Information on this security breach is provided by the Office of the Indiana Attorney General
Hackers accessed at least one Yale database and obtained the details of 1,200 students and staff. Hackers may have obtained names, Social Security numbers, addresses, and phone numbers. Additionally, usernames, passwords, and email addresses were published as proof of the hack.
A computer file containing the names and Social Security numbers of former faculty, staff and students was accidentally made accessible online. The file contained information from 1999 and could be located through a Google search for 10 months. A change in Google's search engine made the file accessible from September 2010 to July 1, 2011. A person who performed a Google search on his name discovered the breach on June 30.
An unsecured laptop computer containing sensitive protected health information (PHI) involving the Ryan White Part A program, involving approximately 1,000 individuals, was stolen from an office building on Yale’s premises. The types of PHI contained on the laptop consisted of names, dates of birth, diagnoses/conditions, medications, lab results, and other treatment information. The covered entity (CE) provided breach notification to HHS, the media and affected individuals. Following the breach, the CE installed access card readers for entry to the office suite, inspected the facility’s alarm system, replaced custodial staff, and limited cleaning to office hours. The CE also accelerated the implementation of safeguards created prior to the theft, implemented mandatory encryption for all mobile devices, and created a new system to ensure all employees complete mandatory Privacy and Security Awareness training. The CE also revised several policies and procedures on ePHI security. OCR obtained assurances that the CE implemented the corrective actions listed above.
Location of breached information: Laptop
Business associate present: No
Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers