Category Archives: Breaches

Breach Notifications

Oregon Department of Veteras’ Affairs (ODVA) breach of 967

The Oregon Department of Veteras' Affairs (ODVA) has announced that copies of approximately 967 Certificatse of Release aka Discharge from Active Duty (DD-214) may have been in the possession of an unauthorized person.  Personally identifiable information contained on the DD-214 includes social security numbers, dates of bith, address, and full name.

ODVA Director Cameron Smith stated, “Beyond the more immediate investigation and response for our veterans that are impacted, I have also asked our leadership team for a broader review of our policies and internal controls around veterans’ confidentiality and privacy. The trust our veterans have in our ability to keep their personal information private goes to the core of our work.”  Smith has also state that veterans who may have been affected have been notified and will be offered free credit monitoring services for a year.

Israel missile defense director dismissed for data breach

The Israeli missle defense program is called Homa and its director Yair Ramati has been dismissed.  Yair Ramati was overseeing the development of The Iron Dome, David's Sling, and the Arrow missile interception projects.  Yair Ramati enjoyed a 90 percent success rate with Iron Dom'es short-range interception of rocket attacks from the Gaza Strip.

Yair Ramati was dismissed after it was discovered he violated policy after he kept classified materials on his personal computer.  Several Israel Defense Forces (IDF) leaders have been dismissed for information security breaches.  Colonel Ilan Levy temporarily lost sensitive documents when his car was stolen and Lieutenant Colonel Elad Marom provided classified information to an unauthorized individual.

Israel has received several hundred millions of dollars from the United States to fund three different missle defense systems which include private contractors such as The Boeing Company, Raytheon, and Elbit Systems.

South African Parliament Leak

On November 6, 2015, the South African parliament decided to continue to allow an ongoing investigation into the details of breaches of security details surrounding its Parliament Protection Services (PPS).

The head of PPS, Zelda Holtzman, and her deputy, Motlatsi Mokgatla, were suspended at the end of July for possible negligence around security breaches. The breaches involved the media’s reporting of parliamentary staffs’ provisions of driving services. The drivers’ security may have involved a questionable hiring of private security personnel so the media apparently put it under an amount of
scrutiny. A sole source private agency was used and with that they were using blue lights. These details were released to media four times and PPS is at the center of the controversy. With good reason, the Parliament staff feel the details of their security being leaked on numerous occasions is reason to worry.

Daintry Duffy wrote about the “6 Things You Need to Know about Executive Protection” for CSO magazine back in April of 2005. Duffy plainly stated that not only should the protection services feel like a perk and also not have bouncer-like goons for the detail, but also “…Executives have to be able to rely on their discretion..”

IRS loses 11k+ SSNs & DOBs of Texas Katy ISD

On August 7, 2015, Texas’s Katy Intermediate School District (ISD) was informed that an Internal Revenue Service (IRS) agent misplaced a portable flash drive during a random audit.

Katy ISD Superintendent Alton Frailey explained the security breach in an email

Katy ISD Superintendent Alton Frailey explained the security breach in an email

On the flash drive are the contents of calendar year 2013 contributions made to a 403(b) plan or 457(b) plan by 11,658 current and former employees of the Katy ISD.  Included in the contribution information on that thumb drive are those 11,658 employees dates of birth, social security numbers, names, and mailing addresses.

Las Vegas Hard Rock suggests credit cards stolen by malware

Discovered on April 3 and limited to credit or debit card transactions between Sept. 3, 2014 and April 2, 2015 at the company's restaurant, bar and retail locations, including the Culinary Dropout Restaurant, the Hard Rock may have had namHard Rock Las Vegases, credit card numbers and their CVV security codes stolen by malware.  The company emphasizes the stolen data would not have included PIN numbers or other sensitive customer information.