By David Phelps
December 6, 2007
Personal information, including the Social Security numbers of more than
a quarter-million Minnesota and Wisconsin donors to Memorial Blood
Centers, is in the hands of a thief.
The organization revealed Wednesday that a laptop containing the names
and addresses of 268,000 donors was stolen Nov. 28 as center employees
set up a skyway-level blood drive in downtown Minneapolis on Seventh
Letters went out Wednesday to the affected donors, who make up about
half of Memorial's donor base, apologizing for any inconvenience and
warning them to watch for unusual activity in their banking and charge
Blood centers chief executive Don Berglund said the organization
believes it is highly unlikely that the person who stole the computer
can gain access to the information inside because passwords and security
devices had been installed.
"We've never had anything like this happen before," said Berglund, who
called the incident a "random crime." The theft, which was reported
immediately to Minneapolis police, was caught on a security camera.
Berglund said about half the laptop's records contain Social Security
numbers. The records also include dates of birth and blood types. The
data includes people who have donated since the center opened in 1948.
Minneapolis police have asked anyone with knowledge of the computer's
whereabouts to call 612-692-TIPS (8477).
Not the only victims
The theft of the blood center's laptop is the latest in what has become
a string of crimes in which clients' personal information was stolen
from an institution, most commonly retailers or financial institutions.
Often the thieves seem more interested in the hardware than the
information on it, but identity theft has been traced to the crimes as
Sometimes the theft is highly sophisticated. Two years ago hackers
outside a Marshall's department store in St. Paul used a
telescope-shaped antenna to obtain credit card information going between
cash registers and the store's computers. The theft ultimately was
repeated across the country.
Earlier this year Marshall's parent TJX Cos. revealed that information
from at least 45.7 million credit and debit cards was stolen. The
company recently agreed to pay up to $40.9 million to resolve claims by
banks for money lost on Visa credit cards because of the security
breach. Fraud claims associated with other credit cards in the case are
The Memorial incident is similar to a case a year ago when a laptop
containing the names and Social Security numbers of obstetrics patients
of Allina Hospitals and Clinics was stolen from a nurse's car.
That laptop was never recovered but there was no indication that the
person who took it was able to use the information.
"There never was any evidence the information was accessed," said Allina
spokesman David Kanihan. "We sent letters [to patients], kept eyes on
accounts and nothing ever happened."
Nearly two years ago, a laptop containing client information was stolen
from a car belonging to an employee of Ameriprise Financial Inc. That
laptop was recovered before any data was accessed.
According to Berglund, Memorial employees who were setting up for the
blood drive never saw the person who took the briefcase containing the
laptop but realized right away that it had been stolen. The incident
occurred at 6:43 a.m. Nov. 28, Berglund said.
Memorial waited a week to send out warning letters to donors to allow
police time to conduct an investigation, he said.
"We want to let you know about an unfortunate situation," the letter
begins. It goes on to say, "We believe that the possibility that donor
information on the stolen laptop could be used inappropriately is
unlikely. Nonetheless, it is always advisable to review your financial
records, bank statements, credit card statements and credit reports
carefully and report suspicious transactions promptly."
Starting this week, Memorial will no longer ask for donors' Social
Visit InfoSec News