[ISN] Blood bank fears laptop heist ID theft

InfoSec News isn at c4i.org
Wed Dec 22 02:35:08 EST 2004


By Paul Festa 
Staff Writer, CNET News.com
December 21, 2004

More than 100,000 people who donated to a California blood bank may
have parted with more than plasma.

Delta Blood Bank sent a letter Friday to donors, warning them a
computer that held their personal information had been stolen and
advising them to take steps against identity theft and credit card

"On Dec. 10, 2004, a thief or thieves stole one of two computers
available for donor registration at a mobile blood drive being
conducted that day," Delta CEO Benjamin Spindler wrote in the letter.  
"This computer contained confidential information about you, including
your name, address, date of birth and your Social Security number. We
deeply regret that this has happened."

Identity theft has emerged one of the thorniest problems of the
Internet age, and the threat has turned some missing laptops into
potentially catastrophic security breaches. Wells Fargo in October had
to warn customers when for the third time in a year computers with
sensitive information went missing.

Since July of last year, California has required organizations to
notify residents of the state "in the most expedient time possible and
without unreasonable delay" if security breaches have exposed
residents' personal information. The law applies to breaches of
someone's name, plus a Social Security number, driver's license or
California ID card number, a financial account number, or a credit or
debit card number with a PIN or access code.

Delta's lost laptop, a new Compaq, was stolen outside the St. Paul's
Lutheran Church in Tracy, Calif., following a mobile blood bank
collection there.

 Delta's director of human resources, John O'Neill, said two layers of
security could still protect the personal information despite the
computer's theft. The first is Microsoft's standard Windows password
required to launch the operating system, and the second is the series
of steps required to launch what O'Neill described as an "esoteric,
unique" database, created by a software provider he declined to name.

"Could a hacker get in there, or someone familiar with those
applications?" O'Neill asked rhetorically. "Potentially they could.  
That's why we sent the letter."

In addition to the letter, which urged donors to register fraud alerts
with credit reporting agencies and check their credit ratings
quarterly, Delta pledged new security procedures. The blood bank will
no longer require Social Security numbers from its donors, and has
revised procedures for handling computer hardware and other sensitive

More information about the ISN mailing list