Blood donors' personal data stolen along with laptop

Blood donors' personal data stolen along with laptop
Blood donors' personal data stolen along with laptop 

By David Phelps
Star Tribune
December 6, 2007

Personal information, including the Social Security numbers of more than 
a quarter-million Minnesota and Wisconsin donors to Memorial Blood 
Centers, is in the hands of a thief.

The organization revealed Wednesday that a laptop containing the names 
and addresses of 268,000 donors was stolen Nov. 28 as center employees 
set up a skyway-level blood drive in downtown Minneapolis on Seventh 

Letters went out Wednesday to the affected donors, who make up about 
half of Memorial's donor base, apologizing for any inconvenience and 
warning them to watch for unusual activity in their banking and charge 

Blood centers chief executive Don Berglund said the organization 
believes it is highly unlikely that the person who stole the computer 
can gain access to the information inside because passwords and security 
devices had been installed.

"We've never had anything like this happen before," said Berglund, who 
called the incident a "random crime." The theft, which was reported 
immediately to Minneapolis police, was caught on a security camera.

Berglund said about half the laptop's records contain Social Security 
numbers. The records also include dates of birth and blood types. The 
data includes people who have donated since the center opened in 1948.

Minneapolis police have asked anyone with knowledge of the computer's 
whereabouts to call 612-692-TIPS (8477).

Not the only victims

The theft of the blood center's laptop is the latest in what has become 
a string of crimes in which clients' personal information was stolen 
from an institution, most commonly retailers or financial institutions. 
Often the thieves seem more interested in the hardware than the 
information on it, but identity theft has been traced to the crimes as 

Sometimes the theft is highly sophisticated. Two years ago hackers 
outside a Marshall's department store in St. Paul used a 
telescope-shaped antenna to obtain credit card information going between 
cash registers and the store's computers. The theft ultimately was 
repeated across the country.

Earlier this year Marshall's parent TJX Cos. revealed that information 
from at least 45.7 million credit and debit cards was stolen. The 
company recently agreed to pay up to $40.9 million to resolve claims by 
banks for money lost on Visa credit cards because of the security 
breach. Fraud claims associated with other credit cards in the case are 
still pending.

The Memorial incident is similar to a case a year ago when a laptop 
containing the names and Social Security numbers of obstetrics patients 
of Allina Hospitals and Clinics was stolen from a nurse's car.

That laptop was never recovered but there was no indication that the 
person who took it was able to use the information.

"There never was any evidence the information was accessed," said Allina 
spokesman David Kanihan. "We sent letters [to patients], kept eyes on 
accounts and nothing ever happened."

Nearly two years ago, a laptop containing client information was stolen 
from a car belonging to an employee of Ameriprise Financial Inc. That 
laptop was recovered before any data was accessed.

'Unfortunate situation'

According to Berglund, Memorial employees who were setting up for the 
blood drive never saw the person who took the briefcase containing the 
laptop but realized right away that it had been stolen. The incident 
occurred at 6:43 a.m. Nov. 28, Berglund said.

Memorial waited a week to send out warning letters to donors to allow 
police time to conduct an investigation, he said.

"We want to let you know about an unfortunate situation," the letter 
begins. It goes on to say, "We believe that the possibility that donor 
information on the stolen laptop could be used inappropriately is 
unlikely. Nonetheless, it is always advisable to review your financial 
records, bank statements, credit card statements and credit reports 
carefully and report suspicious transactions promptly."

Starting this week, Memorial will no longer ask for donors' Social 
Security numbers.

Visit InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods