Education Breach Leads Roundup47,000 Participants in Teacher Prep Program Affected
In this week's breach roundup, the Florida Department of Education is reporting that 47,000 participants in a teacher preparation program were affected by a breach. Also, a Canadian medical lab is notifying about 16,000 patients that their information may have been compromised after an unencrypted hard drive went missing.
See Also: The Global State of Online Digital Trust
Fla. Dept. of Education Reports Breach
The Florida Department of Education reports that 47,000 participants in a teacher preparation program had personal information exposed on the Internet for 14 days during a data transfer between servers housed at Florida State University.
Compromised information includes names, Social Security numbers, and, in some cases, addresses, according to a spokesperson for the Department of Education.
The university is performing work under contract with the education department, according to a statement the Department of Education provided to DataBreachToday.
Upon discovering the problem, the education department closed off access to the personal information, cleared all cached data files and ran security checks to ensure information was only accessible by authorized users, according to the statement.
An investigation determined that the information may have been accessed 23 times via Google; that may have included unauthorized access, the statement acknowledges.
Affected Individuals are being offered free credit monitoring services, the spokesperson said.
Canadian Lab Reports Missing Hard Drive
LifeLabs Medical Laboratory Services is notifying 16,000 patients in Kamloops, British Columbia, that their health-related information was on an unencrypted hard drive that's missing.
The hard drive dedicated to printing electrocardiogram reports at a LifeLabs center in Kamloops was discovered to be missing in January, according to a statement. After investigating the incident, LifeLabs was unable to determine the whereabouts of the drive, exactly when it was removed or by whom, the statement says.
Information stored on the hard drive includes patient names, addresses, birth dates, personal health numbers, results of ECG tests and the referring physician's name and address.
As a result of the incident, LifeLabs is taking steps to make sure that all ECG reports and the ECG drives are encrypted, the statement says. A call center has been established for affected patients, and an FAQ has been posted to the organization's website.
Missing Backup Tape Affects Patients, Employees
The Iowa Department of Human Services is notifying former patients of the Mental Health Institute in Independence, as well as employees at that location and others, that their personal information may have been compromised as a result of a missing backup computer tape.
The tape was discovered to be missing from the Independence facility on April 30 and still hasn't been located, according to the Waterloo-Cedar Falls Courier, a local news publication.
The tape includes Social Security numbers and addresses for 700 state employees of several facilities managed by the human services department, the news report said. Social Security numbers, along with other personal information, for 7,300 patients were also contained on the backup tape.
Affected individuals are being offered one year of free credit monitoring services.
Toyota's Japanese Site Breached
Toyota Motor Corp. is reporting that its Japanese-language corporate website was breached in June, according to the Wall Street Journal.
The breach didn't affect customer information, Toyota said, because data isn't stored on the site. Hackers were able to adjust the settings on one of Toyota's servers, redirecting visitors to a different website that allegedly automatically installed an unspecified program onto the visitors' computer, the news report said.
The automaker is recommending that its site visitors install anti-virus software if they visited the site from June 5 to 14.