TD Bank Incident Leads Breach RoundupAccount Statements Went to Wrong Recipients
In this week's breach roundup, TD Bank is notifying 17,000 New Hampshire residents about the disclosure of their bank account statements. Also, University Hospitals of Cleveland is notifying 7,000 patients that an unencrypted hard drive was stolen from a vendor.
See Also: The Global State of Online Digital Trust
TD Bank Customer Statements Exposed
TD Bank is notifying 17,000 New Hampshire residents following a printing issue that compromised their September bank account statements.
The bank learned that one of its vendors "experienced a printing issue, resulting in the inadvertent disclosure of our customers' September bank account statements to incorrect recipients," according to a letter sent to New Hampshire's Office of the Attorney General.
Personal information on the statements may have included name, address and account number.
"This was an isolated incident and, at this time, we have no reason to believe the information is being used for an inappropriate purpose," the letter said.
As a result of the incident, however, the bank is offering to transfer the funds in affected accounts to a new account free of charge, and it's also offering two years of free credit monitoring to customers who qualify for that service.
Stolen Hard Drive Impacts Patients
University Hospitals of Cleveland is notifying more than 7,000 patients after a hard drive containing physician office data was stolen from a vendor working with the health system to upgrade its computer systems.
The hard drive, which had encryption software that was not used, was stolen from the car of one of the vendor's employees, according to a University Hospitals spokesperson.
Compromised information includes name, home address, date of birth, medical record number, insurance provider information and health information about specific patient treatment, the provider organization says. A limited number of Social Security numbers were also exposed.
The organization has not received any reports that any personal and medical information has been accessed or misused, the spokesperson says.
Free credit monitoring services are being offered to those who had their Social Security numbers exposed.
Incidents involving the loss or theft of unencrypted computing devices account for a majority of major health data breaches (see: Breach Tally: Encryption Still an Issue).
Finnish Foreign Service Reports Breach
The Foreign Service of Finland has been the target of a data breach, Finland's Ministry for Foreign Affairs has confirmed.
The breach involved an Internet-based network, where open information and data of the "lowest classification level" are handled, according to a statement.
The leak does not apply to data with a higher security classification, such as confidential or secret, the statement says.
It's unclear how many records were compromised as a result of the breach. The incident is being investigated by the Finnish Security Intelligence Service.
"At this stage it is impossible to verify whether government or private bodies are behind the violations," the statement says.