In a new section of our Privacy Bulletin, we will provide information we’ve come across about recent data breaches. The following breaches have been publicized since our last Privacy Bulletin:
- Lockheed Martin confirmed that its information systems network had been attacked by hackers on May 21. The Company does not believe the breach, which was thwarted following detection, resulted in the release of any personally identifiable or other private information from its customers or employees. Lockheed is continuing to investigate the incident, which may be related to a data breach that occurred at RSA Systems in March.
- Hackers breached a European server belonging to the computer manufacturing company Acer the weekend of June 4th. The incident may have compromised the data of approximately 40,000 customers from its Packard Bell unit in Europe.
- In early June 2011, Citigroup announced that during routine monitoring it uncovered that the data of approximately one percent of its 21 million North American credit card customers had been breached. Citigroup noted that its customers' account information (such as name, account number and contact information, including email address) was accessed, but the customers' social security number, date of birth, card expiration date and card security code (CVV) were not compromised. Accordingly, Citigroup does not believe that the data breach revealed sufficient information to perpetrate fraud, but the company will monitor accounts and re-issue credit cards to affected customers.
- On June 8, the International Monetary Fund told staffers that the organization’s computer network was subject to a sophisticated cyberattack. As reported by the New York Times, which cited unnamed IMF officials in its discussion of the significance of the incident, the scope of the attack is still being investigated and its full ramifications are unknown. The IMF has not publicly announced details of the attack, but confirmed an investigation was underway.
- Honda Canada announced in May 2011 that hackers had accessed a Web server that held the 2009 information for about 280,000 of its customers. Officials at Honda said they detected the breach after noticing “an unusual volume of usage in the myHonda and myAcura Websites.” It has been reported that a class action lawsuit, seeking $200 million in damages against Honda was filed in Oshawa, Ontario.