Different types of data breach yield different examples. Here are a few notable ones from the recent past:
In Port Clinton, Ohio, letters were mailed between May 25 and July 5 and contained protected health information of individuals from 1,622 households. The problem was identified July 1 when a resident notified county workers aft er receiving a letter not intended for the resident. The technical error was corrected by the Governor’s Office of Information Technology July 5.
Lost or stolen non-electronic or physical records:
In Wexford County, Mich., assessors had the files with them while they were going door-to-door taking measurements, according to the Wexford County Equalization Department. Someone took a crate full of more than 35 assessment record files that contained sketches and property values, but 15 of those documents had principal exemption affidavits in them that contained Social Security numbers.
In Louisville, Ky., the personally identifiable information of potentially more than 10,000 Louisville metro workers who have Concentra health insurance may have been impacted by the Medical Informatics Engineering breach on June 10. An investigation of the breach indicated that it was the result of a “sophisticated cyber attack.”
Malicious insider attacks:
In Kansas City, Mo., an IRS employee was accused of booking a vacation and a shopping spree while on the clock with stolen credit card information. Weisha Jackson was charged with stealing credit card information from another employee while working at the Kansas City Internal Revenue Service campus. According to court documents, Jackson used the stolen credit card and IRS IP address to book more than $1,600 in Expedia flights in her name and pay her utility and T-Mobile bills.
Lost or stolen electronic portable information storage devices:
In Lancaster County, S.C., Emergency Medical Services discovered a safe used to store unencrypted flash drives securely had gone missing. County officials stated they have no reason to believe that the information has been used inappropriately, but there is a risk that the safe has been opened and the contents — two flash drives and two computer hard drives — may have been accessed. Up to 100,000 individuals’ personal identifiable information may have been compromised.