Possible stem cell bank data breach

Image source Wikimedia

March 9, 2011 4:03:48 AM PST
A Triangle woman is concerned about her donation after learning of a possible security breach of the Cord Blood Registry.

CBR mailed warning letters to 300,000 people after a laptop computer and other items were stolen from an employee's car. It happened in December, but many warning letters are just arriving in local mailboxes.

Tannia Doughtery is a proud mother of two little girls and a proud donor of her 4-year-old daughter's cord blood to CBR.

"They came highly recommended, we trusted them," Doughtery said. "We gave them information on our family and on our new baby."

Now, she is second guessing that decision as news of a major data breach reaches the mailboxes of parents across the country.

"In the age of identity theft, and all the risks that come along with it, I want to know who has my information?" she asked. "What information's out there, was all the info released or was it only names or social security numbers? [I'm] definitely concerned."

According to a letter obtained by ABC11 Eyewitness News, a computer and backup tapes were stolen from a locked vehicle in San Francisco in mid December. The information contained social security numbers, driver's license numbers and credit card information that belongs to hundreds clients. CBR has as many as 300,000 clients in its registry.

None of the stolen information was secured.

"It is unfortunately very common for data to not be encrypted, and that's what we always see and that's what always hit the headlines," privacy expert Julie Earp said.

Earp is an expert in computers and data privacy at North Carolina State University. She says situations like the possible registry breach are avoidable, if you take the right precautions. In some cases, that means asking hard questions or just deciding not to give out your personal details.

"A lot of companies and organizations may have a policy or a statement that describes what they do, and that will give you a better feel for how they'll protect your data," Earp said.

Officials at the registry said if you haven't received a letter at this point, your information is safe. And the number of people actually affected is probably less than the number of letters they've sent.

CBR also released a statement saying in part, "Our experts have advised us there is no indication at this time that any of the personal data has been accessed or misused."

However, Doughtery says she's surprised at what's happening, and says she'll only consider donating cord blood again if changes are made.

"I'm very surprised and disappointed to hear that," Doughtery said in response to the company's statement. "There's many ways to protect data now readily available. [I'm] not sure why they wouldn't protect data as private as that."

Despite the claim by CBR that no data has been misused, at least one mother in the Triangle told ABC11 she's gotten multiple fraud alerts on her credit card account.

Officials at CBR say they have hired computer security experts, and they're offering all affected customers a free year of identity protection services.

The person who stole the items has not been caught.

Classifieds | Report A Typo |  Send Tip |  Get Alerts | See Click Fix
Follow @abc11 on Twitter  |  Become a fan on Facebook

Load Comments