Police Fine Leads Breach Roundup

UK Police Lose USB Drive; Breach Affects Univ. of Ga. Staff
Police Fine Leads Breach Roundup

In this week's breach roundup, the Greater Manchester Police Department has paid a £120,000 penalty after an unencrypted USB drive was stolen. Also, at least 8,500 current and former University of Georgia employees were affected by a breach that revealed personnel records.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

Police Pay £120,000 Breach Fine

The Greater Manchester Police Department has paid a £120,000 penalty issued by the UK Information Commissioner's Office after an unencrypted USB drive containing personal information on more than 1,000 individuals with links to serious criminal investigations was stolen.

The ICO imposed a civil monetary penalty of £150,000. But the police department only had to pay £120,000 due to an early payment discount of 20 percent. The fine is for a violation of the UK Data Protection Act.

Authorities say an officer brought the USB drive home in his wallet, where it was then stolen during a burglary, according to an ICO statement.

Since September 2010, the police had required the use of encrypted USB drives, but the requirement was not effectively enforced, according to the ICO.

The department has taken further steps to implement endpoint security preventing the download of information to unauthorized USB devices, the ICO explains.

Breach Affects Univ. of Ga. Employees

At least 8,500 current and former University of Georgia employees have been affected by a breach that revealed personnel records, the university announced.

The breach may have occurred as early as Sept. 28. An investigation determined that passwords for two employees in "sensitive" information technology positions were reset by an unknown intruder. The perpetrator then used those accounts to access data that revealed personnel records.

"This appears to us to be a planned intrusion by someone who knew enough about our operations to know which accounts to attack and where the sensitive information was located within the system," says Timothy Chester, the university's vice president for information technology.

Compromised information includes names, Social Security numbers and other personal information. Affected employees are being notified and offered free credit monitoring.

Paper Shredding Error Sparks Breach

Litton & Giddings Radiological Associates in Springfield, Mo. is notifying 13,000 patients about a security breach. A janitorial services company employed by the organization's third-party billing vendor failed to shred paper records before sending them to a Springfield recycling center.

On July 31 and again Aug. 2, a janitor working for the billing company removed documents from a locked shred bin and placed them into a different secured container with other recyclable materials, according to a statement from Litton & Giddings. The secured container was then transported to a recycling center where the items were sorted for recycling and destroyed.

"The recycling process is largely mechanized, but workers in the recycling facility do, at times, manually sort the materials," the statement said.

Although the billing company couldn't identify which patient documents were sent to the facility, it suspects they included names, addresses, dates of birth, diagnosis codes and/or Social Security numbers for patients who had billing activity between July 23 and August 2.

Litton & Giddings says it will provide free credit monitoring to those affected upon request.

U.S. Army Supplied Breached

The Army Materiel Command, the primary provider of all supplies for the U.S. Army, is notifying 400 of its employees of a breach of their personally identifiable information, according to a Huntsville, Tenn.-based TV station's news report.

An AMC employee took paper documents to his residence in the Huntsville area, according to the news report. The documents were then retrieved and secured. The incident was reported to the AMC Privacy Office, the Army Privacy Act Office and the Army Criminal Investigation Division.

Affected individuals will receive free credit monitoring services.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.