Skip to content

Commit

Permalink
Merge pull request #4866 from vz-risk/nov2014
Browse files Browse the repository at this point in the history 
Merge the November 2014 data into master
  • Loading branch information
@blackfist
blackfist committed Dec 4, 2014
2 parents 65daf9c + c761eac commit f7a1c9b
Show file tree
Hide file tree
Showing 479 changed files with 49,609 additions and 3,807 deletions.
8,888 changes: 5,218 additions & 3,670 deletions data/csv/vcdb.csv
View file

Large diffs are not rendered by default.

90 changes: 90 additions & 0 deletions data/json/003F5B6A-CA75-4694-AA76-FE9498FF0C3E.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
{
"action": {
"misuse": {
"variety": [
"Data mishandling"
],
"vector": [
"LAN access"
]
}
},
"actor": {
"internal": {
"motive": [
"Ideology"
],
"variety": [
"Unknown"
]
}
},
"asset": {
"assets": [
{
"variety": "U - Desktop"
}
]
},
"attribute": {
"confidentiality": {
"data": [
{
"variety": "Internal"
}
],
"data_disclosure": "Yes",
"data_victim": [
"Customer"
],
"state": [
"Unknown"
]
}
},
"discovery_method": "Ext - unknown",
"impact": {
"overall_rating": "Unknown"
},
"incident_id": "003F5B6A-CA75-4694-AA76-FE9498FF0C3E",
"plus": {
"analysis_status": "First pass",
"analyst": "blackfist",
"attribute": {
"confidentiality": {
"credit_monitoring": "U"
}
},
"created": "2014-09-09T13:21:00Z",
"github": "3935",
"master_id": "003F5B6A-CA75-4694-AA76-FE9498FF0C3E",
"modified": "2014-09-09T13:21:00Z",
"timeline": {
"notification": {
"year": 2014
}
}
},
"reference": "http://legalinsurrection.com/2014/06/irs-admits-leaking-personal-information-in-prop-8-debate/",
"schema_version": "1.3",
"security_incident": "Confirmed",
"source_id": "vcdb",
"summary": "IRS employee leaks confidential information from a political group's tax returns.",
"timeline": {
"incident": {
"month": 2,
"year": 2012
}
},
"victim": {
"country": [
"US"
],
"employee_count": "50001 to 100000",
"industry": "921130",
"region": [
"019021"
],
"victim_id": "Internal Revenue Service"
}
}
99 changes: 99 additions & 0 deletions data/json/004BC977-E210-4AF8-8778-572E168A7B9E.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
{
"action": {
"error": {
"variety": [
"Loss"
],
"vector": [
"Unknown"
]
}
},
"actor": {
"internal": {
"motive": [
"NA"
],
"variety": [
"Unknown"
]
}
},
"asset": {
"assets": [
{
"variety": "M - Flash drive"
}
]
},
"attribute": {
"availability": {
"variety": [
"Loss"
]
},
"confidentiality": {
"data": [
{
"amount": 507,
"variety": "Medical"
}
],
"data_disclosure": "Potentially",
"data_total": 507,
"data_victim": [
"Patient"
],
"state": [
"Stored unencrypted"
]
}
},
"discovery_method": "Unknown",
"impact": {
"overall_rating": "Unknown"
},
"incident_id": "004BC977-E210-4AF8-8778-572E168A7B9E",
"plus": {
"analysis_status": "First pass",
"analyst": "swidup",
"attribute": {
"confidentiality": {
"credit_monitoring": "U"
}
},
"created": "2014-11-10T23:12:00Z",
"github": "4671",
"master_id": "004BC977-E210-4AF8-8778-572E168A7B9E",
"modified": "2014-11-10T23:12:00Z",
"timeline": {
"notification": {
"year": 2014
}
}
},
"reference": "http://www.phiprivacy.net/other-breaches-newly-disclosed-on-hhss-public-breach-tool/; http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html",
"schema_version": "1.3",
"security_incident": "Confirmed",
"source_id": "vcdb",
"summary": "Loss of portable electronic device",
"timeline": {
"incident": {
"day": 17,
"month": 9,
"year": 2014
}
},
"victim": {
"country": [
"US"
],
"employee_count": "Over 100000",
"industry": "524126",
"region": [
"019021"
],
"state": "TX",
"victim_id": "Burlington Northern Santa Fe Group Benefits Plan"
}
}
106 changes: 106 additions & 0 deletions data/json/00C84D6A-CDB8-4A5B-A1A6-0D75A65274D7.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
{
"action": {
"physical": {
"variety": [
"Theft"
],
"vector": [
"Victim work area"
]
}
},
"actor": {
"external": {
"country": [
"Unknown"
],
"motive": [
"Financial"
],
"region": [
"000000"
],
"variety": [
"Unknown"
]
}
},
"asset": {
"assets": [
{
"variety": "M - Documents"
}
]
},
"attribute": {
"availability": {
"variety": [
"Loss"
]
},
"confidentiality": {
"data": [
{
"amount": 661,
"variety": "Medical"
}
],
"data_disclosure": "Yes",
"data_total": 661,
"data_victim": [
"Patient"
],
"state": [
"Stored unencrypted"
]
}
},
"discovery_method": "Unknown",
"impact": {
"overall_rating": "Unknown"
},
"incident_id": "00C84D6A-CDB8-4A5B-A1A6-0D75A65274D7",
"plus": {
"analysis_status": "First pass",
"analyst": "swidup",
"attribute": {
"confidentiality": {
"credit_monitoring": "U"
}
},
"created": "2014-11-21T07:50:00Z",
"github": "4099",
"master_id": "00C84D6A-CDB8-4A5B-A1A6-0D75A65274D7",
"modified": "2014-11-21T07:50:00Z",
"timeline": {
"notification": {
"day": 26,
"month": 7,
"year": 2014
}
}
},
"reference": "http://robertjgraham.com/?p=13819; http://articles.philly.com/2014-07-18/news/51663609_1_data-breach-social-security-numbers-identity-theft",
"schema_version": "1.3",
"security_incident": "Confirmed",
"source_id": "vcdb",
"summary": "Officials at the University of Pennsylvania Health System have notified 661 patients about a data breach that occurred when receipts from Penn Medicine Rittenhouse containing personal health data were stolen last month, the Philadelphia Inquirer reports. Last week, the health system announced that the receipts had been taken from a locked office. The receipts included patients: Dates of birth; Names; and The last four digits of their credit card numbers. Susan Phillips, a senior vice president at the health system, said that there had been no arrests and no reported incidents of identity theft related to the incident, which she described as very low risk. She added that the health system is reviewing internal procedures to make any needed changes to keep patient information confidential (Burling, Philadelphia Inquirer, 7/18). ",
"timeline": {
"incident": {
"month": 6,
"year": 2014
}
},
"victim": {
"country": [
"US"
],
"employee_count": "1001 to 10000",
"industry": "622110",
"region": [
"019021"
],
"state": "PA",
"victim_id": "University of Pennsylvania Health System"
}
}
97 changes: 97 additions & 0 deletions data/json/021E91A0-7159-4675-80CF-E618C2E498FF.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
{
"action": {
"misuse": {
"variety": [
"Privilege abuse"
],
"vector": [
"Physical access"
]
}
},
"actor": {
"internal": {
"motive": [
"Financial"
],
"variety": [
"Other"
]
}
},
"asset": {
"assets": [
{
"variety": "S - Database"
}
]
},
"attribute": {
"confidentiality": {
"data": [
{
"amount": 30,
"variety": "Personal"
}
],
"data_disclosure": "Yes",
"data_total": 30,
"data_victim": [
"Patient"
],
"state": [
"Unknown"
]
}
},
"discovery_method": "Ext - customer",
"impact": {
"overall_rating": "Unknown"
},
"incident_id": "021E91A0-7159-4675-80CF-E618C2E498FF",
"plus": {
"analysis_status": "First pass",
"analyst": "gdbassett",
"attribute": {
"confidentiality": {
"credit_monitoring": "U",
"data_misuse": "Y"
}
},
"created": "2014-11-13T15:46:00Z",
"github": "1343",
"master_id": "021E91A0-7159-4675-80CF-E618C2E498FF",
"modified": "2014-11-13T15:46:00Z",
"timeline": {
"notification": {
"day": 15,
"month": 2,
"year": 2010
}
}
},
"reference": "http://www.databreaches.net/nc-ex-alamance-county-employee-pleads-guilty-in-identity-theft-case/;http://www.news-record.com/news/article_7ffdbba0-7d1e-11e3-a75c-001a4bcf6878.html;http://archive.digtriad.com/news/local/article/312832/57/Former-Greensboro-Social-Worker-Pleads-Guilty-To-Identity-Theft-Tax-Crimes-",
"schema_version": "1.3",
"security_incident": "Confirmed",
"source_id": "vcdb",
"summary": "NC: Ex-Alamance County employee pleads guilty in identity theft case Michael D. Abernathy reports: A former Alamance County Department of Social Services employee pleaded guilty in federal court this week to using personal information of child abuse victims in a tax fraud scheme. Rakecia Matrese Brame was indicted Oct. 28 on 33 total counts of identity theft, and wire fraud, aiding in tax fraud, according to federal court documents. She is accused of selling the personal identification of child abuse and neglect victims to Nothing But Taxes Inc. of Greensboro so clients there could claim the child abuse victims as dependents on tax returns. Read more on News & Record. The U.S. Attorneys Office for the Middle District of North Carolina issued a press release yesterday: Rakecia Matrese Brame, formerly of Greensboro, N.C., and now of Grand Prairie, Texas, pleaded guilty on Jan. 10, 2014, to identity theft, tax, and fraud charges, the Department of Justice and the Internal Revenue Service (IRS) announced today. Brame pleaded guilty to one count of wire fraud, one count of aggravated identity theft and one count of aiding and assisting the preparation of a false tax return. U.S. District Judge Thomas Schroeder for the Middle District of North Carolina set a sentencing hearing for May 16, 2014. According to court documents, from approximately February 2009 to February 2011, Brame was employed as a social worker at the Alamance County Department of Social Services (Alamance DSS) in North Carolina. Brame was responsible for investigating claims of abuse and neglect against minors and disabled adults. As part of her official duties, Brame had authorized access to extensive identifying information including names, dates of birth and Social Security numbers of Alamance DSS clients, including abuse victims and recipients of various state benefits, and of witnesses in official investigations. According to court documents, Brame used her access to identifying information contained in Alamance DSS records to illegally obtain the personal identifying information of Alamance DSS clients and others. Pursuant to an ongoing agreement, Brame sold that personal identifying information to Jennifer Bullock and Saichelle McNeill, two return preparers at the Greensboro branch of Nothing But Taxes, a tax return preparation firm. Bullock and McNeill used the stolen identities to claim false dependents on tax returns they prepared for Nothing But Taxes clients, thereby claiming inflated tax refunds on the clients behalf. Bullock and McNeill paid Brame $200 to $300 per identity they purchased, and Brame knowingly sold these identities to Bullock and McNeill to be used for tax fraud. Court documents state that, as a social worker, Brame owed a legal and professional duty to keep the information she learned about victims and witnesses confidential. She had no authority to sell such information or otherwise use it for personal gain, and doing so violated the professional standards applicable to social workers, as well as federal and state law and Alamance DSS policy. According to court documents, one victim of the identity theft scheme was referred to Alamance DSS for investigation on or about Feb. 15, 2010, and assigned to Brame. A few days later, Brame sold this victims identity to Bullock for use as a false dependent on a tax return. On or about March 3, 2010, Bullock prepared a 2009 tax return for a Nothing But Taxes client which falsely claimed that the victim was a dependent. As a result of the falsification, the tax return claimed a higher tax refund than the Nothing But Taxes client was actually entitled to receive. Approximately one year later, Brame sold the victims identity and that of her sister to McNeill, who then prepared 2010 tax returns for two different Nothing But Taxes clients that falsely claimed both victims as dependents. Brame faces a statutory maximum of 20 years in prison on the wire fraud charge and a maximum of three years in prison for the charge of aiding and assisting in the preparation of a false tax return. The aggravated identity theft charge carries a mandatory two year sentence, which must run consecutively to any sentence on the other charges. The related case against McNeill resulted in a guilty plea to federal criminal charges of wire fraud, aggravated identity theft and aiding and assisting in the preparation of false tax returns. McNeill was sentenced to serve 27 months in federal prison on Aug. 20, 2013. Brames co-defendant Bullock pleaded guilty to wire fraud, aggravated identity theft and tax charges on Dec. 4, 2013, and she is currently awaiting sentencing. This case and related Nothing But Taxes cases were investigated by agents of the IRS -Criminal Investigation and were prosecuted by Assistant U.S. Attorney Frank Chut and Trial Attorney Jonathan Marx of the Tax Division. The prosecution team wishes to thank the Alamance DSS for their assistance and cooperation in the investigation.",
"timeline": {
"incident": {
"month": 2,
"year": 2009
}
},
"victim": {
"country": [
"US"
],
"employee_count": "Small",
"industry": "561990",
"region": [
"021000",
"019021"
],
"state": "NC",
"victim_id": "Alamance County Department of Social Services"
}
}
Loading

0 comments on commit f7a1c9b

Please sign in to comment.