230,000 suffer 'Call of Duty' collateral damage

Updated: Medical center claims gamers hijacked server to play 'Call of Duty: Black Ops'

Call of Duty: Black Ops

A New Hampshire radiology center is blaming bandwidth-hungry Scandinavian gamers for a data breach that left exposed the personal information, including social security numbers, of some 230,000 individuals.

The incident/gaming session reportedly lasted four-and-a-half hours and occurred Nov. 12, three days after the game was released. (See update below.)

(2011's 25 Geekiest 25th Anniversaries)

The New Hampshire Union-Leader, quoting a spokeswoman for a security firm hired by Seacoast Radiology, says the breach was initiated to give gamers access to a server to play "Call of Duty: Black Ops."

"Based on the investigation, there's no belief that any personal information was compromised in any way," the spokeswoman told the newspaer. "They were not hacking in to get any medical billing codes or any personal information or anything like that."

Nevertheless, according to the FAQ page on a Web site offering victims information, the radiology center will be taking steps to tighten security.

"Seacoast Radiology understands the impact of the accidental data exposure of its patients. They are actively reviewing their privacy and data security programs and implementing changes that will further enhance the protection of privacy and the handling of sensitive information."

The server reportedly contained names, addresses, social security numbers, dates of birth, medical procedure codes, diagnosis codes and billing information, but no credit-card information.

A legally mandated press release issued in behalf of the medical center can be read here.

The incident is not the only criminal act to be inspired by the most recent "Call of Duty" release. On Nov. 6, a few days before the game's scheduled release, gunmen robbed a Baltimore area video game store and made off with more than 100 copies of the title.

(Update: I wanted to get a sense of how common it is for gamers to do this kind of thing, so I asked Stephen Heaslip of the gaming site Blue's News: "I think such situations are probably fairly common, though perhaps not on such prominent servers," he tells me. "Games running on corporate servers are not always due to breaches, though, as system administrators can be fairly autonomous, and there are a number of games running on corporate networks operated by IT departments without the approval of higher-ups. In the case of Call of Duty: Black Ops, the dedicated server files for the game are not publicly available, so this was illicit on two levels." You can read the rest of our e-mail exchange in this new post.)

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up. Follow me on Twitter here.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.