Flurry of data breaches exposes personal data on thousands

Computerworld - Personal data belonging to thousands of people has been exposed in several separate security breaches over the past few days.

Reading, Pa.-based Sovereign Bank today confirmed that it has sent letters to thousands of its customers warning them that their personal information may have been compromised in two separate incidents in which a total of three laptops were stolen in early August.

Carl Brown, a bank spokesman, refused to disclose the number of people who may have been affected by the thefts but said it involved roughly 1% of the bank's total customer base.

The thefts were reported in "early August," but the company didn't start sending letters to the affected customers until Aug. 21, after completing a "thorough investigation" of the incidents, Brown said. All three laptops were stolen from undisclosed locations within Massachusetts. Two of the laptops were stolen from one location, while the third was reported stolen in a separate incident from a different location, he said. The company has 800 community banks and does business primarily in the Northeast.

The stolen laptops, all three of which were company-issued, are believed to have contained personally identifiable information such as the names, dates of birth and Social Security numbers of the bank's account holders, Brown said. Though the systems were password-protected, the data was not encrypted, he said.

At this point, there is no evidence that the compromised data has been misused, although customers are being advised to be on the alert for fraud, Brown said.

In a separate incident on Aug. 21, an employee at Verizon Wireless accidentally sent an e-mail with an attachment containing the names, mobile numbers, equipment type and e-mail addresses of nearly 5,000 customers to about 1,800 other Verizon Wireless subscribers. The intended e-mail attachment was supposed to have been an electronic order form.

In an e-mailed comment, a Verizon spokesman said the errant e-mail was "quickly recalled," but he added that some of the recipients had viewed the contents of the file before the recall notice was sent.

The company said it had contacted the 5,000 affected customers and informed them about the breach and advised them of additional "quality control procedures and process improvement" measures that have been implemented to prevent similar lapses in the future.

"We also advised them that the four items accidentally disclosed would not give unauthorized persons access to their Verizon Wireless account, and it is highly unlikely that this information could be used to compromise any other account," the statement said.

Meanwhile, a government-issued laptop computer belonging to the Federal Motor Carrier Safety Administration (FMCSA) of the U.S. Department of Transportation was stolen from a vehicle in the Baltimore area on Aug. 22.