Pension Plan Leads Breach RoundupStolen Laptop Affects 100,000; CU Breach Exposes Card Data
In this week's breach roundup, a New Mexico retirement association is notifying 100,000 members of a breach stemming from a stolen laptop, and Bethpage Federal Credit Union in New York inadvertently exposed debit details and personal information about cardholders online.
Pension Plan Breach Affects 100,000
The Public Employees Retirement Association of New Mexico is notifying approximately 100,000 members of a breach involving a stolen laptop, containing personal information on its members. The device was taken from the car of an employee of Atkinson & Co., which the pension plan hired to perform its annual audit.
Information stored on the laptop may have included names, addresses, financial institution routing numbers, account types, bank account numbers, payment amounts and association identification numbers, according to the association.
NY CU Exposes Card Data
Bethpage Federal Credit Union, a New York-based institution with $4.5 billion in assets, says it inadvertently exposed debit details and some personal information about cardholders after a non-secure file was made accessible via its website.
The exposed information includes debit card numbers, expiration dates and checking account numbers linked to debit cards; primary savings account numbers; as well as members' names, mailing addresses and dates of birth. The credit union says the file did not contain Social Security numbers, debit card security codes - used for card-not-present transactions - or PINs.
Bethpage did not respond to queries about the breach. But according to a local news report some 86,000 member accounts were suspected to have been affected. Bethpage serves more than 196,000 members.
PowerPoint Charts Led to Breaches
Memorial Sloan-Kettering Cancer Center in New York is notifying 880 patients that some of their personal information may have been exposed when it was inadvertently embedded in PowerPoint charts posted on two websites.
In April, the cancer center, as part of its ongoing data security efforts, discovered five incidents involving patient information that was hidden behind graphs in PowerPoint presentations on the websites of two professional medical organizations, according to a June 15 privacy alert posted on its website. The information "was not visible during routine viewing of the presentation, but the graph itself could be manipulated in such a way as to potentially reveal the protected information," according to the alert.
School Breach Affects 2,700 Students
The Fleetwood Area School District in Pennsylvania is investigating a breach that affected all 2,700 students in the district. According to a local news report, the personal information for the students was stolen and posted on the website Wikispaces. Information exposed included names, dates of birth, school ID number, address, parents' names, teacher's name and student grade level. The information came from a spreadsheet that was stored in the administrative section of the district website, the report explained.
The district is working with police to determine how the information was taken and posted online. The information was taken down from Wikispaces within hours of the breach being discovered.
Theft Affects 1,400 Patients
The Gessler Clinic in Winter Haven, Fla., is notifying approximately 1,400 patients about a breach involving stolen patient charge tickets - documents generated when a patient gets services at a practice. They were taken from the clinic's orthopedic practice during closed office hours. In a notice posted online, the clinic explained that the tickets contained the address, phone number, date of birth, diagnosis and treatment, as well as insurance information and Social Security number for the patients. The clinic is offering one year of free credit and ID theft protection services to affected patients.
Social Work Files Dropped in Parking Lot
The Dumfries and Galloway Council, the governing body for the Dumfries and Galloway region in Scotland, is investigating a data breach involving confidential social work files that were lost after being dropped in a parking lot in Dumfries. According to the BBC, the social work files were found by tourists who brought them to the police. The incident was reported to Scotland's information commissioner, the report says.