New data security breaches come in fours

Computerworld - What do Fallon Community Health Plan, Pennsylvania State University, OmniAmerican Bank and T. Rowe Price Group Inc. all have in common?

Each of them recently joined the seemingly never-ending parade of organizations that have disclosed security breaches resulting in the potential compromise of personal data.

Leading the pack in terms of the number of data records known to be involved was T. Rowe Price. Two weeks ago, the Baltimore-based investment management firm's retirement plan services group began notifying about 35,000 current and former participants in "several hundred" plans that their names and Social Security numbers might have been compromised, a company spokesman confirmed today.

The spokesman said that the possible breach resulted from the theft of computers containing the data from the offices of CBIZ Benefits and Insurance Services Inc., a third-party services provider that was preparing tax-related forms on behalf of T. Rowe Price. The theft took place during the last week of December, he added.

T. Rowe Price is offering one year's worth of free credit monitoring services and up to $25,000 in identify theft insurance to the individuals whose personal data was on the stolen systems, the spokesman said.

Meanwhile, a similar laptop theft that also took place in late December may have compromised the names, birth dates and some health care data of about 29,800 members at Fallon Community Health Plan, a Worcester, Mass.-based medical provider and insurer.

A spokesman for Fallon said that the laptop was stolen from the offices of a third-party services provider, and that the data stored on the system doesn't appear to have been either encrypted or password-protected. But the fact that other equipment was taken along with the laptop may be an indication that the thieves were after the systems and not the data on them, the Fallon spokesman said.

Like T. Rowe Price, Fallon is offering one year's worth of credit monitoring to all of the members of its Fallon Senior Plan and Summit ElderCare health plans who were affected by the breach. In cases where it's needed, the credit monitoring services will be extended to two years, the spokesman said, adding that all of the affected plan members have been notified of the incident.

In the third incident to make the news over the past few days, Fort Worth, Texas-based OmniAmerican Bank said that it had been forced to impose unspecified restrictions on ATM and debit card transactions after hackers broke into its systems.

In a prepared statement, the bank said that it has also implemented a series of new "communications and security measures" in response to attempted fraudulent activity stemming from the break-in last week. It didn't specify what those measures were, and a call to the bank seeking further comment wasn't immediately returned.