans Affairs data theft should be 'call to arms' Blood donors' info compromised (third item) Ohio University suspends technician after data theft (third item) Financial firms scramble over massive online heist (second item)

In the first case, a laptop with pension data on former employees of supermarket chains Stop & Shop, Giant and Tops was reportedly stolen during a commercial flight. The information included Social Security numbers and was stored on a laptop belonging to an employee with Electronic Data Systems Corp. (EDS), a contractor that does business with the supermarkets' Dutch parent company, Royal Ahold.

Ahold USA spokesman Barry Scher told The Associated Press (AP) that current employees are not affected.

EDS spokeswoman Kimberly Walton told the AP she couldn't disclose how many former employees of Ahold subsidiaries were affected because it "would put the information at greater risk." She said the computer was password-protected but that the sensitive information wasn't encrypted. She added that the employee violated EDS policy by checking the computer with baggage instead of taking the computer onboard as carry-on luggage.

The second case involved a laptop stolen during a car theft earlier this year. The computer belonged to an employee with Ernst & Young LLP, the auditor for Expedia Inc.'s Hotels.com. The laptop contained credit card data for 243,000 Hotels.com customers, according to published media reports.

The third case involved a laptop with data on more than 65,000 Rhode Island and Massachusetts YMCA members that was stolen from a locked office of the Providence, R.I., YMCA.

The computer was used by administrators of the organization's daycare program and contained bank account numbers, credit card information and names, addresses and personal family and medical details, the Providence Journal reported Friday.

There's no indication that the stolen information has been accessed or used, YMCA spokeswoman Michelle Riendeau told the newspaper.

Tags: Identity Theft and Data Security Breaches,  Enterprise Data Governance,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Man pleads guilty in online banking hacking scam White House cybersecurity czar faces major hurdles Heartland breach cost $12.6 million, CEO says An inside look at security log management forensics investigations LexisNexis investigates breach, notifies thousands Senators hear call for federal cybersecurity restructuring Former Federal Reserve Bank employee arrested Attackers cash in on fundamental data handling mistakes, Verizon finds Courts turn aside data breach suits Data security best practices for PCI DSS compliance Enterprise Data Governance Risk management must include physical-logical security convergence Simple information security mistakes can cause data loss, says expert Organizations struggle with data leakage prevention, rights management Encryption in data management should never be ignored, expert says Attackers cash in on fundamental data handling mistakes, Verizon finds Data loss prevention benefits in the real world Mass., Nev. data protection laws wrong, ineffective Cybersecurity hearing highlights inadequacy of PCI DSS Enforcing a vendor risk assessment to avoid outsourcing security risks How to Secure Cloud Computing

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary