Data breaches probed at New Jersey Blue Cross, Georgetown
Stolen laptop had personal data on 300,000 health plan members; swiped disk had data on 38,000
Computerworld - Companies are paying a lot of attention to securing their networks against malicious attackers and other threats, but some still lag in implementing similar measures for protecting data on desktops, laptops and portable storage devices.
The most recent examples are Horizon Blue Cross Blue Shield of New Jersey and Georgetown University, both of which faced data compromises this month.
Horizon today said it has notified about 300,000 of its members of the potential compromise of their personal information following the theft of a laptop containing the data on Jan 5.
A security feature on the stolen laptop automatically deleted all of the confidential information on Jan. 23, a company spokesman said. But it is not clear whether the thief who stole the computer accessed the data on the system before then, he said. The data on the laptop was unencrypted but password-protected.
"We think it is highly unlikely because the files were not readily identifiable as containing personal data," said Thomas Rubino, director of public affairs at Horizon Blue Cross Blue Shield, which services about 3.3 million people.
Rubino offered no explanation as to why the data deletion took place nearly three weeks after the computer was first reported stolen. "Obviously, if we had been able to do it before, we would have done it," he said. Blue Cross Blue Shield was in the midst of a data encryption project at the time of the theft. "Unfortunately, this computer did not have encryption on it," Rubino said. An alert posted on its Web site noted that the confidential information on the stolen laptop included names, addresses and Social Security numbers of its members. The laptop did not contain medical data on any members, the company noted.
The laptop was stolen from a health plan employee in Newark. The employee was authorized to have the information on his computer, Rubino said. But the individual appears not to have followed company policies for securing systems that are taken out of company facilities, Rubino said without offering any specifics.
Blue Cross Blue Shield is offering one year's worth of free credit-monitoring services to those affected by the breach.
Meanwhile, the theft of a computer disk from a locked room at Georgetown University in Washington has potentially exposed the Social Security numbers and other personally identifiable data of about 38,000 current and former students, faculty members and staffers between 1998 and 2006.
A university statement said the drive was stolen from an office within the university's Office of Student Affairs on Jan. 3. The unencrypted disk apparently was used to back up a computer that contained billing information for various student services, according to a story in the campus newspaper The Hoya.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!