Data Breach at Sensitive Lab Prompts Credit Scare

March 19, 2011— -- Cord Blood Registry, a private company that stores stem cells from umbilical cords for future medical use, experienced a major data breach in December that could affect up to 300,000 people.

The theft occurred on Dec. 13, 2010 when someone broke into the car of one of the company's employees in San Francisco and stole a bag containing tapes filled with financial data belonging to the company's clients, including names, Social Security numbers and credit card numbers.

The company sent letters to about 300,000 people notifying them of the data breach and offering to pay for a year's worth of credit monitoring services by the credit bureau Experian.

"We are just trying to be open and transparent," said Kathy Engle, Cord Blood Registry's spokesperson.

Credit.com: What to do in case of Identity Theft

As soon as the theft was discovered, the company investigated to see what was saved on the tapes, as well as on a Dell laptop, zip drive and external hard drive that were also stolen, said Engle. The company also paid a consulting firm to research whether any of the names and credit card numbers on the tapes are being used to make fraudulent purchases. They found no evidence of misuse so far.

"The tapes were not encrypted," said Engle, "which precipitated our decision to alert our clients and provide them with credit protection because we realized that's what put them at risk."

Many companies don't know how easy it is to protect themselves from such a breach, says Ondrej Krehel, information security officer for Credit.com's sister company, Identity Theft 911.