Phishing Incident Leads Breach RoundupFed. Employee Phished; Cruise Passenger Info E-mailed
In this week's breach roundup, a federal employee fell for a phishing attack, and a cruise line accidentally e-mailed sensitive passenger information to other passengers.
Phishing E-mail Affects Commission Employees
The U.S. Commodity Futures Trading Commission suffered a data breach stemming from a phishing e-mail. After receiving the e-mail, a commission employee provided information to a fraudulent website, which then allowed a cyberattacker to access an e-mail account that contained personnel information, Bloomberg reports.
See Also: The Global State of Online Digital Trust
The commission reported to Bloomberg that the account contained personnel e-mails, Social Security numbers and "possibly other sensitive personally identifiable information of certain individuals."
Affected employees will receive free identity protection; the total number affected was not revealed.
Cruise Line Breach Exposes Passenger Info
The Cunard Cruise Line this week mistakenly sent personal information for more than 1,200 passengers to an undisclosed number of individuals registered in the company's information system. MSN's Cruise Critic, a website devoted to cruise-related issues, learned of the breach when a message board participant said he received an e-mail with a spreadsheet containing the contact information on Cunard passengers. The spreadsheet contained booking reference numbers, names and e-mail addresses, according to MSN.
Cunard confirmed the incident to MSN, saying, "An e-mail was sent in error to some guests containing details relating to other guests' bookings." No passport information was sent out, according to a spokeswoman.
Stolen Laptop Affects Job Searchers
Towards Employment, a job recruitment firm, had an unencrypted laptop stolen from its offices on May 11, affecting current and former program participants. According to a message posted on the company's website, those who provided personal information after May 11 were not affected. The laptop contained a database that included names, addresses and Social Security numbers. No financial information was on the laptop, the company says.
The company is providing free credit monitoring and identity theft services to those affected; the number of individuals affected was not revealed.
Dental Insurer Loses Records in Transit
Delta Dental of Illinois, a dental health benefits provider for a wide range of employers, is notifying 224 enrollees of a data breach resulting from a missing shipment of paper claims documents.
The company was notified by a national third-party delivery service that a box containing paper claims and X-rays was lost. According to a press release, "some personal information and/or health information may have been included in the box ... depending on what the enrollee's dentist provided on the claim."
The company is providing one year of identity theft monitoring to affected individuals.