IT Management Slideshow:
Top 10 Security Breaches in 2008

• Like pouring salt in a wound, Central Collection Bureau had to not only ask for money from 700,000 people late with their bills, but also let them know that it had exposed their records when it suffered the theft of eight computers in March. This was the largest data breach ever reported in Indiana.
• Yes, tapes do ‘fall off’ the backs of trucks—sometimes whole boxes of ‘em. More than 12.5 million customers were exposed by Bank of New York Mellon Shareholder Services when a box of backup tapes were lost In February on the way to storage with Archive Systems Inc. Apparently they were unable to track the loss down because the lock on the transport truck was broken and the truck made many stops along the way.
• In August the FBI reported that it arrested a Countrywide employee who stole as many as 2 million customer records to sell on the black market. He stole them in increments of 20,000, downloading them on weekend nights from an unprotected computer he ferreted out at his office.
• The world of information security and the presidential campaign collided in full force when a hacker broke into Alaska Governor and VP candidate Sarah Palin’s personal e-mail account in September and posted it online. The alleged suspect was 20-year-old David Kernell, the son of Democratic Tennessee state rep Mike Kernell.
• The breach that wasn’t? In August, Scotland’s Sunday Herald claimed that as many as 8 million records were compromised by the Russian mafia in what it called "the greatest cyber-heist in world history.” But Best Western responded swiftly, saying that the Sunday Herald claim was largely unsubstantiated, reporting that only 10 customers were affected. The Sunday Herald stood by its story, citing elusive screenshots that it claimed to have showing the database with 8 million records—it never released them, though.
• Alaska Airlines announced in August that a call center employee had stolen 1,500 credit card records specifically to perpetrate fraud. When data breaches are reported, they’re often categorized by number of records ‘exposed’ regardless of whether ID theft is attempted. This case is remarkable because even though it was less than a couple thousand records, their owners were all bound for victimization.
• As many as 3.4 million licensees were exposed as a result of the Colorado DMV’s lack of account provisioning and retirement protocol, the agency reported in July. Nearly three dozen former employees had access to sensitive citizen information up to a year after their departure.
• Approximately 2.2 million patients were as exposed as a bare tushie under a hospital gown when a courier decided to take a pit stop at home in June before delivering a data tape to the hospital’s vendor, Perpetual Storage, only to find the tape stolen from his vehicle.
• Though no confidential information was reported as stolen or lost, the U.S. Army did say in November that it was banning the use of USB devices to fight an outbreak of the worm “W32.SillyFDC,” a piece of malware known for stealing confidential information. The announcement refreshed the age-old debate surrounding the security of easy-to-use storage devices.
• In November, Jefferson County (WV) officials embarrassed themselves when the released a new online search tool that gave new meaning to “open records.” The tool exposed Social Security Numbers and other personal information belonging to approximately 1.6 million citizens.