• a blogger reported a security breach at a Curves franchise in Vancouver, Washington.

Relevance to Business Activities:

• security - physical and technical safeguards considerations:
• a blogger's relative found a working computer in a dumpster, containing:
• employees' phone numbers; and
• customers' addresses.
• no billing information, if any existed, was exposed;
• the Curves database, potentially containing credit card information, was encrypted; however:
• the blogger claimed that extracting the information from the database would be trivial.

•  breach response considerations:
• the blogger contacted:
• Curves corporate office:
• said that although each franchise is responsible for its own IT and privacy policies:
• the franchise's actions were inappropriate; and
• they would get in touch with the franchise.
• asked the blogger to wipe the hard drive.
• the manager of the franchise:
• who was busy or not available:
• left a message inviting him to read his online post of the incident.

Additional Consideration:

• the blogger returned the computer and hard drive to its owner.

Source Documents:

http://consumerist.com/tag/curves/?i=5022090&t=curves-leaves-working-computer-full-of-personal-information-in-an-office-dumpster

http://awaitinginspiration.com/dear-curves-respect-your-client-and-employee-data/