The New York Times broke the story that The Princeton Review's website exposed the personal data and standardized test scores of approximately 100,000 students.
The New York Times article - Student Files Are Exposed on Web Site
Stanford University has announced that a data breach related to the physical theft of a laptop computer has potentially put at risk the identities and social security numbers of 62,000 people currently or previously employed by the university.
Stanford University has provided an extensive FAQ regarding this incident located at: http://www.stanford.edu/privacy/faq/
Continue reading "Stanford Univeristy Data Breach Affects 62,000 Current And Former Employees" »
University of Utah Hospitals & Clinics have announced that computer backup tapes containing 2.2 million patient and guarantor billing reocords have been stolen. The computer back up tapes also contained social security numbers for 1.3 million patients.
The University of Utah Hospitals & Clinics have taken the steps to notify all 2.2 million patients and guarantors as well as providing free credit monitoring and restoration services to those affected.
If anyone has questions on this incident, you may call 1-866-581-3599 for more information.
University of Utah Hospitals & Clinics -- Press Release
http://healthcare.utah.edu/billingrecordstheft/
Georgetown University in Washington, D.C. has alerted the public via a press release (http://explore.georgetown.edu/news/?ID=30979) of a data breach incident stemming from the loss of an external computer hard drive. The lost hard drive contained the personally identifiable information including names and social security numbers for approximately 38,000 current and former students, faculty, and staff.
Georgetown is offering free credit monitoring for those affected by this data loss incident. A toll-free telephone number (866-740-2458) has been setup to handle questions by those who may be affected by this information security breach. Georgetown is taking the correct steps in recovering from this incident.
However, it is still amazing to me with the current proliferation of portable storage devices such as external hard drives and USB memory sticks, that organizations don't put into place and enforce stronger IT policies to prevent storage of such sensitive data without any encryption on removable disks and/or memory media.
When will organizations learn to better protect the personally identifiable information they have been entrusted with by their clients, business partners, and employees? It is my hope this lesson is learned and these types of data loss incidents don't keep occurring.
