June 21, 2006....the unprecedented physical theft of personal data by a U.S. intelligence operation to populate Total Information Awareness (TIA) surveillance databases continues unabated. WMR has learned that the FBI has been warned off investigating these thefts. Within the last 24 hours, there have been three additional major thefts of data.
A computer stolen from the kidney transplant center at the University of Alabama at Birmingham contained the names, social security numbers, and other sensitive data on 9800 kidney donors, recipients, and patients waiting for transplants. That incident was followed by the theft from an Equifax employee riding a train near London of a lap top containing the names and Social Security Numbers of 2,500 Equifax employees. Equifax is one of the three major credit bureaus in the United States and many of its employees have access to the personal data of millions of Americans and others. This incident was followed by word that VISA USA suffered a security leak that may have compromised personal information of millions of VISA debit card holders. Because of the leak, Wachovia Bank replaced the VISA debit cards of its customers. We've updated our June 17 chart (below) to reflect these latest thefts.
June 20, 2006 -- The spate of physical theft of personal data on computer storage devices continues at an alarming rate. WMR has previously reported that most of these thefts are not coincidental but are part of a coordinated and unprecedented effort by U.S. intelligence agencies to obtain personal data to populate Total Information Awareness surveillance databases. The latest theft was that of a flash memory drive at the University of Kentucky containing personal information on 6500 current and former University of Kentucky students. The theft occurred on May 26 but was recently made public by university officials. The chart in the June 17 article has been updated to reflect this most recent theft report.
June 19, 2006 -- No sooner had we written the article on a coordinated effort by a covert U.S. intelligence operation to steal large amounts of personal data to populate Total Information Surveillance databases, came word that yet another laptop with personal data was stolen from the home of an ING Bank employee in Washington, DC. The laptop contained personal data, including financial information and Social Security Numbers, on 13,000 current and retired DC employees who participate in the DCPlus retirement plan.
It was also reported that in Dec. 2005, two ING laptops were stolen that contained personal data on 8500 Florida hospital employees. The physical theft of personal data is now approaching a virtual epidemic and is unprecedented in the history of the computer security practice, which dates back to the early 1970s. We have updated out chart (below) to reflect these most recent data theft reports.
June 17, 2006 (UPDATED) -- What's behind all the personal data thefts? Populating the surveillance databases specified by John Poindexter's Total Information Awareness (TIA) system. WMR has learned that the thefts of personal data from corporations and government agencies, most of which were accomplished by stealing computer hard drive devices, is more than coincidental. Intelligence sources report that many of the large scale thefts are part of a well-planned covert intelligence operation to obtain data on hundreds of millions of people in order to accomplish what former Defense Advanced Research Projects Agency (DARPA) official John Poindexter was not able to bring about through his defunct (but secretly restored) Total Information Awareness (TIA) system -- the population of intelligence and surveillance databases with files on the financial, medical, employment, telecommunications, and other sensitive data of Americans and foreigners. Much of the new TIA work is being conducted under the umbrella of the National Security Agency and Department of Homeland Security Advanced Research Projects Agency.
A number of computer security experts have said the recent rash of data thefts is unprecedented in scope, method, and frequency. Some claim that the thefts appear to be coordinated and targeted at specific data types.
The physical theft of personal data is unprecedented in the history of computer security in the United States. Intelligence sources reveal massive data theft is part of a plan to populate U.S. surveillance databases.
The following is a compilation of the recent reported data thefts (not all may be related to the data gathering operation):
| Target | Date | Number of persons affected | Type of data | Method |
| ING Bank | June 2006 | 13,000 | SSNs, financial data | Physical theft |
| Denver Election Commission | June 2006 | 150,000 | Voter's records | Physical theft |
| Oregon Dept. of Revenue | June 2006 | 2,200 | Tax records | Trojan horse |
| Union Pacific Railroad | June 2006 | 30,000 | SSNs, DOBs | Physical theft |
| KDDI Telco, Japan | June 2006 | 4,000,000 | Phone numbers, DOBs | Leaked |
| Minnesota State Auditor | June 2006 | 493 state employees | SSNs, DOBs | Physical theft |
| Humana Medicare Program | June 2006 | 17,000 | SSNs, DOBs,Medical info | Poss. compromise |
| Hanford Nuclear Reservation | June 2006 | 4,000 | SSNs, DOBs | Physical theft |
| Royal Ahold (Giant, Tops, Stop & Shop supermarkets) | June 2006 | Unknown number | SSNs, DOBs | Physical theft |
| Buckeye Community Health Plan (Ohio) | June 2006 | 72,000 | SSNs, medical data | Physical theft |
| Internal Revenue Service | June 2006 | 291 IRS employees | SSNs, fingerprints, DOBs | Physical theft |
| YMCA Rhode Island | May 2006 | 65,000 | SSNs, DOBs | Physical theft |
| University of Delaware | May 2006 | 1,076 | SSNs, DOBs | Hacking |
| Sacred Heart University | May 2006 | unknown | SSNs, DOBs | Hacking |
| Mercantile Potomac Bank | May 2006 | 48,000 | SSNs, account data | Physical theft |
| Florida International University | May 2006 | thousands | SSNs, DOBs | Hacking |
| Miami University of Ohio | May 2006 | 851 | SSNs, DOBs | Loss of hardware |
| American Institute of CPAs | May 2006 | 330,000 | SSNs, DOBs | Loss of hardware |
| Texas Guaranteed Student Loan Corp. | May 2006 | 1,300,000 | SSNs, DOBs | Loss of hardware |
| University of Ohio Hudson Health Center | May 2006 | 60,000 | SSNs, medical data | Hacking |
| Humana Medicare Program | May 2006 | 250 Medicare applicants | Paper applications | Physical theft |
| Wells Fargo Bank | May 2006 | unknown | SSNs, account data | Physical theft |
| Dept. of Veterans Affairs | May 2006 | 28,700,000 | SSNs, medical information | Physical theft |
| Columbus Bank & Trust | May 2006 | 2,000 | Credit card data | Physical theft |
| University of Ohio | Apr 2006 | 137,000 | SSNs, DOBs | Hacking |
| Purdue Engineering School | Apr 2006 | 1,351 | SSNs, DOBs | Hacking |
| Department of Defense | Apr 2006 | 14,000 | SSNs, DOBs | Hacking |
| Aetna | Apr 2006 | 38,000 | SSNs, other data | Physical theft |
| Morgan Stanley, Clydesdale Bank (UK), Master Card | Apr 2006 | 2,000 | Credit card data | Hacking |
| University of Texas McCombs Business School | Apr 2006 | 197,000 | SSNs, DOBs | Hacking |
| Fraser Health Authority, Br. Columbia | Apr 2006 | thousands | SINs, DOBs | Physical theft |
| University of Alaska Fairbanks | Apr 2006 | 38,941 | SSNs, DOBs | Hacking |
| Ohio Secretary of State | Apr 2006 | 7,700,000 | voters SSNs | "Leak" on CDs |
| Iron Mountain, Inc. | Apr 2006 | 17,000 Long Island Railroad employees and retirees, Bronx VA Hospital | SSNs, other data | Physical theft |
| American Red Cross | Mar 2006 | 8,000 | SSNs, DOBs | Physical theft |
| American International Group (AIG) | Mar 2006 | 930,000 | SSNs, medical information | Physical theft |
| U.S. Marine Corps | Mar 2006 | 207,000 | SSNs, DOBs | Physical theft |
| Georgia Technology Authority | Mar 2006 | 570,000 | SSNs, DOBs | Hacking |
| Vermont State Colleges | Mar 2006 | 14,000 | SSNs, credit data | Physical theft |
| Verizon | Mar 2006 | significant number | SSNs, other data | Physical theft |
| Hewlett-Packard/Fidelity Investments | Mar 2006 | 196,000 | SSNs, other data | Physical theft |
| Ernst & Young | Mar 2006 | thousands of records on IBM employees | SSNs, DOBs | Physical theft |
| Medco Health Solutions | Mar 2006 | 4600 | SSNs, DOBs | Physical theft |
| Hotels.com | Feb 2006 | 243,000 | Credit card information | Physical theft |
| Choice Point | Feb 2006 | 150,000 | Subscriber data | Leak |
| Georgetown University | Feb 2006 | 41,000 elderly DC residents | SSNs, DOBs | Hacking |
| Metropolitan College (Denver) | Feb 2006 | 93,000 | SSNs, DOBs | Physical theft |
| Olympic Funding Chicago | Feb. 2006 | unknown | SSNs, financial data | Physical theft |
| Ernst & Young | Feb. 2006 | unknown | SSNs, financial data | Physical theft |
| Deloitte & Touche | Feb. 2006 | 9,000 McAfee employees | SSNs, financial data | Physical theft |
| PriceWaterhouseCoopers | Feb. 2006 | 4,000 | SSNs, health data | Physical theft |
| Mount St. Mary's Hospital (NY) | Feb. 2006 | unknown | SSNs, health data | Physical theft |
| US Department of Agriculture | Feb. 2006 | 350,000 | SSNs, DOBs | Leak |
| Providence Home Services | Jan. 2006 | 365,000 | SSNs, medical data | Physical theft |
| Ameriprise Financial, Inc. | Jan. 2006 | 226,000 | SSNs, financial data | Physical theft |
| People's Bank | Jan. 2006 | 90,000 | SSNs, financial data | Physical theft |
| Atlantis Resorts (Bahamas) | Jan. 2006 | 55,000 | SSNs, credit data | Physical theft |
| California National Guard | Jan. 2006 | hundreds of Guardsmen | SSNs, other data | Physical theft |
| University of Washington Medical Ctr. | Jan. 2006 | 1,600 | SSNs, medical data | Physical theft |
| Marriott | Dec. 2005 | 206,000 | SSNs, credit data | Physical theft |
| Ford Motors | Dec. 2005 | 70,000 | SSNs, DOBs | Physical theft |
| LaSalle Bank/ABN Amro Mortgage | Dec.2005 | 2,000,000 | SSNs, financial data | Lost/recovered |
| First Trust Bank | Dec.2005 | thousands | SSNs, financial data | Physical theft |
| ING Bank | Dec. 2005 | 8,500 | SSNs, financial data | Physical theft |
| TransUnion | Nov. 2005 | 3,623 | credit data | Physical theft |
| Safeway | Nov. 2005 | 1,400 | SSNs, DOBs | Physical theft |
| Keck School of Medicine (USC) | Nov. 2005 | 50,000 | SSNs, DOBs | Physical theft |
| Univ. of Tennessee Medical Center | Oct. 2005 | 3,800 | SSNs, medical data | Physical theft |
| Wilcox Memorial Hospital | Oct. 2005 | 130,000 | SSNs, DOBs | Physical theft |
| National Nuclear Safety Administration | Sep 2005 | 1,500 | SSNs, DOBs | Hacking |
| Children's Health Council (Palo Alto) | Sep. 2005 | 6,000 | SSNs, medical data | Physical theft |
| North Fork Bank | Sep. 2005 | 9,000 | SSNs, financial data | Physical theft |
| Kent State University | Sep. 2005 | 100,000 | SSNs, DOBs | Physical theft |
| J. P Morgan Chase | Aug.2005 | unknown | SSNs, financial data | Physical theft |
| Arizona Biodyne (Blue Cross/Blue Shield) | Jul 2005 | 57,000 | SSNs, medical data | Physical theft |
| City National Bank (LA) | Jul 2005 | unknown | SSNs, financial data | Physical theft |
| Federal Deposit Insurance Corp. | Jun 2005 | 6,000 | SSNs, DOBs | Physical theft |
| Motorola | Jun 2005 | unknown | financial, call data | Physical theft |
| U.S. Department of Justice/Omega Travel | Jun 2005 | 80,000 | travel, credit data | Physical theft |
| Cleveland State University | Jun 2005 | 44,000 | SSNs, DOBs | Physical theft |
| California Dept. of Health Services | May 2005 | 21,600 | SSNs, medical data | Physical theft |
| Colorado State Health Department | May 2005 | 1,600 families | SSNs, medical data | Physical theft |
| Lexis-Nexis | May 2005 | 310,000 | Phone records | Hacking |
| Bank of America, Wachovia, Commerce Bancorp, PNC Bank NA | May 2005 | 676,000 | Bank account information | Hacking |
| Valdosta State | May 2005 | 40,000 | SSNs, DOBs | Hacking |
| MCI | April 2005 | 16,500 | SSNs, employment data | Physical theft |
| Georgia Southern Univ. | April 2005 | thousands | SSNs, credit card | Hacking |
| San Jose Medical Group | April 2005 | 185,000 | SSNs, medical data | Physical theft |
| Iron Mountain, Inc. | Mar 2005 | 600,000 Time Warner employees | SSNs, financial data | Physical theft |
| University of California, Berkeley | Mar 2005 | 100,000 | SSNs, DOBs | Physical theft |
| Ameritrade | Feb. 2005 | 200,000 | SSNs, financial data | Physical theft |
| Bank of America | Feb. 2005 | 1,200,000 Federal employees | SSNs, credit data | Physical theft |
Amid all the above personal data thefts, WMR has learned from a U.S. intelligence source that these data thefts pale in comparison to the largest, and as yet, largely unreported, personal data theft in history. Some 30 million Americans were affected and they included customers of Citigroup, Bank of America, and SunTrust. The thefts were conducted between March and April of this year.
No comments:
Post a Comment