Data Breach

The Securities and Exchange Commission is having some security problems of its own. About 4,000 agency employees, including several in Los Angeles, have been notified that their Social Security numbers and other payroll information were included in an unencrypted email, according to Drew Malcomb, a Department of Interior spokesman. The May 4 email was sent by a contractor at the department's National Business Center, which manages payroll, human resources and financial reporting for dozens of federal agencies, Malcomb said.

Facebook said it fell victim to a "sophisticated attack" last month but has not found evidence that any user data was compromised. The Menlo Park, Calif., company said the attack occurred after some of its employees visited a mobile developer's website that had been compromised. A malicious code hosted on the hacked website made it possible for malware to be installed on the employees' laptops. "As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement and began a significant investigation that continues to this day," the company announced Friday.

Wells Fargo & Co. is notifying about 5,000 people that their personal information might have been seen by someone using a bank access code illegally. A bank spokeswoman said Tuesday that MicroBilt Corp., a consumer data vendor, told Wells Fargo on July 1 that there was unusual activity on one of the bank's access codes. The activity was particularly suspicious because Wells Fargo no longer uses that vendor for consumer information. "We notified law enforcement right away," said Wells Fargo spokeswoman Mary Berg, adding that it appeared the unauthorized activity occurred in May and June.

The Social Security numbers of Army recipients of the Medal of Honor and Distinguished Service Cross were inadvertently posted online by a Pentagon contractor and were available to the public until they were discovered by a Vietnam veteran who researches military medal awards. The Social Security numbers of 31 winners of the military's top two awards for valor in combat were posted by a contractor conducting medals research for the Pentagon. The information was removed Friday after the Pentagon learned of the breach through the efforts of Doug Sterner of Alexandria, Va., a Bronze Star winner who has spent 14 years researching medals.

Countrywide Financial Corp. is offering two years of free credit monitoring to customers whose sensitive personal information, including Social Security numbers, allegedly was stolen from the home lender's computer files. In one of the largest data theft cases in years, a former Countrywide employee was arrested Aug. 1 and charged with illegally accessing the firm's computers for more than two years. The information was being sold to mortgage brokers to be used as sales leads, federal authorities said in August.

The Federal Trade Commission on Thursday hit data broker ChoicePoint Inc. with the largest civil penalty in the agency's history for allowing sensitive consumer information to get into the hands of con artists last year. The commission levied a $10-million penalty on top of $5 million in restitution -- a total that amounts to more than 10% of the company's 2005 profit.

Retail giant TJX Cos. agreed Tuesday to pay $9.75 million to 41 states including California to settle an investigation of a massive data breach that jeopardized millions of payment card numbers. TJX, the parent company of the T.J. Maxx and Marshalls discount clothing chains, will pay $7.25 million in settlement and investigation costs. In addition, $2.5 million will go to create a data security fund for those states. California's share is $624,393.

A computer drive holding names, addresses, birth dates and Social Security numbers of all 3,500 Modesto city schools employees has been stolen from a local data processing firm, authorities said Tuesday. Sgt. Linda King of the Fullerton Police Department said a hard drive and three monitors were stolen in a burglary at Systematic Automation Inc. No cases of identity theft connected with the data breach have been reported.

SACRAMENTO — A data breach that jeopardized the personal information of more than 700,000 people has spurred California officials to change the way they transport sensitive material. Packages of payroll data, including Social Security numbers, will be delivered by courier rather than dropped in the mail. And officials are examining ways to transmit encrypted data rather than store it on microfiche. "We're looking to improve the process," said Oscar Ramirez, a spokesman for the California Department of Social Services.

Here's your hey-Mickey-you're-so-fine Monday roundup of consumer news from around the Web: --Zappos has been hacked. The online retailer and its discount affiliate, 6pm.com, say a data breach compromised customer account information such as billing addresses and the last four digits of credit card numbers. The security problem did not affect "critical credit card and other payment data," Zappos Chief Executive Tony Hsieh wrote in an email. He explained that the company was "the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.

SACRAMENTO — A data breach that jeopardized the personal information of more than 700,000 people has spurred California officials to change the way they transport sensitive material. Packages of payroll data, including Social Security numbers, will be delivered by courier rather than dropped in the mail. And officials are examining ways to transmit encrypted data rather than store it on microfiche. "We're looking to improve the process," said Oscar Ramirez, a spokesman for the California Department of Social Services.

SACRAMENTO - Sensitive personal information for more than 700,000 people who provide or receive home care for the elderly and disabled may have been compromised when payroll data went missing in the mail, state officials revealed Friday night. The breach occurred whenHewlett-Packard, which handles the payroll data for workers in California's In-Home Supportive Services program, was shipping information including Social Security numbers to an office in Riverside last month. The package arrived damaged and incomplete.

Information stolen from as many as 1.5 million credit card accounts is the latest in a long line of data breaches — and an alert for consumers to monitor their accounts for fraudulent purchases, industry watchdogs say. The latest major breach, reported late last week at Atlanta payments processor Global Payments Inc., resulted in no known consumer fraud as of Monday morning, Chief Executive Paul R. Garcia said in a conference call with analysts....

Data from up to 1.5 million credit and debit cards from all major card brands, including MasterCard, Visa and Discover, may have been stolen in a data breach at processing firm Global Payments Inc. But so far, the company does not know of any fraudulent transactions on infiltrated accounts, said Chief Executive Paul  R. Garcia in a conference call with analysts on Monday. The hack was confined to North America, he said. And while card numbers may have been swiped, the company said in a statement late Sunday that cardholder names, addresses and Social Security numbers are safe.

ATLANTA — A recent data breach may affect under 1.5 million credit cards in North America, according to the card processor involved. Visa and Mastercard announced Friday that they had notified their card holders of the potential for identity theft and illicit charges because of the breach. The card processor, Global Payments, put a number on those who could be affected late Sunday. Global Payments said that credit card data may have been stolen but cardholder names, addresses and social security numbers were not obtained.

MasterCard Inc. and Visa Inc. warned that some of the data in their cardholder accounts may have been breached. MasterCard said that it had notified banks, as well as law enforcement, of a potential problem with a third party "U.S.-based entity. " An independent data security organization is conducting a forensic review, MasterCard said. The company's own systems haven't been compromised. Visa said the same. "MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information," the company said Friday in a statement, without specifying how many cards might be at risk.

ATLANTA — A recent data breach may affect under 1.5 million credit cards in North America, according to the card processor involved. Visa and Mastercard announced Friday that they had notified their card holders of the potential for identity theft and illicit charges because of the breach. The card processor, Global Payments, put a number on those who could be affected late Sunday. Global Payments said that credit card data may have been stolen but cardholder names, addresses and social security numbers were not obtained.

SACRAMENTO - Sensitive personal information for more than 700,000 people who provide or receive home care for the elderly and disabled may have been compromised when payroll data went missing in the mail, state officials revealed Friday night. The breach occurred whenHewlett-Packard, which handles the payroll data for workers in California's In-Home Supportive Services program, was shipping information including Social Security numbers to an office in Riverside last month. The package arrived damaged and incomplete.

Here's your hey-Mickey-you're-so-fine Monday roundup of consumer news from around the Web: --Zappos has been hacked. The online retailer and its discount affiliate, 6pm.com, say a data breach compromised customer account information such as billing addresses and the last four digits of credit card numbers. The security problem did not affect "critical credit card and other payment data," Zappos Chief Executive Tony Hsieh wrote in an email. He explained that the company was "the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.

Sam Greyson was surprised to receive a new credit card the other day from Bank of America. He was also surprised to learn that the bank had changed his account number because of a security breach involving another business. But the thing that surprised Greyson most was that when he called BofA to find out more about the breach, he was essentially told to pound sand. "They wouldn't tell us anything," he said. "They said we could read about it in the newspaper. " That would change if legislation now making its way through Sacramento becomes law. The bill from state Sen. Joe Simitian (D-Palo Alto)