Bank Incident Leads Breach RoundupHSBC Employee Stole Customer Info; Hackers Target Pizza Hut
In this week's breach roundup, HSBC, a British multi-national bank, has notified an undisclosed number of customers about an employee stealing customer's financial information upon resigning. Also, Pizza Hut Australia confirmed that its website was the victim of a hacker attack that exposed information about customers.
See Also: The Global State of Online Digital Trust
HSBC Notifies Customers of Insider Breach
HSBC, a British multi-national bank, has notified an undisclosed number of U.S. customers about an incident involving an employee who resigned and stole sensitive account information.
Compromised information includes names, phone numbers, account numbers and account types, according to a sample customer notification letter provided to California's Office of the Attorney General.
"HSBC takes this very seriously and we believe your personal information may have been exposed to a third party," the letter said.
Affected customers are being urged to place a fraud alert on their credit files.
Hackers Target Australian Pizza Hut Site
General Manager Graeme Houston said in a statement that the breach exposed customer names and contact information, including e-mail addresses. He assured customers that no credit card information was stolen. But the hackers, who also defaced the website's homepage and posted a message, claimed that they were able to obtain 240,000 Australian credit cards.
Pizza Hut didn't say how many customers were affected, but the hackers said they were able to obtain credentials on 60,000 customers.
The incident has been reported to the Office of the Australian Information Commissioner.
Nursing Home Resident Info Stolen
The Illinois Department of Healthcare and Family Services is notifying 508 nursing home residents that their personal information was exposed after a briefcase was stolen from the home of a contractor, according to local news reports.
Although it's unclear whether the briefcase contained paper or electronic documents, information exposed included names, Social Security numbers, Medicaid recipient numbers and birthdates. The contractor was assessing nursing facility residents, reports said.
State health department representatives are meeting with affected individuals to explain the incident and recommend that they register for fraud alerts.
Kaiser Permanente Reveals E-Mail Error
The multi-state healthcare organization Kaiser Permanente is notifying an undisclosed number of former employees of a breach that exposed Social Security numbers. An employee in the organization's Northern California region recruitment department mistakenly e-mailed to a person not authorized to receive the information a list of former Northern California employees who left the organization between 1990 and 2006.
The incident occurred on Aug. 24, according to the notification letter. The list contained names and Social Security numbers, among other information, the letter states.
The unintended recipient has been cooperative, according to Kaiser Permanente, An analysis was conducted by the organization's IT security department to confirm that the recipient deleted the information and that the information had not been further e-mailed or printed.
"As a result of our investigation, we believe it is highly unlikely that your information has been, or will be used for unlawful purposes," the letter said.