Data Security Breach Statistics

• 2008
• 2007
• 2006
• 2005
• 2004
• 2003
• 2002
• 2001
• 2000

Year to Date 2008 Stats

Sources and Additional Data Breach Information and Links

• Data Loss Statistics & Summary Info
  
• Privacy Rights Clearninghouse - A Chronology of Data Breaches
  
• Attrition.org - Data Breach Information and Listserv
  
• Security & Privacy -- Made Simpler," from the Better Business Bureau
• Protecting Personal Information: A Guide for Business,” from the Federal Trade Commission
• Information Security Handbook,” from the National Institute of Standards and Technology

Chronological List of Data Breaches
1/10/2000	CD Universe	300000
11/14/2000	Western Union	15700
11/15/2000	Contour Software	700
11/15/2000	Travelocity	51000
12/9/2000	University of Washington Med Ctr.	4000
3/5/2001	Amazon/Bibliofind.com	98000
3/20/2001	atomicpark.com	500
4/2/2001	ADDR.com	46000
4/17/2001	Accubyte	250
4/27/2001	Egghead.com
5/25/2001	Health.org
6/21/2001	ZixIt-Anacom
11/20/2001	Playboy
11/20/2001	Ziff-Davis	12500
3/27/2002	Microsoft
3/29/2002	United States Government
1/3/2003	United States Department of Defense	562000
2/28/2003	Indiana University School of Medicine	7000
3/6/2003	Data Processors International	5000000
3/6/2003	University of Texas at Austin	55200
3/31/2003	Georgia Tech University	57000
5/7/2003	Virginia Credit Union	800
7/12/2003	PetCo	500000
11/22/2003	Wells Fargo
12/18/2003	Acxiom Inc.
12/19/2003	Bank Rhode Island	43000
1/8/2004	U.S. Treasury Department	10000
1/10/2004	New York University	1800
1/14/2004	Airlines Reporting Corporation
1/29/2004	University of Georgia	20000
2/3/2004	New York University	2100
2/13/2004	California Employment Dev. Dept.	90000
3/17/2004	San Diego State University	178000
3/19/2004	BJ's Wholesale Club
3/29/2004	GMAC Financial Services	200000
4/16/2004	Fleet Credit Card Services
4/29/2004	University of California at Los Angeles (UCLA)	145000
4/29/2004	Illinois Secretary of State	200000
5/7/2004	University of California San Diego	380000
5/12/2004	Alameda Alliance for Health	95000
6/24/2004	America Online	30000000
7/14/2004	Intuit	47000
8/3/2004	Cal State San Marcos	23000
9/16/2004	Teledata Communications	30000
9/23/2004	Cal State Hayward	2000
11/25/2004	Brazos Higher Education Service Corporation	550000
12/21/2004	Delta Blood Bank	100000
12/22/2004	Hamilton County Ohio Clerk of Courts
1/10/2005	George Mason University	32000	Names, photos, and Social Security numbers of 32,000 students and staff were compromised because of a hacker attack on the university's main ID server.
1/18/2005	University of San Diego	3500	A hacker breached the security of two University computers that stored the Social Security numbers and names of students and alumni of UCSD Extension.
1/22/2005	University of Northern Colorado	15790	A hard drive was apparently stolen. It contained information on current and former University employees and their beneficiaries -- name, date of birth, SSN, address, bank account and routing number..
2/12/2005	SAIC	45000	On Jan. 25 thieves broke into a SAIC facility and stole computers containing names, SSNs, and other personal information of past and current employees. Stolen information included names, NNS, addresses, phone numbers and records of financial transactions.
2/18/2005	University of Chicago Hospital	85	Dishonest insider
2/21/2005	T-Mobile	400
2/26/2005	Bank of America	1000000	Lost backup tape
2/26/2005	New York State
3/1/2005	Paymaxx	100000	Exposed online
3/2/2005	University of California Davis	1100	The names and Social Security numbers of students, faculty, visiting speakers and staff may have been compromised when a hacker accessed a main computer.
3/8/2005	DSW/Retail Ventures	100000	Hacking
3/11/2005	ChoicePoint	163000	Bogus accounts established by ID thieves. The initial number of affected records was estimated at 145,000 but was later revised to 163,000.
3/11/2005	Kaiser Permanente	140	A disgruntled employee posted informaton on her blog noting that Kaiser Permanente included private patient information on systems diagrams posted on the Web.
3/11/2005	Las Vegas DMV	8900	Stolen computer.
3/16/2005	Chico State University	59000
3/17/2005	Boston College	120000	Hacking
3/18/2005	State of Michigan
3/19/2005	University Nevada Las Vegas	5000	Hacking
3/20/2005	Northwestern Univ.	21000	Hacking
3/22/2005	Calif. State Univ.	59000	Hacking
3/23/2005	University of California San Francisco	7000	Hacking
3/25/2005	Purdue University	1200	Computers in the College of Liberal Arts' Theater Dept. were hacked, exposing personal information of employees, students, graduates, and business affiliates.
3/28/2005	University California Berkeley	98369	Stolen laptop
4/6/2005	University of California, San Francisco	7000	A server in the accounting and personnel departments was hacked. It contained information on 7,000 students, faculty, and staff members. The affected individuals were notified March 23.
4/8/2005	Eastern National	15000	Hacker
4/8/2005	San Jose Medical Group	187000	Stolen computer
4/12/2005	Tufts University	106000	Hacking
4/12/2005	Lexis-Nexis	310000	Passwords compromised
4/12/2005	National Park Service	15000
4/14/2005	Calif. Fastrack	4500	Dishonest Insider
4/15/2005	Polo Ralph Lauren	180000	Hacking
4/20/2005	Ameritrade	200000	Lost backup tape
4/21/2005	Carnegie Mellon University	19000	Hacking
4/26/2005	Christus St. Joseph Hospital	16000	Stolen computer
4/28/2005	Georgia Southern University		Hacking
4/29/2005	Florida International University
5/2/2005	Colorado State Health Dept.	1600	Stolen laptop
5/5/2005	Arbella Mutual Insurance Company
5/6/2005	Michigan State University	40000	Hacking
5/12/2005	Hinsdale Central High School		Hacking
5/12/2005	Westborough Bank	750	Dishonest insider
5/14/2005	Georgia Technology Authority	465000	Dishonest insider
5/16/2005	Oklahoma State University	37000	Missing laptop
5/18/2005	University of Iowa	30000	Hacking
5/22/2005	Valdosta State University	40000	Hacking
5/23/2005	Bank of America / Wachovia	676000	Dishonest insiders
5/23/2005	Jackson Community College	8000	Hacking
5/23/2005	MCI	16500	Stolen laptop
5/25/2005	North Carolina Div. of Motor Vehicles		On Feb. 10, an employee downloaded addresses of 3.8 million people but was detected and stopped before being able to retrieve more sensitive information such as driver's license numbers.
5/25/2005	Purdue University	11360	Hacking
5/27/2005	Stanford University	9600	Hacking
5/28/2005	Merlin Information Services	5875	Bogus acct. set up
5/31/2005	California Dept. Health Services	21600	Stolen laptop
6/1/2005	US Dept. Of Justice	80000	Stolen laptop
6/4/2005	Duke University Medical Center	14000	Hacking
6/4/2005	Cleveland State University	44000	Stolen laptop
6/6/2005	Citigroup	3900000	Lost backup tapes
6/13/2005	Motorola		Computers stolen
6/17/2005	Federal Deposit Insurance Corp.	6000	Not Disclosed/Unknown
6/17/2005	University of Hawaii	150000	Dishonest Insider
6/19/2005	Visa MasterCard American Express	40000000	Hacking
6/21/2005	CVS Corp.
6/22/2005	East Carolina Univ.	250	Hacking
6/22/2005	Eastman Kodak Co.	5800	Stolen laptop
6/23/2005	Kent State University	1400	Stolen laptop
6/27/2005	U.S. Dept. of Veteran's Affairs	66	A laptop being stored in the trunk of a car was stolen in Minneapolis, Minnesota. 2 people later reported identity fraud problems.
6/28/2005	Lucas Cty. Children Services (OH)	900	Exposed by email
6/28/2005	University of Connecticut	72000	Hacking
6/29/2005	Medica Health Plans	1200000
6/30/2005	Bank of America	18000	Stolen laptop
6/30/2005	DSW Shoes	1496000	Hacking
7/1/2005	University of San Diego	3300	Hacking
7/6/2005	Ohio State Univ. Medical Center	15000	Stolen laptop
7/6/2005	Time Warner Inc.	600000	Lost backup tapes
7/7/2005	Michigan State University	27000	Hacking
7/8/2005	City National Bank		Lost backup tapes
7/9/2005	University of Southern Cailfornia	270000	Hacking
7/13/2005	Arizona Biodyne	57000
7/20/2005	Iowa State University	4410
7/21/2005	University of Colorado at Boulder	42000	Hacking
7/25/2005	St. John's Regional Med. Ctr.	27000
7/28/2005	California State University Dominguez Hills	9614	Hacking
7/29/2005	San Diego Co. Emp. Ret. Assoc.	32000	Hacking
7/30/2005	Austin Peay State University	2772
8/3/2005	University of Colorado	36000	Hacking
8/4/2005	Anderson College	800
8/4/2005	Cal Poly Pomona	31077	Hacking
8/5/2005	Madison Area Technical College	100
8/9/2005	Federal Reserve Bank
8/9/2005	Sonoma State University	61709	Hacking
8/9/2005	University of North Texas	38607
8/10/2005	University of Utah	100000	Hacking
8/12/2005	Verizon Wireless
8/15/2005	California State University Stanislaus	877	Hacking
8/19/2005	United States Air Force	33000	Hacking
8/19/2005	University of Colorado	49000	Hacking
8/27/2005	University of Florida	3851	Stolen Laptop
8/30/2005	California State University	154	Hacking
8/30/2005	JPMorgan Chase		Stolen laptop (Aug. 8) containing personal and financial account information of customers of its private bank.
8/30/2005	Stark State College of Technology	7058
9/2/2005	Iowa Student Loan	165000
9/10/2005	Kent State University	100000	Stolen computers
9/13/2005	Fort Carson	9300
9/16/2005	ChoicePointá		ID thieves accessed; also misuse of IDs & passwords. (2nd notice, see 2/15/05)
9/16/2005	Miami Ohio University	21762	Exposed online
9/17/2005	North Fork Bank	9000	Stolen laptop (7/24/05) with mortgage data
9/19/2005	Children's Health Council	6700	Stolen backup tape
9/22/2005	Internal Revenue Service	30000
9/28/2005	City University of New York	771	Exposed online
9/28/2005	RBC Dain Rauscher	300000	Illegitimate access to customer data by former employee
9/29/2005	University of Georgia	1600	Hacking
10/7/2005	Bank of America
10/8/2005	Blockbuster
10/12/2005	Ohio State Univ. Medical Center	2800	Exposed online. Appointment information including SSN, DOB, address, phone no., medical no., appointment reason, physician.
10/15/2005	Montclair State University	9100	Exposed online
10/20/2005	Monmouth University	677
10/20/2005	Vermont Technical College
10/20/2005	Wilcox Memorial Hospital	130000	Lost backup tape
10/21/2005	State of California
10/29/2005	University of Tennessee	1900
11/1/2005	University of Tennessee Med. Ctr.	3800	Stolen laptop
11/4/2005	Keck School of Medicine (USC)	50000	Stolen computer
11/5/2005	Safeway Inc.	1400	Stolen laptop
11/7/2005	Papa John's
11/8/2005	ChoicePoint		Bogus accounts established by ID thieves. Total affected now reaches 163,000
11/9/2005	TransUnion LLC	3623	Stolen computer
11/11/2005	Georgia Tech University	13000	Stolen computer, Ofc. of Enrollment Services
11/18/2005	Indiana University Kelley School of Business	5278
11/18/2005	Boeing Co.	161000	Stolen laptop with HR data incl. SSNs and bank account info.
11/23/2005	University of Delaware	952
11/26/2005	Scottrade	140000	Hacking
12/2/2005	Cornell University	900	Hacking. Names, addresses, SSNs, bank names and acct. numbers.
12/3/2005	University of San Diego	7800	Hacking. Faculty, students and employee tax forms containing SSNs
12/3/2005	First Trust Bank		Stolen laptop
12/6/2005	Washington St. Employment Security Dept.	530	Stolen laptop. Names, SSNs and earnings of former employees.
12/8/2005	San Antonio Independent School District
12/8/2005	J-Sargeant Reynolds Community College	26000
12/8/2005	Federal Reserve Bank
12/9/2005	Idaho State University		ISU discovered a security breach in a server containing archival information about students, faculty, and staff, including names, SSNs, birthdates, and grades.
12/9/2005	Oregon Community Credit Union	200
12/12/2005	Iowa State University	5500	Hacking. Credit card information and Social Security numbers.
12/12/2005	Sam's Club		Exposed credit card data at gas stations.
12/16/2005	Colorado Tech. Univ.	1200	Email erroneously sent containing names, phone numbers, email addresses, Social Security numbers and class schedules.
12/19/2005	Guidance Software	3800	Hacking. Customer credit card numbers.
12/21/2005	LaSalle Bank	2000000	Backup tape with residential mortgage customers lost in shipment by DHL, containing SSNs and account information.
12/22/2005	Ford Motor Company	70000	Stolen computer. Names and SSNs of current and former employees.
12/28/2005	Marriott International	206000
1/1/2006	University Pittsburgh Medical Ctr.	700	6 Stolen computers. Names, Social Security numbers, birthdates
1/2/2006	H&R Block		SSNs exposed in 40-digit number string on mailing label
1/8/2006	Kerzner International / Atlantis	55000	Dishonest insider or hacking. Names, addresses, credit card details, Social Security numbers, driver's licence numbers and/or bank account data.
1/11/2006	People's Bank	90000	Lost computer tape containing names, addresses, Social Security numbers, and checking account numbers.
1/15/2006	Illinois Education Association
1/16/2006	New York City Teachers Retirement System
1/17/2006	City of San Diego, Water & Sewer Dept.		Dishonest employee accessed customer account files, including SSNs, and committed identity theft on some individuals.
1/20/2006	University of Kansas
1/20/2006	Univ. Place Conference Center & Hotel, Indiana Univ.		Hacking. Reservation information including credit card account number compromised.
1/21/2006	California National Guard		Stolen briefcase with personal information of National Guardsmen including a 'seniority roster,' Social Security numbers and dates of birth.
1/23/2006	University of Notre Dame		Hackers accessed Social Security numbers, credit card information and check images of school donors.
1/24/2006	University of Washington Med Ctr.	1600	Stolen laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data.
1/25/2006	Ameriprise Financial	226000	A laptop was stolen from an employee's car Christmas eve. It contained customers' names and Social Security numbers and in some cases, Ameriprise account information.
1/25/2006	University of Delaware	159
1/26/2006	Providence Home Services	365000	Stolen backup tapes and disks containing Social Security numbers, clinical and demographic information. In a small number of cases, patient financial data was stolen.
1/27/2006	College of St. Scholastica	12000
1/28/2006	State of Rhode Island	4118	Hackers obtained credit card information in conjunction with names and addresses.
1/30/2006	Cooks Illustrated
1/31/2006	Washington State Health Care Authority	6000
1/31/2006	Boston Globe / Worcester Telegram and Gazette	240000	Inadvertently exposed. Credit and debit card information along with routing information for personal checks printed on recycled paper used in wrapping newspaper bundles for distribution.
1/31/2006	Honeywell International	19000	Exposed online. Personal information of current and former employees including Social Security numbers and bank account information posted on an Internet Web site.
2/1/2006	University of Colorado CO Springs	2500
2/2/2006	Presbyterian Health Care Service	450
2/4/2006	FedEx	8500	Inadvertently exposed. W-2 forms included other workers' tax information such as SSNs and salaries.
2/6/2006	Regions Bank	100000
2/7/2006	Blue Cross Blue Shield NC	600	Inadvertently exposed. SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan.
2/9/2006	Bank of America / OfficeMax	200000	Hacking. Debit card accounts exposed involving bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo).
2/15/2006	Suffolk County Clerks Office NY	7000
2/15/2006	Old Dominion University	601	Exposed online. Instructor posted a class roster containing names and Social Security numbers to a web site.
2/16/2006	Blue Cross Blue Shield Florida	27000	Contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.A judge today ordered a former computer consultant to reimburse the Jacksonville-based health insurer $580,000 for expenses related to his theft .
2/16/2006	United States Department of Agriculture	350000	Inadvertently exposed Social Security and tax identification numbers in FOIA request.
2/16/2006	University of Washington Med Ctr.
2/17/2006	Mount St. Mary's Hospital		Two laptops containing date of birth, address and Social Security numbers of patients was stolen in an armed robbery in the New Jersey.
2/17/2006	Pelican Bay State Prison		Inmates gained access to files containing employees' Social Security numbers, birth dates and pension account information stored in warehouse.
2/18/2006	University of Northern Iowa	6000	Hacking. Laptop computer holding W-2 forms of student employees and faculty was illegally accessed.
2/20/2006	Alltel
2/22/2006	Univ. Texas MD Anderson	4000
2/22/2006	New Hampshire DMV
2/23/2006	McAfee	9000	External auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee employees.
2/23/2006	Denver International Airport
2/25/2006	Ernst & Young		Laptop stolen from employee's car with customers' personal information including Social Security numbers.
3/1/2006	Medco Health Solutions Inc.	4600	Stolen laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories.
3/1/2006	OH Secretary of State's Office		SSNs, dates of birth, and other personal data of citizens routinely posted on a State web site as part of standard business practice.
3/2/2006	Hamilton County Clerk of Courts	1300000	SSNs, other personal data of residents posted on county Web site, were stolen and used to commit identity theft.
3/2/2006	Olympic Funding Chicago		3 hard drives containing clients names, Social Security numbers, addresses and phone numbers stolen during break in.
3/2/2006	Los Angeles Cty. Dept. of Social Services	2000000	File boxes containing names, dependents, Social Security numbers, telephone numbers, medical information, employer, W-2, and date of birth were left unattended and unshredded.
3/3/2006	Metropolitan State College	93000	Stolen laptop containing names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester.
3/5/2006	Georgetown University	41000	Hacking. Personal information including names, birthdates and Social Security numbers of District seniors served by the Office on Aging.
3/8/2006	Verizon		2 stolen laptops containing employees' personal information including Social Security numbers.
3/8/2006	iBill	17781462	Dishonest insider or possibly malicious software linked to iBill used to post names, phone numbers, addresses, e-mail addresses, Internet IP addresses, logins and passwords, credit card types and purchase amount online. Credit card account numbers, expiration dates, security codes, and SSNs were NOT included, but in our opinion the affected individuals could be vulnerable to social engineering to obtain such information.
3/11/2006	CA Dept. of Consumer Affairs (DCA)		Mail theft. Applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms include full or partial Social Security numbers, driver's license numbers, and potentially payment checks.
3/14/2006	Buffalo Bisons Web Site		Hacker accessed sensitive financial information including credit card numbers names, passwords of customers who ordered items online.
3/14/2006	General Motors	100	Dishonest insider keep Social Security numbers of co-workers to perpetrate identity theft.
3/15/2006	Ernst & Young		Laptop lost containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP employees exposed.
3/16/2006	Bananas.com	274	Hacker accessed names, addresses, phone numbers and credit card numbers of customers.
3/22/2006	District of Columbia Board of Elections and Ethics
3/22/2006	Hewlett Packard	196000
3/23/2006	Fidelity Investments	196000	Stolen laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was stolen.
3/24/2006	CA State Employment Development Division	64000	Computer glitch sends state Employment Development Division 1099 tax forms containing Social Security numbers and income information to the wrong addresses, potentially exposing those taxpayers to identity theft.
3/24/2006	California State University Dominguez Hills	2486
3/24/2006	Vermont State Colleges	14000	Laptop stolen containing Social Security numbers and payroll data of students, faculty and staff associated with the five-college system from as long ago as 2000.
3/26/2006	Florida Department of Management Services	108000
3/29/2006	University of Nebraska Lincoln	342
3/30/2006	Connecticut Tech High School Sys.	1250	Social Security numbers of students and faculty mistakenly distributed via email.
3/30/2006	Georgia Technology Authority	553000	Hacker exploited security flaw to gain access to confidential information including Social Security numbers and bank-account details of state pensioners.
3/30/2006	United States Marine Corp	207750	Portable drive lost that contains personal information used for research on re-enlistment bonuses.
3/31/2006	LA County Dept. Social Services	94000
4/1/2006	Shorter College
4/1/2006	Con Edison	15704	Con Edison shipped 2 cartridge tapes to JPMorgan Chase in upstate Binghamton so it could input data on behalf of the NY Dept. of Taxation and Finance. One tape was apparently lost containing employees' W-2 data, including names, addresses, SSNs, taxes paid and salaries.
4/3/2006	Authorize.net	3000
4/6/2006	Progressive Casualty Insurance	13	Dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure properties she was interested in buying.
4/7/2006	DiscountDomainRegistry.com		Exposed online. Domain registrants' personal information including usernames, passwords and credit card numbers were accessible online.
4/9/2006	Univ. of Medicine Dentistry NJ	2000	Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni.
4/10/2006	Broward Co. Records Division FL
4/12/2006	Ross-Simons	32000	Security breach exposed account and personal information of those who applied for its private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants.
4/13/2006	Fifth Third Bank	1000
4/14/2006	University of South Carolina	1400	Social Security numbers of students were mistakenly e-mailed to classmates.
4/14/2006	Voluntary Employees Benefit Association of Hawaii	40000
4/14/2006	NewTech Imaging	40000	Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaiiwere illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation.
4/15/2006	Scott County, IA		The Social Security numbers of people who obtained mortgages in the early 1990s are visible in documents posted on the county's website. The county will redact the information at the individuals' request.
4/16/2006	Fraser Health Authority
4/21/2006	Boeing Co.	3664	A laptop was taken from a Boeing human resources employee at Sea-Tac airport. It contained SSNs and other personal information, including personnel information from the 2000 acquisition of Hughes Space and Communications
4/21/2006	Impac	92
4/21/2006	Ohio University Innovation Center		a server containing data including e-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes was compromised.
4/21/2006	University of Alaska Fairbanks	38941	A hacker accessed names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff.
4/23/2006	Univ. Texas McCombs Business	197000	Hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members.
4/24/2006	University of Virginia
4/26/2006	Clydesdale Bank - Morgan Stanley	2000
4/26/2006	Purdue University Elec. Comp. Eng.	1351	Hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships.
4/26/2006	Aetna Inc.	39000	Laptop containing personal information including names, addresses and Social Security numbers of Dept. of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car.
4/27/2006	Long Island Railroad	20000	Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of 'virtually everyone' who worked for the agency was lost by delivery contractor Iron Mountain while enroute. Data tapes belonging to the U.S. Department of Veteran's Affairs may also have been affected.
4/28/2006	Ohio's Secretary of State	7700000	The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained SSNs, which were not supposed to have been included on the CDs.
4/28/2006	U.S. Department of Defense	14000	Hacker accessed a Tricare
5/1/2006	Ohio University		A breach of a computer that hosted a variety of Web-based forms, including some that processed on-line business transactions. Although this computer was not set up to store personal information, investigators did discover files that contained fragments of personal information, including Social Security numbers. The data is fragmentary and it is not certain if the compromised information can be traced to individuals. Also found on the computer were 12 credit card numbers that were used for event registration.
5/1/2006	Ohio University	2480	A breach was discovered on a computer that housed IRS 1099 forms for vendors and independent contractors for calendar years 2004 and 2005.
5/2/2006	Ohio University	137000	Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum.
5/2/2006	State of Georgia		Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens.
5/4/2006	Idaho Power Company		Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO.
5/5/2006	Wells Fargo	39442	Computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another.
5/11/2006	Columbus Bank and Trust	2000
5/11/2006	Ohio University Hudson Health Center	60000	Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students.
5/12/2006	Mercantile Potomac Bank	48000	Laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates.
5/16/2006	American Institute of CPAs	330000	An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company.
5/16/2006	University of California Berkeley	1200
5/17/2006	M & T Bank	2524	Laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name.
5/18/2006	American Red Cross	8000	Dishonest employee had access to Social Security numbers of donors to call urging them to give blood again. The employee misused the persoal information of at least 3 people to perpetrate identity theft and had access to the personal information of 1 million donors.
5/19/2006	Frost Bank	100
5/19/2006	Unknown retail merchant		Visa, MasterCard, and other debit and credit card numbers from banks across the country were stolen when a national retailer's database was breached. No names, Social Security numbers or other personal identification were taken.
5/22/2006	U.S. Department of Veterans Affairs	26500000	On May 3, data of all American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone numbers and addresses, were stolen from a VA employee's home. Theft of the laptop and computer storage device included data of 26.5 milliion veterans. The data did not contain medical or financial information, but may have disability numerical rankings.
5/23/2006	Butler Co. Dept.of Mental Retardation Developmental Disabilities	100	Three laptop computers were stolen 'last month' from the agency's office. They contained personal information on mental health clients, including SSNs.
5/23/2006	Mortgage Lenders Network USA	231000	A former employee was arrested for extortion for attempting to blackmail his former employer for $6.9 million. He threatened to expose company files containing sensitive customer information - including customers' names, addressess, Social Security numbers, loan numbers, and loan types - if the company didn't pay him. He stole the files over the 16 months he worked there.
5/23/2006	University of Delaware Dept. Public Safety	1076	Security breach of a Department of Public Safety computer server potentialy exposes names, Social Security numbers and driver's license numbers.
5/24/2006	Sacred Heart University	135000	It was discovered on May 8th that a computer containing personal information including names, addresses and Social Security numbers was breached.
5/25/2006	Security Savings Bank	13
5/26/2006	California State University Stanislaus	1294
5/30/2006	Florida International University		Hacker accessed a database that contained personal information, such as student and applicant names and Social Security numbers.
5/31/2006	Texas Guaranteed Student Loan Corp.	1300000	Texas Guaranteed (TG) was notified by subcontractor Hummingbird that on May 24, an employee had lost a piece of equipment containing names and Social Security numbers of TG borrowers.
5/31/2006	VyStar Credit Union	34000	Hacker gained access to member accounts 'a few weeks ago' and stole personal information including names, addresses, birth dates, mother's maiden names, SSNs and/or email addresses.
5/31/2006	Humana	268	On May 5, 2006, Medicare drug benefit applications were stolen from an insurance agent's unlocked car in Brooklyn Park, MN. Information included applicants' name, address, date of birth, Social Security number, and bank routing information.
6/1/2006	Hotels.com	243000
6/1/2006	Miami Ohio University	851	An employee lost a hand-held personal computer containing personal information of students who were enrolled between July 2001 and May 2006.
6/1/2006	University of Kentucky	1300	Personal information of current and former University of Kentucky employees including Social Security numbers was inadvertently accessible online for 19 days last month.
6/1/2006	YMCA of Greater Providence	65000	Laptop computer containing personal information of members was stolen. The information included credit card and debit card numbers, checking account information, Social Security numbers, the names and addresses of children in daycare programs and medical information about the children, such as allergies and the medicine they take, though the type of stolen information about each person varies.
6/1/2006	Ernst & Young	243000	A laptop containing names, addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas.
6/2/2006	Ahold USA		An EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts.
6/3/2006	Humana Medicare	17000	Personal information of Humana customers enrolled in the company's Medicare prescription drug plans could have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file.
6/3/2006	Buckeye Community Health Plan	72000	Four laptop computers containing customer names, Social Security numbers, and addresses were stolen from the Medicaid insurance provider.
6/5/2006	United States Internal Revenue Service	291	A laptop computer containing personal information of employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth, was lost during transit on an airline flight
6/6/2006	University of Texas El Paso	4719	Students demonstrated that student body and faculty elections could be rigged by hacking into student information including Social Security numbers.
6/7/2006	Colorado Mental Health Institute	287
6/8/2006	University of Michigan Credit Union	5000	Paper documents containing personal information of credit union members were stolen from a storage rooms. The documents were supposed to have been digitally imaged and then shredded. Instead, they were stolen and used to perpetrate identity theft.
6/9/2006	National Nuclear Safety Administration	1500	Names, Social Security numbers, security clearance levels and place of employment for mostly contract employees who worked for National Nuclear Security Administration may have been compromised when a hacker gained entry to a computer system at a service center in Albuquerque, N.M. eight months ago.
6/9/2006	Ohio University	70000
6/10/2006	Nationwide Retirement Systems
6/11/2006	Denver Election Commission	150000	Records containing personal information on more than 150,000 voters are missing at city election offices. The microfilmed voter registration files from 1989 to 1998 were in a 500-pound cabinet that disappeared when the commission moved to new offices in February. The files contain voters' Social Security numbers, addresses and other personal information.
6/12/2006	Fish & Richardson	10
6/13/2006	State of Minnesota		Three laptops possibly containing Social Security numbers of employees and recipients of housing and welfare benefits along with other personal information of local governments the auditor oversees have gone missing.
6/13/2006	Hanford Nuclear Reservation	4000	Current and former workers at the Hanford Nuclear Reservation that their personal information may have been compromised, after police found a 1996 list with workers' names and other information in a home during an unrelated investigation.
6/13/2006	Oregon Department of Revenue	2200	Electronic files containing personal data of Oregon taxpayers may have been compromised by an ex-employee's downloaded a contaminated file from a porn site. The 'trojan' attached to the file may have sent taxpayer information back to the source when the computer was turned on.
6/14/2006	American International Group	969000	The computer server was stolen on March 31 containing personal information including names, Social Security numbers, birth dates, and some medical and disability information.
6/16/2006	New York State Comptrollers Office	1300	State controller data cartridge containing payroll data of employees who work for a variety of state agencies was lost during shipment. The data contained names, salaries, Social Security numbers and home addresses.
6/16/2006	Union Pacific	30000	On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates and Social Security numbers.
6/16/2006	ING	8500	Two ING laptops that carried sensitive data affecting of Jackson Health System hospital workers were stolen in December 2005. The computers, belonging to financial services provider ING, contained information gathered during a voluntary life insurance enrollment drive in December and included names, birth dates and Social Security numbers.
6/17/2006	Automatic Data Processing	80	Personal and payroll information of workers were intended to be faxed between ADP offices and were mistakenly sent to a third party.
6/17/2006	CA Dept. of Health Services (CDHS)	1550	CDHS documents were inappropriately emptied from an employee's cubicle on June 5 and 9 rather than shredded.
6/17/2006	Western Illinois University	240000	On June 5th, a hacker compromised a University server that contained names, addresses, credit card numbers and Social Security numbers of people connected to the University.
6/18/2006	ING U.S. Financial Services	13000	Laptop stolen from employee's home containing retirement plan information including Social Security numbers of D.C. city employees.
6/20/2006	Equifax Inc.	2500	On May 29, a company laptop containing employee names and partial and full Social Security numbers was stolen from an employee.
6/20/2006	New Jersey Department of Labor and Workforce Development	498
6/20/2006	University of Alabama Birmingham	9800	In February a computer was stolen from a locked office of the kidney transplant program at the University of Alabama at Birmingham that contained confidential information of donors, organ recipients and potential recipients including names, Social Security numbers and medical information.
6/21/2006	Lancaster General Hospital		A desktop computer with personal information of hundreds of doctors was stolen from a locked office June 10. The unencrypted data included names, practice addresses, and SSNS of physicians on medical and dental staff.
6/21/2006	Cape Fear Valley Health System	24350	Portable computer containing personal information of more than 24,000 people was stolen from ambulance of Cumberland Co. Emergency Medical Services on June 8th. It contained information on people treated by the EMS, including names, addresses, and birthdates, plus SSNs of 84% of those listed.
6/21/2006	Cumberland County Emergency Medical Services	24000
6/22/2006	University of Kentucky	6500	The personal data of current and former students including classroom rosters names, grades and Social Security numbers was reported stolen on May 26 following the theft of a professor's flash drive.
6/22/2006	United States Department of Agriculture	26000	During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors.
6/22/2006	Federal Trade Commission	110	Two laptop computers containing personal and financial data were stolen from an employee's vehicle. The data included names, addresses, Social Security numbers, dates of birth, and in some instances, financial account numbers gathered in law enforcement investigations.
6/23/2006	CA Dept. of Health Services (CDHS)	323	On June 12, a box of Medi-Cal forms from December 2005 were found in the cubicle of a CDHS employee. The claim forms contained the names, addresses, Social Security numbers and prescriptions for beneficiaries or their family members.
6/23/2006	San Francisco State University	3000	a faculty member's laptop was stolen from a car on June 1 that contained personal information of former and current students including Social Security numbers, and names and ins some instance, phone numbers and grade point averages.
6/23/2006	United States Navy	28000	Navy personnel were notified on June 22 that a civilian web site contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.
6/24/2006	Catawba County Schools	619	On June 22, it was discovered that a web site posted names, Social Security numbers, and test scores of students who had taken a keyboarding and computer applications placement test during the 2001-02 school year.
6/24/2006	Social Security Administration	228
6/26/2006	King County Elections		Social Security numbers for potentially thousands of current and former county residents may be exposed on the agency's web site. Residents can request that the image of any document that contains a Social Security number, Mother's Maiden Name or Drivers License be removed. Officials state that they are unable to alter original public documents and cannot choose to not record documents presented for recording.á
6/27/2006	AAAAA Rent-A-Space	13000	Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in its online payment system.
6/27/2006	Government Accountability Office	1000	Data from audit reports on Defense Department travel vouchers from the 1970s were inadvertently posted online and included some service members' names, Social Security numbers and addresses. The agency has subsequently removed the information.
6/28/2006	Minnesota Department of Revenue	2400	On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers.
6/29/2006	Allstate	27000	Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.
6/29/2006	Nat.Institutes of Health Federal Credit Union	41000	NIHFCU is investigating with law enforcement the identity theft of some of its 41,000 members. No details given on type of information stolen, or how it was stolen.
6/29/2006	Nebraska Treasurer's Office	300000	A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses.
6/30/2006	U.S. Department of Veterans Affairs	16000	A data tape disappeared from a VA facility in Indianapolis, IN that contained information on legal cases involving U.S. veterans and included veterans' Social Security numbers, dates of birth and legal documents.
6/30/2006	Washington Regional Medical Center	5000
7/1/2006	American Red Cross		Sometime in May, 3 laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005.
7/5/2006	Bisys Group Inc.	61000	Personal details about 61,000 hedge fund investors were lost when an employee's truck carrying backup tapes was stolen. The data included SSNs of 35,000 individuals. The tapes were being moved from one Bisys facility to another on June 8 when the theft occurred.
7/6/2006	Automatic Data Processing		Payroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley , Bear Stearns, Citigroup, Merrill Lynch.
7/6/2006	University of Tennessee	36000	Hacker broke into UT computer containing names, addresses and SSNs of about 36,000 past and current employees. Intruder apparently used computer from Aug. '05 to May '06 to store and transmit movies.
7/7/2006	Hattiesburg City Hall		Video surveillance cameras caught 2 intruders stealing hard drives from 18 computers June 23. Data files contained names, addresses, and SSNs of current and former city employees and registered voters as well as bank account information for employees paid through direct deposit and water system customers who paid bills electronically.
7/7/2006	Montana Public Health and Human Services		A state government computer was stolen from the office of a drug dependency program. during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised.
7/7/2006	National Association of Securities Dealers	73	Ten laptops were stolen on Feb. 25 '06 from NASD investigators. They included SSNs of securities dealers who were the subject of investigations involving possible misconduct. Inactive account numbers of about 1,000 consumers were also contained on laptops.
7/7/2006	United States Navy	100000	SSNs and other personal information of naval and Marine Corps aviators and air crew, both active and reserve, were exposed on Center web site and on 1,100 computer discs mailed to naval commands.
7/13/2006	Moraine Park Technical College	1500	Computer disk (CD) with personal information of 1,500 students was reported missing. Information includes names, addresses, phone numbers & SSNs of apprenticeship students back to 1993.
7/14/2006	Northwestern University	17000	Files containing names and some personal information including SSNs were on 9 desktop computers that had been accessed by unauthorized persons outside the University. The computers were in the Office of Admissions and Financial Aid Office.
7/14/2006	Treasurer's computer in Circuit Court Clerk's office		Public computer in city government building containing taxpayer information was found to display SSNs of many residents -- those who paid personal property and real estate taxes. It was shut down and confiscated by the police on July 12th.
7/14/2006	California Polytechnic State University (Cal Poly)	3020	Laptop computer was stolen from the home of a physics department professor July 3. It included names and SSNs of physics and astronomy students from 1994-2004. (Date of letter sent to students. Date of news story is 8/1/06)
7/14/2006	University of Iowa	280	Laptop computer containing personal information of current and former MBA students was stolen. Data files included SSNs and some contact info.
7/14/2006	Hampton Circuit Court
7/16/2006	Mississippi Secretary of State		The state agency's web site listed 2 million+ Uniform Commercial Code (UCC) filings in which thousands of individuals' SSNs were exposed.
7/17/2006	Vassar Brothers Medical Center		Laptop was stolen from the emergency department between June 23-26. It contained information on patients dating back to 2000, including SSNs and dates of birth.
7/18/2006	CS Stars, subsidiary of insurance company Marsh Inc.	540000	On May 9, CS Stars lost track of a personal computer containing records of more than a half million New Yorkers who made claims to a special workers' comp fund. The lost data includes SSNs and date of birth but apparently no medical information.
7/18/2006	Nelnet Inc.	188000	Computer tape containing personal information of student loan customers and parents, mostly from Colorado, was lost when shipped via UPS. The loans were previously serviced by College Access Network
7/18/2006	United States Department of Agriculture	350	Laptop computer and printout containing names, addresses and SSNs of 350 employees was stolen from an employee's car and later recovered.
7/21/2006	BCTGM Local 192 Union	140
7/21/2006	Special Funds Conservation Committee	540000
7/24/2006	Wolters Kluwer	8500
7/24/2006	New York Department of Homeless Services	8400	The personal information of 8,400 homeless persons, including SSNs, was leaked in an e-mail attachment July 21, when accidentally sent to homeless advocates and city officials.
7/25/2006	Old Mutual Capital Inc	6500	Laptop was stolen sometime in May containing personal information of U.S. clients, including names, addresses, account numbers and some SSNs.
7/25/2006	Georgetown University Hospital	23000	Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX.
7/25/2006	Armstrong World Industries	12000	A laptop containing personal information of current and former employers was stolen. The computer was in the possession of the company's auditor, Deloitte & Touche. Data included names, home addresses, phone numbers, SSNs, employee ID numbers, salary data, and bank account numbers of employees who have their checks directly deposited.
7/25/2006	Cablevision	13700	A tape en route to the company's 401(k) plan record-keeper ACS was lost when shipped by FedEx to Dallas, TX. No customer data was on the tape. (lost when shipped to Dallas-based ACS)
7/26/2006	United States Navy	31000	Two laptop computers with information on Navy recruiters and applicants were stolen in June and July. Also included was information from selective service and school lists. About 4,000 records contained SSNs. Files were password protected.
7/27/2006	Kaiser Permanente	160000	A laptop was stolen containing names, phone numbers, and the Kaiser number for each HMO member. The data file did not include SSNs. The data was being used to market Hearing Aid Services to Health Plan members.
7/27/2006	Los Angeles Count Adult Protective Services		Last weekend 11 laptops were stolen from the Burbank office. It is not clear what type of personal information was included.
7/27/2006	Los Angeles County Community Development Commission	4800	Earlier in July, a computer hacker located in Germany gained access to the CDC's computer system, containing personal information on 4,800 public housing residents.
7/27/2006	Los Angeles County Dept. Community Senior Services		In May, a laptop was stolen from the home of a community and senior services employee. It contained information on LA County employees.
7/28/2006	Lancaster General Hospital
7/28/2006	Riverside, Calif., city employees	2000	The SSNs and financial information regarding 401(k) accounts was accidentally e-mailed to 2,300 city employees due to a computer operator's error. The data was intended for the city payroll dept.
7/29/2006	Sentry Insurance	112198	Personal information including SSNs on worker's compensation claimants was stolen, some of which was later sold on the Internet. No medical records were included. The thief was a lead programmer-consultant who had access to claimants' data. The consultant was arrested and faces felony charges.
8/1/2006	Ron Tonkin Nissan	16000	Several months ago the car dealership experienced a security breach affecting the personal information of those who bought cars or applied for credit between 2001 and March 2006.
8/1/2006	Wichita State University	40	An intrusion into a WSU psychology department's server was discovered July 16. It contained information on about 40 applicants to the doctoral program.
8/1/2006	U.S. Bank		A bank employee's briefcase was stolen from the employee's car with documents containing names, phone numbers, and SSNs of customers.
8/1/2006	CoreLogic for ComUnity Lending		In early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNS, and property addresses related to an existing or anticipated mortgage loan.
8/1/2006	Cal Poly	3020
8/1/2006	Wichita State University	2040	WSU learned on June 29 that someone gained unauthorized access into 3 computers in its College of Fine Arts box office, containing credit card information for about 2,000 patrons.
8/1/2006	Dollar Tree	150	Customers of the discount store have reported money stolen from their bank accounts due to unauthorized ATM withdrawals. Data may have been intercepted by a thief's use of a wireless laptop computer with the thief then creating counterfeit ATM cards and using them to withdraw money.
8/2/2006	Belhaven College	300	An employee carrying laptop was robbed at gunpoint on July 19 while walking to his car. Computer contained names and SSNs of college employees.
8/2/2006	Vassar Brothers Medical Center	257800
8/2/2006	West Virginia Div. of Rehabilitiation Services		A laptop was stolen July 24 containing clients' names, addresses, SSNs, and phone numbers. Data was password protected.
8/4/2006	Matrix Bancorp Inc.		Two laptop computers were stolen during daytime while staffers were away from their desks. One computer contained customers' account information. The bank says data is encrypted and password protected.
8/4/2006	PSA HealthCare	51000	A company laptop was stolen from an employee's vehicle in a public parking lot July 15. It contained names, addresses, SSNs, and medical diagnostic and treatment information used in reimbursement claims.
8/4/2006	Toyota	1500	Laptop belonging to contractor and containing personal information of job applicants and employees was stolen. Data included names and SSNs.
8/6/2006	American Online (AOL)		In late July AOL posted on a public web site data on 20 million web queries from 650,000 users. Some search records exposed SSNs, credit card numbers, or other pieces of sensitive information.
8/8/2006	Virginia Bureau of Insurance	202000	The Bureau has advised insurance agents in the state that their SSN may have been exposed on its web site from June 13 through July 31, 2006, due to a programming error. The SSNs were not shown on any web page, but could have been found by savvy computer users using the source code tool of a web browser.
8/8/2006	Linens n Things	90	A folder holding about 90 receipts was missing from the store. Receipts included full credit or debit account number and name of the card holder.
8/8/2006	U.S. Department of Veterans Affairs	38000	Computer at contractor's office was reported missing Aug. 3, containing billing records with names, addresses, SSNs, and dates of birth of veterans at 2 Pennsylvania locations.
8/9/2006	U.S. Department of Transportation	133000	The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County; 42,800 persons in FL with FAA pilot certificates; and 9,000 persons with FL driver's licenses.
8/11/2006	Madrona Medical Group	6000	On Dec. 17, 2005, a former employee accessed and downloaded patient files onto his laptop computer. Files included name, address, SSN, and date of birth. The former employee has since been arrested.
8/15/2006	U.S. Dept. of Transportation		On April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information.
8/15/2006	University of Kentucky	630	The names and SSNs of 630 students were posted on the University's financial aid web site between Friday and Monday, Aug. 11-14.
8/15/2006	University of Kentucky Department of Geography	80	About 80 geography students were notified Aug. 14 that their SSNs were inadvertently listed on an e-mail communication they all received telling them who their academic advisor would be for the coming year.
8/16/2006	Chevron		Chevron informed its U.S. workers Aug. 14 that a laptop was stolen from 'an employee of an independent public accounting firm' who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans.
8/17/2006	Williams-Sonoma	1200	On July 10, a laptop was stolen from the Los Angeles home of a Deloitte & Touche employee who was conducting an audit for W-S. Computer contained employees' payroll information and SSNs.
8/17/2006	HCA Inc.	7000	10 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA. 'thousands of files' Hospital Corp. of America
8/18/2006	California Department of Mental Health	9468	Computer tape with employees' names, addresses, and SSNs has been reported missing. Employees were notified Aug. 17 by e-mail.
8/22/2006	Beaverton School District	1600	Time slips revealing personal information were missing and presumed stolen following a July 24 break-in at a storage shed on the administration office's property. The time slips included names and SSNs but not addresses.
8/22/2006	Troy Beaumont Hospital	28473	A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.
8/22/2006	Aflac	612	A laptop containing customers' personal information was stolen from an agent's car. It contained names, addresses, SSNs, and birth dates of 612 policyholders. They were notified Aug. 11. American Family Life Assurance Co.
8/23/2006	United States Department of Education	21000	A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the Department's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies.
8/25/2006	Verizon Wireless	5000
8/25/2006	Federal Motor Carrier Safety Administration	193
8/25/2006	Sovereign Bank		Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.
8/25/2006	U.S. Dept. of Transportation, Federal Motor Carrier Safety Administration	193	A laptop that 'might contain' personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.
8/25/2006	Dominion Resources	1700	Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.
8/26/2006	PortTix	2000	Credit card information for about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site. PortTix is Merrill Auditorium's ticketing agency. The Web site was secured as of Aug. 24.
8/26/2006	University of South Carolina	6000	A security audit this summer found that a computer server was hacked in Sept. 2005. A database could have been accessed with names, SSNs, and birthdates of current and former students.
8/27/2006	New Mexico Administrative Office of the Courts	1500	For 8 days in late May, an unsecured document was exposed on the agency's FTP site on the state's computer server. It contained names, birth dates, SSNs, home addresses and other personal information of judicial branch employees. The FTP site was shut down June 2 and has since be redesigned.
8/29/2006	AT&T	19000	Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying 'fewer than 19,000' customers.' via vendor that operates an order processing computer
8/29/2006	Compass Health	8000	Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.
8/29/2006	United States Department of Education	43	Two laptops were stolen from DTI's office in downtown DC containing personal information on 43 grant reviewers for the Teacher Incentive Fund. DTI could not rule out that the data included SSNs.
8/29/2006	Valley Baptist Medical Center	73	A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.
8/31/2006	Diebold, Inc.		An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.
8/31/2006	LabCorp		During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.
9/1/2006	City of Chicago	38443	A laptop was stolen from the home of contractor's employee last April 2005. It was reported to the city July 2006 more than a year later. Data included names, addresses, phone numbers, birthdates and SSNs for those in the city's deferred compensation plan.
9/1/2006	Virginia Commonwealth University	2100	Personal information of freshmen and graduate engineering students from 1998 through 2005 was exposed on the Internet for 8 months (Jan. - Aug.) due to human error. It was discovered by a student who used a search engine to find her name. The data included SSNs and e-mail addresses.
9/1/2006	Wells Fargo		In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company.
9/2/2006	Lloyd's of London		A thief reprogrammed more than 150 Lloyd's of London credit card numbers onto phone cards and used them to withdraw money from an ATM in Port St. Lucie, FL (stealing more than $20,000 over 3 days). Key personal and financial information had been skimmed from the magnetic strip on the victims' cards.
9/6/2006	Transportation Security Administration	1195	In late August 2006, Accenture, a contractor for TSA mailed documents containing former employees' SSN,, date of birth, and salary information to the wrong addresses due to an administrative error.
9/7/2006	Florida National Guard	100	A laptop computer was stolen from a soldier's vehicle contained training and administrative records, including Social Security numbers of up to 100 Florida National Guard soldiers.
9/7/2006	Chase Card Services	2500000	Chase Card Services mistakenly discarded 5 computer data tapes in July containing Circuit City cardholders' personal information.
9/8/2006	Cleveland Clinic	1130	A clinic employee stole personal information from electronic files and sold it to her cousin, owner of Advanced Medical Claims, who used it to file fraudulent Medicare claims totaling more than $2.8 million. Information included names, SSNs, birthdates, addresses and other details. Both individuals were indicted.
9/8/2006	Linden Lab . Second Life	648420	On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.
9/8/2006	University of Minnesota	13084	On August 14-15 eve, two computers were stolen from the desk of an Institute of Technology employee, containing information on students who were freshmen from 1992-2006 -- including names, birthdates, addresses, phone numbers, high schools attended, student ID numbers, grades, test scores, and, academic probation. SSNs of 603 students were also exposed.
9/11/2006	Telesource		Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses. via Vekstar
9/12/2006	City of Paris Kentucky	100
9/13/2006	American Family Insurance	2000	The office of an insurance agent was broken into and robbed last July. Among the items stolen was a laptop with customers' names, SSNs, and driver's license numbers.
9/14/2006	Illinois Department of Corrections	16500	A document containing employees' personal information was found outside the agency's premises 'where it should not have been.' It has since been retrieved. Information included employees' names, SSNs, and salaries.
9/14/2006	Nikon Inc.	3235	Workers at a Montgomery, AL, camera store discovered that subscription information for the magazine Nikon World was exposed on the Web for at least 9 hours. Data included subscribers' names, addresses and credit card numbers.
9/15/2006	Berks County Pennsylvania	25000	A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.
9/15/2006	Mercy Medical Center Merced	295	A memory stick containing patient information was found July 18 by a local citizen on the ground at the County Fairgrounds near the hospital's information booth. It was returned to the hospital 4 weeks later. Data included names, SSNs, birthdates, and medical records.
9/15/2006	University of Texas at San Antonio	64000
9/16/2006	Michigan Department of Community Health	4000	Residents who participated in a scientific study were notified that a flash drive was discovered missing as of Aug. 4, and likely stolen, from an MDCH office.The portable memory device contained names, addresses, phone numbers, dates of birth, and SSNs of participants. The study tracked the long-term exposure to flame retardents ingested by residents in beef and milk.
9/16/2006	Howard Rice	500	A laptop was stolen from the trunk of the car of the law firm's auditor, containing confidential employee pension plan information -- names, SSNs, remaining balances, 401(k) and profit-sharing information.
9/16/2006	Beaumont Hospital	3	The hospital mistakenly mailed medical reports on 3 patients to a retired dentist in Texas. Reports included name, test results, date of birth and patient ID numbers. The hospital admitted to both human and computer error. A new computer system mixed similar names, and staff did not catch it.
9/17/2006	Direct Loan	21000	A security breach exposed private information of student loan borrowers from Aug. 20-22 during a computer software upgrade. Users of the Direct Loans Web site were able to view information other than their own if they used certain options. SSNs were among the data elements exposed online.
9/17/2006	Whistle Junction		Personnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees,
9/18/2006	DePaul Medical Center	100	Two computers were stolen, one on August 28 and the other Sept. 11. Personal data included names, date of birth, treatment information, and some SSNs.
9/19/2006	Life Is Good	9250	Hackers accessed the retailer's database containing customer's credit card numbers. The company said no other personal information was in the database.
9/20/2006	City of Savannah	8800	Because of a 'hole in the firewall,'a City server exposed personal information online for 7 months. Individuals identified by the Red Light Camera Enforcement Program are affected -- name, address, driver's license number, vehicle identification number, and SSNs of those individuals whose driver's license number is still the SSN.
9/20/2006	Berry College	2093	Student applications for need-based financial aid were misplaced by a consultant -- in both paper and digital form. Data included name, SSN, and reported family income for students and potential students for the 2005-06 academic year.
9/21/2006	U.S. Dept. of Commerce and Census Bureau		The agency reported that 1,137 laptops have been lost or stolen since 2001. Of those, 672 were used by the Census Bureau, with 246 of those containing personal data. Secretary Gutierrez said the computers had 'protections to prevent a breach of personal information.'
9/21/2006	Pima County Health Department	2500	Vaccination records on 2,500 clients had been left in the trunk of a car that was stolen Sept. 12. The car and records have since been recovered. Records included names, dates of birth and ZIP codes, but no SSNs or addresses.
9/22/2006	Bank of America		Stolen laptop with info of Visa Buxx users (debit cards)
9/22/2006	University of Colorado at Boulder	1372	Two computers had been placed in storage during the school's move to temporary quarters in May. When they were to be retrieved Aug. 28, they were found missing. They had been used by 2 faculty members and included students' names, SSNs, and grades.
9/22/2006	Purdue University	2482	A file in a desktop computer in the Chemistry Department may have been accessed illegitimately. The file contained names, SSNs, school, major, and e-mail addresses of people who were students in 2000.
9/22/2006	Several Indianapolis pharmacies		Earlier this year a local TV reporter from WTHR found that 'dozens' of pharmacies disposed of customer records in unsecured garbage bins. Now the Indiana Board of Pharmacy has launched an investigation of 30 pharmacies. Both the Board and the Attorney General say that the pharmacies violated state law.
9/23/2006	Erlanger Hospital	4150	Records of hospital employees disappeared from a locked office on Sept. 15. They were stored on a USB 'jump drive.' Information was limited to names and SSNs. Those affected included anyone who went through job 'status changes' from Nov. 2003 to Sept. 2006.
9/23/2006	An illegal dumping site northwest of Quinlan, TX		Investigators found boxes of private medical records containing names and personal information of patients of a doctor who lives in Dallas and who has a Greenville, TX, practice. They had apparently been dumped there by a contractor who was hired to remodel his house. The contractor was indicted on a charge of illegal dumping.
9/25/2006	General Electric	50000	An employee's laptop computer holding the names and Social Security numbers of approximately 50,000 current and former GE employees was stolen from a locked hotel room while he was traveling for business.
9/25/2006	Movie Gallery		A large number of Movie Gallery's files and videos were found in a dumpster. The files contained personal information of people employed by Movie Gallery and people applying for jobs at the video store as well as people applying for movie rental membership. Movie Gallery has agreed to pay $50,000 to the State of NC.
9/27/2006	America Online
9/28/2006	Illinois Dept. of Transportation	40	Documents found by state auditors in recycling bins in a hallway contained IDOT employee names and SSNs.
9/28/2006	North Carolina Department of Motor Vehicles	16000	A computer was stolen from a NC Dept. of Motor Vehicles office, reported Sept. 10. It contains names, addresses, driver's license numbers, SSNs, and in some cases immigration visa information of 16,000 people who have been issued licenses in the past 18 months. Most are residents of Franklin County.
9/28/2006	Stevens Hospital Emergency Room via dishonest employee of billing company Med Data	30	A manager for the hospital's billing company, Med Data, stole patients' credit card numbers. She gave them to her brother who bought $30,000 worth of clothes and gift cards over the Internet. The woman is scheduled for sentencing in Nov. and her brother's trial is expected Jan. 2007.
9/29/2006	State of Kentucky	146000	State employees received letters from the Kentucky Personnel Cabinet with their SSNs visible through the envelope windows.
9/29/2006	University of Iowa	14500	A computer containing SSNs of 14,500 psychology department research study subjects was the object of an automated attack designed to store pirated video files for subsequent distribution.
10/2/2006	Seattle-Tacoma International Airport	6939	Six CDs missing from the ID Badging office at Seattle-Tacoma International Airport hold the personal information of 6,939 airport workers. The data include names, addresses, birth dates, SSNs and driver's license numbers, telephone numbers, employer information, and height/weight. The data on the disks were scanned from paper applications for airport badges. The port learned of the missing disks on September 18 and sent letters to the affected employees on Oct. 2.
10/3/2006	Cumberland County Pennsylvania	1200	Cumberland County (PA) officials removed salary board meeting minutes from their Web site because they contained the SSNs of 1,200 county employees. The information was included in minutes from meetings prior to 2000. The county no longer uses SSNs as unique identifiers for employees. Employees will be informed of the data breach in a note included with their paychecks.
10/3/2006	Picatinny Arsenal		28 computers are missing from the Picatinny Arsenal, a Department of Defense Weapons Research Center. The computers were reported lost or stolen over the last two years. None of the computers was encrypted. Officials state the computers did not contain classified information.
10/3/2006	Willamette Educational Service District	4500	Seven computers stolen from a Willamette Educational service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.
10/4/2006	Orange County Controller (FL)		A Florida woman discovered her marriage license was visible on the Orange County (FL) controller's Web site with no information blacked out, not even SSNs. She discovered the breach because someone had applied for a loan in her name. The Orange County Comptroller is reportedly paying a vendor $500,000 to black out all SSNs by January 2008.
10/5/2006	Capistrano Unified School District
10/5/2006	San Juan Capistrano Unified School District (CA)		Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program.
10/6/2006	Camp Pendleton Marine Corps Base	2400	A laptop missing from Lincoln B.P. Management Inc. holds personally identifiable data about 2,400 Camp Pendleton residents.
10/6/2006	Cleveland Air Route Traffic Control Center	400	A computer hard drive missing from the Cleveland Air Route Traffic Control Center in Oberlin (OH) contains the names and SSNs of at least 400 air traffic controllers.
10/9/2006	Troy Athens High School		A hard drive stolen from Troy Athens High School in August contained transcripts, test scores, addresses and SSNs of students from the graduating classes of 1994 to 2004. The school district and the superintendent have notified all affected alumni by regular mail. (Letter mailed Oct. 5, 2006)
10/11/2006	Republican National Committee	76	The Republican National Committee (RNC) inadvertently emailed a list of donors' names, SSNs and races to a New York Sun reporter.
10/11/2006	Florida Department of Labor	4624	The names and SSNs of 4,624 Floridians were accessible on the Internet for approximately 18 days in September. The data were not accessible through Web sites, but an individual came across the information when Googling his own name. The agency has asked Google to remove the pages from its cache, and has notified all affected individuals by mail.
10/11/2006	Adams State College	184	A laptop computer stolen from a locked closet at Adams State College contained personally identifiable data belonging to 184 high school students who participated in the college's Upward Bound program over the last four years. The theft occurred on August 14, but it was not until late September that staff realized the computer held students' data.
10/12/2006	University of Texas at Arlington	2500	Two computers stolen from a University of Texas faculty member's home hold the names, SSNs, grades, e-mail addresses and other information belonging to approximately 2,500 students enrolled in computer science and engineering classes between fall 2000 and fall 2006. The theft occurred on September 29 and was reported on October 2.
10/12/2006	U.S. Census Bureau		This spring, residents of Travis County, TX helped the Census Bureau test new equipment. When the test period ended, 15 devices were unaccounted for. The Census Bureau and the Commerce Department issued a press release saying the devices held names, addresses and birthdates, but not income or SSNs.
10/12/2006	Congressional Budget Office		Hackers broke into the Congressional Budget Office's mailing list and sent a phishing e-mail that appeared to come from the CBO.
10/13/2006	Orchard Family Practice		When a bankrupt Colorado doctor was evicted from his office, the landlord with help from the sheriff's dept.dumped everything from his office in the parking lot, including file cabinets containing personal information of his patients. Scavengers were seen carting off desks and file cabinets, some containing records. The exposed documents were thought to consist of business records containing names, SSNs, dates of birth, and addresses, but not medical information, which the doctor had previously removed. Sheriff's deputies evicting Dr. Charles Kay put files from his office in a nearby parking lot. In a news report, Dr. Kay said he had removed the patient files but not the business files.
10/13/2006	Ohio Ethics Commission		Papers belonging to the Ohio Ethics Commission were found floating on the wind in an alley. The documents are related to state employees' finances and contained SSNs and financial statements. They were supposed to be in the possession of the state archives.
10/15/2006	Poulsbo Department of Licensing	2200	An unspecified ôstorage deviceö containing personally identifiable data of approximately 2,200 North Kitsap (WA) residents has been lost from the Poulsbo Department of Licensing. The data include names, addresses, photographs and driver's license numbers of individuals who conducted transactions at the Poulsbo branch in late September.
10/16/2006	VISA/FirstBank		FirstBank sent a letter to an unknown number of customers informing them their FirstTeller Visa Check Card numbers were compromised when someone accessed ôa merchant card processor's transaction database.ö The FirstBank letter said customers would receive new cards by October 27.
10/17/2006	City of Visalia California	200	Personally identifiable information of approximately 200 current and former Visalia Recreation Department employees was exposed when copies of city documents were found scattered on a city street.
10/18/2006	Germanton Elementary School		A computer stolen from Germanton Elementary school holds students' SSNs. The data on the computer are encrypted.
10/19/2006	University of Minnesota/Spain	200	In June, a University of Minnesota art department laptop computer stolen from a faculty member while traveling in Spain holds personally identifiable information of 200 students.
10/20/2006	Allina Hospitals and Clinics	33000	A laptop stolen from a nurse's car on October 8 contains the names and SSNs of individuals in approximately 17,000 households participating in the Allina Hospitals and Clinics obstetric home-care program since June 2005.
10/20/2006	T-Mobile	43000	A laptop computer holding personally identifiable information of approximately 43,000 current and former T-Mobile employees disappeared from a T-Mobile employee's checked luggage. T-Mobile has reportedly sent letters to all those affected. The data are believed to include names, addresses, SSNs, dates of birth and compensation information.
10/23/2006	St. Francis Hospital	260000	On July 28, 2006, a contractor working for Advanced Receivables Strategy, a medical billing records company, misplaced CDs containing the names and SSNs of 266,200 patients, employees, physicians, and boad members of St. Francis hospitals in Indiana and Illinois. Also affected were records of Greater Lafayette Health Services. The disks were inadvertently left in a laptop case that was returned to a store. The purchaser returned the disks. The records were not encrypted even though St. Francis and ARS policies require encryption.
10/24/2006	Chicago Board of Election	780000	An official from the not-for-profit Illinois Ballot Integrity Project says his organization hacked into Chicago's voter database, compromising the names, SSNs and dates of birth of 1.35 million residents. The Chicago Election Board is reportedly looking into removing SSNs from the database. Election officials have patched the flaw that allowed the intrusion.
10/25/2006	Department of Homeland Security	900	A thumb drive is missing from the TSA command center at Portland International Airport and believed to contain the names, addresses, phone numbers and Social Security numbers of approximately 900 current and former employees.
10/25/2006	Swedish Medical Center	1100	An employee stole the names, birthdates, and Social Security numbers from patients who were hospitalized or had day-surgeries from June 22 to Sept 21. She used 3 patients' information to open multiple credit accounts.
10/26/2006	Akron Children's Hospital	235903	Overseas hackers broke into two computers at Children's Hospital. One contains private patient data (including Social Security numbers) and the other holds billing and banking information.
10/26/2006	Children's Hospital	242000
10/26/2006	Colorado Department of Human Services	1400000	On Oct. 14, a desktop computer was stolen from a state contractor who processes Colorado child support payments for the Dept. of Human Services. Computer also contained the state's Directory of New Hires.
10/26/2006	Empire Equity Group		Mortgage files that included personal financial details about loan applicants were found in a dumpster. Empire Equity will pay $12,500 to the State of NC.
10/26/2006	Hilb, Rogal & Hobbs	1243	In September 2006, a laptop computer was stolen from the insurance brokerage firm. It contained client information including the names, birthdates, and drivers license numbers of Villanova University students and staff who drive university vehicles.
10/26/2006	Jacobs Neurological Institute		The laptop of a research doctor was stolen from her locked office at the Institute. It included records of patients and her research data.
10/26/2006	LimeWire	75	The Denver Police Dept. reports that LimeWire's file-sharing program was exploited to access personal and financial information from
10/26/2006	Tuscarawas County Ohio		The Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service.
10/27/2006	Gymboree	20000	A thief stole 3 laptop computers from Gymboree's corporate headquarters. They contained unencrypted human resources data (names and Social Security numbers) of thousands of workers.
10/28/2006	Hancock Askew & Co. LLP		On October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew.
10/30/2006	Nissan Motor Co., Ltd.	5379909	The Japanese weekly magazine 'The Weekly Asahi' reported that Nissan experienced the leak of a database containing customers' personal information sometime between May 2003 and February 2004. The data includes the customer name, gender, birth date, address, telephone number, vehicle model owned (including base and class), and license plate number.
10/30/2006	Georgia county clerk of courts' web sites		A Georgia TV station reported that SSNs could be found on some records posted on county clerk of court web sites, specifically for individuals with federal tax liens filed against them. At least one county clerk -- Cherokee County -- is now removing SSNs from the web site.
10/31/2006	Avaya		A laptop stolen from an Avaya employee on October 16 in Florida contained personally identifiable information, including names, addresses, W-2 tax form information and SSNs.
11/1/2006	Home Finance Mortgage, Inc.		Company dumped files containing names, addresses, Social Security numbers, credit card numbers, and bank account numbers of people who had applied for mortgage loans. Home Finance and its owners have agreed to pay the State of NC $3,000 for their violations.á
11/1/2006	U.S. Army Cadet Command	4600	A laptop computer was stolen that contained the names, addresses, telephone numbers, birthdates, Social Security numbers, parent names, and mother's maiden names of applicants for the Army's four-year ROTC college scholarship.
11/2/2006	Muskogee Veterans Affairs Hospital	1400	Three disks containing billing information, patient names and Social Security numbers, were lost in the mail.
11/2/2006	Villanova University	1243
11/2/2006	Manhattan Veterans Affairs Medical Center	1600	On Sept. 6, an unencrypted laptop computer containing veterans' names, Social Security numbers, and medical diagnosis, was stolen from the hopsital.
11/2/2006	Greater Media Inc.		A laptop computer containing the Social Security numbers of the radio broadcasting company's current and former employees was stolen from their Philadelphia offices.
11/2/2006	Compulinx	50	The CEO of Compulinx was arrested for fraudulently using employees' names, addresses, Social Security numbers and other personal information for credit purposes. (It is unclear whether customers' data was also used).
11/3/2006	West Shore Bank	1000	Customers' debit cards and possibly credit cards were compromised from a security break last summer at a common MasterCard point-of-purchase provider.
11/3/2006	Intermountain Healthcare	6244	A computer was purchased at a second-hand store, Deseret Industries, that contained the names, Social Security numbers, employment records, and other personal information about Intermountain Health Care employees employed there in 1999-2000.
11/3/2006	University of Virginia	632	Due to a computer programming error, Student Financial Services sent e-mail messages to students containing 632 other students' Social Security numbers.
11/3/2006	Starbucks	60000	Starbucks lost track of four laptop computers. Two held employee names, addresses, and Social Security numbers.
11/3/2006	Wesco		Wesco gas stations experienced a breach in credit card transactions from July 25-Sept. 7 resulting in inaccurate charges to customer accounts.
11/3/2006	Several Joliet area motels		Motel owners and employees allegedly stole and sold customers' credit card numbers.
11/6/2006	Bowling Green Ohio Police Department	200	The police dept. accidentally published a report on their website containing personal information on nearly 200 people the police had contact with on Oct. 21. Data included names, Social Security numbers, driver's license numbers, etc.
11/7/2006	City of Lubbock Texas	5800	Hackers broke into the city's web site and compromised the online job application database, which included Social Security numbers.
11/10/2006	KSL Services, Inc.	1000	A disk containing the personal information of approximately 1,000 KSL employees is missing. KSL is a contractor for Los Alamos National Laboratory.
11/10/2006	Los Alamos National Laboratory	1000
11/10/2006	ARCO	440	From Sept. 29 to Oct. 9, thieves used card skimmers to steal bank account numbers and PIN codes from gas station customers and used the information to fabricate debit cards and make ATM withdrawals.
11/11/2006	Hertz Global Holdings Inc.	44309	The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee.
11/14/2006	Connors State College	22500	On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships.
11/15/2006	Internal Revenue Service	2359	According to document s obtained under the Freedom of Information Act, 478 laptops were either lost or stolen from the IRS between 2002 and 2006. 112 of the computers held sensitive taxpayer information such as SSNs.
11/15/2006	Boeing Co.	762
11/16/2006	American Cancer Society		An unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any.
11/16/2006	Carson City residents	50	The Sheriff's Department reported that at least 50 residents had their credit card information stolen by employees of local businesses. The employees apparently sell the account information to international crime rings that produce counterfeit cards. The crime is called 'skimming.'
11/17/2006	Automatic Data Processing (ADP)		ADP sent paperwork for a small Wisconsin company to a Cordova, TN coffee house. The paperwork contained names, birth dates, SSNs, addresses, salaries, and bank account and routing numbers
11/17/2006	Jefferson College of Health Sciences	143	An email containing the names and SSNs of 143 students intended for one employee was inadvertently sent to the entire student body of 900.
11/20/2006	New York City Administration for Childrens Services		More than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers.
11/25/2006	Indiana Department of Health	7500	Two computers stolen from an Indiana state health department contractor contained the names, addresses, birth dates, SSNs and medical and billing information for more than 7,500 women. The data were collected as part of the state's Breast and Cervical Cancer Program.
11/27/2006	Johnston County North Carolina		Personal data, including SSNs, of thousands of taxpayers, were inadvertently posted on the county web site. The information was removed from the site within an hour after officials became aware of the situation.
11/27/2006	Chicago Public Schools	1740	A company hired to print and mail health insurance information to former Chicago Public School employees mistakenly included a list of the names, addresses and SSNs of the nearly 1,740 people receiving the mailing. Each received the 125-page list of the 1,740 former employees.
11/27/2006	Greenville South Carolina County School District	100000	School district computers sold to the WH Group at auctions between 1999 and early 2006 contained the birth dates, SSNs, driver's license numbers and Department of Juvenile Justice records of approximately 100,000 students. The computers also held sensitive data for more than 1,000 school district employees.
11/28/2006	Kaiser Permanente Colorado	38000	A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs.
11/29/2006	California State University Los Angeles	2882	An employee's USB drive was inside a purse stolen from a car trunk. It contained personal information on 48 faculty members and more than 2,500 students and applicants of a teacher credentialing program. Information included names, SSNs, campus ID numbers, phone numbers, and e-mail addresses.
11/30/2006	Pennsylvania Department of Transportation	11384	Thieves stole equipment from a driver's license facility late evening Nov. 28, including computers containing personal information on more than 11,000 people. Information included names, addresses, dates of birth, driver's license numbers and both partial and complete SSNs (complete SSNs for 5,348 people). Also stolen were supplies used to create drivers licenses and photo IDs. The state maintains 97 driver's license facilities. (Hanover township driver's license facility, Dunmore, PA)
11/30/2006	TransUnion Credit Bureau	1700	Four different scam companies downloaded the credit information of more than 1,700 individuals, including their credit histories and SSNs. They were able to illegitimately obtain the password to the TransUnion account held by the Kingman, AZ, court office, which apparently has a subscription to the bureau's services.
12/1/2006	TD Ameritrade	300	According to a letter sent to employees, a laptop was removed (presumably stolen) from the office Oct. 18, 2006, that contained unencrypted information including names, addresses, birthdates, and SSNs.
12/2/2006	Gundersen Lutheran Medical Center		A Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint.
12/3/2006	City of Grand Prairie Texas		Employees of the city of Grand Prairie were notified that personal records were exposed on the city's Web site for at least a year. Included were the names and SSNs of 'hundreds of employees.' The information has since been removed. The city had been working with a contractor on a proposal for workers' compensation insurance. Along with the proposal, names and SSNs were mistakenly listed.
12/5/2006	H&R Block		Many past and present customers received unsolicited copies of the program TaxCut that displayed their SSN on the outside.
12/5/2006	Nassau Community College	21000	A printout is missing that contans information about each of NCC's 21,000 students, including names, SSNs, addresses, and phone numbers. It disappeared from a desk in the Student Activities Office.
12/5/2006	West Virginia Air National Guard	1000	A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing.
12/6/2006	Premier Bank	1800	A report was stolen the evening of Nov. 16 from the car of the bank's VP and CFO while employees were celebrating an award received by the bank. The document contained names and account numbers of customers, but reportedly no SSNs.
12/8/2006	State of Vermont		Names and SSNs of 'several hundred' physicians, psychologists and other health care providers were mistakenly posted online by Segal Group, a contractor hired by the state to put its health management contract out for bid. The information was posted from May 12 to June 19. It was discovered when a doctor found her own SSN online.
12/9/2006	Virginia Commonwealth University	561	Personal information of 561 students was inadvertently sent as attachments on Nov. 20 in an e-mail, including names, SSNs, local and permanent addresses and grade-point averages. The e-mail was sent to 195 students to inform them of their eligibility for scholarships.
12/12/2006	Aetna Inc. / Group Health Insurance Inc. / Nationwide / Wellpoint	396279	A lockbox holding personal information of health insurance customers was stolen Oct. 26. Thieves broke into an office building occupied by insurance company vendor, Concentra Preferred Systems. The lockbox contained computer backup tapes of medical claim data for Aetna and other Concentra health plan clients. Exposed data includes member names, hospital codes, and either SSNs or Aetna member ID numbers. SSNs of 750 medical professionals were also exposed. Officials downplay the risk by stating that the tapes cannot be used on a standard PC.
12/12/2006	UCLA	800000	Hacker(s) gained access to a UCLA database containing personal information on current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants, including those who did not attend. Exposed records contained names, SSNs, birth dates, home addresses, and contact information. About 3,200 of those notified are current or former staff and faculty of UC Merced and current and former staff of UC's Oakland headquarters.
12/12/2006	University of Texas at Dallas	35000	The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names, SSNs, home addresses, phone numbers and e-mail addresses.
12/13/2006	Boeing Co.	382000	In early December, a laptop was stolen from an employee's car. Files contained names, salary information, SSNs, home addresses, phone numbers and dates of birth of current and former employees.
12/14/2006	St. Vrain Valley School District	600	Paper records containing student information were stolen, along with a laptop, from a nurse's car Nov. 20. Personal information included students' names, dates of birth, names of their schools, what grade they are in, their Medicaid numbers (presumably SSNs), and their parents' names. The laptop contained no personal data.
12/14/2006	Riverside High School		Two students discovered a breach in the security of a Durham Public Schools computer as part of a class assignment. They reported to school officials that they were able to access a database containing SSNs and other personal information of thousands of school employees. The home of one student was searched by Sheriff's deputies and the family computer was seized.
12/14/2006	Geisinger Health Systems / Williamson Medical Center / Emory University / Grady Memorial Hospital	64030	On Nov. 23, 2006, two computers (one desktop, one laptop) were stolen from Electronic Registry Systems, a business contractor in suburban Springdale, OH, that provides cancer patient registry data processing services. It contained the personal information (name, date of birth, Social Security number, address, medical record number, medical data and treatment information) of cancer patients from hospitals in Pennsylvania , Tennessee , Ohio and Georgia , dating back to 1977 at some hospitals.
12/14/2006	Durham (N.C.) Public Schools
12/15/2006	University of Colorado at Boulder	17500	A server in the Academic Advising Center was the subject of a hacking attack. Personal information exposed included names and SSNs for individuals who attended orientation sessions from 2002-2004. CU-Boulder has since ceased using SSNs as identifiers for students, faculty, staff, and administrators.
12/16/2006	City of Wickliffe Ohio	125	Hackers breached security in one of the city's three computer servers containing personal information on some city employees, including names and SSNs.
12/16/2006	North Bay Regional Center	3000
12/19/2006	Mississippi State University	2400	SSNs and other personal information were 'inadvertently' posted on a publicly accessible MSU Web site. The breach was discovered 'last week' and the information has since been removed.
12/20/2006	SFX Baseball Inc.	117	A Chicago man apparently removed documents from a trash bin outside SFX Baseball Inc., a sports agency that deals with Major League Baseball. He used information found on those documents to commit identity theft on at least 27 Lake County residents. Information found during a search of the thief's home included SSNs, birthdates, canceled paychecks, obituaries, and infant death records.
12/20/2006	Big Foot High School (WI)	87	Personal information was accidentally exposed on the High School's Web site for a short time, perhaps for about 36 minutes, according to a report. Information included last names, SSNs, and birthdates.
12/20/2006	Deb Shops, Inc.		A hacker illegally accessed company Web pages and a related data base used for Internet-based purchases. The intruder may have accessed customers' credit card information including names on cards and credit card numbers.
12/20/2006	Lakeland Library Cooperative	15000	Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed.
12/21/2006	Santa Clara County (CA)	2500	A computer stolen from the agency holds the SSNs of approximately 2,500 individuals.
12/22/2006	Texas Woman's University	15000	A document containing names, addresses and SSNs of 15,000 TWU students was transmitted over a non-secure connection.
12/22/2006	United States State Department	700	A bag containing approximately 700 completed passport applications was reported missing on December 1. The bag, which was supposed to be shipped to Charlotte, NC, was found later in the month at Los Angeles International Airport.
12/22/2006	Utah Valley State College	15000
12/22/2006	Bank of America		A former contractor for Bank of America unauthorizedly accessed the personal information (name, address, phone number, Social Security number) of an undisclosed number of customers, for the purpose of committing fraud.
12/27/2006	Deaconess Hospital	128	A computer missing from the hospital holds personal information, including SSNs, of 128 respiratory therapy patients.
12/27/2006	Montana State University	259	A student working in the loan office mistakenly sent packets containing lists of student names, Social Security numbers, and loan information to other students
12/29/2006	Wisconsin Department of Revenue	171000	Tax forms were mailed to taxpayers in which SSNs were inadvertently printed on the front of some Form 1 booklets. Some were retrieved before they were mailed.
12/29/2006	KeyCorp	9300	A laptop computer stolen from a KeyCorp vendor contains personally identifiable information, including SSNs, of 9,300 customers in six states.
1/2/2007	News accounts are not clear as to source, but thought to be a realty office		About 40 boxes of financial paperwork, thought to be from loan applications, was found in a dumpster. One of the boxes visible to news reporters was said to contain paperwork with bank account details, photocopies of driver's licenses, SSNs and 'other private information.'
1/3/2007	Academic Magnet High School	500
1/4/2007	Unnamed medical center, via Newark Recycling Center		An individual found unshredded medical records in 36 boxes at the Newark Recycling Center.
1/4/2007	Selma, NC, Water Treatment Plant		A laptop stolen from the water treatment facility holds the names and SSNs of Selma volunteer firefighters.
1/4/2007	Johnston County North Carolina	30
1/5/2007	Dr. Baceski's office, internal medicine		A hard drive was stolen containing personal information on 'hundreds of patients.'
1/8/2007	University of Notre Dame		A University Director's laptop was stolen before Christmas. It contained personal information of employees, including names, SSNs, and salary information.
1/8/2007	Altria / United Technologies / Prudential Financial / Random House	18000	5 laptops were stolen from Towers Perrin, allegedly by a former employee. The theft occurred Nov. 27, 2006. The computers contain names, SSNs, and other pension-related information, presumably of several companies, although news reports are not clear.
1/10/2007	University of Arizona		Breaches occurred in November and December 2006 that affected services with UA Student Unions, University Library, and UA Procurement and Contracting Services. Some services were shut down for several days.
1/11/2007	University of Idaho	70000	Over Thanksgiving weekend, 3 desktop computers were stolen from the Advancement Services office containing personal information of alumni, donors, employees, and students. 331,000 individuals may have been exposed, with as many as 70,000 records containing SSNs, names and addresses.
1/12/2007	MoneyGram	79000	MoneyGram, a payment service provider, reported that a company server was unlawfully accessed over the Internet last month. It contained information on about 79,000 bill payment customers, including names, addresses, phone numbers, and in some cases, bank account numbers.
1/13/2007	North Carolina Department of Revenue	30000	A laptop computer containing taxpayer data was stolen from the car of a NC Dept. of Revenue employee in mid-December. The files included names, SSNs or federal employer ID numbers , and tax debt owed to the state.
1/16/2007	University of New Mexico		At least 3 computers and 4 monitors were stolen from the associate provost's office overnight between Jan. 2 and 3. They may have included faculty members' names and SSNs.
1/17/2007	Rincon Del Diablo Municipal Water District	500	2 computers were stolen from the district office. One included names and credit card numbers of customers.
1/17/2007	TJX Companies Inc.	94000000	The TJX Companies Inc.experienced an 'unauthorized intrusion' into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is 'the leading off-price retailer of apparel and home fashions in the U.S. and worldwide.'
1/18/2007	KB Home	2700	A computer was stolen from one of the home builder's offices. It likely contained names, addresses, and SSNs of people who had visited the sales office for Foxbank Plantation in Berkeley County near Charleston.
1/19/2007	Internal Revenue Service / Kansas City Government		26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to City Hall. They potentially contain taxpayers' names, SSNs, bank account numbers, or employer information. The 26 tapes were the entire shipment received by the City last August. The disappearance was noticed late December 2006.
1/20/2007	Greenville South Carolina County School District
1/22/2007	Chicago Board of Election	1300000	About 100 computer discs (CDs) with 1.3 million Chicago voters' SSNs were mistakenly distributed to aldermen and ward committeemen. CDs also contain birth dates and addresses.
1/22/2007	U.S. Dept. of Veteran's Affairs		Folders of veterans' personal information were stolen from a locked car in Bremerton, WA. News stories are not clear on the type of information contained in the folders.
1/23/2007	Clay High School (Oregon)		A former high school student obtained sensitive staff and student information through an apparent security breach. The data was copied onto an iPod and included names, birth dates, SSNs, addresses, and phone numbers.
1/23/2007	Xerox	297
1/24/2007	Rutgers University	200	An associate professor's laptop was stolen, containing names and SSNs of 200 students. Rutgers no longers uses SSNs as student IDs, but student IDs from past years are still SSNs.
1/25/2007	Wahiawa Women Infants and Children	11500	A WIC employee apparently stole the personal information of agency clients, including SSNs, and committed identity theft on at least 3 families and perhaps 2 more. The Health Director said the agency will no longer use SSNs in its data base.
1/25/2007	Ohio Board of Nursing	3031	The agency's Web site posted names and SSNs of newly licensed nurses twice in the past 2 months. SSNs were supposed to have been removed before posting.
1/26/2007	Chase Bank / Bank One	4100	A Bossier woman bought a used desk from a furniture store. She discovered a 165-page spread sheet in a drawer that included names and SSNs of bank employees. The document was returned to the bank.
1/26/2007	Vanguard University	5105	On Jan. 16, 2 computers were discovered stolen from the financial aid office. Data included names, SSNs, dates of birth, phone numbers, driver's license numbers, and lists of assets.
1/26/2007	Eastern Illinois University	1400	A desktop computer was stolen from the Student Life office containing membership rosters -- including SSNs, birthdates, and addresses -- of the University's 23 fraternities and sororities. A hard drive and memory from 2 other computers were also stolen.
1/26/2007	Indiana Department of Transportation	4000	The names and SSNs of INDOT employees were inadvertently posted on an internal network computer drive sometime between Sept. 6 and Dec. 4, 2006.
1/26/2007	Anthem Blue Cross Blue Shield	50000	Cassette tapes containing customer information were stolen from a lock box held by one of its vendors. Data included names and SSNs.
1/28/2007	Salina Regional Health Center	1100
1/29/2007	Vermont Agency of Human Services	70000
1/29/2007	Mendoza College of Business, Notre Dame University		A file of individuals who took the GMAT test (Graduate Management Admissions Test) was mistakenly left on a computer that was decommissioned. The computer was later reactivated and plugged into the Internet. Its files were available through a file-sharing program. Data included names, scores, SSNs and demographic information from 2001.
2/1/2007	Massachusetts Department of Industrial Accidents	1200	A former state contractor allegedly accessed a workers' compensation data file and stole personal information, including SSNs. The thief used the data to commit identity theft on at least 3 individuals.
2/2/2007	Wisconsin Legislative Human Resources Office	150	A document containing personal information of Wisconsin Assembly members was stolen from a legislative employee's car while she was exercising at a local gym. It contained names, addresses, and SSNs.
2/2/2007	University of Missouri	1220	A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.
2/2/2007	San Francisco Indian Consulate		Visa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.
2/2/2007	New York Department of State		The agency's Web site posted commercial loan documents that mistakenly contained SSNs. The forms are posted to let lenders know the current financial status of loan recipients.
2/2/2007	Birmingham Veterans Affairs Medical Center	1835000	An employee reported a portable hard drive stolen or missing that might contain personal information about veterans including Social Security numbers.
2/3/2007	CTS	800	The computer and hard drive of a tax preparation company were stolen. Data included names, bank account numbers, routing numbers, birthdates, SSNs, and addresses.
2/6/2007	New York Department of Labor	537	Laptop computer containing personal information for people who were employed by 13 Capital Region businesses stolen from state tax auditor's apartment.
2/6/2007	Metro Credit Services		Files of the defunct bill collection company containing medical records, phone bills and Social Security numbers were found in a trash bin.
2/7/2007	Johns Hopkins Hospital	135000	Johns Hopkins reported the disappearance of 9 backup computer tapes containing personal information of employees and patients, Eight of the tapes contained payroll information on 52,000 past and present employees, including SSNs and in some cases bank account numbers. The 9th tape contained 'less sensitive' information about 83,000 hospital patients.
2/7/2007	Central Connecticut State University	750	Social Security numbers of about 750 CCSU students were exposed in the name and address window on envelopes mailed to them. The envelopes were not folded correctly. They contained IRS 1098T forms.
2/7/2007	A Toronto, Ontario, residence		Credit card data for more than 35,000 individuals from across North America were discovered by police when they executed a search warrant at a Toronto residence. A man has since been arrested on fraud and counterfeiting charges.
2/7/2007	Front Range Ski Shop	15000	The shop's Web site was broken into and customer information including credit card account data may have been accessed.
2/7/2007	University of Nebraska Lincoln	72	An employee accidentally posted SSNs of 72 students, professors, and staff on UNL's public Web site where they remained for 2 years. They have since been removed.
2/8/2007	St. Mary's Hospital	130000	A laptop was stolen in December that contained names, SSNs, and birthdates for many of the Hospital's patients.
2/8/2007	Piper Jaffray	1000	W-2s sent to current and former employees in January included employees' Social Security numbers on the outside of the envelope. Though the numbers were not identified as Social Security numbers, they followed the standard XXX-XX-XXXX format. Executives indicated the mishap was an error by a third-party vendor.
2/9/2007	East Carolina University	65000	A programming error resulted in personal information of 65,000 individuals being exposed on the University's Web site. The data has since been removed. Included were names, addresses, SSNs, and in some cases credit card numbers.
2/9/2007	Radford University	2400	A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.
2/10/2007	State of Indiana	76600	A hacker gained access to the State Web site and obtained credit card numbers of individuals who had used the site's online services and gained access to Social Security numbers for 71,000 health-care workers. www.IN.gov
2/11/2007	Washington D.C Metropolitan Police Department	2000
2/14/2007	Kaiser Permanente	22000	A doctor's laptop was stolen from the Medical Center containing medical information of 22,000 patients. But only 500 records contained SSNs.
2/15/2007	Iowa Department of Education	160000	Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.
2/15/2007	City College of San Francisco	11000	Names, grades, and SSNs were posted on an unprotected Web site after summer session in 1999. CCSF stopped using SSNs as studens IDs in 2002.
2/17/2007	State of Connecticut	1753	Personal information of state employees including names and Social Security numbers was inadvertently posted on the Internet in a spreadsheet of vendors used by the state.
2/19/2007	Clarksville-Montgomery County Schools	633	Staff and faculty Social Security numbers, used as employee identification numbers, were embedded in file photos by the company that took yearbook pictures and inadvertently placed in a search engine on school system's Web site.
2/19/2007	Seton Family of Hospitals	7800	A laptop with uninsured patients' names, birth dates and Social Security numbers was stolen last week from the Seton hospital system. The uninsured patients had gone to Seton emergency rooms and city health clinics since July 1, 2005.
2/19/2007	Stop & Shop		Credit and debit card account information including PIN numbers was stolen by high-tech thieves who apparently broke into checkout-line card readers and PIN pads and tampered with them.
2/19/2007	Social Security Admin.	13	Files of disability applicants containing Social Security numbers, addresses, phone numbers of family members, dates of birth and work history, and detailed medical information were lost/stolen when a telecommuting employee abandoned them in a locked filing cabinet at home after a threat of domestic violence. Several of the files were mailed back to the local SSA office months later; others were found in a dumpster recently, and four were never recovered.
2/20/2007	Back and Joint Institute of Texas		20 boxes containing Social Security numbers, photocopies of driver's license numbers, addresses, phone numbers and private medical history of chiropractic patients were found in a dumpster.
2/21/2007	Georgia Tech University	3000	Personal information of former employees mostly in the School of Electrical and Computer Engineering including names, addresses, Social Security number, other sensitive information, and about 400 state purchasing card numbers was compromised by unauthorized access to a Georgia Tech computer account.
2/22/2007	Speedmark	35000	Thieves stole several computers, one of which contained a database with personally identifying information including names, addresses, e-mail accounts, and Social Security numbers of Speedmark's mystery shopper employees and contractors.
2/23/2007	Rabun Apparel	1006	Names and Social Security numbers of former employees were accessible on the Internet from Jan. 15 until Feb. 20.
2/28/2007	Gulf Coast Medical Center	9986	Patient information including names and Social Security numbers was compromised when two computers went missing. 1,900 individuals were affected by a theft in Nashville, TN in November and 8,000 when another computer was stolen in Tallahassee in February.
3/1/2007	Westerly Hospital	2200	Patient names, Social Security numbers, contact information as well as insurance information were posted on a publicly-accessible Web site.
3/2/2007	Metropolitan State College of Denver	988	A faculty member's laptop computer that contained the names and Social Security numbers of former students was stolen from its docking station on campus.
3/2/2007	Calif. Dept. of Health Services	54	Benefit notification letters containing names addresses, Medicare Part D plan names and premium payment amounts of some individuals enrolled in the California AIDS Drug Assistance Program (ADAP) were mailed to another enrollee.
3/3/2007	Johnny's Selected Seeds	11500	Hacker accessed credit card account information of online customers. About 20 credit cards have been used fraudulently.
3/7/2007	Los Rios Community College	2000	Student information including Social Security numbers were accessible on the Internet after the school used actual data to test a new onine application process in October.
3/7/2007	United States Census Bureau		Personal information of 302 households including names, addresses, phone numbers, birth dates and family income ranges were posted on a public Internet site multiple times over a five-month period from October 2006 to Feb. 15, 2007 when Census employees working from home tested new software records.
3/9/2007	California National Guard	1300	A computer hard drive containing Social Security numbers, home addresses, birth dates and other identifying information of California National Guard troops deployed to the U.S.-Mexico border was stolen.
3/10/2007	University of Idaho	2700	A data file posted to the school's Web site contained personal information including names, birthdates and Social Security numbers of University employees.
3/13/2007	U.S. Dept. of Agriculture		A total of 95 USDA computers were lost or stolen between Oct. 1, 2005, and May 31, 2006. Some may have contained personal information such as names, addresses, Social Security numbers and payment information. Two-thirds of the computers contained unencrypted data.
3/14/2007	Empire Blue Cross Blue Shield / Wellpoint	75000	An unencrypted disc containing patient's names, Social Security numbers, health plan identification numbers and description of medical services back to 2003 was lost en route to a subcontractor.
3/16/2007	Springfield (Ohio) City Schools	1950
3/16/2007	Ohio State Auditor	1950	A laptop containing personal information of current and former employees of Springfield City Schools including their names and Social Security numbers was stolen from a state auditor employee's vehicle while parked at home in a garage.
3/19/2007	Science Applications International Corp. (SAIC)		Barrels filled with thousands of sensitive documents including printed copies of e-mail and performance evaluations along with documents marked ôinternal use only û not for public releaseö and ôfor official use onlyö were found on the curb outside of SAIC's local office.
3/20/2007	Health Resources, Inc.	2031	From Jan 24, 2007 to Feb 6, 2007, a Web site glitch allowed employers with access to private health information to obtain the name, address, Social Security number, dependent names and birthdates of other patients.
3/20/2007	Tax Service Plus	4000	Thieves stole the company's backup computer, which contained financial data on thousands of tax returns dating back three years.
3/23/2007	Swedish Urology Group		Three computer hard drives with personal files on hundreds of local patients including was stolen.
3/24/2007	Group Health Cooperative Health Care System	31000	Two laptops containing names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees have been reported missing.
3/26/2007	U.S. Army Training and Doctrine Command	16000
3/27/2007	St. Mary Parish Schools (Louisiana)	380	Personal information including Social Security numbers of St. Mary Parish public school employees was available on the Internet when a Yahoo!Web crawler infiltrated the server of the school's technology department.
3/29/2007	RadioShack		20 boxes of discarded records including sales receipts with credit card numbers spanning from 2001 to 2005 and personal information of store employees were found in a dumpster.
3/29/2007	Los Angeles County Child Support Services	243000	Three laptops containing personal information including about 130,500 Social Security numbers ù most without names, 12,000 individuals' names and addresses, and more than 101,000 child support case numbers
3/30/2007	University of Montana-Western	400	A computer disk containing students' Social Security numbers, names, birth dates, addresses and other personal information was stolen from a professor's office. The stolen information belonged to students enrolled in the TRIO Student Support Services program, which offers financial and personal counseling and other assistance.
3/30/2007	Navy Station San Diego		Three laptops were reported missing that may contain Sailors' names, rates and ratings, Social Security numbers, and college course information. The compromise could impact Sailors and former Sailors homeported on San Diego ships from January 2003 to October 2005 and who were enrolled in the Navy College Program for Afloat College Education.
4/4/2007	University of California San Francisco	46000	An unauthorized party may have accesed the personal information including names, Social Security numbers, and bank account numbers of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years by compromising the security of a campus server.
4/5/2007	DCH Health System	6000	An encrypted disc and hardcopy documents containing retirement benefit information including Social Security numbers and other personal information were lost. Tracking data indicates the package was delivered to the addressee's building, but the intended recipient never received the package.
4/5/2007	Security Title Agency		Hackers defamed the company's Web site and may have accessed customer information which is stored on the same server as the site.
4/6/2007	Hortica	268000	A locked shipping case of backup tapes containing personal information including names, Social Security numbers, drivers' license numbers, and bank account numbers is missing.
4/6/2007	Chicago Public Schools	40000	Two laptop computers contain the names and Social Security numbers of current and former employees was stolen from Chicago Public Schools headquarters.
4/9/2007	Turbo Tax		Using Turbo Tax online to access previous returns, a Nebraska woman was able to access tax returns for other Turbo Tax customers in different parts of the country. The returns contained personal information needed to e-file including bank account numbers with routing digits and Social Security numbers.
4/10/2007	Georgia Department of Community Health	2900000	A computer disk containing personal information including addresses, birthdates, dates of eligibility, full names, Medicaid or children's health care recipient identification numbers, and Social Security numbers went missing from a private vendor, Affiliated Computer Services (ACS), contracted to handle health care claims for the state.
4/11/2007	ChildNet	12000	An organization responsible for managing Broward County's child welfare system believe a dishonest former employee stole a laptop from the agency's office. It contains personal information of adoptive and foster-care parents including financial and credit data, Social Security numbers, driver's license data and passport numbers.
4/11/2007	New Horizons Community Credit Union	9000	A laptop computer that contained personal information of members who had loans with the credit union was stolen from Protiviti, a consultant employed by Bellco Credit Union conducting due diligence to prepare a possible acquisition bid.
4/12/2007	Fulton County Georgia	75000	30 boxes of Fulton County voter registration cards that contain names, addresses and Social Security numbers were found in a trash bin.
4/12/2007	Black Hills State University	56	Names and Social Security numbers of scholarship winners were inadvertently posted and publicly available on the university's web site.
4/12/2007	Bank of America		A laptop containing personal information of current, former and retired employees including names, addresses, dates of birth and Social Security numbers was stolen when an employee was a 'victim of a recent break-in.'
4/12/2007	University of Pittsburgh Medical Center	80	Personal information including names, Social Security numbers, and radiology images of patients were previously included in two medical symposium presentations that were posted on UPMC's Web site. Though the presentation was later removed in 2005, the presentations were apparently inadvertently re-posted on the site and only recently removed again.
4/17/2007	Ohio State University	14094	A hacker accessed the names, Social Security numbers, employee ID numbers and birth dates of 14,000 current and former staff members. In a separate incident, the names, Social Security numbers and grades of 3,500 former chemistry students were on class rosters housed on two laptop computers stolen from a professor's home in late February.
4/17/2007	CVS Corp.	1000	The Attorney General of Texas filed a complaint against CVS Pharmacy for illegally disposing of personal information including active debit and credit card numbers, complete with expiration dates and medical prescription forms with customer's name, address, date of birth, issuing physician and the types of medication prescribed. The information was found in a dumpster behind a store that apparently was being vacated.
4/18/2007	Ohio State University	3500
4/18/2007	University of California San Francisco	3000	A computer file server containing names, contact information, and Social Security numbers for study subjects and potential study subjects related to studies on causes and cures for different types of cancer was stolen from a locked UCSF office. For some individuals, the files also included personal health information.
4/19/2007	New Mexico State University	5600	The names and Social Security numbers of students who registered online to attend their commencement ceremonies from 2003 to 2005 were accidentally posted on the school's Web site when an automated program moved what was supposed to be a private file into a public section of the Web site.
4/20/2007	Los Alamos National Laboratory	550	The names and Social Security numbers of lab workers were posted on a Web site run by a subcontractor working on a security system.
4/20/2007	Albertsons	100	Credit and debit card numbers were stolen using bogus checkout-line card readers resulting in card numbers processed at those terminals being captured and some to be misused.
4/20/2007	United States Department of Agriculture	38700	The Social Security numbers of people who received loans or other financial assistance from two Agriculture Department programs were disclosed since 1996 in a publicly available database posted on the Internet.
4/23/2007	Federal Emergency Management Agency	2300	Social Security numbers of Disaster Assistance Employees were printed on the outside address labels of . reappointment letters
4/24/2007	Purdue University	175	Personal information including names and Social Security numbers of students who were enrolled in a freshman engineering honors course was on a computer server connected to the Internet that had been indexed by Internet search engines and consequently was available to individuals searching the Web.
4/24/2007	Baltimore County Department of Health	6000	A laptop containing personal information including names, date of birth, Social Security numbers, telephone numbers and emergency contact information of patients who were seen at the clinic between Jan. 1, 2004 and April 12 was stolen.
4/24/2007	The Neiman Marcus Group	160000	Computer equipment in the possession of a pension consultant containing files with sensitive information including name, address, Social Security number, date of birth, period of employment and salary information of Neiman Marcus Group's current and former employees and their spouses was stolen.
4/26/2007	Innovation Interactive	150
4/26/2007	Ceridian Corp.	150	A former employee had data containing the personal information of employees including 'ID' and bank-account data and then, accidentally posted it on a personal Web site.
4/27/2007	Caterpillar Inc.		A laptop computer containing personal data of employees including Social Security numbers, banking informatoin and addresses was stolen from a benefits consultant that works with the company.
4/27/2007	Couriers On Demand		Personal information of job applicants was accidentally published to the Internet.
4/27/2007	Google Ads		Top sponsored Google ads linked to 20 popular search terms were found to install a malware program on users' computers to capture personal information and used to access online accounts for 100 different bank.
4/29/2007	University of New Mexico	3000	Employees' personal information including names, e-mail and home addresses, UNM ID numbers and net pay for a pay period for staff, faculty and a few graduate students may have been stored on a laptop computer stolen from the San Francisco office of an outside consultant working on UNM's human resource and payroll systems.
5/1/2007	Maine State Lottery Commission		Documents containing personal information such as names, Social Security numbers, references to workers compensation claim records, psychiatric and other medical records, and police background checks were found in a dumpster.
5/1/2007	JPMorgan Chase	47000	A computer tape containing personal information of wealthy bank clients and some employees was delivered to a secure off-site facility for storage but was later reported missing.
5/1/2007	J. P. Morgan		Documents containing personal financial data of customers including names, addresses and Social Security numbers were found in garbage bags outside five branch offices in New York.
5/1/2007	Champaign Fraternal Order of Police	139	The names and Social Security numbers of Champaign police officers were left on a computer donated to charity.
5/1/2007	Healing Hands Chiropractic		Medical records containing the personal information of chiropractic patients including records Social Security numbers, birth dates, addresses and, in some cases, credit card information wee thrown in a dumpster ôdue to lack of office space.ö
5/3/2007	Louisiana State University	750	A laptop stolen from a faculty member's home contained personally identifiable information including may have included students' Social Security numbers, full names and grades of University students.
5/3/2007	Maryland Department of Natural Resources	1400	Personal information of current and retired employees including names and Social Security numbers was downloaded to a 'thumb drive' by an employee who wanted to work at home but was lost en route.
5/3/2007	Montgomery College		A new employee posted the personal information of all graduating seniors including names, addresses and Social Security numbers on a computer drive that is publicly accessible on all campus computers.
5/4/2007	United States Transportation Security Administration	100000	A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.
5/7/2007	Indiana Department of Administration		An employee uploaded a list of certified women and minority business enterprises to the department's Web site and inadvertently included their tax identification numbers, which for some businesses and sole proprietorships is the owner's Social Security number.
5/8/2007	University of Missouri	22396	A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.
5/10/2007	Highland Hospital	13000	Two laptop computers, one containing patient information including Social Security numbers, were stolen from a business office. The computers were sold on eBay, and the one containingápersonal information was recovered.
5/11/2007	UCI Medical Center	300	About 1,600 file boxes stored in an off-site university warehouse were discovered missing. Some of the files included patients' names, addresses, Social Security numbers and medical record numbers.
5/12/2007	Doctor and dentist		A local TV news reporter exposed that a medical office disposed of patient records without shredding them. Included were SSNs and dates of birth, as well as medical information.
5/12/2007	Goshen College	7300	A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.
5/14/2007	Community College of Southern Nevada	197518	A virus attacked a computer server and could have allowed a hacker to access students' personal information including names, Social Security numbers and dates of birth, but the school isánot certain whether anything was actually stolen from the school's computer system.
5/15/2007	IBM		An unnamed IBM vendor lost computer tapes containing information on IBM employees -- mostly ex-workers -- including SSNs, dates of birth, and addresses. They went missing in transit frm a contractor's vehicle.
5/15/2007	San Diego Unified School District		In a letter to its employees, the School District said it had been notified by law enforcement that a former employee had access to personal identification information of 'a select number of district employees.' Those employees were notified separately. The letter said it has 'no specific knowledge of any attempted fraud...'
5/16/2007	Indianapolis Public Schools	7500	A local newspaper reporter discovered that sensitive personal information was accessible online, including employee performance reviews, student gradebooks, student special education needs, and essays
5/17/2007	Detroit Water and Sewerage Department	3000	A laptop containing City employee information was stolen from the vehicle of an insurance company employee .
5/17/2007	Georgia Department of Human Resources	140000	The GA Dept. of Human Resources notified parents of infants born between 4/1/06 and 3/16/07 that paper records containing parents' SSNs and medical histories -- but not names or addresses -- were discarded without shredding.
5/17/2007	Alcatel-Lucent		The telecom and networking equipment maker notified employees that a computer disk containing personal information was lost in transit to Aon Corp., another vendor. It contained names, addresses, SSNs, birth dates, and salary information of current and former employees.
5/19/2007	Illinois Department of Financial and Professional Regulation	300000	A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate professionals were exposed. The hacking incident was discovered May 3.
5/19/2007	Stony Brook University	89853	SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.
5/19/2007	Texas Commission on Law Enforcement Officers Standards and Education	97000	A computer was stolen from the state agency that licenses police officers. It contained information on every licensed peace officer in Texas, including SSNs, driver's license numbers, and birth dates.
5/19/2007	Yuma Elementary School District 1	91	SSNs of 91 substitute teachers were stolen May 7 when a district employee's car was broken into and a brief case was taken containing payroll reports. The reports did not include bank account information..
5/20/2007	Northwestern University		A laptop belonging to the financial aid office was stolen. It contained SSNs and other information of 'some alumni.'
5/20/2007	Riverside Community Hospital	10000
5/21/2007	Columbia Bank (NJ)		Columbia Bank notified its online banking customers of a hacking incident. Names and SSNs were accessed, but account numbers and passwords were not.
5/22/2007	University of Pittsburgh Medical Center	6000	UPMC mailed a fundraising letter to 6,000 former patients on May 7. The donor response cards 'inadvertently' included each individual's SSN in the tracking code, visible through the envelope window.
5/22/2007	University of Colorado at Boulder	44998	A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.
5/23/2007	Check into Cash		Consumer loan documents and related reports were found in a trash bin behind the shopping center where Check into Cash is located. Documents contained Social Security numbers, addresses, copies of driver's licenses and other personal information of the company's customers.
5/24/2007	Waco Independent School District	17400	Two high school seniors recently hacked into the district's computer network potentially compromising the personal information including Social Security numbers of students and employees.
5/24/2007	Beacon Medical Services	5000	Private medical and financial information including patient records from at least 10 Colorado clinics and hospitals, and one hospital in Peoria, Illinois that should have been only accessible through VPN access were inadvertently available on the Internet.
5/25/2007	Family Health Plus / Child Health Plus
5/25/2007	North Carolina Department of Transportation	25000	A computer server used to back up employee identification badge records that included the names and Social Security numbers of NCDOT employees, contractors and other state employees was compromised.
5/25/2007	Booker T. Washington Community Center		A laptop computer with personal information of individuals who applied for Family Health Plus or Child Health Plus state health insurance program benefits was recovered when a woman tried to sell it at a pawn shop.
5/26/2007	CoverTN	279	A computer error at the Cover Tennessee health insurance program caused small business owners who chose not to print out their forms from the Web site to have their personal information including Social Security numbers added to the next user's printout request.
5/31/2007	Priority One Credit Union		Priority One Credit Union sent out election ballots to members with Social Security numbers and account numbers printed on the outside of the envelopes
6/1/2007	Northwestern University	4000	Files containing personal information of students and applicants were available online.
6/1/2007	JAX Federal Credit Union	7500	Social Security numbers and account numbers of clients were accidentally posted on the Internet, then indexed by Google. JFCU was transmitting information to a printer for a preapproved auto loan mailing when the information was picked up by Google from the printer's Web site. JFCU normally transmits information on an encrypted disk delivered by courier, but when the printer couldn't open the disk, the information was sent again, but wasn't encrypted and included Social Security numbers and account numbers.
6/1/2007	Fresno County California	10000	Missing computer disk contains names, addresses, Social Security numbers.The county sent it by courier to a software vendor's office in San Jose to determine workers' eligibility for health care benefits.The software company, Refined Technologies Inc., said they never received the disk.
6/3/2007	Gadsden State Community College	400	Students who took an Art Appreciation class at the Ayers Campus between 2005 and 2006 had their names, grades and Social Security numbers scattered across a local business' driveway.
6/4/2007	Stevens Hospital	550	Laptop exposed to Internet, information did include names, addresses, and Social Security numbers.The situation occurred when one of the subcontractors had a lapse in its data security procedures.
6/6/2007	HarborOne Credit Union	9000	Data compromise disclosed by the retailer in January. The breach resulted in HarborOne having to block and reissue about 9,000 debit cards.
6/6/2007	Cedarburg High School		Students obtained names, addresses and Social Security numbers and might have accessed personal bank account information of current and former district employees..
6/7/2007	Dearfield Medical Building		A box was discovered at inside a trash bin in May and contains information about lab tests and insurance approvals as well as other medical issues, documents are not medical charts, but do contain patient names and contact information.
6/7/2007	Huntsville County	400	As many as 400 people and banking institutions may be victims in a credit card or debit card cloning. In Alabama and Georgia card numbers were stolen after the cards were used at Huntsville restaurants and carry-out businesses.
6/8/2007	University of Iowa	1100	Social Security numbers of faculty, students and prospective students were stored on the Web database program that was compromised. www.grad.uiowa.edu/news/incident.htm
6/8/2007	University of Virginia	5735	A breach in one of the computer applications that resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005 and April 19, 2007, hackers tapped into the records of 5,735 faculty members.
6/9/2007	Concord Hospital	9297	Names, addresses, dates of birth and Social Security numbers exposed on the internet ôfor a period of time,ösecurity lapsed from a subcontractor that handles its online billing.
6/9/2007	UPS	142
6/11/2007	Grand Valley State University	3000	A flash drive containing confidential information was stolen. Social Security numbers of current and former students were on the flash drive, stolen from the English department.
6/11/2007	Pfizer	17000	Installation of certain file sharing software on a Pfizer laptop, exposed files containing names, Social Security numbers, addresses and bonus information of present and former Pfizer colleagues. Investigation revealed that certain files containing data were accessed and copied.
6/14/2007	Hamburger Hamlet Restaurant	40	Former waitress made off with the credit or debit card numbers of at least half a dozen patrons - and possibly as many as 40. Already, about $16,300 in unauthorized charges have been linked to the scam.
6/14/2007	City of Lynchburg	1200	Personal information of Lynchburg city employees and retirees was accidentally posted on the city's website among that information employee's prescription medications.
6/14/2007	Division of Workforce Services	20000	Children's Social Security numbers are believed to have been compromised by identity thieves.
6/14/2007	Georgia Tech University	23000	An electronic file containing the personal information of current and former Georgia Tech students was exposed briefly.
6/15/2007	State of Ohio	1300000	A backup computer storage device with the names and Social Security numbers of every state worker was stolen out of a state intern's car. The tape, which was stolen in June, contains personally identifiable information of nearly 84,000 current and former Ohio state employees and more than 47,000 state taxpayers.
6/18/2007	Parisexposed.com	750	Investigation by The Smoking Gun Web site said that by changing a few characters on the web page URL it was possible to see the subscriber's name, email address, password, phone number, mailing address and credit card number.
6/18/2007	Shamokin Area School District		A local newspaper employee gained unauthorized access to the Shamokin Area School District's computer database. It is the same system that stores students' personal information, including Social Security numbers. That newspaper employee brought the security flaw to the attention of school officials.
6/18/2007	Texas A&M Corpus Christi	8000	A professor vacationing off the coast of Africa took data with him on a small computer, which was lost or stolen. It is thought to contains SSNs and dates of birth for students enrolled in the spring, summer and fall semesters of 2006
6/20/2007	University Community Hospital		A parent says his son should never have received bills in the mail for a pre-employment drug screening visit. Among the bills there's something else he was surprised to see, information about others who were also tested, 'Like 17 of them here with the Social Security numbers.'
6/21/2007	American Airlines	365	Personal information including Social Security numbers of pilots and other employees at American Airlines, including the chief executive, was exposed on a company Web site.
6/22/2007	Texas First Bank	4000	Information such as account numbers, Social Security numbers, names and addresses may have been stored on a stolen laptop computer during a car theft in Dallas.
6/23/2007	Winn-Dixie		Pharmacy documents were found behind closed Winn-Dixie, containing telephone numbers, Social Security numbers and addresses of thousands. Apparently when they closed up, they put these bundles outside to be picked up and they were never picked up.
6/25/2007	Ohio Bureau of Workers Compensation	439
6/25/2007	Fresno County		A disk containing information pertaining to home health-care workers -- including their names, addresses and Social Security numbers was lost.
6/27/2007	Milwaukee PC	65000	Credit card information for 65,000 was possibly compromised. A service center noticed a file in their server and was concerned that file could contain customers' credit card numbers and personal information.
6/27/2007	University of California Davis	1120	Computer-security safeguards were breached and accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers.
6/27/2007	Bowling Green State University	199	Lost storage device contained Social Security numbers, and names of 199 former students.
6/29/2007	Harrison County Schools West Virginia		Several computers that contained the personal information, including Social Security numbers, of several Harrison County school employees were stolen. Workers Comp claims between January of 2001 and February of 2007 are at risk.
7/3/2007	Fidelity National Information Services	8500000	A worker at one of the company's subsidiaries (Certegy Check Services, Inc.) stole customer records containing credit card, bank account and other personal information. Certegy Check Services Inc.
7/5/2007	Highland University	420	A building on the campus had been broken into, and the affected offices might have had such personal information as Social Security numbers, credit card and bank account information exposed.
7/7/2007	Securitas Security Services USA Inc.	100000
7/9/2007	Girl Scouts Mile Hi		Tapes stolen from a car held personal information from a membership database, including names, addresses, phone numbers. A very limited number of credit card numbers and Social Security numbers were included in the stolen data from the camp and event registration database.
7/9/2007	Cuyahoga County Department of Development	3000	Names and Social Security numbers on memory stick stolen in carjacking.
7/11/2007	South County Hospital	79	Paperwork containing personal details from customers was left in a briefcase inside a car that was stolen. That batch of paperwork contained details including names, addresses, Social Security numbers, phone numbers and a summary of hospital accounts.
7/11/2007	Disney Movie Club		A contract employee stole an unknown number of credit card numbers. Credit-card information was sold by an employee of a Disney contractor to a federal agent as part of an undercover sting operation.
7/11/2007	Texas A&M University	49	College of Business officials are investigating a faculty member for the misplacement of a business law class roster containing the names and Social Security numbers of students.
7/13/2007	City of Encinitis California	1200	Credit card or checking account information and addresses of people who had enrolled in Encinitas' youth recreation programs was inadvertently posted on the city's Web site.
7/13/2007	Metropolitan St. Louis Sewer District	1600	A employee had downloaded Social Security numbers of current or former district employees to a home computer. The Social Security numbers were part of a computer file the district uses to make sure workers get the proper pay.
7/15/2007	Westminster College	100	Names of students, former and current were printed in two files along with each student's Social Security number. The files were on a student Web server used by Westminster students.
7/16/2007	TSA	100000	Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.
7/16/2007	Prudential Financial Inc.	1000	Data exposed in the breach was faxed to a company by doctors and clinics across the U.S.. Data included the patients' Social Security numbers, bank details and health care information.
7/17/2007	Louisiana Board of Regents	80000	Records of students and staff including Social Security numbers,names, and addresses exposed on web.In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.
7/17/2007	Kingston Technology Co.	27000	Security breach that remained undetected until 'recently' may have compromised the names, addresses and Credit Card details of online customers.
7/17/2007	Western Union	20000	Credit card information and names were hacked from a database.The thieves got names, addresses, phone numbers and complete credit-card information.
7/18/2007	Connecticut General Assembly Transportation Committee	100	Social Security numbers of former employees of defunct L.G. Defelice Inc. was posted on CT transportation committee website.
7/18/2007	Purdue University	50	Files which were no longer in use were discovered on a computer server connected to the Internet. The files contained names and Social Security numbers of students who were enrolled in an industrial engineering course.
7/19/2007	Texas Secretary of State
7/19/2007	Cricket Communications	300	Documents stolen from store result in loss of 300 credit card numbers.
7/19/2007	Jackson Local Schools	1800	The Social Security numbers of present and former Jackson Local SchoolsÆ employees were at risk of public access on a county maintained Web site.
7/20/2007	SAIC	867000	Pentagon contractor may have compromised personal information. Information such as names, addresses, birth dates, Social Security numbers and health information about military personnel and their relatives because it did not encrypt data transmitted online.
7/21/2007	University of Michigan	5500	University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed.
7/23/2007	Fox News	1500000	A security hole on the Fox News web server Sunday exposed sensitive content to the public, including login information that allowed hackers to access names, phone numbers, and email addresses of at least 1.5 million people
7/24/2007	St. Vincent Hospital	51000	A security lapse compromised names, addresses and Social Security numbers.
7/25/2007	Hidalgo County CommissionerÆs Office	25	The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website.
7/26/2007	United States Marine Corps	10554	Names and Social Security numbers of Marines were found through Google Internet search engine.
7/27/2007	Flexible Benefits Administrators	2000	A former employee allegedly stole Virginia Beach city and school district employees' personal information and used it to commit prescription fraud. Police discovered a list of names and Social Security numbers at the employees home.
7/27/2007	American Education Services	5000	Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.
7/27/2007	CESA #11	300
7/27/2007	City Harvest		City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.
7/27/2007	City of Virginia Beach	2000
7/28/2007	Yuba County California	70000	A laptop stolen from a building contained personally identifiable information of individuals whose cases were opened before May 2001. The laptop was being used as a backup system for the county's computer system. The data include Social Security numbers, birth dates, driverÆs license numbers and other private information.
8/1/2007	Lifetime Fitness		Staff had discarded customer records in easily accessible trash cans behind Dallas businesses. Information that was discarded contained names, addresses, Social Security numbers, driver's license numbers and credit card information, as well as the date of birth of several children. Lifetime Fitness is based in Minnesota.
8/2/2007	University of Toledo		A computer was stolen with two hard drives containing student and staff Social Security numbers, names, and grade change information.
8/2/2007	E.On		A laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.
8/3/2007	Wabash Valley Correctional Facility		A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved ôfrom a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.ö
8/3/2007	WorkCare Orem		A truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.
8/4/2007	Kellogg Community Federal Credit Union		A computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.
8/6/2007	Verisign		A laptop containing extensive personal information on an undisclosed number of VeriSign employees was stolen from an employee's car. The information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and salary records.
8/7/2007	Electronic Data Systems (EDS)	498	A former employee was arrested this week for allegedly trafficking in stolen identities she received through her work with the company. She 'obtained the names and identifying information of 498 Alabama Medicaid recipients and subsequently sold 50 of those identities.
8/7/2007	Merrill Lynch	33000	A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.
8/8/2007	Yale University	10200	Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers
8/10/2007	Legacy Health System	747	A primary care physician practice has discovered the theft of $13,000 in cash and personal data for patients. Patient receipts, credit card transaction slips and checks are also missing, in addition to Social Security numbers and dates of birth for patients.
8/10/2007	Loyola University	5800	A computer with the Social Security numbers of 58 hundred students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft.
8/10/2007	Univ. of North Texas	39000	Hacking
8/11/2007	Providence Alaska Medical Center	250	A laptop computer that contains the personal information of patients is missing. On the laptop there maybe names, medical record numbers, dates of birth, patient diagnoses, Social Security numbers and addresses.
8/13/2007	Pfizer	950	Axia Ltd. had notified Pfizer on June 14 of an incident in which two Pfizer laptops were stolen from a locked car. The laptops, which disappeared May 31 in Boston, included the names and Social Security numbers of health-care professionals who ôwere providing or considering providing contract services for Pfizer,ö according to the letter.
8/15/2007	Idaho Army National Guard	3400	A small computer drive containing Social Security numbers and other personal information about every Army National Guard soldier in Idaho has been stolen.
8/15/2007	Sky Lakes Medical Center	30000	The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.
8/15/2007	Greater Detroit Hospital		It's a repeat of a problem that emerged late last year at the Greater Detroit Hospital where metal thieves stripped everything from copper piping to windows, exposing rows of abandoned patient files. Neighbors said there are hundreds of boxes of patient files and payroll records inside, full of credit card and Social Security numbers.
8/16/2007	Utica Title and Escrow		Boxes belonging to Utica Title and Escrow had been stored at a storage unit in Bixby. When Utica quit paying rent the storage company went through the legal process to be able to sell everything left behind. No one wanted to buy the boxes of paper so the boxes were thrown out. The boxes contained private information, including Social Security numbers, bank accounts and pay stubs.
8/20/2007	University of Toledo		A laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.
8/21/2007	West Virginia Board of Barbers and Cosmetologists	10000	Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.
8/21/2007	Walter Reed Army Institute of Research		Boxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.
8/22/2007	California Public Employees Retirement System	445000	Roughly 445,000 retirees across the state received the brochures announcing an upcoming election to fill a rare vacancy on the board of the California Public Employees' Retirement System. All or a portion of each person's Social Security number appeared without hyphens on the address panel.
8/23/2007	Monster.com	1600000	Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.
8/23/2007	Loomis Chaffee School		Valuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.
8/23/2007	New York City Financial Information Services Agency	280000	A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.
8/26/2007	American Ex-Prisoners of War	35000	Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the groupÆs entire membership, including addresses, dates of birth, Social Security numbers and VA claims data.
8/27/2007	University of Illinois	5247	An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.
8/28/2007	Connecticut Department of Revenue Services	106000	A computer laptop with the names and Social Security numbers of more than 100,000 Connecticut taxpayers has been stolen. The Department of Revenue Services intends to launch a web page soon that residents can search to determine whether their personal information was stored on the laptop.
8/30/2007	Maryland Department of the Environment		A laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.
8/30/2007	AT&T		A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.
9/1/2007	Johns Hopkins Hospital	5783	A desktop computer containing the personal information of 5,783 Johns Hopkins Hospital patients was stolen. The computer included patients' names, Social Security numbers, birth dates and medical histories.
9/4/2007	Pfizer	34000	A security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.
9/4/2007	Brevard Public Schools	61	A missing piece of luggage belonging to a state auditor contains the personal information of 61 Brevard Public Schools employees and had district personnel scrambling before the holiday weekend began to notify people that their names and Social Security numbers might be compromised.
9/6/2007	De Anza College	4375	Thousands of former students might be at risk for identity fraud after an instructor's laptop computer, containing students' personal information, was stolen last month. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.
9/6/2007	University of South Carolina	1482	A number of files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may not have known enough about computers to realize the information could be accessed outside the university system.
9/7/2007	McKesson		McKesson Health-care services company, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.
9/10/2007	Purdue University	111	The university is warning those who were students in the fall of 2004 that information about them was inadvertently posted on the Internet. The information was in a document that contained the names and Social Security numbers of students in the Animal Sciences 102 class. The page was no longer in use but was on a computer server connected to the Internet. The document was found recently through an internal search and reported to the chief information security officer at Purdue.
9/11/2007	Gander Mountain	112000	Somebody either lost or stole a computer potentially containing the credit card information of anyone who has shopped at the Greensburg store since it first opened more than five years ago. Gander Mountain said credit card information for 112,000 customers of its Greensburg store might have been compromised. That includes 10,000 records with names, card numbers and expiration dates.
9/11/2007	Pennsylvania Public Welfare Department	375000	Two computers containing the mental health histories of more than 300,000 medical-assistance recipients were stolen. The computer work stations were taken during an overnight break-in at an office. The mental health information on the computers identified people by codes and not by name. The information also was protected by multiple passwords, but full names and Social Security numbers of nearly 2,000 people were also on the computers.
9/12/2007	TennCare	67000	There are 67,000 TennCare enrollees at risk of identity theft after a courier service lost their personal information. The lost information includes names, Social Security Numbers, birthdays and addresses.
9/13/2007	Voxant.com	4500	The Voxant online ecommerce store server was hacked using what appeared to be a typical phishing scheme. The server is seperate from the primary business at www.voxant.com. The affected server was immediately taken offline and removed the offending phising pages. Encrypted credit card numbers could have been accessed during the incident. Although the credit card numbers were encrypted, the encryption key was not well protected. The database up through June 19-20 could have been affected, representing approximately 4,500 US customers.
9/14/2007	Tennessee Tech University	3100	Some 3,100 current or past students who owe the university money were notified today that some of their personal data may have been compromised. A technical problem in the way student bills are printed resulted in the chance that some student social security numbers and personal identification numbers may have been sent to another student's address.
9/14/2007	TD Ameritrade	6300000	One of Ameritrades databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. 'We were able to conclude that while Social Security Numbers are stored in this particular database, your SSN were not retrieved.' The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach. Company customers did received unwanted spam because of this breach.
9/19/2007	Kansas University		A number of documents containing Kansas University student, faculty and staff personal information were recovered from the recycling and trash in the Mathematics Department at Kansas University. The information included student exams, student change of grade forms, class rosters, copies of health insurance cards, copies of immigration forms as well as a copy of a Social Security card.
9/19/2007	University of Michigan	8585	Backup tapes containing patient information like Social Security numbers, patient names and addresses were stolen from the School of Nursing two weeks ago.
9/20/2007	State of Connecticut/Accenture Ltd.	58	A backup tape was stolen in Ohio in June and contained data removed by Accenture from the state's Core-CT computer system, which performs all of the state's payroll, personnel, purchasing, accounting and inventory functions. The backup tape contained state agency bank account numbers, bank names and types of accounts, as well as the names and Social Security numbers of 58 of Connecticut taxpayers. Connecticut officials today revealed plans to file a civil complaint against IT consulting giant Accenture Ltd. related to this security breach involving stolen records tied to state agency bank accounts worth millions of dollars.
9/21/2007	City of Columbus Ohio	3500	The city of Columbus is offering identity-theft protection services to more than 3,000 people whose Social Security numbers were on three computers stolen from a warehouse. The theft affected people who had signed up for the city's Mobile Tool Library, which lends power tools, lawn mowers and supplies.
9/21/2007	ABN Amro Mortgage Group	5208	Three spreadsheets containing 5,200 Social Security numbers and other personal details about customers were inadvertently leaked over an online file-sharing network by a former employee. Tiversa, a company that monitors P2P networks, found Excel spreadsheets from the desktop of a financial analyst at ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had.
9/24/2007	Utah Department of Workforce Services	2000	A laptop computer containing a spreadsheet with the the Social Security numbers and other personal information of about 2,000 people was reported stolen.
9/28/2007	Gap Inc.	800000	A laptop containing the personal information of certain job applicants was recently stolen from the offices of an experienced third-party vendor that manages job applicant data for Gap Inc. Personal data for approximately 800,000 people who applied online or by phone for store positions at one of Gap Inc.'s brands between July 2006 and June 2007 was contained on the stolen laptop. Social Security numbers were included in the information on the laptop.
10/2/2007	Athens Regional Health Services	1441	A computer missing from a Regional First Care clinic in Watkinsville held the personal information of more than 1,400 people, according to Athens Regional Health Services. Workers first noticed on Sept. 24 that the computer was missing. The computer held Social Security numbers for 85 people, some health information for 545 people and the name, address and/or telephone numbers of 811 people. No credit card or other financial information was stored on the computer, which was a backup server for the Watkinsville clinic.
10/2/2007	The Nature Conservancy	14000	A hacker illegally gained access to a computer of The Nature Conservancy containing personal information on current and former employees and their dependents. The stolen information included the names, home addresses, Social Security numbers and birth dates. It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employeesÆ dependents. When employees accessed a particular Web site, the site planted a program on the employeesÆ computers that copied the contents of the hard drives and sent the information to the hacker.
10/4/2007	Massachusetts Division of Professional Licensure	450000	Social Security numbers of about 450,000 licensed professionals were inadvertently released. The information was mailed last month to agencies that submitted a public records request for the names and addresses of professionals licensed by the division. The division mailed 28 computer disks to 23 agencies that use the information as a marketing or promotional tool. The disks would normally contain only the names and addresses of individuals licensed through the Division of Professional Licensure and the Division of Health Professions Licensure. However, the disks also included Social Security numbers.
10/8/2007	Carnegie Mellon University	400	Two laptops were stolen from the office of a computer science professor. Both of the computers were believed to have contained significant personal identifying data, such as Social Security numbers.
10/8/2007	Semtech		A laptop computer and other personal belongings were stolen from one of Semtech's vendors. The computer was not stolen from a Semtech facility, but may have contained computerized data relating to Semtech employees. Semtech declined to provide further details of the incident, such as what personal employee data may have been put at risk, when the theft happened or how long it took the company to inform its workers of the potential breach.
10/8/2007	University of Iowa	184	A laptop computer was stolen from a former teaching assistant. The theft of the computer, which occurred last month in a break-in of the instructor's home, contained class records such as attendance, test scores, and grades of students who took his philosophy courses at the UI between 2002 and 2006. Social Security numbers were also present in 100 of the records.
10/9/2007	Pembroke School District		Personal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the districtÆs computer system. The information included names, birth dates and Social Security numbers.
10/10/2007	Pfizer	1800
10/10/2007	Commerce Bank	3000	A hacker gained access to a database with about 3,000 customer records and accessed data belonging to 20 of them. The bank is contacting those who may have been affected. The hacking was quickly detected and stopped, according to Commerce Bank, which then notified law enforcement.
10/10/2007	Wheels Inc./Pfizer	1823	The spouses and domestic partners of about 1,800 Pfizer employees, including 23 from Connecticut, learned late last month about a data breach at Wheels Inc., which provides cars to the company, mostly for use by its sales force. The breach at Wheels, first reported by the Pharmalot Web site, released onto the Internet names, addresses, birth dates and driver's license numbers, but not Social Security numbers, according to the company.
10/12/2007	King County (WA) Transportation Department	1400	A laptop computer containing personal information about current and former employees has been stolen. Workers' names, addresses and Social Security numbers were on the password-protected laptop, which was stolen during a Sept. 28 home burglary. The information was not encrypted.
10/13/2007	Montana State University	1400	An unknown hacker remotely accessed a computer server that housed records containing credit card numbers and Social Security numbers of students who enrolled online for MSU Extended University courses during the last two years. The data in question were encrypted, and there is no evidence that personal information was stolen.
10/15/2007	Transportation Security Administration	3930	Two laptop computers with detailed personal information about commercial drivers across the country who transport hazardous materials are missing and considered stolen. The laptops contained the names, addresses, birthdays, commercial driver's license numbers and, in some cases, Social Security numbers of 3,930 people.
10/16/2007	Administaff	159000	Current and former workers personal data may be compromised because of a stolen laptop. The data wasn't encrypted when it was stored on the portable computer, which is password-protected. Data stored on the laptop included names, addresses and Social Security numbers for most employees paid by Administaff in 2006.
10/17/2007	Home Depot	10000	A laptop computer containing about 10,000 employees' personal data was stolen from a regional manager's car. The computer, which was password protected, didn't contain any customer information. The laptop contained names, home addresses and Social Security numbers of certain Home Depot employees.
10/17/2007	Louisiana Office of Student Financial Assistance		Sensitive data for virtually all Louisiana college applicants and their parents over the past nine years were in a case lost last month during a move. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved.
10/18/2007	University of Cincinnati	7000	The personal information of thousands of University of Cincinnati students and graduates has been stolen. A flash drive was taken from a UC employee last month. It contained the Social Security numbers and other data for more than 7,000 people.
10/23/2007	Bates College	500	Two publicly accessible documents that contained the records of nearly 500 recipients of the federal Perkins Loan, along with each recipient's address, date of birth, Social Security number, legal name and loan amount, were accessible on the Bates network.
10/23/2007	West Virginia Public Employees Insurance Agency	200000	West Virginia officials are alerting 200,000 past and current members of three health insurance programs that a computer tape containing full names, addresses, phone numbers, Social Security numbers and marital status was lost last week while being shipped via United Parcel Service.
10/23/2007	Blockbuster	400	A Sarasota resident was fishing in a trash container for boxes when he found 400 documents. These documents included membership forms and employment applications with names, addresses, credit card numbers and Social Security numbers.
10/23/2007	Dixie State College	11000	An unauthorized person reportedly gained access to a computer system and confidential files, including Social Security numbers, birth date information and addresses for some 11,000 alumni and current DSC employees who graduated or worked at DSC from 1986 to 2005.
10/24/2007	Not Your Average Joes		Massachusetts restaurants were targeted by an individual or individuals seeking to illegally obtain credit card data. The data that was compromised included credit card numbers, expiration date and name associated with the card.
10/25/2007	University of Akron	1200	A microfilm containing the personal information of alumni were missing. Names, previous addresses, phone numbers, birth dates and Social Security numbers was on the missing microfilm.
10/28/2007	Art.com		Cyberspace criminals gained systems entry despite 'multiple security layers' and accessed some credit card transactions. The retailer of posters, prints and framed art alerted customers that hackers had gotten into the website to access credit card accounts.
10/29/2007	United States Postal Service	3000	Employees' names, Social Security numbers and other information were on a laptop computer that was stolen.
10/29/2007	ABC Phones/ACC Communications		Two men found a box in a dumpster. The cell phone business recently moved and threw away documents that contained personal information from customers. The information contained driver's license numbers, Social Security number, bank account numbers, credit card numbers, work and home addresses.
10/30/2007	Hartford Financial Services Group	237000	Three backup tapes that contained personal information of 230,000 customers, including 9,200 Ohioans, mainly of the company's property lines, were misplaced.
10/30/2007	Pathology Group of the Mid-South	75000	Someone broke into a locked office building, several computers with flat screen monitors were stolen. One of those computers had patient information on about 75,000 people. This information included names, addresses, Social Security number, even medical information
10/30/2007	University of Nevada Reno	16000	A University of Nevada, Reno a administrative employee has lost a flash drive that contained the names and Social Security numbers of 16,000 current and former students.
11/1/2007	City University of New York	20000	A broken laptop containing personal information was taken from the school's financial aid office.
11/2/2007	Montana State University		An independent security watchdog group informed MSU that an Excel spreadsheet with the names and Social Security numbers of 42 people, most of them hired in the summer of 2006, was publicly accessible on MSU's Web site.
11/2/2007	Montana State University		While investigating that breach, MSU data-security staff found another Excel spreadsheet accidentally posted on the MSU Web site since 2002. It contained the Social Security numbers of 13 people who got travel vouchers from the computer science department in the College of Engineering.
11/6/2007	Butte Community Bank		A laptop with customers' personal information including names, addresses, Social Security numbers and bank account numbers was stolen from Butte Community Bank.
11/6/2007	Montana State University	271	MSU learned that an employee's laptop computer had been stolen somewhere off-campus. It contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to 2007
11/6/2007	Alabama Department of Public Health	1554	The personal information, including the names, ages and Social Security numbers of families enrolled in the state's ALL Kids health care coverage program, were accidentally sent to the wrong families last week. 1,554 affected families were alerted that some of their confidential information might have been released.
11/7/2007	Carolinas Medical Center - NorthEast	28000	A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.
11/7/2007	University of Connecticut Foundation/Convio		UConn was notified of a security breach by an outside party on the network of Convio, Inc., a vendor used by The University of Connecticut Foundation, Inc. for processing online gift transactions and communicating by e-mail. This breach affected 92 of ConvioÆs clients nationwide, including the UConn Foundation. User name and password for Convio account preferences was compromised in this breach.
11/11/2007	State of Nevada
11/13/2007	Commerce Bancorp		A Commerce Bancorp Inc. employee gave out personal information on an unspecified number of the Cherry Hill bank's customers. The Bank discovered the breach through an internal investigation and sent letters to affected customers. The bank does not know if the information included account numbers and Social Security numbers.
11/15/2007	Roudebush VA Medical Center	12000	Two personal computers and a laptop computer were allegedly stolen from an unsecured room. One of the stolen computers contained the names, Social Security numbers and dates of service of approximately 12,000 veterans.
11/16/2007	University of Wisconsin-Whitewater		Officials were notified by one individual about his ability to access a online search feature for the schools website. A search feature that could be used to see student names and Social Security numbers along with some other limited student information. Access to the feature was promptly disabled upon notification of the problem.
11/16/2007	A.J. Falciani Realty Company	500	Computers containing the personal information of between 500 to 1,000 clients of A.J. Falciani Realty Company were taken in a burglary. Many of the stolen computers stored the names, addresses, Social Security numbers, dates of birth, telephone numbers and other information on the company's clients.
11/16/2007	Kansas State University	128
11/16/2007	U.S. Department of Veterans Affairs	1800000	Investigation from a man's home uncovered a computer that held about 1.8 million Social Security numbers from the U.S. Department of Veteran Affairs, where he had been employed as an auditor. Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.
11/17/2007	Ohio Masonic Home / Community Blood Bank	1200	A laptop stolen from a Kettering auditing firm contained personal information on employees of up to 10 businesses, including Springfield-based Ohio Masonic Home. Battelle & Battelle LLC would not disclose the number of individuals affected by the theft but Masonic Home officials said 600 of its employees' information was stored in the laptop.
11/21/2007	University of Florida	415	More than 400 former UF students might have been put at risk for identity theft after their Social Security numbers were posted on UF's Computing & Networking Services Web site. A news release from the Liberty Coalition, a group that works to preserve the privacy of individuals, said 14 files on the Web site contained 'sensitive information' of 534 former UF students, including 415 Social Security numbers.
11/21/2007	United Healthcare		United Healthcare posted the Social Security numbers of doctors at Columbia UniversityÆs faculty practice on a public Web site. United posted the taxpayer identification numbers, some of which were Social Security numbers, alongside the names of 993 providers at Columbia who participate in the insurerÆs network. The list was supposed to be accessible to Columbia employees during the current open enrollment period
11/29/2007	American Red Cross		Six boxes were left unattended in a public hallway for more than six hours. The files contained personal information of current and former employees and were placed there by human resources. Names, addresses and social security numbers could have easily been stolen. The files also contained embarrassing information, including disciplinary actions, results from a drug test, a sexual harassment case; even someone's criminal record from another state.
11/30/2007	Prescription Advantage	150000	The state of Massachusetts is warning 150,000 members of its Prescription Advantage insurance program that their personal information may have been snatched by an identity thief. Local authorities arrested a lone identity thief who had been using information taken from the program in an attempted identity theft scheme. Although the thief used information from just a small number of participants in the scheme, state data-breach laws require that the 150,000 people who could have possibly been affected by the breach be contacted.
12/1/2007	Community Blood Center/Battelle & Battelle LLC	600	Battelle & Battelle LLC was conducting an audit of the blood center's 401K plan when a laptop was stolen from a Battelle employee's vehicle. Up to 600 employees appeared to be affected.
12/4/2007	Duke University	1400	Social Security numbers of about 1,400 prospective law school applicants may have been compromised when a school Web site was accessed illegally.
12/4/2007	Indianapolis Power and Light	3000	The private information of thousands of customers was inadvertently posted online for up to four years. Data included names, addresses and Social Security numbers.
12/5/2007	Forrester Research		Thieves stole a laptop from the home of a Forrester Research employee, potentially exposing the names, addresses and Social Security numbers of an undisclosed number of current and former employees and directors.
12/5/2007	Memorial Blood Centers	268000	A laptop computer holding donor information was stolen. About 268,000 donor records on this laptop computer contain a donor name in combination with the donorÆs Social Security number.
12/6/2007	Oak Ridge National Laboratory	12000	Hackers may have infiltrated a non-classified database containing names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004. The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The lab has sent letters to about 12,000 potential victims.
12/7/2007	Beacon Medical Services		Detailed, personally identifiable medical records of thousands of Colorado residents were viewable on a publicly accessible Internet site for an uncertain period of time. The data included details of patients' visits to emergency rooms -- what ailments they complained of, diagnoses, treatments, and medical histories, along with the patients' names, occupations, addresses, phone numbers, insurance providers, and in some cases, Social Security numbers. The company is trying to determine the exact number of patients affected, but Beck says the number looks to be fewer than 5,000.
12/7/2007	Colorado Board of Dental Examiners		More than a hundred Colorado dentists and their patients could be at risk for identity theft after a car containing a bag of sensitive information was stolen. Authorities found the car a few days later at an apartment complex where one of the alleged thieves lived. Inside the unit, police discovered a massive amount of personal information from previous crimes. Social Security numbers, dates of birth, the credit card numbers, the pin numbers to those credit cards, they even have the photo IDs of the individuals they stole those credit cards from.
12/10/2007	Cameron County Texas		An employee released an e-mail with a list of all county officials and employees. It reportedly contained names, Social Security numbers, and salaries.
12/10/2007	Sutter Lakeside Hospital	45000	A laptop computer containing personal and medical information of approximately 45,000 former patients, employees and physicians has been stolen from the residence of a contractor.
12/10/2007	Tricare Europe
12/11/2007	Iowa Department of Natural Resources	7000	A contractor working for the DNR revealed that a computer jump drive containing the names and Social Security numbers for 7000 people is missing. The contractor believes the jump drive fell off of his desk and into a garbage can.
12/14/2007	Deloitte & Touche		A laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents. The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates.
12/17/2007	West Penn Allegheny Health System	42000	The names, Social Security numbers, phone numbers, addresses and patient care information of 42,000 patients were all on a laptop computer stolen from a nurseÆs home. Only home care and hospice patients could be impacted, not patients at the hospitals.
12/18/2007	Brownsville School District		Forms with employee personal information littered the fence of a Brownsville school district warehouse. Information on litter contained confidential letters with names, bank account numbers, and Social Security numbers. The forms may be more than ten years old, but they each contain information that's still valuable.
12/19/2007	Pennsylvania Department of Aging	20632	A state Department of Aging-owned laptop computer containing personal information on senior citizens was stolen from a Johnstown home. The information included names, addresses, Social Security numbers and some medical information.
12/20/2007	Dormitory Authority of the State of New York	900	Data tapes containing Social Security numbers, phone numbers and addresses for up to 800 current and former employees of the state Dormitory Authority are missing.
12/20/2007	Greenville County School District	500	The district notified employees last week that the computers had been compromised and that employees' personal information was taken, including their names, home phone numbers and Social Security numbers.
12/21/2007	Franklin County Ohio Municipal Court	270	At least six central Ohioans are now under investigation by the U.S. Secret Service for hacking into a government Web site and stealing Social Security numbers to create false credit accounts. More than 270 people nationwide might have been victimized by a security lapse in the Franklin County Municipal Court Web site. Someone was randomly feeding Social Security numbers into a clerk's site, which contained personal information for thousands of people charged with misdemeanors, some guilty of only a speeding ticket. Once a number was hit on, the name, address, age and other information could be used to obtain credit cards and open bank accounts.
12/21/2007	Connecticut Department of Motor Vehicles	155	The Connecticut Department of Motor Vehicles is notifying customers that their personal information may have been on a computer stolen from a mobile service center vehicle while it was being repaired. Personal data on the computer included names, addresses, date of birth, license numbers, photo and signature.
12/28/2007	Davidson County Election Commission	337000	Someone broke into several county offices over Christmas and stole laptop computers that county officials now believe may have contained Social Security numbers and other personal information for every registered voter in Davidson County.
12/28/2007	Minnesota Department of Commerce	219	A laptop computer containing personal information on Minnesotans licensed by the state Commerce Department was stolen from one of its Pennsylvania vendors.
12/28/2007	United States Air Force	10501	A military laptop computer is missing and it contains personal information including Social Security numbers, birth dates, addresses, and telephone numbers of active and retired Air Force members. The laptop belonged to an Air Force band member at Bolling Air Force Base, he reported it missing from his home.
12/29/2007	Administrative Systems
1/2/2008	Workers Compensation Fund	2800	Officials with one of Utah's largest insurance companies are searching for a stolen laptop containing Social Security numbers and other personal information for about 2,800 people and 1,400 companies. The computer was taken from a car parked in the home garage of an auditor for the Workers Compensation Fund.
1/3/2008	Dorothy Hains Elementary School		The library door was kicked in and the circulation computer was stolen, something the principal desperately wants back because it has the Social Security numbers of students and teachers on it.
1/3/2008	Robotics Industries Association		A hacker accessed the administration site for Robotics Online gaining access to individual orders that contained credit card information. Seven residents of NH were affected, but national totals were not indicated.
1/4/2008	Health Net	5000	Thousands of Health Net employees in Connecticut and other states have been notified that their names and Social Security numbers were on a laptop computer that was stolen more than a month ago from a company vendor. The laptop had information on about 5,000 employees companywide and an undisclosed number of health-care providers outside the Northeast.
1/4/2008	Maryland Department of Assessments and Taxation	900	The Maryland Department of Assessments and Taxation Web site may have exposed Social Security numbers online because the application system did not have a necessary security certificate to encrypt the information before it was sent out over the Internet. Roughly 900 people used the system.
1/4/2008	Florida Department of Children and Families		Social Security numbers, birth dates and other information about day-care workers in Orange, Seminole and Osceola counties were among the data on five laptop computers that were stolen from the DCF office near Orlando.
1/5/2008	New Mexico State University		A computer hard drive containing the names and Social Security numbers of current and former NMSU employees is missing from the Pan American Center.
1/7/2008	Geeks.com		Personal and financial data may have been compromised by an intrusion into the systems of the online retailer's Web site. Compromised information included the names, addresses, telephone numbers and Visa credit card numbers.
1/7/2008	Sears/ManageMyHome.com		Sears' ManageMyHome.com site exposed customer purchase data to any online visitor who asked about it.
1/8/2008	Wisconsin Department of Health and Family Services	260000	Social Security numbers were printed on about 260,000 informational brochures sent by a vendor hired by the state to recipients of SeniorCare and other state programs.
1/9/2008	University of Georgia	4250	Former and perspective residents of a university housing complex effected by a hacker that was able to access a server containing personal information, including Social Security numbers. A computer with an overseas IP address was able to access the personal information ù including Social Security numbers, names and addresses ù of 540 current graduate students living in graduate family housing and 3,710 former students and applicants.
1/10/2008	Select Physical Therapy	4000	The company dumped about 4,000 pieces of sensitive customer information in garbage containers behind its facility. The records included Social Security numbers, credit and debit card account numbers, names, addresses and telephone numbers.
1/11/2008	Virginia Department of Social Services	1500	The Department of Social Services has mailed about 1,500 letters to warn of a 'potential security breach' involving a department computer that police suspect was used to commit fraud. A woman is accused of using her work computer while employed by Social Services last summer to apply for a credit card using her landlord's information. She was charged with two felony counts, credit card fraud and forgery, and is accused of spending nearly $1,000 on the card.
1/11/2008	University of Akron	800	A portable hard drive containing personal information is missing and may have been discarded or destroyed. The device contained Social Security numbers, names and addresses of students and graduates.
1/11/2008	University of Iowa	216	Iowa College of Engineering has notified some of its former students that some of their personal information, including Social Security numbers, was inadvertently exposed on the Internet for several months.
1/12/2008	California State University Stanislaus		A possible data breach occurred on a food vendor's computer server. Credit card numbers, cardholder names and expiration dates were exposed, leaving hundreds, possibly thousands, of university students, staff and guests open to identity theft, with victims reporting fake charges on their cards. Social Security numbers were not accessible.
1/14/2008	Tennessee Tech University	990	A portable storage drive containing the names and Social Security numbers of 990 students has been lost. A school employee transferred the information onto a portable flash drive when the printer where he was working did not print. The employee noticed the drive was missing the next morning.
1/15/2008	Naval Surface Warfare Center Dahlgren Division	100	Officials at the Naval Surface Warfare Center are warning past and present employees that their identities and credit ratings could be at risk. Two pages of a Naval Surface Warfare Center Employment Verification Report was found when four people were arrested in Bensalem Township, Pa., last week for attempted identity fraud. The report included names, Social Security numbers, birth dates, position titles, tenure codes, pay grades, salaries and other information about the employees.
1/15/2008	Wisconsin Department of Revenue	5000	Taxpayers in northeastern Wisconsin had their Social Security numbers exposed in a state mailing. A folding error, apparently the result of a faulty machine, allowed the Social Security numbers to be seen through the clear address window of the envelope.
1/16/2008	University of Wisconsin-Madison	529	The personal information, including e-mail addresses, phone numbers, Social Security numbers and campus ID numbers of faculty and staff who made purchases from the DoIT computer shop had been accessible on a campus Internet site.
1/17/2008	GE Money	650000	Personal information on customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. The missing information includes Social Security numbers for about 150,000 people.
1/23/2008	Baylor University		A student employee breached the security of the Baylor Information Network to access the Bear ID and passwords of those logging on to the BIN. This access didn't include sensitive information like Social Security Numbers, financial information or academic records. It was just unlawful access to Bear IDs and passwords. The information did, however, give access to Baylor e-mail and Blackboard accounts.
1/24/2008	Fallon Community Health Plan	29800	A vendor computer containing personal information on patients of Fallon Community Health Plan has been stolen. The data included names, dates of birth, some diagnostic information and medical ID numbers. Some of which may be based on Social Security numbers.
1/25/2008	OmniAmerican Bank	100	An international gang of cyber criminals hacked into the bank's records. They stole account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, Russia, Ukraine, Britain, Canada and New York. Fewer than 100 accounts, some of them dormant, were compromised.
1/25/2008	Penn State University	677	A university laptop containing archived information and Social Security numbers for 677 students attending Penn State between 1999 and 2004 was recently stolen from a faculty member.
1/28/2008	T. Rowe Price Retirement Plan Services	35000	Current and former participants in ôseveral hundredö retirement plans had their names and Social Security numbers contained in files on computers that were stolen.
1/29/2008	Horizon Blue Cross Blue Shield of New Jersey	300000	More than 300,000 members names, Social Security numbers and other personal information were contained on a laptop computer that was stolen. The laptop was being taken home by an employee who regularly works with member data.
1/29/2008	Georgetown University	38000	A hard drive containing the Social Security numbers of Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs.
1/29/2008	Wake County North Carolina Emergency Medical Services	4642	A Panasonic Toughbook used by county paramedics to store patient information on ambulance runs went missing from the WakeMed emergency department and now is thought to have been stolen. The laptop contained names, addresses and Social Security numbers.
1/30/2008	Davidson Companies	226000	A computer hacker broke into a database and obtained the names and Social Security numbers of virtually all of the Great Falls financial services company's clients. The database also included information such as account numbers and balances.
1/31/2008	South Carolina Department of Health and Environmental Control	400	A laptop containing the names and Social Security numbers of state health department employees is missing. The computer was inside a worker's vehicle when it was stolen last week from a convenience store. State officials say the password-protected computer contains personal information of state health department workers from Spartanburg, Cherokee, Union, Greenville and Pickens counties.
1/31/2008	University of Minnesota Reproductive Medicine Center	3100	A doctor at the fertility clinic, lost a flash drive that he used to back up his computer. The drive holds details of infertility treatments for 3,100 patients going back to 1999. The lost drive did not seem to contain any financial or Social Security information.
2/1/2008	Marine Corps Bases Japan	4000	A laptop was stolen , which contained personally identifiable information for clients of Marine Corps Community Services' New Parent Support Program. The laptop may contain names, ranks, Social Security numbers, dates of birth, children's names and mailing addresses of U.S. military service members, U.S. government employees and Status of Forces Agreement personnel on Okinawa and Marine Corps Air Station Iwakuni. It does not include driver's license numbers or bank and credit card information.
2/2/2008	Diocese of Providence	5000	Four computers were taken, and one had personal information on current and former Catholic school employees. The theft possibly exposed names, addresses and Social Security numbers.
2/7/2008	Memorial Hospital	4300	A laptop containing the personal information of full and part time employees and retirees is missing. The missing computer contains their names, addresses, birth dates, ID numbers and Social Security numbers.
2/8/2008	MLSGear.com		Injection attacks on web servers hosted by a third-party service provider has compromised the personal data of an unspecified number of individuals who had shopped on Major League Soccer's MLSgear.com Web site. The compromised information included names, addresses, credit card data, debit card data, and MLSgear.com passwords.
2/10/2008	Administrative Systems, Inc		A desktop computer stolen from an Administrative Systems, Inc. (ASI) office in Seattle contained names and sensitive information about customers or employees of several of the firm's clients: Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental. Personal details may have included name, date of birth, mailing address, and Social Security number, depending on the service being provided.
2/11/2008	Jefferson County Colorado Public Schools	2900	A special education technician had a personal laptop and jump drive stolen during a home robbery. Student name and date of birth, Student ID number, School location If the student has received district transportation additional information such as parent or guardian name and contact information, may also have been on the jump drive. The stolen information did not contain any Social Security numbers or financial information.
2/12/2008	Long Island University	30000	Students tax forms mailed to them last week in were in defective mailers. The mailers containing each student's annual 1098-T 'Tuition Statement' were supposed to have adhesive on all four sides. But one side of each envelope was missing adhesive. The statement contains the student's name, address and Social Security number.
2/12/2008	Modesto California City Schools / Clovis Unified / Los Angeles Department of Water and Power / Torrance Unified School District / Nestle Waters North America	40000	A computer hard drive holding the names, addresses, birth dates and Social Security numbers of Modesto City SchoolsÆ employees was stolen.
2/13/2008	Lifeblood	321000	Laptop computers with birth dates and other personal information of roughly 321,000 blood donors are missing and presumed stolen. Stored inside both computers were names, birth dates and addresses at the time of the individual's last donation or attempted donation. In most cases, the donors' Social Security numbers were also stored, along with driver's licenses, telephone numbers, e-mail addresses, ethnicity, marital status, blood type and cholesterol levels. Social Security numbers had been used to track blood from the donor to the recipients.
2/13/2008	Middle Tennessee State University	1500	A professor left the university computer unattended in the mass communication department about two weeks ago and an unidentified person is believed to have used the machine to send spam e-mails. The computer contained the names and Social Security numbers of past and current students.
2/13/2008	Milwaukee County		Milwaukee County officials mistakenly released numerous confidential court records for a citizens group's Web site that detail payments for tests and other costs linked to to mental competency, paternity and guardianship cases. Entries for psychiatric examinations and guardianship fees in which the clients' names were still listed,
2/14/2008	Tenet Healthcare Corporation	37000	A ex-employee worked at a Frisco, Texas, billing center for less than two years, and is confirmed to have stolen the names, Social Security numbers and other personal information of about 90 patients. The employee also had access to 37,000 other accounts.
2/15/2008	Crosslines Ministries of Carthage	2000	One of the largest aid agencies in Carthage was burglarized and files, containing the personal information of about 2,000 families, were stolen. Kaiser said among the items stolen were paper files containing names, addresses, Social Security numbers and other personal information of individuals served by Crosslines.
2/15/2008	First Magnus Financial		Outside a University of Phoenix Building in Ft. Lauderdale, files and paperwork belonging to the defunct First Magnus Financial were just lying in stacked boxes inside an industrial garbage container. The paperwork contained Social Security numbers, credit card information, addresses, and properties.
2/15/2008	Lexmark International		The employee personal data was inadvertently exposed, it included Social Security numbers, dates of birth, along with names and addresses. The data was accessed by two unknown parties when the data was loaded to a company file sharing site.
2/15/2008	Systematic Automation Inc	40000	Police filed possession of stolen property charges against a prison parolee who was arrested for having a computer with more than 40,000 names, addresses and Social Security numbers of California residents. The computer was stolen from Systematic Automation Inc., which processes individualized annual statements customized for employees with a summary of their health and other employee benefits. The hard drive contained employee information from 19 agencies. Some of the larger agencies include the Modesto City Schools, Clovis Unified School District, Los Angeles Department of Water and Power, and the Torrance Unified School District.
2/16/2008	Texas A&M University	3000	A computer file containing the names and Social Security numbers of current and former Texas A&M University agricultural employees was inadvertently posted online and accessible to the public for three weeks.
2/25/2008	Mecklenburg County North Carolina	400	A County employee's car was stolen, and in that car was a printout of bank draft transactions within the Park and Recreation Department. bank account information of an unknown number of people in Mecklenburg County has been stolen.
2/27/2008	Health Net Federal Services	103000	Thousands of doctors in eleven states had their personal information openly posted on a company website. Social Security numbers were part of the personal information exposed. The states involved include Wisconsin, Michigan, Illinois, Indiana, Ohio, Pennsylvania, Tennessee, Iowa, Missouri, Kentucky and West Virginia.
2/29/2008	Wellesley Health Department	480	Information in an envelope that had been mailed by the townÆs health department to a Medicare office in Boston say when the envelope arrived, it was open and the contents were missing. The material included social security numbers, addresses and dates of birth of seniors who had received flu shots from the town last fall.
3/3/2008	Kraft Foods	20000	A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business. The laptop contained the names and may have contained Social Security numbers.
3/5/2008	Nevada Department of Public Safety	109	A private firm working for the Nevada Department of Public Safety has lost personal information provided by individuals seeking jobs with the agency. Data included Social Security numbers, addresses and background check information.
3/6/2008	Cascade Healthcare Community	11500	A computer virus may have exposed to outside eyes the names, credit card numbers, dates of birth and home addresses individuals who donated to Cascade Healthcare Community.
3/8/2008	MTV Networks	5000	Computer files with confidential data on employees at MTV Networks were breached by someone outside the company. Personal information in the files included names, birth dates, Social Security numbers and compensation data.
3/10/2008	Blue Cross Blue Shield of Western New York	40000	A laptop hard-drive containing vital information about members has gone missing. Blue-Cross Blue-Shield of Western New York says it is notifying its members about identity theft concerns after one of it's company laptops went missing.
3/10/2008	Central Florida Regional Hospital	28	The medical records of Central Florida Regional Hospital patients were sold last month at a Salt Lake City surplus store for about $20. The records were sold to a local school teacher looking for scrap paper for her fourth-grade class. The records contained detailed medical histories, phone numbers, addresses, Social Security numbers and insurance information.
3/10/2008	Texas Department of Health and Human Services		Information, including Social Security numbers that could be used to steal Medicaid clients' identity may have been stored on two computers stolen during a burglary. Computers could have contained personal information only on e-mails. The e-mails, however, would normally contain only an individual's case number. It is unlikely those e-mails would have listed Social Security numbers.
3/12/2008	Harvard University	10000	Harvard Graduate School of Arts and Sciences (GSAS) Web server may have compromised 10,000 sets of personal information from applicants and students, including 6,600 Social Security numbers and 500 Harvard ID numbers.
3/13/2008	University Health Care	4800	PatientÆs information could have been compromised, when a laptop with names, Social Security numbers and personal health information was stolen from University Healthcare. The hospital says that someone broke into a locked office and took a lap top and a flash drive.
3/15/2008	Sterling Insurance and Associates		A server stolen from the locked offices contained names, addresses, and Social Security numbers, dates of birth, driver's license numbers, and/or account information for an unspecified number of customers.
3/15/2008	Utah Division of Finance	500	Computer files containing the personal information of approximately 500 individuals may have been accessed by unauthorized persons during a security breach. An initial investigation indicates it is highly unlikely the person who breached the computer system was able to access any personal information.
3/15/2008	Broward County School District	38000	A Atlantic Technical High School senior hacked into a district computer and collected Social Security numbers and addresses of district employees.
3/17/2008	Binghamton University	300	A university employee mistakenly sent an e-mail attachment containing the names, grade point averages and Social Security numbers of junior and senior accounting students to another group of School of Management students.
3/17/2008	Hannaford	4200000	This security breach affects all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products. The company is currently aware of about 1,800 cases of reported fraud related to the security breach. Credit and debit card numbers were stolen during the card authorization transmission process, but no personal information was divulged.
3/17/2008	Minneola City	9	Nine Minneola firefighters are trying to keep their names clean after their personal information ended up on the city's Web site. The city clerk accidentally published the information. Social security numbers, phone numbers, addresses and personal information from union application cards found its way onto the city's Web site for over 36 hours.
3/19/2008	Affordable Realty		Social Security numbers and financial records of customers. Affordable Realty occupied office space inside the Ben Agree building on Dort Highway for years. The company was evicted and all of its sensitive customer information ended up outside in a dumpster or on the ground nearby.
3/20/2008	Lasell College	20000	A hacker accessed data containing personal information on about current and former students, faculty, staff and alumni. Information included names and Social Security numbers.
3/20/2008	Pennsylvania Department of State	30000	The state was forced to pull the plug on a voter registration Web site after it was found to be exposing sensitive data about voters. Because of a Web programming error, the Web site was allowing anyone on the Internet to view data such as the voter's name, date of birth, driver's license number, and political party affiliation. On some forms, the last four digits of Social Security numbers could also be seen.
3/21/2008	Compass Bank	1000000
3/21/2008	Rhode Island Department of Administration	1400	A state computer disk containing Social Security numbers is missing. The information was discovered missing within the last two weeks when human resources staff members who had relocated from Providence to Cranston could not find the data on the server.
3/22/2008	Agilent Technologies	51000	A laptop containing sensitive and unencrypted personal data on current and former employees of Agilent Technologies was stolen from the car of an Agilent vendor. The data includes employee names, Social Security numbers, home addresses and details of stock options and other stock-related awards. Agilent blamed the San Jose vendor, Stock & Option Solutions, for failing to scramble or otherwise safeguard the data - 'in violation of the contracted agreement.'
3/23/2008	Western Carolina University	555	Someone had hacked into a computer server and had access to the Social Security numbers of 555 graduates of the university who had signed up for a newsletter.
3/24/2008	National Institutes of Health	2500	A laptop was stolen from the trunk of a car. It contained information about heart disease patients, including their names, dates of birth and diagnoses of their medical conditions.
3/24/2008	Super 8 Motel
3/26/2008	BNY Mellon Shareowner Services	3500	The company lost a box of computer data tapes storing personal information including names, Social Security numbers and possibly bank account numbers.
3/26/2008	The Dental Network	75000	A security breach of The Dental Network web site left access to member personal data, including names, Social Security numbers, addresses and dates of birth unprotected for approximately two weeks. The Dental Network is an independent licensee of the Blue Cross and Blue Shield Association.
3/28/2008	Antioch University	70000	A computer system that contained personal information on about 70,000 people was breached by an unauthorized intruder three times. The system contained the names, Social Security numbers, academic records and payroll documents for current and former students, applicants and employees.
3/28/2008	Museum of Science Boston	140	The museum has notified 140 patrons that their names, credit card numbers, and other personal information were exposed on the museum's website because of a contractor's error.
3/29/2008	San Quentin State Prison	3500	A flash memory drive containing names, birth dates and driver's license numbers of people who either volunteered or visited San Quentin State Prison in a group tour has been lost.
3/29/2008	Department of Human Resources		A thief has stolen computer records containing identifying information on current and former employees of the state Department of Human Resources, including names, Social Security numbers, birth dates and home contact information. An external hard drive that stored a database was removed by an unauthorized person.
3/31/2008	Advance Auto Parts	56000
4/1/2008	Okemo Mountain Resort
4/4/2008	Harley-Davidson, Inc.(HOG)	60000	A laptop computer containing certain HOG members' personal information was determined to be missing from their facilities. The personal information stored on the computer included names, addresses, credit card numbers, their expiration dates, and driver's license numbers.
4/4/2008	University of California Irvine	7000
4/7/2008	Army Acquisition Support Center	24	"A spreadsheet containing a ""hidden"" column of Social Security numbers belonging to about two dozen officers and civilian employees of one Army agency was left on the agency's website for five months after being notified of the presence of the personal information. The center has temporarily shut down its website to scrub the information from the spreadsheet."
4/7/2008	Pfizer	800	A laptop was stolen by a burglar from the home of a contractor who helps arrange planning travel and meetings for Pfizer. Information on the laptop included names, credit card numbers and, in some instances, credit card expiration dates, various addresses and phone numbers, hotel loyalty program numbers and other information. It did not appear that any Social Security numbers or PIN codes were exposed
4/7/2008	Redbox		Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country. They announced that they'd found credit card skimmers attached to three of their kiosks.
4/8/2008	WellCare	71000	Private records of members of health insurance programs for the poor or working poor were accidentally made available on the Internet for several days. Those whose data was made available on the Internet included members of Medicaid, the federal health program for the poor, and PeachCare for Kids, a federal-state insurance plan for children of the working poor. About 10,500 members' Social Security numbers may have been viewed by unauthorized people on the Internet, all members of Medicaid or PeachCare. There is a possibility that an initial 59,000 members may have had some personal information made accessible.
4/8/2008	Wellpoint	128000	Personal information that may have included Social Security numbers and pharmacy or medical data for customers in several states was exposed online over the past year.
4/9/2008	Norfolk's Community Services Board	30	The personal information of clients of Norfolk's Community Services Board was compromised when a case worker's briefcase was stolen. The briefcase was left in the worker's car in a Virginia Beach parking garage, but someone smashed a window and stole it. It's unclear what information was in the files but that it likely included Social Security numbers.
4/10/2008	Joliet West High School		A student using a school computer last month was able to access personal information about every student enrolled. The student allegedly downloaded a list of names and Social Security numbers to his iPod.
4/11/2008	New York-Presbyterian Hospital/Weill Cornell Medical Center	49841	One of the hospitals employees may have stolen records containing the names, phone numbers and, in some cases, social security numbers of some of it's patients patients.
4/12/2008	West Seneca School District	1800	Several current and former students are believed to have broken into the school district’s computer system and copied secure files that included the personal information and Social Security numbers of school employees
4/13/2008	University of Toledo	6488	Personal information of the University of Toledo employees, the majority having worked on the Health Science Campus in 1993 and 1999 - last month was inadvertently placed on a server to which all employees had access. The information, which was used for payroll purposes, included names, addresses, and Social Security numbers and was accessible for about 24 hours.
4/14/2008	Utah Department of Workforce Services		A former state employee who took applications from people seeking food stamps and other welfare aid worked with three others to steal the identity of Utah residents and charge tens of thousands of dollars in purchases.
4/14/2008	Stokes County Schools	800	A school computer containing the names, test scores and Social Security numbers of students from three Stokes County high schools was stolen from a locked closet.
4/15/2008	First Federal Bank of California		"This bank was not the only financial institute impacted by a security breach that occurred in a banking in a ""subsystem of a financial data processor,"" Fiserv, Inc. of Wisconsin last month.The bank said that it was ""company policy"" not to reveal any details about the breach including the number of banks involved, how many customers were impacted, the depth of information breached, how extensive the breach was geographically even which federal agencies were involved. However, non-public private account information might be at risk."
4/16/2008	University of Virginia	7000	A laptop stolen from a University of Virginia employee contained sensitive information about students, staff and faculty members. Stolen from an unidentified employee from an undisclosed location in Albemarle County, the laptop contained a confidential file filled with names and Social Security numbers.
4/16/2008	Hexter Elementary School		Employee and volunteer records were found at a recycling bin near the school. It's unknow what type of documents were found.
4/17/2008	University of Miami	2100000	Computer tapes containing confidential information of Miami patients was stolen last month when thieves took a case out of a van used by a private off-site storage company. The data included names, addresses, Social Security numbers or health information.
4/17/2008	Connecticut State University System / Buffalo State / Northwest Missouri State University	28879	At least 18 colleges are scrambling to inform tens of thousands of students they are at risk of having their identities stolen. A laptop computer that was stolen from a vendor contained the data of current and former students from the four state universities, including Western Connecticut State University. The computer was password-protected but contained unencrypted files with personally identifiable data, including names and Social Security numbers.
4/19/2008	Central Collection Bureau	700000	A computer server containing Social Security numbers and other personal information was stolen last month from a Southside debt-collection bureau. The information includes customer-billing records for Indiana businesses, including Citizens Gas & Coke Utility, St. Vincent Health and Methodist Medical Group.
4/20/2008	Helping Homeless Veterans and Families		Hundreds of files containing medical histories and Social Security numbers were found in the trash on Indianapolis' east side. The records belong to homeless veterans. A lot of the things inside the folders are confidential information about the clients including Social Secrutiy numbers.
4/21/2008	Brunswick Corp	700	An electronic devices that scans customers' drivers' licenses to make sure they're of legal drinking age was stolen from a company-owned bowling facility in suburban Naperville. The device contains information such as driver's license number, date of birth and first and last names of customers whose licenses were scanned.
4/22/2008	Fishback Financial Corp		There has been an unauthorized access to one of the database servers by a third party. The database includes names, addresses and Social Security numbers.
4/22/2008	Central New England HealthAlliance	384	Personal data could be at risk of exposure after a home health nurse reported that her handheld computer was missing. The unencrypted data include names, Social Security numbers, and health insurance records.
4/22/2008	Smithtown Post Office		A Smithtown postal worker was arrested after he stole credit cards from the mail and went on a shopping spree.
4/22/2008	LendingTree		"Outside loan companies may have accessed information, including Social Security numbers, between October 2006 and early 2008 and used it to market their own mortgages to LendingTree customers. Several former employees may have shared confidential passwords with ""a handful"" of lenders that were not approved by the company."
4/22/2008	HealthNow New York		Clients may be at risk for identity theft, after a former employees laptop computer went missing with confidential information several months ago. The potential information includes names, dates of birth, Social Security numbers, addresses, employer group names, and health insurance identifier numbers.
4/22/2008	University of Massachusetts		Hackers breached the computer system used by UMass Amherst's Health Services, potentially gaining access to thousands of medical records. More than half of the student population at UMass Amherst are patients on record at the University Health Services.
4/22/2008	CollegeInvest	200000	Customers had personal information stored on a computer hard drive that disappeared during a recent move. CollegeInvest moved to a new office space recently using an international relocation firm that offered specialists in moving computer equipment. CollegeInvest discovered while unpacking at the new location that a hard drive was missing.
4/23/2008	Southern Connecticut State University	11000	Southern Connecticut State University is taking action to prevent its students from becoming victims of identity theft. The move comes after a website with student and alumni information was found to be easily accessible to hackers. It appears that no financial information was accessed but Social Security numbers were vulnerable.
4/23/2008	University of Texas Health Science Center	2000	About 2,000 medical bills were mailed last week with patients' Social Security numbers visible on the envelope.
4/24/2008	Collections Lawyers Pellegrino & Feldstein	530	Consumer information somehow escaped the New Jersey law offices of and ended up posted on several websites. The Liberty Coalition discovered cached versions of an Excel file that contained the full names, Social Security numbers, dates of birth, addresses, account numbers, and financial information.
4/24/2008	Harmony Information Systems		A computer program housing personal information about Wisconsin seniors and disabled people had a significant security hole. A senior center volunteer in McFarland said he could see hundreds of files of people's private information from across the country in the system run by Virginia-based Harmony Information Systems. The information is entered into an electronic record that includes the person's name and Social Security number.
4/25/2008	Canton WiseBuys		Someone apparently hacked into the Canton WiseBuys store computer system during a changeover between December 5 and December 20. The hacker obtained personal identification and banking numbers of hundreds of customers.
4/25/2008	Baltimore State Highway Department	1800	An employee transferred personnel transaction data from a secure drive to a SHA shared drive. Sensitive personal information concerning employees, included names and Social Security numbers.
4/25/2008	University of Colorado	9500	"Three computers in the Division of Continuing Education and Professional Studies were compromised, leaving people open to potential identity theft. One of the three computers had personal data, including names, Social Security numbers, addresses and grades.
UPDATE (5/1/08) :
Upon further analysis, the University concluded that no personal data had been exposed. 9,500 records were initially thought to be comprised, but later this was revised to zero."
4/27/2008	General Internal Medicine of Lancaster		A laptop was stolen from a doctors office containing the Social Security numbers of patients.
4/28/2008	Hough, MacAdam & Wartnik	500	A notebook computer was stolen from a locked vehicle. The notebook's hard drive may have contained names, Social Security numbers, and other personal information.
4/28/2008	Coos County Oregon	500
5/1/2008	Lunardi's Supermarket	100	"An ATM and credit card reader in a checkout aisle at the Los Gatos Lunardi's supermarket was recently switched, resulting in cases of identity theft. Victims all had their card numbers stolen after officials from Lunardi's contacted them about a problem with one of their card readers.""It was a switched card reader at one of the aisles,"""
5/1/2008	Staten Island University Hospital	88000	Computer equipment stolen from an administrator contained personal information from patients. Social Security numbers and health insurance numbers were contained in computer files on a desktop computer and the backup hard drive.
5/1/2008	Cove Creek Mortgage/Front Range Mortgage		Sensitive mortgage files with people's personal information were recently found in a Dumpster. The files and computers contained sensitive information on many former customers of Front Range Mortgage, including names and addresses, Social Security numbers and bank, credit card and investment account information.
5/1/2008	University of California San Francisco	6313
5/2/2008	Marine Corps Reserve Center	17000	A former U.S. military contractor has pleaded guilty to exceeding authorized access to a computer and aggravated identity theft after he was accused of selling names and Social Security numbers of 17,000 military employees.
5/2/2008	Iredell County Tax Collector	468	A courier vehicle providing services for First Citizens Bank was stolen in Charlotte. The stolen shipment contained a computer report of taxpayer's check information, including account numbers, check numbers, check amounts and routing numbers from various banks on which the checks were drawn. There were also copies of tax bills that contained taxpayer names, addresses and other public information related to tax payments.
5/5/2008	Target America Inc./UCSF	6313	Information on UCSF patients was accessible on the Internet. The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients' physicians also were available online.
5/6/2008	Northeast Security		News Channel 8 found Social Security numbers, bank account numbers and even canceled checks inside a dumpster. The files appear to belong to Northeast Security, a subcontractor for Safe Home Security, based out of Rocky Hill. Northeast Security recently moved out of a West Haven storefront, and it seems they left their clients personal information behind.
5/6/2008	International Visa Service	1000	An employee has been arrested and charged with stealing the personal information of people who were applying for a passport and sold the identities on the black market.
5/6/2008	Finjan	5878	Researchers at security vendor Finjan uncovered a server containing the sensitive email and Web-based data of thousands of people, including healthcare information, credit card numbers and business personnel documents and other sensitive data. Finjan notified more than 40 major international financial institutions located in the United States, Europe and India whose customers were compromised as well as various law enforcements around the world. Server logs contained a mountain of healthcare information, including personal data, health data, treatment, medications, insurance details, Social Security Numbers, and healthcare providers' data, including physician's name. Banking data, including credit card numbers and account login numbers were also discovered on the server.
5/6/2008	Ohio State University Agricultural Technical Institute	192	Personal information on faculty and staff members was accidentally emailed to about 680 students. The email contained spreadsheet information listing the names, positions, salaries and Social Security numbers.
5/7/2008	SAIC	4690	(877) 277-8001 SAIC stockholders are at risk of identity theft after a box of magnetic backup tapes went missing. The tapes contained names, addresses, Social Security numbers, stock account information, transaction activity and possibly bank account numbers for current or former shareholders.
5/7/2008	Bank of New York Mellon	4500000
5/8/2008	Las Cruces Public Schools	1800	A part-time computer analyst for Las Cruces Public Schools inadvertently posted personal data for 50 special education students and 1,750 district employees on the Internet. Information posted included Social Security number, date of birth, name, the nature of disability and caseworker's name."
5/8/2008	Dominican University	5000	Two students were able to access records on a staff network storage area. The files accessed were three spreadsheets that included the students names, addresses, phone numbers, birthdays and Social Security numbers.
5/9/2008	Princeton University Tower Club	103	Tower Club is taking steps to protect 103 of its alumni in the classes of 2006 and 2007 after a spreadsheet listing their names and Social Security numbers was e-mailed to current club members. The document was attached to an apparently unrelated e-mail that informed current members about a club event. The spreadsheet was attached unintentionally because of a technical glitch in an email program.
5/12/2008	Pfizer	13000	About 13,000 employees at Pfizer Inc., including about 5,000 from Connecticut, had their personal information compromised when a company laptop and flash drive were stolen. No Social Security numbers were on the laptop, but names, home addresses, home telephone numbers, employee ID numbers, positions and salaries were possibly compromised. Other information possibly lost included the department employees worked in, the Pfizer site where the employees worked, the name of employees’ managers and descriptions of their jobs.
5/12/2008	Dave & Buster's	5000
5/14/2008	Oklahoma State University	70000	A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of students, staff and faculty who bought parking and transit services permits in the past six years.
5/15/2008	BB&T Insurance		A BB&T Insurance laptop containing the personnel information of some Harrisonburg City Schools employees was stolen. The laptop, used by an outside sales representative to develop an insurance proposal for the school system, was stolen from a car. The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history.
5/16/2008	Greil Memorial Psychiatric Hospital		Index cards containing patients personal information, names, dates of birth, even Social Security numbers are gone. Hundreds of records have simply disappeared.
5/16/2008	Chester County School District	50000	A 15-year-old student gained access to files on a computer at Downingtown West High School. Private information, including names, addresses and Social Security numbers, of more than 50,000 people were accessed. The student apparently used a flash drive to save the personal data of about 40,000 taxpayers and 15,000 students.
5/16/2008	Amateur Athletic Union		Boxes filled with personal information were found in a dumpster. Information on athletes and their guardians included Social Security numbers and copies of birth certificates.
5/16/2008	Spring Independent School District	8000	A laptop computer containing the personal information of students was stolen from a employee’s car. The car burglars made off with her school laptop and an external flash drive. The flash drive contains students’ Social Security numbers, personal information, schools those students attend, as well as their grade level and birthdates. The drive also contained the Texas Assessment of Knowledge and Skills test results.
5/17/2008	University of Louisville	20	Documents being copied and taken from a private office in the president’s office, to its Internal Audit Office and Department of Public Safety may have resulted in a security breach. The documents contained personal information — including Social Security numbers, student and employee identification numbers and salary information — for current and recent student employees. The university learned of the theft when salary information was shared anonymously with some employees in the office.
5/20/2008	New York University	273	Duke University's Fuqua School of Business is notifying former New York University students that some of their personal information was inadvertently accessible by targeted Internet searches. The personal data included names and Social Security numbers and was contained in the faculty member's research records. The information could have been accessed only if searched by specific student names, along with a search code for Social Security numbers.
5/20/2008	University of Florida College of Medicine - Jacksonville	1900	A UF assistant professor of plastic surgery at the UF College of Medicine-Jacksonville, stored unsecured digital photographs of his patients and identifying information -- such as names, dates of birth, Social Security numbers, and Medicare numbers -- on a computer. He then gave the computer to a family he was friends.
5/21/2008	Oklahoma Corporation Commission	5000	The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after a server containing the names and Social Security numbers of thousands of residents was sold at an auction.
5/22/2008	Downingtown Area School District	56000
5/22/2008	HealthSpring	9000	A laptop computer containing personal information of about 450 state residents was stolen. The laptop, believed to contain names, dates of birth and Social Security numbers of about 9,000 individuals, was stolen from a HealthSpring employee's locked car.
5/23/2008	R.E. Moulton	19000	Thieves broke intothe Irving, Texas regional office and stole a laptop computer containing personally information of numerous individuals, including names and Social Security numbers.
5/28/2008	University of California San Francisco	3569	During routine monitoring of a campus computer network, UCSF discovered unusual data traffic on one of its computers. During the investigation, UCSF determined that an unauthorized movie-sharing program had been installed on one computer by an unknown individual. Installation of this program required high-level system access. The computer contained files with lists of patients from the UCSF pathology department’s database. The data included information such as patient names, dates of pathology service, health information and, in some cases, Social Security numbers.
5/29/2008	State Street Corp	45500	Computer equipment containing personal information on customers and employees of a State Street unit was stolen. The computer equipment was stolen from a vendor hired by Investors Financial Services to provide legal support services. The personal information included names, addresses and social security numbers.
5/30/2008	Circuit Court of Louisville	312	(502) 595-3273 Louisville Metro Police made an arrest, and during that arrest they found 312 stolen court traffic files in that person's possession. All of the files contain personal information of people in Louisville such as, name, address, date of birth and in some cases Social Security numbers and copies of drivers’ licenses.
5/31/2008	Pocono Mountain School District	11000	A hacker apparently broke into the computers at Pocono Mountain School District and may have tapped into confidential information concerning students and their parents. Information may have included the students' birth dates, Social Security numbers, student IDs, home phones, and the parents' names, phone numbers and emergency phone numbers. ''If you see any unauthorized activity, promptly contract your service provider and or the office of the director of technology at 570-873-7121, ext. 10151,''
6/2/2008	Walter Reed Army Medical Center	1000	Records with confidential information on about 2,100 people have been lost and might have been mistakenly shredded. The files contained copies of letters informing applicants that they were ineligible for the unemployment insurance. They were dated between May 2 and May 20 and contained names, addresses and Social Security numbers.
6/2/2008	Connecticut Department of Labor	1200	Sensitive information on patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach. The computer file that was breached did not include information such as medical records, or the diagnosis or prognosis for patients, but may have included names, Social Security numbers, birth dates as well as other information.
6/3/2008	Oregon State University	4700	http://www.privacyrights.org/ar/ChrondataBreaches.htm
6/4/2008	AT&T		A laptop was stolen from the car of an employee. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.
6/6/2008	Stanford University	72000	Stanford University determined that a university laptop, which was recently stolen, contained confidential personnel data. The university is not disclosing details about the theft as an investigation is under way.
6/7/2008	East Tennessee State University	6200	6,200 people may have had there identities compromised by the theft of a desktop computer. The computer is password protected and files cannot be easily accessed. But there is a small possibility that the information could be compromised.
6/7/2008	Southington Water Department	26	Documents with the names and Social Security numbers of 26 people were found scattered by the Quinnipiac River.
6/9/2008	University of South Carolina	7000	Several items were stolen from an office in the Moore School of Business. Among the items was a desktop computer. As a result of the computer being stolen, it is possible that some personally identifiable data could have been compromised.
6/10/2008	Wheeler's Moving Company		Personal files with tax information, Social Security numbers and license numbers, were found in a Boca Raton dumpster.
6/10/2008	University of Utah Hospitals and Clinics	2200000	Billing records of 2.2 million patients at the University of Utah Hospitals and Clinics were stolen from a vehicle after a courier failed to immediately take them to a storage center. The records, described only as backup information tapes, contained Social Security numbers of 1.3 million people treated at the university over the last 16 years.
6/10/2008	University of Florida	11300	Current and former students had their Social Security numbers, names and addresses accidentally posted online. The information became available when former student employees of the Office for Academic Support and Institutional Service, or OASIS, program created online records of students participating in the program between 2003 and 2005.
6/10/2008	1st Source Bank		1st Source Bank is replacing ATM cards this month for all its account holders after cyber-thieves accessed an unknown amount of debit-related data.
6/11/2008	Dickson County TN Board of Education	850	A computer containing sensitive personal was stolen from the Dickson County Board of Education. The computer belongs to the new director of schools and was loaded with the name and Social Security number of every school employee from the 2006-2007 school year, a total of 850.
6/12/2008	Columbia University	5000	A student employee had posted a database of students' housing information on a Google-hosted Web site. Their Social Security numbers had been searchable online for the last 16 months.
6/13/2008	Texas Insurance Claims Services		Hundreds of files with people's names, Social Security numbers and policy numbers were found in a Richardson dumpster.
6/15/2008	Conn. Department of Administrative Services		Department of Administrative Services posted the Social Security numbers of individual contractors on a state Web site. An audit also uncovered the Social Security numbers of prospective nursing employees accessible on an agency Web site for 19 months until a complaint was lodged.
6/18/2008	Domino's Pizza		Investigators found credit card numbers blowing in the wind. These piles and papers contained hundreds of old receipts from Domino's Pizza stores. The former owner had been discarding boxes of old records and somehow all those receipts got loose.
6/19/2008	Citibank		A Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached. The computer intrusion into the Citibank server led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines, pocketing at least $750,000 in cash.
6/19/2008	Petroleum Wholesale		The company dumped hundreds of records in a publicly accessible trash container outside its former headquarters. The records included receipts with customers' names and full credit or debit card numbers, including expiration dates. The records also included returned checks and forms containing customers' names and bank routing, driver's license and Social Security numbers.
6/23/2008	Bank Atlantic		Bank Atlantic confirms they had a data loss, involving their MasterCard debit cards. It happened through a local merchant, but at this time, isn't saying which one.
6/23/2008	CNET Networks / Google		Burglars stole computer systems from the offices of the company that administers the Internet publisher's benefit plans. The computers contained names, birth dates, Social Security numbers and employment information of the beneficiaries of CNET's health insurance plans. CNET was only one of several clients affected.
6/24/2008	California Department of Consumer Affairs	5000	A Microsoft Word document was improperly transmitted electronically outside of the department. The document contained the salaries and titles of everyone on the document. It may have also compromised their names and Social Security numbers.
6/24/2008	Southeast Missouri State University	800	A former employee has been indicted on two charges of identity fraud and one charge of computer trespass after being found in possession of 800 student names and Social Security numbers.
6/26/2008	Texas Department of Public Safety	826	http://www.privacyrights.org/ar/ChrondataBreaches.htm
6/27/2008	Montgomery Ward	51000	Hackers extracted stolen information from an online database that held credit card account information.
7/2/2008	University of Nebraska at Kearney	2035	Officials at the University of Nebraska at Kearney discovered a security breach involving nine university computers. Of the nine computers involved, five contained names and partial or complete Social Security numbers.
7/2/2008	Baptist Health	1800	Due to a breach by an unauthorized person in the information systems, there is a possibility that some personal information, such as name, address, date of birth, Social Security number, and reason for coming to Baptist Health. No information in the patient’s “medical records” and no information about the patient’s diagnosis or prognosis was accessed.
7/4/2008	Clark County Nevada District Court	380	A contracted vendor released personal information on about 380 potential jurors to an employee's private e-mail address. The information provided to the e-mail account could have included names, addresses, Social Security numbers and birth dates.
7/7/2008	Florida Agency for Health Care Administration	55000	A security breach in the Organ and Tissue Donor Registry may have exposed thousands of donors' personal information, including their Social Security numbers. Other data included donors' names, addresses, birth dates and driver license numbers.
7/8/2008	LPL Financial	10219	Hackers potentially got their hands on clients unencrypted names, addresses and Social Security numbers. Hackers compromised the logon passwords of 14 financial advisers and four assistants.
7/9/2008	Wagner Resource Group		Sometime late last year, an employee of a McLean investment firm used the online file-sharing network LimeWire. In doing so, he inadvertently opened the private files of his firm to the public. That exposed the names, dates of birth and Social Security numbers of about 2,000 of the firm's clients, including a number of high-powered lawyers and Supreme Court Justice Stephen G. Breyer.
7/10/2008	Williamson County (TN) Schools	4000	Social Security numbers and other personal information of 4,000 children were posted on the Internet.
7/11/2008	Fort Lewis	900	A laptop computer that was reported stolen from an Army employee’s truck contained personal information on about 800 to 900 Fort Lewis soldiers. UPDATE (7/11/08) :A 17-year-old Lacey boy faces a charge of suspicion of possession of stolen property after Tumwater police uncovered items from vehicle prowls, including a stolen Army laptop containing information about up to 900 Fort Lewis soldiers.
7/14/2008	Washington Metropolitan Area Transit Authority	4700	Metro accidentally published the Social Security numbers of past and present employees on its Web site. The numbers were posted with a solicitation to companies for workers' compensation and risk management services.
7/15/2008	Indiana State University	2500	"A password-protected laptop computer containing personal information for current and former Indiana State University students was stolen. The laptop contained data for students who took economics classes from 1997 through the spring semester 2008. The information includes names, grades, e-mail addresses and student identification numbers and in some cases Social Security numbers.
UPDATE (7/22/08) :The laptop computer was mailed anonymously back to the professor it was stolen from six days after it was stolen along with other personal items."
7/15/2008	Weber Law Firm		Sheriff's deputies uncovered hundreds of people's personal financial files that had been discarded in a dumpster in northwest Houston. Box after box of records including personal financial records, documents with Social Security numbers, people's medical files and more were found in the dumpster.
7/15/2008	Missouri National Guard	2000	The Missouri National Guard has called for a criminal investigation after it learned that the personal information of as many as 2,000 soldiers had been breached. The Guard would not release how the personal information had been taken -- whether by computer hackers or other means -- because it has asked for a full law enforcement investigation into the matter.
7/15/2008	University of Texas at Austin	2500	The personal information of University of Texas students and faculty has been exposed on the Internet. An independent watchdog discovered more than five dozen files containing confidential graduate applications, test scores, and Social Security numbers. The files were inadvertently posted by at least four different UT professors to a file server for the School of Biological Sciences.
7/16/2008	Greensboro Gynecology Associates	47000	A backup tape of patient information was stolen from an employee who was taking the tape to an off-site storage facility for safekeeping. The stolen information included patients' names, addresses, Social Security numbers, employers, insurance companies, policy numbers and family members.
7/17/2008	Department of Consumer Affairs	5000	A Consumer Affairs personnel specialist in Sacramento, emailed an alpha personnel file containing names and Social Security numbers of the department's more than 5,000 staff to a personal Yahoo email account at the end of the day, her last day at the department.
7/17/2008	University of Maryland	23000	University of Maryland accidentally released the addresses and Social Security numbers of thousands of students. A brochure with on-campus parking information was sent by U.S. Mail to students. The University discovered the labels on the mailing had the students' Social Security numbers on it.
7/17/2008	Bristol-Myers Squibb	42000	A backup computer-data tape containing employees' personal information, including Social Security numbers, was stolen recently. The backup data tape was stolen while being transported from a storage facility. The information on the tapes included names, addresses, dates of birth, Social Security numbers and marital status, and in some cases bank-account information. Data for some employees' family members also were on the tape.
7/18/2008	Falkirk and District Royal Infirmary	89
7/19/2008	Minneapolis Veterans Home	336	A backup computer server stolen from the Minneapolis Veterans Home contained telephone numbers, addresses, next-of-kin information, dates of birth, Social Security numbers and some medical information, including diagnoses for the home's 336 residents.
7/23/2008	San Francisco Human Services Department		Potentially thousands of files contaning personal information was exposed after a San Francisco agency left confidential files in unsecured curbside garbage and recycling bins. In some cases entire case files were discarded. Blown up copies of social security cards, driver's licenses, passports, bank statements and other sensitive personal information were all left in these unlocked bins.
7/24/2008	Village of Tinley Park Illinois	20400	Computer backup tapes that contain thousands of Social Security numbers of Tinley Park residents have been lost. The tapes containing information from as long ago as 15 years were lost while being transferred from the village hall to another site within the Chicago suburb.
7/24/2008	Hillsborough Community College	2000	Hillsborough Community College warned its employees to monitor their bank accounts because an HCC programmer's laptop was stolen from a hotel parking lot in Georgia. The programmer had been working on a payroll project for a group of employees using their names, bank-routing numbers, retirement information and Social Security numbers.
7/24/2008	University of Houston	259	The names and Social Security numbers of University of Houston students were inadvertently posted on the Internet for more than two years. The posting occurred when a math department lecturer posted student grades on a UH Web server in October 2005.
7/24/2008	St Marys Regional Medical Center	128000	A unauthorized person may have accessed the Saint Mary's database. The database, used for Saint Mary's health education classes and wellness programs, contained personal information such as names and addresses, limited health information and some Social Security numbers. The database did not contain medical records or credit card information.
7/25/2008	Ohio University	492	A clerical error led to the online posting of the names and Social Security numbers of people who spoke at Ohio University's Centers for Osteopathic Research and Education. A spreadsheet that contained the information had been accessible since March 20 and was discovered when a nurse found the information last week while conducting online research. In addition to names and Social Security numbers, the spreadsheet included contact numbers, addresses, their speaking topics and federal employer identification numbers.
7/25/2008	Grady Memorial Hospital		Hospital records were stolen. It remains unknown how many patient records were stolen, which patients were affected or how the records were stolen. The records pertained to recorded physician comments that Grady sent to a vendor to transcribe into medical notes. The records were stolen from a subcontractor employed by the vendor.
7/26/2008	Connecticut College	2815	A Connecticut College library system was breached by hackers apparently looking to set up chat rooms or send spam e-mails. The systems database included the names, addresses and Social Security or driver's license numbers of approximately 2,800 Connecticut College library patrons, 12 Wesleyan University patrons and three from Trinity.
7/28/2008	Facebook		Facebook accidentally publicly revealed personal information about its members, which could be useful to identity thieves. The full dates of birth of many of Facebook's 80 million active users were visible to others, even if the individual member had requested that the information remained confidential. 80 million Not added to total since the breach is not SSNs or financial account data.
7/29/2008	Blue Cross Blue Shield of Georgia	202000	Benefit letters containing personal and health information were sent to the wrong addresses last week. The letters included the patient's name and ID number, the name of the medical provider delivering the service, and the amounts charged and owed. A small percentage of letters also contained the patient's Social Security numbers.
7/29/2008	Anheuser-Busch		A laptop containing personal information of current and former employees, including some from Hampton Roads, was stolen from a St. Louis-area Anheuser-Busch office. Information contained on the computer included employees' Social Security numbers, home addresses and marital status.
7/30/2008	City of Yuma Arizona	300	"The Social Security numbers of about 300 city of Yuma employees were ""unintentionally released"" in an e-mail sent to city administrative personnel."
7/31/2008	University of Texas at Dallas	9100	"A security breach in UTD’s computer network may have exposed Social Security numbers along with names, addresses, email addresses or telephone numbers.
4,406 students who were on the Dean’s List or graduated between 2000 and 2003
3,892 students who were contacted to take part in a survey by the Office of Undergraduate Education in 2002
88 staff members from Facilities Management
716 faculty and staff members listed in a space inventory record from 2001."
8/1/2008	Tennessee Valley Authority		A laptop stolen from TVA contained Social Security numbers and reflects generally inadequate policies and procedures for tracking computers at the agency. The laptop was one of approximately 26 computer and computer-related items stolen from TVA between May 26, 2006, and Nov. 30, 2007, according to the IG, although the report stated it was unclear whether sensitive information was present on any of the laptops or PCs stolen from TVA.
8/1/2008	Delphi Automotive / Ohio Department of Job and Family Services	2600	A flash drive with Social Security numbers and other personal information from former Dayton-area Delphi workers was removed from the unattended laptop of a state employee and is missing. The drive included the names, addresses, telephone numbers as well as the Social Security numbers of the workers.
8/1/2008	Stepping Hill Hospital	1581
8/2/2008	Clarkson University	245	non-malicious student intruder gained access to a restricted server and promptly reported the vulnerability to campus authorities. Approximately 245 employees and former employees had personal information, including name, social security number, and date of birth, compromised during the security breach. The file containing personal information was a record of employees that had university credit cards known as purchase cards (or p-cards). Any university member requesting a p-card must provide their social security number and date of birth on the application form.
8/2/2008	Countrywide Financial Corp	2000000	The FBI on Friday arrested a former Countrywide Financial Corp. employee and another man in an alleged scheme to steal and sell sensitive personal information, including Social Security numbers. The breach occurred over a two-year period though July. The insider was a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. The alleged data thief was said to have downloaded about 20,000 customer profiles each week and sold files with that many names for $500, according to the affidavit. He typically would e-mail the data in Excel spreadsheets to his buyers, often using computers at Kinko's copying and business center stores. Some, perhaps most, and possibly all the names were being sold to people in the mortgage industry to make new pitches.
8/3/2008	Oakland School District		Thieves stole 10 desktop computers containing employees' personal information from the Oakland school district's main office. District officials are still determining what information was on each computer, but the machines may contain personal information provided to the district when employees were hired. It is unknown how many employees' records were on the computers.
8/4/2008	Arapahoe Community College	15000	A contractor who manages the student information database had a flash drive lost or stolen. Information on the drive included the names, addresses, credit card numbers and Social Security numbers.
8/5/2008	"The Clear Program
""Fast-pass"" Registered Travel program
for airline passengers, operated by
Verified Identity Pass for the U.S.
Transportation Security Admin."	33000	A laptop containing personal information for about 33,000 people was reported stolen in a possible security breach for the Clear Program. The laptop was stolen at San Francisco International Airport. The stolen information included names, addresses, dates of birth, and driver's license numbers or passport numbers.
8/7/2008	Harris County Hospital District	1200	A lower-level Harris County Hospital District administrator downloaded medical and financial records for patients with HIV, AIDS and other medical conditions onto a flash drive that later was lost or stolen. This may have been a violation of law. The data on the device included the patients' names, medical record numbers, billing codes, the facilities where the office visits occurred and other billing information. It also included the patients' Medicaid or Medicare numbers, which can indicate their Social Security numbers or those of their spouses.
8/11/2008	Ireland Department of Social and Family Affairs	380000
8/12/2008	Wells Fargo	5000	"Wells Fargo is notifying customers that hackers have accessed their confidential personal data by illegally using its access codes. Personal information including names, addresses, dates of birth, Social Security numbers, driver's licence numbers and in some cases, credit account information was accessed by ""unauthorised persons""."
8/12/2008	Child Protective Services		Hundreds of private, personal records were discarded with the trash, including records detailing medical histories of clients with diseases and drug addictions. Documents showing sexual abuse and information that could be used for identity theft, such as Social Security numbers, were also found in the trash.
8/14/2008	Wuesthoff Medical Center	500	Hundreds of people in Brevard County found out their personal information was stolen. Names, Social Security numbers and even personal medical information were posted on the Internet.
8/18/2008	Department for Work and Pensions	9000
8/18/2008	Keller High School	45	Keller family's received a mailing from Keller High School last week. Upon opening it, they found two enrollment forms. One was an emergency-care authorization form. But the other was a student information form containing another classmate’s Social Security number, student ID number, home address, phone number and contact information for his parents at home and at work. They quickly realized that their child’s private information, which they used to set up their college fund and other accounts, was mailed to someone else.
8/18/2008	Dominion Enterprises / InterActive Financial Marketing Group	92095	A computer server within InterActive Financial Marketing Group (IFMG), a division of Dominion Enterprises located in Richmond, Virginia, was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008. The data intrusion resulted in the potential exposure of personal information, including the names, addresses, birth dates, and Social Security numbers of 92,095 applicants who submitted credit applications to IFMG's family of special finance Web sites.
8/19/2008	Kingston Tax Service		Office computers were stolen from the business. On each of the computers is information which can be used by identity thieves including credit card information and Social Security numbers.
8/20/2008	Barclays Bank PLC	17000
8/20/2008	The Princeton Review	108000	The test-preparatory firm accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site. One file on the site contained information on about 34,000 students in the public schools in Sarasota, Fl. Another folder contained dozens of files with names and birth dates for 74,000 students in the school system of Fairfax County, Va.
8/21/2008	PA Consulting / The Home Office	94000
8/22/2008	Louisiana Real Estate Commission	13000	A glitch during a computer upgrade caused the names, addresses and Social Security numbers of licensed agents to be exposed on the Internet. The commission was transferring its online programs to a new server when the sensitive electronic file, which is not normally posted on the Internet, was left unsecured and slipped in among the commission materials that could be seen online.
8/22/2008	Korean Ministry of Education	7617
8/22/2008	Liberty McDonald's Restaurant		An employee at a Liberty McDonald's restaurant, took credit or debit cards from drive-through customers and used a device she had hidden near the window to swipe the cards to record their numbers. The information on the device then was downloaded and used to make new cards either in the names of the persons to which the original cards belonged or in the names of the perpetrators.
8/23/2008	Best Western	0
8/26/2008	Royal Bank of Scotland / NatWest / American Express	1000000
8/26/2008	Pennsylvania Public Welfare Department	2845	Paper jams in a state Department of General Services mail inserter caused benefit renewal packets to go to the wrong Pennsylvania welfare client's homes. Nearly half of them included the intended recipients' Social Security numbers.
8/26/2008	Prince William Co. Public Schools	2600	Personal information of some students, employees and volunteers was accidentally posted online by a Prince William County Public Schools employee. Information for more than 2,600 people was exposed through a file-sharing program by an employee working from home on a personal computer. The compromised information included: names, addresses and student identification numbers of more than 1,600 students; names and Social Security numbers of 65 employees; other confidential information for about 250 employees; and the names, addresses and e-mail addresses of more than 700 volunteers.
8/27/2008	Kansas State University	86	An instructor for classes offered through the Division of Continuing Education, taught through the UFM Community Learning Center, reported an overnight theft of numerous items from a car, which was parked outside a Manhattan residence. Items taken included a backpack with a list of names and Social Security numbers of 86 K-State students who had taken that instructor’s classes from fall 2007 through summer 2008.
8/27/2008	YMCA		Customers who paid for items at a YMCA fund-raiser with checks or credit cards are being warned about a burglary at which credit and debit card numbers were taken.
8/28/2008	The Washington Trust Co.	1000	The Washington Trust Co. has notified about 1,000 customers that their debit and credit card accounts might have been compromised in a suspected security breach at an unidentified MasterCard merchant. The company is investigating a suspected security breach of a U.S. e-commerce-based merchant's Web server which contained debit card data.
8/28/2008	Reynoldsburg (Ohio) City School District	4259	Reynoldsburg school officials were phasing out the use of Social Security numbers in the district's student database when someone stole a laptop containing that information. The district laptop, taken from a computer technician's car, also included names, addresses and phone numbers for two-thirds of the district's enrollment.
8/29/2008	Wachovia Bank		It was confirmed that the Camelot branch, at Cape Coral Parkway and Chiquita Boulevard, has had several debit cards’ identities stolen because someone placed what’s known as a “skimming” device on the ATM. The device collected each person’s card information, including personal identification numbers, and allowed the suspect to create different debit cards with that information.
8/30/2008	"National Technical Institute for the Deaf
Rochester Institute of Technology"	13800	A recently stolen laptop contained the names, birth dates and Social Security numbers of about 12,700 applicants to the National Technical Institute for the Deaf and another 1,100 people at Rochester Institute of Technology. The laptop belonged to an employee and was stolen on Monday from an office at NTID. People at RIT, who are not affiliated with NTID, are affected because their personal information was being used as part of a control group in an internal study.
8/30/2008	Ohio Police & Fire Pension System	13000	A former mailroom supervisor at the Ohio Police & Fire Pension System forwarded the names, addresses and Social Security numbers from his work e-mail address to his personal e-mail address before quitting his job. The file contains information for 13,000 of the approximately 24,000 retired members of the Ohio Police & Fire Pension System, most of whom are former police officers.
8/30/2008	Southwest Medical Association		Thousands of medical charts were found in an abandoned storage unit that was purchaced for $25.
9/2/2008	Clarkson University	245
9/5/2008	East Burke (Morganton, NC) High School	163	For the past five years, East Burke High School's web site exposed files containing personal information including names, Social Security numbers, addresses, phone numbers, job titles, email addresses and unlisted phone numbers of teachers, bus drivers, custodians and other staff members on the Internet.
9/6/2008	National Offender Management Service	5000
9/6/2008	GS Caltex	11000000
9/9/2008	University of Pittsburgh	0	A laptop containing personal information including names and Social Security numbers was stolen. The laptop, stolen from Mervis Hall was being used by an employee to conduct surveys of alumni that are used in college rankings.
9/10/2008	Ivy Tech Community College	0	An employee of the college used an internal file sharing system to send a file that consisted of students enrolled in the spring 2008 semester for distance education courses. The employee intended to share the file with a single employee of the college. Instead, due to a clerical error, the invitation to view the file was sent to a list of all Indianapolis region employees.
9/10/2008	Franklin Savings and Loan	25000	An unauthorized person gained access to a database containing personal information such as names, addresses, phone numbers, account numbers, account balances and Social Security numbers.
9/11/2008	Marshall University	198	The names and Social Security numbers of Marshall University students were openly available on the Internet.
9/11/2008	University of Iowa College of Engineering	500	Some students are being notified by the college that their personal information may have been exposed in a recent computer breach. The compromised computer contained a file with names and Social Security numbers of students stored on its hard drive.
9/12/2008	Tennessee State University	9000	A flash drive containing the financial information and Social Security numbers of students was reported missing. The flash, which contained financial records of TSU students dating back to 2002.
9/13/2008	State Farm Insurance	137	An employee of State Farm fraudulently used customer information to open credit-card accounts. Customers' Social Security numbers, driver's license numbers, addresses and possibly financial account numbers could have been accessed.
9/15/2008	Forever21	98930	If you shopped at the stores between November 26, 2003 and October 24, 2005, criminals may have jacked your credit and debit card numbers from its computers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data. The data included credit and debit card numbers and in some instances expiration dates and other card data, but did not include customer name and address.
9/19/2008	Texas A&M University	31	A class roster was among some documents located on a computer server that was hacked. The class roster was for Economics-2301 held during the first summer session of 2004. Social Security numbers were part of the information on those documents.
9/22/2008	Sonoma State University	600	Social Security numbers have been exposed to the public through an internal department website.
9/23/2008	Texas Lottery Commission	27075	A former Texas Lottery Commission computer analyst has been arrested for copying the personal data of Texas lottery winners. He downloaded his own work files off his computer and took them to his next job. The names and Social Security numbers of 27,075 mid-level lottery winners -- people who have won prizes from $600 up to around $1 million -- were on the employee's hard drive.
9/26/2008	Fort Wayne Community Schools	3348	A man arrested on forgery and counterfeiting charges may have used some employees' personal information in his possession. A 94-page document containing personal information belonging to 3,348 FWCS employees was found by police. The information included names, Social Security numbers, dates of birth and salary.
9/30/2008	University of Indianapolis	11000	A hacker attacked the University of Indianapolis' computer system and gained access to personal information and Social Security numbers for 11,000 students, faculty and staff,
9/30/2008	Blue Cross & Blue Shield	1700	A document containing the personal data was accidentally attached to a general e-mail being sent out to brokers notifying them of a software upgrade. Information such as Social Security numbers, phone numbers and addresses were exposed.
9/30/2008	Dormitory Authority's	3600	On the trip from the Albany headquarters of this New York based construction organization, to their data center in New York City 5 tapes had fallen out of their yellow mailing envelope. The tapes contained personal private or sensitive information of over 600 employees and approximately 3,000 vendors. Social security numbers and tax ID numbers were compromised.
10/1/2008	The Foothills Parks and Recreation District	0	The district noticed unusual activity last week which they believe was caused by a virus introduced to cover up the actions of the intruder. Some customer information, including credit card information, may have been compromised.
10/7/2008	UND Alumni Association	84000	A laptop computer containing sensitive personal and financial information on alumni, donors and others was stolen from a vehicle belonging to a software vendor retained by the UND. The information, included individuals’ credit card and Social Security numbers,
10/7/2008	Department of Administration	535	A laptop was taken from an auditor's vehicle. It contains payroll and benefits information for 425 employees of the state Insurance Commission and 110 employees of the Department of Health and Human Resources' Bureau of Medical Services and Child Support Enforcement Division. The information includes full names or first names and Social Security numbers.
10/13/2008	Southwest Mississippi Community College	1000	Former Southwest Mississippi Community College students had some of their personal information made available temporarily on the Internet. The breach involved names, addresses, and in some cases, Social Security numbers.
10/15/2008	City of Indianapolis	3300	A spreadsheet containing the names, Social Security numbers and dates of birth for people charged with minor offenses in 2006 and 2007 was accidentally posted on the city of Indianapolis' new Web site.
10/17/2008	The Planet	25000	A security breach that may have affected the customer portal account and server passwords, was discovered. The Planet identified the methods by which the systems were compromised and have closed those holes. Only two user accounts were definitely affected, and no credit card information is believed to have been compromised.
10/18/2008	City of Goodyear	570	A list of their Social Security numbers was stolen from the car of a staffer who had taken the data home. Burglars took the list while the employee's car was parked at her home.
10/19/2008	Mary Washington Hospital	803	A security breach in an online computer system exposed the private medical information of some of its maternity patients. Social Security numbers, phone numbers, address, insurance carrier, birth dates and doctor's names were exposed.