Two more organizations report data breaches
Texas Guaranteed, Sacred Heart University disclose separate incidents involving personal data
Computerworld - Advocates for strong data privacy laws are getting plenty of ammunition to support their cause these days.
In yet another large data breach, Texas Guaranteed (TG) a Round Rock, Texas-based nonprofit organization that administers student loans today announced that an outside contractor had lost an unspecified piece of equipment containing the names and Social Security numbers of approximately 1.3 million borrowers.
The loss was reported to the company on Friday by Hummingbird Ltd. a Toronto-based company that had been hired by TG to develop a document management system for TG. Kristin Boyer, a spokeswoman for TG said borrower files had been provided to Hummingbird as part of the contract.
According to Boyer, TG followed recommended security practices and encrypted all the information prior to transmitting it to Hummingbird. The data was then unencrypted by a Hummingbird employee and stored on equipment that later appears to have been lost, Boyer said.
"We don’t have any indications at this point if there was malicious intent," behind the disappearance of the data, she said.
In a statement, Hummingbird said there was no reason to believe that the piece of equipment had been stolen to gain access to confidential data. The statement also said that the data had been protected through unspecified "security measures," which would make it difficult for unauthorized people to access the data.
"Given the technology that would be required to retrieve the data, Hummingbird believes that any misuse of the data is extremely unlikely," the company said. The statement added that the company filed a lost property report with the police after having "exhausted every possibility to recover the stolen equipment."
TG has set up a call center at (800) 530-0626 to provide information to affected customers. The company also plans to start sending letters to all of the affected individuals in the next few weeks Boyer said.
The TG incident is the second one involving large amounts of personal data since the disaster at the Department of Veterans Affairs last week.
Rootkit detected at Sacred Heart University
On May 24, Sacred Heart University in Fairfield, Conn, announced that one of its computers had been hacked, resulting in the potential compromise of personal data belonging to 135,000 alumni and prospective students.
The breach was discovered May 8 when the university’s IT staff noticed "an anomaly during routine daily maintenance of our computer system," said Funda Alp, a university spokeswoman. A rootkit installed on the system, apparently by an outside attacker, caused it to crash one of the services running on a server containing the information, Alp said.
"When the breach was discovered, [the server] was taken off-line immediately," Alp said. She added that preliminary investigations appear to show that the hacker had the expertise to access the information stored on the server although it is not clear if that happened. Apart from the names, addresses and Social Security numbers of 135,000 people, the compromised server also contained credit-card information on 103 individuals, she said.
There is no indication that the information has been misused, Alp said, adding that the university began notifying affected individuals soon after the breach was discovered.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts