Credit Union Breach Leads Roundup116,000 Notified of Malware Attack
In this week's breach roundup, a credit union in New Hampshire is notifying about 116,000 individuals that their information may have been compromised following a malware attack. Also, Apple confirms that its developer website was breached.
Credit Union Reports Breach
St. Mary's Bank, a state-chartered credit union in New Hampshire, is notifying about 116,000 individuals that their information may have been compromised following a malware attack on its computers.
The credit union discovered malware on May 26, according to a notification letter an attorney for the credit union sent to the New Hampshire Attorney General. A computer security consulting firm's investigation determined that the malware was designed to capture information as it appeared on individual computer screens, the letter states.
The credit union has found no evidence that sensitive information, such as names, addresses, Social Security numbers, account information or transaction records, has been acquired by unauthorized individuals. Nevertheless, it's offering affected individuals one year of free credit monitoring and identity theft protection services. St. Mary's has also established a call center for those with questions about the incident.
Apple Development Website Breached
Apple Inc. confirms that its development website was breached and personal information may have been accessed.
In a message that appeared on the developer.apple.com website when it was recently down for several days, Apple said: "An intruder attempted to secure personal information of our registered developers from our developer website."
The company said sensitive personal information on the site was encrypted. "However, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or e-mail addresses may have been accessed."
As a result of the incident, Apple is overhauling its developer systems, updating server software and rebuilding its entire database. It's unclear how many individuals were affected. Apple executives did not reply to a request for comment.
An independent security researcher, Ibrahim Balic, is claiming responsibility for the incident. On his Twitter account, Balic said the breach was not nefarious, stating, "I do security research."
Students' SSNs Printed on Outside of Mailings
Social Security numbers were accidentally printed on the address labels of health insurance brochures sent to 18,700 University of Virginia students.
Aetna Health Care, which offers student health insurance at the university, sent the open-enrollment brochures to students through a third-party mail provider, according to an e-mail that was sent to affected students.
"Students and parents deserve a full explanation of how this happened," the e-mail said. "When the University provided student information to Aetna for this mailing, we inadvertently used an out-of-date computer program that automatically included Social Security numbers along with names and mailing addresses."
Impacted individuals are being provided with free credit monitoring services, the e-mail said. A toll-free call center for students and parents with questions has also been established.
Hospital Reports Employee Breach
Long Beach Memorial Medical Center in California is notifying 2,800 patients who may have been affected by a privacy breach.
An employee working at the facility inappropriately accessed information on the patients between September 2012 and June 2013, according to an announcement from the hospital.
Potentially compromised information includes name, date of birth, home address, phone number, account number and reason for admission, the announcement said.
Impacted patients are being offered one year of free credit monitoring services.
As a result of the incident, the medical center is reviewing its computer security procedures.