[Dataloss] American Red Cross: somewhere between 8, 000 and a million blood donors. Notice provided via a press release and a web page
Chris Walsh
cwalsh at cwalsh.org
Wed May 24 21:24:27 EDT 2006
I wrote about it at http://www.emergentchaos.com/archives/2006/05/
american_red_cross_unknow.html
The summary is that a corrupt employee stole 8K lines of donor info
-- name, addr, ssn
The SSN was unnecessarily provided to the employee. This practice
will be changed.
Notice was sent to the 8K. Problem is, the Red Cross has since
realized/been told that the number of people whose info may have been
obtained is actually one million. They don't know for sure who was
exposed, so they are sending letters to nobody, and using a web page
and press release instead, as permitted by the "substitute notice"
provision in the relevant law(s).
More information about the Dataloss
mailing list