Breach News


Experience the difference of end-to-end asset disposition services.

Nearly 90 percent of companies do not have a data destruction plan in place or understand how to destroy their data securely, according to a new study released by AERC Recycling Solutions. Here are examples of companies and organizations that failed to select the proper IT Asset Disposition vendor and or elected to dispose of important assets using their own employees without following the proper practices and procedures.

For anyone who doubts the extensiveness of how often data privacy breaches occur, or the dangerous exposure such breaches create, there are several up-to-date resources available to research organizations that have exposed their clientele and/or employee base as a result of unnecessary data privacy breaches.

Maxxum recommends:

National Association for Information Destruction (NAID) News Room – This resource lists recent data breaches, as well as webinars and other resources available for staying current with regulatory news and changes. . http://www.naidonline.com/news.html

Privacy Rights Clearinghouse – An extremely comprehensive site that includes not only a chronological timeline of data privacy breaches, but also links to other sites with breach information.
http://www.privacyrights.org/data-breach

Department of Health and Human Services – The DHHS publishes a list of all organizations that have experienced a HIPAA breach..

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html


Specific Articles of Possible Interest

Hopkins firm faces hefty EPA fine

The recycling company insists it is not to blame for export problems it says were caused by another firm.
Click here for the complete story

Source: REUTERS

Wednesday December 8, 2010

NASA sold computers with sensitive data, report says

(Reuters) - NASA failed to delete sensitive data on computers and hard drives before selling the equipment as part of its plan to end the Space Shuttle program, an audit released on Tuesday shows.

NASA is getting rid of thousands of surplus items as it prepares to end the space shuttle program next year.

The Office of Inspector General found what it termed "serious" security breaches at NASA centers in Florida, Texas, California and Virginia.

"Our review found serious breaches in NASA's IT (information technology) security practices that could lead to the improper release of sensitive information related to the Space Shuttle and other NASA programs," NASA Inspector General Paul Martin said in a statement. "NASA needs to take coordinated and forceful actions to address this problem."

The report cites 14 computers from the Kennedy Space Center that failed tests to determine if they were sanitized of sensitive information, 10 of which already had been released to the public. It also found that hard drives were missing from Kennedy and from the Langley Research Center in Virginia. Some of the Kennedy hard drives were later found inside a dumpster, where they were being stored before sale, that was accessible to the public, the audit says.

Investigators also found several pallets of computers being prepared for sale that were marked with NASA Internet Protocol addresses, which the report said could help hackers gain access to the NASA internal computer network. (Editing by Greg McCune)


Data Losses May Spur Lawsuits on eweek.com:

On June 6, 2008, the Department of Veterans Affairs was hit with two class action lawsuits related to the theft of an employees laptop computer. The theft, reported in late May, held the information of 26.5 million current and former servicemen. The veterans behind the suit are seeking $1,000 for each person whose information was stolen.

Follow up regarding the VA breach from NAIDDIRECT (Feb. 5, 2009):

On January 27, 2009 the US Department of Veterans Affairs had to provide a settlement of $20 million dollars for multiple consolidated class action lawsuits filed against them for a data breach in 2006. An analyst had taken home a lap top containing sensitive data of 26 million veterans and 2.2 million active duty military personnel. When the FBI recovered the lap top it was determined no one accessed the information. This case is pivotal due to the fact the US Department of Veterans Affairs was still willing to commit payments of $20 million for the plaintiffs’ claim despite no evidence of actual damages.

 

 
© Copyright Maxxum Inc. 2010 | 1350 South Field Avenue | PO Box 489 | Rush City, MN 55069 | 651.674.2715