City of Houston

City of Houston

Information about City of Houston employees’ health insurance was compromised after an employee’s laptop computer was stolen.

The password-protected computer may have contained records, including names, addresses, dates of birth, Social Security numbers and other medical information.

Professionals are trained not to remove laptops from City offices unless sensitive data is encrypted but apparently one employee “failed to follow his training.”

Source: https://www.khou.com/article/news/local/sensitive-info-may-be-compromised-after-city-of-houston-employees-laptop-stolen/285-522663722

TPRM report: https://scoringcyber.rankiteo.com/company/city-of-houston

"id": "cit17276622",
"linkid": "city-of-houston",
"type": "Data Leak",
"date": "02/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'Houston, Texas',
                        'name': 'City of Houston',
                        'type': 'Government'}],
 'attack_vector': 'Physical Theft',
 'data_breach': {'data_encryption': 'None',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of Birth',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information',
                                              'Medical Information']},
 'description': 'Information about City of Houston employees’ health insurance '
                'was compromised after an employee’s laptop computer was '
                'stolen.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Dates of Birth',
                                 'Social Security numbers',
                                 'Medical Information']},
 'lessons_learned': 'Employees should strictly follow training guidelines, '
                    'especially regarding the encryption of sensitive data '
                    'when removing laptops from the office.',
 'post_incident_analysis': {'root_causes': 'Employee failed to follow training '
                                           'guidelines regarding data '
                                           'encryption.'},
 'recommendations': 'Implement stricter policies for data encryption and '
                    'ensure regular training for employees on data protection '
                    'practices.',
 'title': 'Data Breach Due to Stolen Laptop',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unencrypted Data'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.