Data leaks in October: From foreign affairs to the IT department

There were over a half million instances of data loss during October, with much of the data leaking from traditional pillars of reliability such as governments, transit authorities, and banks. Here is a summary of the most interesting cases:

US State Department database used for identity theft

The US State Department tops the list this month, with a case that far more interesting than the usual loss of unencrypted data on hardware. In this example of malicious insider action, a State Department employee entered a database to get more detailed information on individuals who had already had their credit card details stolen by an accomplice. The two could face up to 15 years in prison.

The rules for protecting data apply to everyone

An internal system scan uncovered the theft of private and financial data from the 750 employees of the Hillsborough Area Regional Transit Authority (US). The insider leak was traced to an information systems employee who was subsequently fired. No word yet on criminal charges.

Driving under a false name

A temporary employee at the Port Mann bridge in Canada did some long-term damage. Hired under a false name, the pseudo-employee stole financial data on 270 people who had bought a pass to drive over the Port Mann bridge near Vancouver.

After the loss, time to inform the victims

The American/Canadian TD Bank is in hot water for informing clients that it lost an unencrypted tape with their personal and financial information just six long months after the loss was discovered. Over 260,000 customers could have been damaged by the leak.