Information about City of Houston employees’ health insurance was compromised after an employee’s laptop computer was stolen.
The password-protected computer may have contained records, including names, addresses, dates of birth, Social Security numbers and other medical information.
Professionals are trained not to remove laptops from City offices unless sensitive data is encrypted but apparently one employee “failed to follow his training.”
TPRM report: https://scoringcyber.rankiteo.com/company/city-of-houston
"id": "cit17276622",
"linkid": "city-of-houston",
"type": "Data Leak",
"date": "02/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Public Sector',
'location': 'Houston, Texas',
'name': 'City of Houston',
'type': 'Government'}],
'attack_vector': 'Physical Theft',
'data_breach': {'data_encryption': 'None',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Medical Information']},
'description': 'Information about City of Houston employees’ health insurance '
'was compromised after an employee’s laptop computer was '
'stolen.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Social Security numbers',
'Medical Information']},
'lessons_learned': 'Employees should strictly follow training guidelines, '
'especially regarding the encryption of sensitive data '
'when removing laptops from the office.',
'post_incident_analysis': {'root_causes': 'Employee failed to follow training '
'guidelines regarding data '
'encryption.'},
'recommendations': 'Implement stricter policies for data encryption and '
'ensure regular training for employees on data protection '
'practices.',
'title': 'Data Breach Due to Stolen Laptop',
'type': 'Data Breach',
'vulnerability_exploited': 'Unencrypted Data'}