Extraordinary: http://msnbc.msn.com/id/12916803/

A Veteran's Affairs Analyst had a disk of greater than 26 million PPI (Personal Private Information) records for veterans stollen from their own home. This kind of problem demonstrates the lack of attention paid to basic Administrative, Technical, and Physical (ATP) controls that technology strategists use to guarantee the confidentiality, integrity, and availability of the information system. Indeed, it really reflects a lack of Administrative control placed over the movement of data.

Yet, almost certainly, there will be no prosecution of a negligence case either against the government agency or the individual who took the unauthorized information home with them.

Simply extraordinary. A pat on the wrist and "an abundance of caution" warning to veterans, and a slap on the wrist. Amazing this isn't being prosecuted under HIPAA given the data came from medical records.

R
www.micklerandassociates.com

Documented cases of PPI exposure since Jan 1, 2006:
Source: InformationWeek, Mar. 20, 2006.

Jan 1.University of Pittsburgh Medical CenterSix laptop swith names, SSN, and birthdates stolen

Jan 2.H&R BlockSSN's inadvertantly included on mailing labels

Jan 9.Atlantis Hotel/Kerzner InternationalNames, addresses, credit card and SSN's, driver's license numbers, bank account data revealed

Jan 12.People's Bank, Bridgeport Conn.Computer tape lost with names, addresses, SSN's, and checking account info.

Jan 17.Dan Diego Water & Sewer Department.Employee commits ID theft using customer account files and SSN's.

Jan 20.University Place Conference Center & Hotel, Indiana UniversityReservation System hacked

Jan 21.California Army National GuardBriefcase containing hundreds of officers' personnal info is stolen

Jan 23.University of Notre DameHackers access SSN, credit card info, and doner check images.

Jan 24.University of WA Medical CenterLaptops stolen containing names, SSN's, maiden names, birthdates, diagnoses

Jan 25.Providence Home ServicesBackup tapes and disks with SSN's and clinical information stolen

Jan 27.State of Rhode IslandHackers access names and credit card info from website

Jan 31.Boston Globe, Worcester Telegram & GazetteRecycled paper containing credit card info and routing data from personal checks inadvertantly used to bundle newspapers

Feb 1.Blue Cross and Blue ShieldMailing labels printed by accident with SSN's.

Feb 4.FedExSome w-2 forms include tax information of other workers.

Feb 9.Honeywell InetrnationalEmployee info including SSN's and bank documents exposed on website

Feb 13.Ernst & YoungLaptop with customer's personal information stolen from car.

Feb 15.Agriculture DepartmentTax ID and SSN's exposed in Freedom of Information Act Request

Feb 15.Old Dominion UniversityClass roster with names and SSN's posted online.

Feb 16.Blue Cross & Blue SHield of FloridaContractor sends names and SSN's of employees and vendors to a computer at home in violation of company policy

Feb 17.California Corrections, Pelican BayInmates access files with employee's SSN, birth dates, and pension information.

Feb 17Mt. St. Mary's HospitalTwo laptops containing patient's SSN's, birthdates, and addresses stolen in armed robbery.

Feb 18.University of Northern Iowa Laptop with w2s of students, employees, and faculty hacked.

Feb 23.Deloitte & ToucheAuditor loses CD with names, SSN's, and stockholdings of McAfee employees.

Mar 1.MedcoLaptop containing SSN's and birthdates stolen.

Mar 2.Olympic Funding ChicagoThree hard drives stolen with client names, addresses, SSN's, and phone numbers.

Mar 2.Los Angeles County Social Services DeptFiles with names, SSN's, phones, W2's, and other information left unattended

Mar 3.Metropolitan State CollegeLaptop stolen containing names, SSNs of students who registered over a 10 year period.

Mar 5.Georgetown UniversityPersonal data of senior citizens served by Office on Aging hacked.

Mar 8.Citibank3rd party data breach forces bank to block debit-card transactions in Canada,
Russia, and the UK

Top 5 Customer Data-Loss Incidents

Cardsystems 40m customers Jun 17, 2005Citigroup 3.9m customers June 6, 2005
DSW Shoe Warehouse 1.4m customers. Mar 8, 2005
Bank of America 1.2m Customers, Feb 25, 2005
Wachovia Bank of America PNC Financial Services Commerce Bancorp 676k customers, Apr 28, 2005

R
www.micklerandassociates.com