Skip the navigation

Data breaches probed at New Jersey Blue Cross, Georgetown

Stolen laptop had personal data on 300,000 health plan members; swiped disk had data on 38,000

January 30, 2008 12:00 PM ET

Computerworld - Companies are paying a lot of attention to securing their networks against malicious attackers and other threats, but some still lag in implementing similar measures for protecting data on desktops, laptops and portable storage devices.

The most recent examples are Horizon Blue Cross Blue Shield of New Jersey and Georgetown University, both of which faced data compromises this month.

Horizon today said it has notified about 300,000 of its members of the potential compromise of their personal information following the theft of a laptop containing the data on Jan 5.

A security feature on the stolen laptop automatically deleted all of the confidential information on Jan. 23, a company spokesman said. But it is not clear whether the thief who stole the computer accessed the data on the system before then, he said. The data on the laptop was unencrypted but password-protected.

"We think it is highly unlikely because the files were not readily identifiable as containing personal data," said Thomas Rubino, director of public affairs at Horizon Blue Cross Blue Shield, which services about 3.3 million people.

Rubino offered no explanation as to why the data deletion took place nearly three weeks after the computer was first reported stolen. "Obviously, if we had been able to do it before, we would have done it," he said. Blue Cross Blue Shield was in the midst of a data encryption project at the time of the theft. "Unfortunately, this computer did not have encryption on it," Rubino said. An alert posted on its Web site noted that the confidential information on the stolen laptop included names, addresses and Social Security numbers of its members. The laptop did not contain medical data on any members, the company noted.

The laptop was stolen from a health plan employee in Newark. The employee was authorized to have the information on his computer, Rubino said. But the individual appears not to have followed company policies for securing systems that are taken out of company facilities, Rubino said without offering any specifics.

Blue Cross Blue Shield is offering one year's worth of free credit-monitoring services to those affected by the breach.

Meanwhile, the theft of a computer disk from a locked room at Georgetown University in Washington has potentially exposed the Social Security numbers and other personally identifiable data of about 38,000 current and former students, faculty members and staffers between 1998 and 2006.

A university statement said the drive was stolen from an office within the university's Office of Student Affairs on Jan. 3. The unencrypted disk apparently was used to back up a computer that contained billing information for various student services, according to a story in the campus newspaper The Hoya.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!