A laptop stolen from an employee of Accretive Health last year was not encrypted "due to the oversight of an individual IT employee," the company says in a 29-page comment letter sent to Sen. Al Franken, D-Minn. That employee subsequently was fired, the company reports.
A University of North Carolina at Charlotte investigation into two breach incidents that were first reported Feb. 15 determined that 350,000 Social Security numbers, plus financial account numbers, were exposed.
News spread May 9 that information about more than 55,000 Twitter accounts had been leaked. But in a May 10 statement, the company said it was not breached, and the source of the leaked information remains unclear.
In this week's breach roundup, read about the latest incidents, including a Florida sheriff's office being hacked and a Houston hospital breach that may have led to the filing of fraudulent federal income tax returns.
Post-breach, organizations must have a full grasp on what happened - and convey that message consistently. Too often, that's not the case, says attorney Ronald Raether. What steps must organizations take?
Hacktivists associated with Anonymous have reportedly released sensitive information from the Lake County Sheriff's Office in Florida, including the names and personal phone numbers of SWAT team members.
Even with security information and event management systems, organizations labor to separate normal log data from actionable events, according to the latest Log and Event Management Survey from the SANS Institute.