9 data breaches that cost someone their job

'Tis the season for data breaches and with such always results in job loss.

00 job loss
Credit: Thinkstock
Tis’ the season for data breaches

Following last year’s big announcement of not just Target’s data breach but executive job loss, we lay out 9 data breaches resulting in job loss. Comparing Target alongside other breaches that have fallen under the radar.

01 beth jacob target
Credit: Target
Target

Following Target’s massive data breach announcement that affected 40 million customers and 46 percent profit loss, CIO Beth Jacob, who oversaw Target's web site and internal computer systems since 2008 resigned in March this year. Shortly thereafter, the board decided it was time for new leadership and CEO Gregg Steinhafel resigned in early May.

02 miguel corzo mcccd
Maricopa County Community College District

In late 2013, the Maricopa county community college district notified 2.5 million current and former students, employees and vendors that hackers penetrated the computer defense infrastructure, compromising names, birthdates, drivers; license numbers, Social Security numbers and banking information. Officials with the Maricopa County Community College District (MCCCD) voted to fire Miguel Corzo the director of the district's information-technology department in July 2014.

03 comptroller susan combs
The Texas State Comptroller's office

The Texas State Comptroller’s office fired an undisclosed number of information security executives, following a data leak that exposed Social Security numbers, driver's license numbers, and names and addresses of more than 3.2 million Texans. The data, which should have been transferred in an encrypted manner by the agencies under Texas administrative rules, was in fact transferred in an unencrypted manner. The mistake was discovered more than 10 months after the files were put on the server. Pictured is since fired Comptroller Susan Combs.

04 stephen fletcher utah
Credit: NTIA
The Utah state Department of Technology Service

Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records in April 2012. The attackers compromised the server on a Friday and began downloading information that Sunday night. The breach was discovered the following day, and the server was taken offline. The governor of Utah, Gary Herbert apologized to residents and fired the head of the state’s Department of Technology Services (DTS) Stephen Fletcher.

05 accretive health
Accretive Health

In May 2012, an unencrypted laptop containing Social Security numbers and other personal data was stolen from a parked rental car of an Accretive Health employee. The laptop was not encrypted due to an oversight from an employee in IT. In addition to sensitive information on 23,000 patients, the unencrypted laptop also included the names, but no personal health information, of about 242,000 Fairview Health System patients. The employee that did not encrypt the device was later fired.

02 flash drive
Credit: Shutterstock
Goold Health Systems

In January last year, Maine-based Goold Health systems fired an employee who downloaded medical data onto a USB stick and lost the device in route between Salt Lake City, Denver and Washington, D.C. The employee had difficulty downloading a patient report and decided to use the USB drive, against company policy. The unencrypted, lost data included Medicaid recipients’ names, ID numbers, age and recent prescription use. Goold’s CEO reported the employee likely didn’t realize she had violated policy when she downloaded data onto the jump drive and that the data could be used maliciously.

07 highmark insurance headquarters 01
Credit: Piotrus
Highmark, Inc.

Highmark notified 3,700 of its Medicare Advantage members that their personal medical information may have been disclosed without authorization. A mailroom employee error led to an unknown number of members receiving the results of risks assessments belonging to other patients. Information included names, addresses, birth dates, medical information and identification numbers. Mailings went out in April 2014 and in June 2014, Highmark reported that it changed the member ID numbers of all 3,675 members who might have been affected. The mailroom employee who was responsible for the error was fired.

08 georgia hospital
Credit: PPMH
Georgia Hospital

Georgia Hospital announced that 6,777 patients’ personal information may have been exposed when an unencrypted desktop was mistakenly discarded. The computer contained the names, addresses, birthdates, dates of service, physicians’ names, and possibly the medical diagnoses of 6,777 people who were treated at PPMH between May 2010 and October 2013. A hospital employee rearranging her office boxed up her computer and left it outside her office. The box was then thrown away by a custodial worker who believed it was trash. Both the custodial worker and hospital staffer were fired following the incident.

medical records
Credit: Shutterstock
MDF Transcription

The 496-bed Boston Medical Center in Massachusetts fired third-party vendor MDF Transcription after hospital officials discovered the company posted health records and demographic data of 15,000 patients to the vendor’s website with no password protection.

Jeff Williams is CTO of Contrast Security and also a founder and major contributor to OWASP. Williams served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects.