Security Breaches in 2008

Disclosure Date	Organization	Breach Type	Description
March 22, 2008	Agilent	Stolen laptop	Laptop containing sensitive and unencrypted personal data on 51,000 current and former employees of Agilent Technologies was stolen from the car of an Agilent vendor March 1 in San Francisco	51,000
March 20, 2008	State Government, U.S., State Department	Unauthorized access	The State Department admitted Friday that the passport files of Obama, Sen. Hillary Clinton and Sen. John McCain had been accessed without authorization by contractor’s employees.	Passport records of Sen. Barak Obama, Sen. Hillary Clinton, Sen. John McCain
March 17, 2008	Hannaford Brothers	Data Intrusion	Hannaford has contained a data intrusion into its computer network that resulted in the theft of customer credit and debit card numbers. No personal information, such as names or addresses, was accessed. Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.	4.2 million
February 28, 2008	Wolters Kluwer	Website Intrusion	Personal information collected from consumers through the website may have been compromised through an unauthorized intrusion into the server that stores information from individuals who purchased products at their website
February 11, 2008	Nestle Waters North America Inc.	Break-in	NWNA utilizes a third-party vendor, Systematic Automation Inc. ("SAI"), to create and distribute its employee benefits statements. On February 11,2008, SA! experienced a break-in at their Fullerton, California facility. Acccording to a police report filed by the Fullerton Police Department, the burglars used a ball bearing to shatter an exterior window of the SA! facility. The thieves proceeded to steal a desktop computer. NWNA has learned that the stolen computer contained its 2006 Employee Benefits Statement, which contained sensitive personal information, including names, dates of birth and social security numbers, for approximately 8,245 individuals who were employed by NWNA in 2006. The personal data in the Benefits Statement was not encrypted.	8,245
February 7, 2008	SalesForce.com	Storage Device Theft	We recently became aware of a theft (sic “from a vehicle”) of an unencrypted external storage device that may have resulted in the compromise of personal information of some current and former salesforce.com employees. The potentially compromised personal information includes your name, Social Security number, and date of birth.
January 17, 2008	NSK Americas	Exposed data	Computer folder containing employee data on our internal corporate server was not properly secured. The affected folder included the names, Social Security numbers and salaries of approximately 2,000 current fanner and retired employees. The affected folder was on an internal NSK server which was not accessible by non- NSK employees	2,000

Disclosure Date

Organization

Breach Type

Description

March 22, 2008

Agilent

Stolen laptop

Laptop containing sensitive and unencrypted personal data on 51,000 current and former employees of Agilent Technologies was stolen from the car of an Agilent vendor March 1 in San Francisco

51,000

March 20, 2008

State Government, U.S., State Department

Unauthorized access

The State Department admitted Friday that the passport files of Obama, Sen. Hillary Clinton and Sen. John McCain had been accessed without authorization by contractor’s employees.

Passport records of Sen. Barak Obama, Sen. Hillary Clinton, Sen. John McCain

March 17, 2008

Hannaford Brothers

Data Intrusion

Hannaford has contained a data intrusion into its computer network that resulted in the theft of customer credit and debit card numbers. No personal information, such as names or addresses, was accessed. Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.

4.2 million

February 28, 2008

Wolters Kluwer

Website Intrusion

Personal information collected from consumers through the website may have been compromised through an unauthorized intrusion into the server that stores information from individuals who purchased products at their website

February 11, 2008

Nestle Waters North America Inc.

Break-in

NWNA utilizes a third-party vendor, Systematic Automation Inc. ("SAI"), to create and distribute its employee benefits statements. On February 11,2008, SA! experienced a break-in at their Fullerton, California facility. Acccording to a police report filed by the Fullerton Police Department, the burglars used a ball bearing to shatter an exterior window of the SA! facility. The thieves proceeded to steal a desktop computer. NWNA has learned that the stolen computer contained its 2006 Employee Benefits Statement, which contained sensitive personal information, including names, dates of birth and social security numbers, for approximately 8,245 individuals who were employed by NWNA in 2006. The personal data in the Benefits Statement was not encrypted.

8,245

February 7, 2008

SalesForce.com

Storage Device Theft

We recently became aware of a theft (sic “from a vehicle”) of an unencrypted external storage device that may have
resulted in the compromise of personal information of some current and former salesforce.com employees. The potentially compromised personal information includes your name, Social Security number, and date of birth.

January 17, 2008

NSK Americas

Exposed data

Computer folder containing employee data on our internal corporate server was not properly secured. The affected folder included the names, Social Security numbers and salaries of approximately 2,000 current fanner and retired employees. The affected folder was on an internal NSK server which was not accessible by non- NSK employees

2,000