From: Russ Poe (rpoedestructdata.com)
Date: Fri Oct 17 2008 - 13:40:12 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I told the Attorney for the state of MA that this law (Chapter 82) is great,
but it is not going to be taken seriously until the state makes an example
of the person or parties that are responsible for the breaches. Individuals
will then get the message that this is serious matter. Like it or not people
realize that there is not a HIPPA or FACTA police force.

-----Original Message-----
From: dataloss-bouncesdatalossdb.org
[mailto:dataloss-bouncesdatalossdb.org] On Behalf Of Sasha Romanosky
Sent: Friday, October 17, 2008 12:56 PM
To: datalossdatalossdb.org
Subject: Re: [Dataloss] 10 months of data breaches from MA

This is certainly awful, but I still wonder: out of the 625,000 affected,
how many will take advantage of preventative measures, and how many will
actually become victims of some harm?

> -----Original Message-----
> From: dataloss-bouncesdatalossdb.org
> [mailto:dataloss-bouncesdatalossdb.org] On Behalf Of Henry Brown
> Sent: Thursday, October 16, 2008 6:39 AM
> To: datalossdatalossdb.org
> Subject: [Dataloss] 10 months of data breaches from MA
>
> From The Official Website of the Office of Consumer Affairs
> & Business Regulation (OCABR)
> http://www.mass.gov/?pageID=ocahomepage&L=1&L0=Home&sid=Eoca
>
> http://www.mass.gov/Eoca/docs/idtheft/notificationsrpt20080918.pdf
> [...]
>
> It has now been over 10 months since the new identity theft
> law took effect. Under that law, businesses and others who
> maintain and store the personal information of Massachusetts
> residents must notify the Office of Consumer Affairs and
> Business Regulation, and the Attorney General, whenever
> security breaches occur that involve either personal
> information or unencrypted data capable of compromising
> personal information in a manner that creates a substantial
> risk of identity theft or fraud.
>
> During that time, the Office of Consumer Affairs and business
> Regulation has received 318 notifications of such breaches.
> Of those 318 incidents,
> 274 were reported by businesses; 23 by educational
> institutions; 17 by state government; and 4 by
> not-for-profits. Of the 318 notifications, only 10 involved
> data that was encrypted when breached. There were 69 reported
> incidents of data breach in which the data was password protected.
> [...]
>
> The number of Massachusetts residents affected by these
> reported incidents was 625,365. The notifications reported
> that in 194 cases the breach was the result of
> criminal/unauthorized acts, with a high frequency of laptops
> or hard-drives being stolen. Thus, of the remainder of these
> breaches, approximately 40% of the total, are the result of
> employee error or sloppy internal handling of personal
> information or other data.
>
> [...]
>
>
> _______________________________________________
> Dataloss Mailing List (datalossdatalossdb.org)
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and
> monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
>
>

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]