Data Breach Notification Fatigue

***Warning: If you suffer from Data Breach Notification Fatigue, or DBNF, the contents of this blog post may not be suitable for you***

The following is a roundup of the major data breaches that occurred during August and September of 2011.



September 22nd: Alleged LulzSec hacker, Cody Kretsinger was arrested in Phoenix and is expected to face federal charges of hacking into Sony Pictures Entertainment’s system, stealing confidential information, and distributing the material on LulzSec’s website. FBI arrests LulzSec hacker suspect Cody Kretsinger over massive Sony data

September 16th: More than 50 employees of the state Assembly – including some lawmakers – were warned that their personal information might have been obtained due to a data breach. California Assembly computer system

September 16th: Intelligence and National Security Alliance (INSA), the leading trade association for intelligence contractors, suffered a data breach where membership emails, phone numbers and, in some cases, home addresses were published for the members of the alliance on a site affiliated with the hacker group Anonymous. Top Spy Association Gets

September 9th: For nearly a year, the medical records of more than 20,000 emergency room patients who were treated at Stanford Hospital in Palo Alto, California were broadcast publicly on a commercial website. Patient Data Posted Online in Major Breach of

September 6th: Private data belonging to 26 Texas law enforcement agencies, containing hundreds of social security numbers, scores of passwords, and other sensitive information, was published online by the hacking group Anonymous. Anonymous Hack of Texas Police Contains Huge Amount of Private

August 30th: An international cyber criminal network stole $13 million in one day from ATMs in six countries using a security breach in Fidelity National Information Services, which processes prepaid debit cards. Coordinated ATM Heist Nets Thieves $13M

August 29th: Nokia suspended its developer forum website after records including members email addresses, birth dates, homepage URL and usernames for AIM, ICQ, MSN, Skype and Yahoo were breached. However, no information containing sensitive data such as passwords or credit card details were breached. Nokia Hacked: Forum Suspended After Data

August 29th: Hackers working for a “nation state” used a targeted ‘job offer’ email to EMC employees to breach the security of RSA in order to steal military secrets from US arms supplier Lockheed-Martin. Hackers used ‘Job offer’ email to breach RSA’s security: F-Secure

August 24th: A solo cyber attacker hacked into, an events management company and obtained sensitive information including log-in credentials and personal information belonging to 20,000 individuals, many of whom were United States government employees or contractors. Cyber-Attacker Dumps Log-ins for 20,000 Customers, US Employees –

August 23rd: A breach to the database of a University of Wisconsin Milwaukee server occurred that contained the personal information of 75,000 individuals, all current and former employees and students. U Wisconsin Milwaukee Data Breach Hits 75,000

August 22nd: Yale University announced that the names and Social Security numbers of 43,000 people affiliated with the university in 1999 had been publicly viewable on Google for the past 10 months. Data Breach Hits Yale

August 19th: Hackers illegally accessed a Purdue University server containing the personal information of more than 7,000 former Purdue University students, including Social Security numbers and course records. Hackers Crack Purdue University

August 15th: Anonymous carried out its threat to strike BART, breaching an agency website and releasing customers’ personal information in retaliation for BART’s decision to cut cellular phone service to prevent an anti-police protest in San Francisco. BART Website Hacked, Customer Info Leaked

August 11th: Bethesda Softworks suffered a new hack attack, this time on its message board forums, just a few months after it suffered a hack attack on other websites that it operates. Bethesda Softworks’ Forums

August 6th: In a combined effort, hackers associated with LulzSec and Anonymous breached law enforcement systems nationwide and released a 10GB size cache of data containing over 300 email accounts, personal information of suspects and officers, and police training videos. AntiSec hackers release ‘largest cache yet’ of law enforcement

August 5th: Private data for more than 90,000 customers of Citigroup’s Japanese credit-cards subsidiary was stolen, including account numbers, names, addresses and dates of birth. Citigroup data theft hits 90,000 in


Categories IT Security and Data Protection, , , Regulatory Compliance, ,


SANS Endpoint Security Maturity Model

Previous Contributors

View all posts by Previous Contributors >