Home | Advertise | Donate | Speaking Engagements | Consulting

Data Security Breach Statistics

www.InfoSecurityAnalysis.com is where industry analysists and researches can gather information regarding data security breaches and the compromise of sensitive information of companies and organizations by hackers, malicious insiders / employees, untrained employees, theft, media loss, 3rd parties, etc. We analyze data including records lost, country, state, business type, industry / vertical, breach type, data type, data format, third party involvement, impact, public or private company, description of incident, data format, and more. This Data security breach information has been correlated from several sources and enhanced to so that additional data security compromise statistics are available. Data security breach information has been kept since 2000, although most organizations weren't required to disclose breaches until California passed SB 1386. The requirement to disclose the compromise of sensitive data (such as customer and employee records) is now a law in 38 states. Hackers and other criminals often use this information to commit crimes such as identity theft. Awareness around the reality of data security breaches and identity theft will ultimately reduce the number of these incidents and crimes. Any information on this site may be used as long as a reference is made to www.infosecurityanalysis.com.

Data Breaches By Year

General Data Breach Info

2000 - 2007

Data Breach State Laws
Laws and Data Breach Relationship
Breaches of Public Companies
Breaches as a result of 3rd Parties

Data Breaches By Industry

2000 - 2007

All Industries

Year to Date 2008 Stats

Sources and Additional Data Breach Information and Links

Chronological List of Data Breaches

1/10/2000CD Universe300000
11/14/2000Western Union15700
11/15/2000Contour Software700
12/9/2000University of Washington Med Ctr.4000
3/29/2002United States Government
1/3/2003United States Department of Defense562000
2/28/2003Indiana University School of Medicine7000
3/6/2003Data Processors International5000000
3/6/2003University of Texas at Austin55200
3/31/2003Georgia Tech University57000
5/7/2003Virginia Credit Union800
11/22/2003Wells Fargo
12/18/2003Acxiom Inc.
12/19/2003Bank Rhode Island43000
1/8/2004U.S. Treasury Department10000
1/10/2004New York University1800
1/14/2004Airlines Reporting Corporation
1/29/2004University of Georgia20000
2/3/2004New York University2100
2/13/2004California Employment Dev. Dept.90000
3/17/2004San Diego State University178000
3/19/2004BJ's Wholesale Club
3/29/2004GMAC Financial Services200000
4/16/2004Fleet Credit Card Services
4/29/2004University of California at Los Angeles (UCLA)145000
4/29/2004Illinois Secretary of State200000
5/7/2004University of California San Diego380000
5/12/2004Alameda Alliance for Health95000
6/24/2004America Online30000000
8/3/2004Cal State San Marcos23000
9/16/2004Teledata Communications30000
9/23/2004Cal State Hayward2000
11/25/2004Brazos Higher Education Service Corporation550000
12/21/2004Delta Blood Bank100000
12/22/2004Hamilton County Ohio Clerk of Courts
1/10/2005George Mason University32000Names, photos, and Social Security numbers of 32,000 students and staff were compromised because of a hacker attack on the university's main ID server.
1/18/2005University of San Diego3500A hacker breached the security of two University computers that stored the Social Security numbers and names of students and alumni of UCSD Extension.
1/22/2005University of Northern Colorado15790A hard drive was apparently stolen. It contained information on current and former University employees and their beneficiaries -- name, date of birth, SSN, address, bank account and routing number..
2/12/2005SAIC45000On Jan. 25 thieves broke into a SAIC facility and stole computers containing names, SSNs, and other personal information of past and current employees. Stolen information included names, NNS, addresses, phone numbers and records of financial transactions.
2/18/2005University of Chicago Hospital85Dishonest insider
2/26/2005Bank of America1000000Lost backup tape
2/26/2005New York State
3/1/2005Paymaxx100000Exposed online
3/2/2005University of California Davis1100The names and Social Security numbers of students, faculty, visiting speakers and staff may have been compromised when a hacker accessed a main computer.
3/8/2005DSW/Retail Ventures100000Hacking
3/11/2005ChoicePoint163000Bogus accounts established by ID thieves. The initial number of affected records was estimated at 145,000 but was later revised to 163,000.
3/11/2005Kaiser Permanente140A disgruntled employee posted informaton on her blog noting that Kaiser Permanente included private patient information on systems diagrams posted on the Web.
3/11/2005Las Vegas DMV8900Stolen computer.
3/16/2005Chico State University59000
3/17/2005Boston College120000Hacking
3/18/2005State of Michigan
3/19/2005University Nevada Las Vegas5000Hacking
3/20/2005Northwestern Univ.21000Hacking
3/22/2005Calif. State Univ.59000Hacking
3/23/2005University of California San Francisco7000Hacking
3/25/2005Purdue University1200Computers in the College of Liberal Arts' Theater Dept. were hacked, exposing personal information of employees, students, graduates, and business affiliates.
3/28/2005University California Berkeley98369Stolen laptop
4/6/2005University of California, San Francisco7000A server in the accounting and personnel departments was hacked. It contained information on 7,000 students, faculty, and staff members. The affected individuals were notified March 23.
4/8/2005Eastern National15000Hacker
4/8/2005San Jose Medical Group187000Stolen computer
4/12/2005Tufts University106000Hacking
4/12/2005Lexis-Nexis310000Passwords compromised
4/12/2005National Park Service15000
4/14/2005Calif. Fastrack4500Dishonest Insider
4/15/2005Polo Ralph Lauren180000Hacking
4/20/2005Ameritrade200000Lost backup tape
4/21/2005Carnegie Mellon University19000Hacking
4/26/2005Christus St. Joseph Hospital16000Stolen computer
4/28/2005Georgia Southern UniversityHacking
4/29/2005Florida International University
5/2/2005Colorado State Health Dept.1600Stolen laptop
5/5/2005Arbella Mutual Insurance Company
5/6/2005Michigan State University40000Hacking
5/12/2005Hinsdale Central High SchoolHacking
5/12/2005Westborough Bank750Dishonest insider
5/14/2005Georgia Technology Authority465000Dishonest insider
5/16/2005Oklahoma State University37000Missing laptop
5/18/2005University of Iowa30000Hacking
5/22/2005Valdosta State University40000Hacking
5/23/2005Bank of America / Wachovia676000Dishonest insiders
5/23/2005Jackson Community College8000Hacking
5/23/2005MCI16500Stolen laptop
5/25/2005North Carolina Div. of Motor VehiclesOn Feb. 10, an employee downloaded addresses of 3.8 million people but was detected and stopped before being able to retrieve more sensitive information such as driver's license numbers.
5/25/2005Purdue University11360Hacking
5/27/2005Stanford University9600Hacking
5/28/2005Merlin Information Services5875Bogus acct. set up
5/31/2005California Dept. Health Services21600Stolen laptop
6/1/2005US Dept. Of Justice80000Stolen laptop
6/4/2005Duke University Medical Center14000Hacking
6/4/2005Cleveland State University44000Stolen laptop
6/6/2005Citigroup3900000Lost backup tapes
6/13/2005MotorolaComputers stolen
6/17/2005Federal Deposit Insurance Corp.6000Not Disclosed/Unknown
6/17/2005University of Hawaii150000Dishonest Insider
6/19/2005Visa MasterCard American Express40000000Hacking
6/21/2005CVS Corp.
6/22/2005East Carolina Univ.250Hacking
6/22/2005Eastman Kodak Co.5800Stolen laptop
6/23/2005Kent State University1400Stolen laptop
6/27/2005U.S. Dept. of Veteran's Affairs66A laptop being stored in the trunk of a car was stolen in Minneapolis, Minnesota. 2 people later reported identity fraud problems.
6/28/2005Lucas Cty. Children Services (OH)900Exposed by email
6/28/2005University of Connecticut72000Hacking
6/29/2005Medica Health Plans1200000
6/30/2005Bank of America18000Stolen laptop
6/30/2005DSW Shoes1496000Hacking
7/1/2005University of San Diego3300Hacking
7/6/2005Ohio State Univ. Medical Center15000Stolen laptop
7/6/2005Time Warner Inc.600000Lost backup tapes
7/7/2005Michigan State University27000Hacking
7/8/2005City National BankLost backup tapes
7/9/2005University of Southern Cailfornia270000Hacking
7/13/2005Arizona Biodyne57000
7/20/2005Iowa State University4410
7/21/2005University of Colorado at Boulder42000Hacking
7/25/2005St. John's Regional Med. Ctr.27000
7/28/2005California State University Dominguez Hills9614Hacking
7/29/2005San Diego Co. Emp. Ret. Assoc.32000Hacking
7/30/2005Austin Peay State University2772
8/3/2005University of Colorado36000Hacking
8/4/2005Anderson College800
8/4/2005Cal Poly Pomona31077Hacking
8/5/2005Madison Area Technical College100
8/9/2005Federal Reserve Bank
8/9/2005Sonoma State University61709Hacking
8/9/2005University of North Texas38607
8/10/2005University of Utah100000Hacking
8/12/2005Verizon Wireless
8/15/2005California State University Stanislaus877Hacking
8/19/2005United States Air Force33000Hacking
8/19/2005University of Colorado49000Hacking
8/27/2005University of Florida3851Stolen Laptop
8/30/2005California State University154Hacking
8/30/2005JPMorgan ChaseStolen laptop (Aug. 8) containing personal and financial account information of customers of its private bank.
8/30/2005Stark State College of Technology7058
9/2/2005Iowa Student Loan165000
9/10/2005Kent State University100000Stolen computers
9/13/2005Fort Carson9300
9/16/2005ChoicePointáID thieves accessed; also misuse of IDs & passwords. (2nd notice, see 2/15/05)
9/16/2005Miami Ohio University21762Exposed online
9/17/2005North Fork Bank9000Stolen laptop (7/24/05) with mortgage data
9/19/2005Children's Health Council6700Stolen backup tape
9/22/2005Internal Revenue Service30000
9/28/2005City University of New York771Exposed online
9/28/2005RBC Dain Rauscher300000Illegitimate access to customer data by former employee
9/29/2005University of Georgia1600Hacking
10/7/2005Bank of America
10/12/2005Ohio State Univ. Medical Center2800Exposed online. Appointment information including SSN, DOB, address, phone no., medical no., appointment reason, physician.
10/15/2005Montclair State University9100Exposed online
10/20/2005Monmouth University677
10/20/2005Vermont Technical College
10/20/2005Wilcox Memorial Hospital130000Lost backup tape
10/21/2005State of California
10/29/2005University of Tennessee1900
11/1/2005University of Tennessee Med. Ctr.3800Stolen laptop
11/4/2005Keck School of Medicine (USC)50000Stolen computer
11/5/2005Safeway Inc.1400Stolen laptop
11/7/2005Papa John's
11/8/2005ChoicePointBogus accounts established by ID thieves. Total affected now reaches 163,000
11/9/2005TransUnion LLC3623Stolen computer
11/11/2005Georgia Tech University13000Stolen computer, Ofc. of Enrollment Services
11/18/2005Indiana University Kelley School of Business5278
11/18/2005Boeing Co.161000Stolen laptop with HR data incl. SSNs and bank account info.
11/23/2005University of Delaware952
12/2/2005Cornell University900Hacking. Names, addresses, SSNs, bank names and acct. numbers.
12/3/2005University of San Diego7800Hacking. Faculty, students and employee tax forms containing SSNs
12/3/2005First Trust BankStolen laptop
12/6/2005Washington St. Employment Security Dept.530Stolen laptop. Names, SSNs and earnings of former employees.
12/8/2005San Antonio Independent School District
12/8/2005J-Sargeant Reynolds Community College26000
12/8/2005Federal Reserve Bank
12/9/2005Idaho State UniversityISU discovered a security breach in a server containing archival information about students, faculty, and staff, including names, SSNs, birthdates, and grades.
12/9/2005Oregon Community Credit Union200
12/12/2005Iowa State University5500Hacking. Credit card information and Social Security numbers.
12/12/2005Sam's ClubExposed credit card data at gas stations.
12/16/2005Colorado Tech. Univ.1200Email erroneously sent containing names, phone numbers, email addresses, Social Security numbers and class schedules.
12/19/2005Guidance Software3800Hacking. Customer credit card numbers.
12/21/2005LaSalle Bank2000000Backup tape with residential mortgage customers lost in shipment by DHL, containing SSNs and account information.
12/22/2005Ford Motor Company70000Stolen computer. Names and SSNs of current and former employees.
12/28/2005Marriott International206000
1/1/2006University Pittsburgh Medical Ctr.7006 Stolen computers. Names, Social Security numbers, birthdates
1/2/2006H&R BlockSSNs exposed in 40-digit number string on mailing label
1/8/2006Kerzner International / Atlantis55000Dishonest insider or hacking. Names, addresses, credit card details, Social Security numbers, driver's licence numbers and/or bank account data.
1/11/2006People's Bank90000Lost computer tape containing names, addresses, Social Security numbers, and checking account numbers.
1/15/2006Illinois Education Association
1/16/2006New York City Teachers Retirement System
1/17/2006City of San Diego, Water & Sewer Dept.Dishonest employee accessed customer account files, including SSNs, and committed identity theft on some individuals.
1/20/2006University of Kansas
1/20/2006Univ. Place Conference Center & Hotel, Indiana Univ.Hacking. Reservation information including credit card account number compromised.
1/21/2006California National GuardStolen briefcase with personal information of National Guardsmen including a 'seniority roster,' Social Security numbers and dates of birth.
1/23/2006University of Notre DameHackers accessed Social Security numbers, credit card information and check images of school donors.
1/24/2006University of Washington Med Ctr.1600Stolen laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data.
1/25/2006Ameriprise Financial226000A laptop was stolen from an employee's car Christmas eve. It contained customers' names and Social Security numbers and in some cases, Ameriprise account information.
1/25/2006University of Delaware159
1/26/2006Providence Home Services365000Stolen backup tapes and disks containing Social Security numbers, clinical and demographic information. In a small number of cases, patient financial data was stolen.
1/27/2006College of St. Scholastica12000
1/28/2006State of Rhode Island4118Hackers obtained credit card information in conjunction with names and addresses.
1/30/2006Cooks Illustrated
1/31/2006Washington State Health Care Authority6000
1/31/2006Boston Globe / Worcester Telegram and Gazette240000Inadvertently exposed. Credit and debit card information along with routing information for personal checks printed on recycled paper used in wrapping newspaper bundles for distribution.
1/31/2006Honeywell International19000Exposed online. Personal information of current and former employees including Social Security numbers and bank account information posted on an Internet Web site.
2/1/2006University of Colorado CO Springs2500
2/2/2006Presbyterian Health Care Service450
2/4/2006FedEx8500Inadvertently exposed. W-2 forms included other workers' tax information such as SSNs and salaries.
2/6/2006Regions Bank100000
2/7/2006Blue Cross Blue Shield NC600Inadvertently exposed. SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan.
2/9/2006Bank of America / OfficeMax200000Hacking. Debit card accounts exposed involving bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo).
2/15/2006Suffolk County Clerks Office NY7000
2/15/2006Old Dominion University601Exposed online. Instructor posted a class roster containing names and Social Security numbers to a web site.
2/16/2006Blue Cross Blue Shield Florida27000Contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.A judge today ordered a former computer consultant to reimburse the Jacksonville-based health insurer $580,000 for expenses related to his theft .
2/16/2006United States Department of Agriculture350000Inadvertently exposed Social Security and tax identification numbers in FOIA request.
2/16/2006University of Washington Med Ctr.
2/17/2006Mount St. Mary's HospitalTwo laptops containing date of birth, address and Social Security numbers of patients was stolen in an armed robbery in the New Jersey.
2/17/2006Pelican Bay State PrisonInmates gained access to files containing employees' Social Security numbers, birth dates and pension account information stored in warehouse.
2/18/2006University of Northern Iowa6000Hacking. Laptop computer holding W-2 forms of student employees and faculty was illegally accessed.
2/22/2006Univ. Texas MD Anderson4000
2/22/2006New Hampshire DMV
2/23/2006McAfee9000External auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee employees.
2/23/2006Denver International Airport
2/25/2006Ernst & YoungLaptop stolen from employee's car with customers' personal information including Social Security numbers.
3/1/2006Medco Health Solutions Inc.4600Stolen laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories.
3/1/2006OH Secretary of State's OfficeSSNs, dates of birth, and other personal data of citizens routinely posted on a State web site as part of standard business practice.
3/2/2006Hamilton County Clerk of Courts1300000SSNs, other personal data of residents posted on county Web site, were stolen and used to commit identity theft.
3/2/2006Olympic Funding Chicago3 hard drives containing clients names, Social Security numbers, addresses and phone numbers stolen during break in.
3/2/2006Los Angeles Cty. Dept. of Social Services2000000File boxes containing names, dependents, Social Security numbers, telephone numbers, medical information, employer, W-2, and date of birth were left unattended and unshredded.
3/3/2006Metropolitan State College93000Stolen laptop containing names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester.
3/5/2006Georgetown University41000Hacking. Personal information including names, birthdates and Social Security numbers of District seniors served by the Office on Aging.
3/8/2006Verizon2 stolen laptops containing employees' personal information including Social Security numbers.
3/8/2006iBill17781462Dishonest insider or possibly malicious software linked to iBill used to post names, phone numbers, addresses, e-mail addresses, Internet IP addresses, logins and passwords, credit card types and purchase amount online. Credit card account numbers, expiration dates, security codes, and SSNs were NOT included, but in our opinion the affected individuals could be vulnerable to social engineering to obtain such information.
3/11/2006CA Dept. of Consumer Affairs (DCA)Mail theft. Applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms include full or partial Social Security numbers, driver's license numbers, and potentially payment checks.
3/14/2006Buffalo Bisons Web SiteHacker accessed sensitive financial information including credit card numbers names, passwords of customers who ordered items online.
3/14/2006General Motors100Dishonest insider keep Social Security numbers of co-workers to perpetrate identity theft.
3/15/2006Ernst & YoungLaptop lost containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP employees exposed.
3/16/2006Bananas.com274Hacker accessed names, addresses, phone numbers and credit card numbers of customers.
3/22/2006District of Columbia Board of Elections and Ethics
3/22/2006Hewlett Packard196000
3/23/2006Fidelity Investments196000Stolen laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was stolen.
3/24/2006CA State Employment Development Division64000Computer glitch sends state Employment Development Division 1099 tax forms containing Social Security numbers and income information to the wrong addresses, potentially exposing those taxpayers to identity theft.
3/24/2006California State University Dominguez Hills2486
3/24/2006Vermont State Colleges14000Laptop stolen containing Social Security numbers and payroll data of students, faculty and staff associated with the five-college system from as long ago as 2000.
3/26/2006Florida Department of Management Services108000
3/29/2006University of Nebraska Lincoln342
3/30/2006Connecticut Tech High School Sys.1250Social Security numbers of students and faculty mistakenly distributed via email.
3/30/2006Georgia Technology Authority553000Hacker exploited security flaw to gain access to confidential information including Social Security numbers and bank-account details of state pensioners.
3/30/2006United States Marine Corp207750Portable drive lost that contains personal information used for research on re-enlistment bonuses.
3/31/2006LA County Dept. Social Services94000
4/1/2006Shorter College
4/1/2006Con Edison15704Con Edison shipped 2 cartridge tapes to JPMorgan Chase in upstate Binghamton so it could input data on behalf of the NY Dept. of Taxation and Finance. One tape was apparently lost containing employees' W-2 data, including names, addresses, SSNs, taxes paid and salaries.
4/6/2006Progressive Casualty Insurance13Dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure properties she was interested in buying.
4/7/2006DiscountDomainRegistry.comExposed online. Domain registrants' personal information including usernames, passwords and credit card numbers were accessible online.
4/9/2006Univ. of Medicine Dentistry NJ2000Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni.
4/10/2006Broward Co. Records Division FL
4/12/2006Ross-Simons32000Security breach exposed account and personal information of those who applied for its private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants.
4/13/2006Fifth Third Bank1000
4/14/2006University of South Carolina1400Social Security numbers of students were mistakenly e-mailed to classmates.
4/14/2006Voluntary Employees Benefit Association of Hawaii40000
4/14/2006NewTech Imaging40000Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaiiwere illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation.
4/15/2006Scott County, IAThe Social Security numbers of people who obtained mortgages in the early 1990s are visible in documents posted on the county's website. The county will redact the information at the individuals' request.
4/16/2006Fraser Health Authority
4/21/2006Boeing Co.3664A laptop was taken from a Boeing human resources employee at Sea-Tac airport. It contained SSNs and other personal information, including personnel information from the 2000 acquisition of Hughes Space and Communications
4/21/2006Ohio University Innovation Centera server containing data including e-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes was compromised.
4/21/2006University of Alaska Fairbanks38941A hacker accessed names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff.
4/23/2006Univ. Texas McCombs Business197000Hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members.
4/24/2006University of Virginia
4/26/2006Clydesdale Bank - Morgan Stanley2000
4/26/2006Purdue University Elec. Comp. Eng.1351Hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships.
4/26/2006Aetna Inc.39000Laptop containing personal information including names, addresses and Social Security numbers of Dept. of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car.
4/27/2006Long Island Railroad20000Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of 'virtually everyone' who worked for the agency was lost by delivery contractor Iron Mountain while enroute. Data tapes belonging to the U.S. Department of Veteran's Affairs may also have been affected.
4/28/2006Ohio's Secretary of State7700000The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained SSNs, which were not supposed to have been included on the CDs.
4/28/2006U.S. Department of Defense14000Hacker accessed a Tricare
5/1/2006Ohio UniversityA breach of a computer that hosted a variety of Web-based forms, including some that processed on-line business transactions. Although this computer was not set up to store personal information, investigators did discover files that contained fragments of personal information, including Social Security numbers. The data is fragmentary and it is not certain if the compromised information can be traced to individuals. Also found on the computer were 12 credit card numbers that were used for event registration.
5/1/2006Ohio University2480A breach was discovered on a computer that housed IRS 1099 forms for vendors and independent contractors for calendar years 2004 and 2005.
5/2/2006Ohio University137000Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum.
5/2/2006State of GeorgiaGovernment surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens.
5/4/2006Idaho Power CompanyFour company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO.
5/5/2006Wells Fargo39442Computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another.
5/11/2006Columbus Bank and Trust2000
5/11/2006Ohio University Hudson Health Center60000Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students.
5/12/2006Mercantile Potomac Bank48000Laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates.
5/16/2006American Institute of CPAs330000An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company.
5/16/2006University of California Berkeley1200
5/17/2006M & T Bank2524Laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name.
5/18/2006American Red Cross8000Dishonest employee had access to Social Security numbers of donors to call urging them to give blood again. The employee misused the persoal information of at least 3 people to perpetrate identity theft and had access to the personal information of 1 million donors.
5/19/2006Frost Bank100
5/19/2006Unknown retail merchantVisa, MasterCard, and other debit and credit card numbers from banks across the country were stolen when a national retailer's database was breached. No names, Social Security numbers or other personal identification were taken.
5/22/2006U.S. Department of Veterans Affairs26500000On May 3, data of all American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone numbers and addresses, were stolen from a VA employee's home. Theft of the laptop and computer storage device included data of 26.5 milliion veterans. The data did not contain medical or financial information, but may have disability numerical rankings.
5/23/2006Butler Co. Dept.of Mental Retardation Developmental Disabilities100Three laptop computers were stolen 'last month' from the agency's office. They contained personal information on mental health clients, including SSNs.
5/23/2006Mortgage Lenders Network USA231000A former employee was arrested for extortion for attempting to blackmail his former employer for $6.9 million. He threatened to expose company files containing sensitive customer information - including customers' names, addressess, Social Security numbers, loan numbers, and loan types - if the company didn't pay him. He stole the files over the 16 months he worked there.
5/23/2006University of Delaware Dept. Public Safety1076Security breach of a Department of Public Safety computer server potentialy exposes names, Social Security numbers and driver's license numbers.
5/24/2006Sacred Heart University135000It was discovered on May 8th that a computer containing personal information including names, addresses and Social Security numbers was breached.
5/25/2006Security Savings Bank13
5/26/2006California State University Stanislaus1294
5/30/2006Florida International UniversityHacker accessed a database that contained personal information, such as student and applicant names and Social Security numbers.
5/31/2006Texas Guaranteed Student Loan Corp.1300000Texas Guaranteed (TG) was notified by subcontractor Hummingbird that on May 24, an employee had lost a piece of equipment containing names and Social Security numbers of TG borrowers.
5/31/2006VyStar Credit Union34000Hacker gained access to member accounts 'a few weeks ago' and stole personal information including names, addresses, birth dates, mother's maiden names, SSNs and/or email addresses.
5/31/2006Humana268On May 5, 2006, Medicare drug benefit applications were stolen from an insurance agent's unlocked car in Brooklyn Park, MN. Information included applicants' name, address, date of birth, Social Security number, and bank routing information.
6/1/2006Miami Ohio University851An employee lost a hand-held personal computer containing personal information of students who were enrolled between July 2001 and May 2006.
6/1/2006University of Kentucky1300Personal information of current and former University of Kentucky employees including Social Security numbers was inadvertently accessible online for 19 days last month.
6/1/2006YMCA of Greater Providence65000Laptop computer containing personal information of members was stolen. The information included credit card and debit card numbers, checking account information, Social Security numbers, the names and addresses of children in daycare programs and medical information about the children, such as allergies and the medicine they take, though the type of stolen information about each person varies.
6/1/2006Ernst & Young243000A laptop containing names, addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas.
6/2/2006Ahold USAAn EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts.
6/3/2006Humana Medicare17000Personal information of Humana customers enrolled in the company's Medicare prescription drug plans could have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file.
6/3/2006Buckeye Community Health Plan72000Four laptop computers containing customer names, Social Security numbers, and addresses were stolen from the Medicaid insurance provider.
6/5/2006United States Internal Revenue Service291A laptop computer containing personal information of employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth, was lost during transit on an airline flight
6/6/2006University of Texas El Paso4719Students demonstrated that student body and faculty elections could be rigged by hacking into student information including Social Security numbers.
6/7/2006Colorado Mental Health Institute287
6/8/2006University of Michigan Credit Union5000Paper documents containing personal information of credit union members were stolen from a storage rooms. The documents were supposed to have been digitally imaged and then shredded. Instead, they were stolen and used to perpetrate identity theft.
6/9/2006National Nuclear Safety Administration1500Names, Social Security numbers, security clearance levels and place of employment for mostly contract employees who worked for National Nuclear Security Administration may have been compromised when a hacker gained entry to a computer system at a service center in Albuquerque, N.M. eight months ago.
6/9/2006Ohio University70000
6/10/2006Nationwide Retirement Systems
6/11/2006Denver Election Commission150000Records containing personal information on more than 150,000 voters are missing at city election offices. The microfilmed voter registration files from 1989 to 1998 were in a 500-pound cabinet that disappeared when the commission moved to new offices in February. The files contain voters' Social Security numbers, addresses and other personal information.
6/12/2006Fish & Richardson10
6/13/2006State of MinnesotaThree laptops possibly containing Social Security numbers of employees and recipients of housing and welfare benefits along with other personal information of local governments the auditor oversees have gone missing.
6/13/2006Hanford Nuclear Reservation4000Current and former workers at the Hanford Nuclear Reservation that their personal information may have been compromised, after police found a 1996 list with workers' names and other information in a home during an unrelated investigation.
6/13/2006Oregon Department of Revenue2200Electronic files containing personal data of Oregon taxpayers may have been compromised by an ex-employee's downloaded a contaminated file from a porn site. The 'trojan' attached to the file may have sent taxpayer information back to the source when the computer was turned on.
6/14/2006American International Group969000The computer server was stolen on March 31 containing personal information including names, Social Security numbers, birth dates, and some medical and disability information.
6/16/2006New York State Comptrollers Office1300State controller data cartridge containing payroll data of employees who work for a variety of state agencies was lost during shipment. The data contained names, salaries, Social Security numbers and home addresses.
6/16/2006Union Pacific30000On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates and Social Security numbers.
6/16/2006ING8500Two ING laptops that carried sensitive data affecting of Jackson Health System hospital workers were stolen in December 2005. The computers, belonging to financial services provider ING, contained information gathered during a voluntary life insurance enrollment drive in December and included names, birth dates and Social Security numbers.
6/17/2006Automatic Data Processing80Personal and payroll information of workers were intended to be faxed between ADP offices and were mistakenly sent to a third party.
6/17/2006CA Dept. of Health Services (CDHS)1550CDHS documents were inappropriately emptied from an employee's cubicle on June 5 and 9 rather than shredded.
6/17/2006Western Illinois University240000On June 5th, a hacker compromised a University server that contained names, addresses, credit card numbers and Social Security numbers of people connected to the University.
6/18/2006ING U.S. Financial Services13000Laptop stolen from employee's home containing retirement plan information including Social Security numbers of D.C. city employees.
6/20/2006Equifax Inc.2500On May 29, a company laptop containing employee names and partial and full Social Security numbers was stolen from an employee.
6/20/2006New Jersey Department of Labor and Workforce Development498
6/20/2006University of Alabama Birmingham9800In February a computer was stolen from a locked office of the kidney transplant program at the University of Alabama at Birmingham that contained confidential information of donors, organ recipients and potential recipients including names, Social Security numbers and medical information.
6/21/2006Lancaster General HospitalA desktop computer with personal information of hundreds of doctors was stolen from a locked office June 10. The unencrypted data included names, practice addresses, and SSNS of physicians on medical and dental staff.
6/21/2006Cape Fear Valley Health System24350Portable computer containing personal information of more than 24,000 people was stolen from ambulance of Cumberland Co. Emergency Medical Services on June 8th. It contained information on people treated by the EMS, including names, addresses, and birthdates, plus SSNs of 84% of those listed.
6/21/2006Cumberland County Emergency Medical Services24000
6/22/2006University of Kentucky6500The personal data of current and former students including classroom rosters names, grades and Social Security numbers was reported stolen on May 26 following the theft of a professor's flash drive.
6/22/2006United States Department of Agriculture26000During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors.
6/22/2006Federal Trade Commission110Two laptop computers containing personal and financial data were stolen from an employee's vehicle. The data included names, addresses, Social Security numbers, dates of birth, and in some instances, financial account numbers gathered in law enforcement investigations.
6/23/2006CA Dept. of Health Services (CDHS)323On June 12, a box of Medi-Cal forms from December 2005 were found in the cubicle of a CDHS employee. The claim forms contained the names, addresses, Social Security numbers and prescriptions for beneficiaries or their family members.
6/23/2006San Francisco State University3000a faculty member's laptop was stolen from a car on June 1 that contained personal information of former and current students including Social Security numbers, and names and ins some instance, phone numbers and grade point averages.
6/23/2006United States Navy28000Navy personnel were notified on June 22 that a civilian web site contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.
6/24/2006Catawba County Schools619On June 22, it was discovered that a web site posted names, Social Security numbers, and test scores of students who had taken a keyboarding and computer applications placement test during the 2001-02 school year.
6/24/2006Social Security Administration228
6/26/2006King County ElectionsSocial Security numbers for potentially thousands of current and former county residents may be exposed on the agency's web site. Residents can request that the image of any document that contains a Social Security number, Mother's Maiden Name or Drivers License be removed. Officials state that they are unable to alter original public documents and cannot choose to not record documents presented for recording.á
6/27/2006AAAAA Rent-A-Space13000Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in its online payment system.
6/27/2006Government Accountability Office1000Data from audit reports on Defense Department travel vouchers from the 1970s were inadvertently posted online and included some service members' names, Social Security numbers and addresses. The agency has subsequently removed the information.
6/28/2006Minnesota Department of Revenue2400On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers.
6/29/2006Allstate27000Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.
6/29/2006Nat.Institutes of Health Federal Credit Union41000NIHFCU is investigating with law enforcement the identity theft of some of its 41,000 members. No details given on type of information stolen, or how it was stolen.
6/29/2006Nebraska Treasurer's Office300000A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses.
6/30/2006U.S. Department of Veterans Affairs16000A data tape disappeared from a VA facility in Indianapolis, IN that contained information on legal cases involving U.S. veterans and included veterans' Social Security numbers, dates of birth and legal documents.
6/30/2006Washington Regional Medical Center5000
7/1/2006American Red CrossSometime in May, 3 laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005.
7/5/2006Bisys Group Inc.61000Personal details about 61,000 hedge fund investors were lost when an employee's truck carrying backup tapes was stolen. The data included SSNs of 35,000 individuals. The tapes were being moved from one Bisys facility to another on June 8 when the theft occurred.
7/6/2006Automatic Data ProcessingPayroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley , Bear Stearns, Citigroup, Merrill Lynch.
7/6/2006University of Tennessee36000Hacker broke into UT computer containing names, addresses and SSNs of about 36,000 past and current employees. Intruder apparently used computer from Aug. '05 to May '06 to store and transmit movies.
7/7/2006Hattiesburg City HallVideo surveillance cameras caught 2 intruders stealing hard drives from 18 computers June 23. Data files contained names, addresses, and SSNs of current and former city employees and registered voters as well as bank account information for employees paid through direct deposit and water system customers who paid bills electronically.
7/7/2006Montana Public Health and Human ServicesA state government computer was stolen from the office of a drug dependency program. during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised.
7/7/2006National Association of Securities Dealers73Ten laptops were stolen on Feb. 25 '06 from NASD investigators. They included SSNs of securities dealers who were the subject of investigations involving possible misconduct. Inactive account numbers of about 1,000 consumers were also contained on laptops.
7/7/2006United States Navy100000SSNs and other personal information of naval and Marine Corps aviators and air crew, both active and reserve, were exposed on Center web site and on 1,100 computer discs mailed to naval commands.
7/13/2006Moraine Park Technical College1500Computer disk (CD) with personal information of 1,500 students was reported missing. Information includes names, addresses, phone numbers & SSNs of apprenticeship students back to 1993.
7/14/2006Northwestern University17000Files containing names and some personal information including SSNs were on 9 desktop computers that had been accessed by unauthorized persons outside the University. The computers were in the Office of Admissions and Financial Aid Office.
7/14/2006Treasurer's computer in Circuit Court Clerk's officePublic computer in city government building containing taxpayer information was found to display SSNs of many residents -- those who paid personal property and real estate taxes. It was shut down and confiscated by the police on July 12th.
7/14/2006California Polytechnic State University (Cal Poly)3020Laptop computer was stolen from the home of a physics department professor July 3. It included names and SSNs of physics and astronomy students from 1994-2004. (Date of letter sent to students. Date of news story is 8/1/06)
7/14/2006University of Iowa280Laptop computer containing personal information of current and former MBA students was stolen. Data files included SSNs and some contact info.
7/14/2006Hampton Circuit Court
7/16/2006Mississippi Secretary of StateThe state agency's web site listed 2 million+ Uniform Commercial Code (UCC) filings in which thousands of individuals' SSNs were exposed.
7/17/2006Vassar Brothers Medical CenterLaptop was stolen from the emergency department between June 23-26. It contained information on patients dating back to 2000, including SSNs and dates of birth.
7/18/2006CS Stars, subsidiary of insurance company Marsh Inc.540000On May 9, CS Stars lost track of a personal computer containing records of more than a half million New Yorkers who made claims to a special workers' comp fund. The lost data includes SSNs and date of birth but apparently no medical information.
7/18/2006Nelnet Inc.188000Computer tape containing personal information of student loan customers and parents, mostly from Colorado, was lost when shipped via UPS. The loans were previously serviced by College Access Network
7/18/2006United States Department of Agriculture350Laptop computer and printout containing names, addresses and SSNs of 350 employees was stolen from an employee's car and later recovered.
7/21/2006BCTGM Local 192 Union140
7/21/2006Special Funds Conservation Committee540000
7/24/2006Wolters Kluwer8500
7/24/2006New York Department of Homeless Services8400The personal information of 8,400 homeless persons, including SSNs, was leaked in an e-mail attachment July 21, when accidentally sent to homeless advocates and city officials.
7/25/2006Old Mutual Capital Inc6500Laptop was stolen sometime in May containing personal information of U.S. clients, including names, addresses, account numbers and some SSNs.
7/25/2006Georgetown University Hospital23000Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX.
7/25/2006Armstrong World Industries12000A laptop containing personal information of current and former employers was stolen. The computer was in the possession of the company's auditor, Deloitte & Touche. Data included names, home addresses, phone numbers, SSNs, employee ID numbers, salary data, and bank account numbers of employees who have their checks directly deposited.
7/25/2006Cablevision13700A tape en route to the company's 401(k) plan record-keeper ACS was lost when shipped by FedEx to Dallas, TX. No customer data was on the tape. (lost when shipped to Dallas-based ACS)
7/26/2006United States Navy31000Two laptop computers with information on Navy recruiters and applicants were stolen in June and July. Also included was information from selective service and school lists. About 4,000 records contained SSNs. Files were password protected.
7/27/2006Kaiser Permanente160000A laptop was stolen containing names, phone numbers, and the Kaiser number for each HMO member. The data file did not include SSNs. The data was being used to market Hearing Aid Services to Health Plan members.
7/27/2006Los Angeles Count Adult Protective ServicesLast weekend 11 laptops were stolen from the Burbank office. It is not clear what type of personal information was included.
7/27/2006Los Angeles County Community Development Commission4800Earlier in July, a computer hacker located in Germany gained access to the CDC's computer system, containing personal information on 4,800 public housing residents.
7/27/2006Los Angeles County Dept. Community Senior ServicesIn May, a laptop was stolen from the home of a community and senior services employee. It contained information on LA County employees.
7/28/2006Lancaster General Hospital
7/28/2006Riverside, Calif., city employees2000The SSNs and financial information regarding 401(k) accounts was accidentally e-mailed to 2,300 city employees due to a computer operator's error. The data was intended for the city payroll dept.
7/29/2006Sentry Insurance112198Personal information including SSNs on worker's compensation claimants was stolen, some of which was later sold on the Internet. No medical records were included. The thief was a lead programmer-consultant who had access to claimants' data. The consultant was arrested and faces felony charges.
8/1/2006Ron Tonkin Nissan16000Several months ago the car dealership experienced a security breach affecting the personal information of those who bought cars or applied for credit between 2001 and March 2006.
8/1/2006Wichita State University40An intrusion into a WSU psychology department's server was discovered July 16. It contained information on about 40 applicants to the doctoral program.
8/1/2006U.S. BankA bank employee's briefcase was stolen from the employee's car with documents containing names, phone numbers, and SSNs of customers.
8/1/2006CoreLogic for ComUnity LendingIn early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNS, and property addresses related to an existing or anticipated mortgage loan.
8/1/2006Cal Poly3020
8/1/2006Wichita State University2040WSU learned on June 29 that someone gained unauthorized access into 3 computers in its College of Fine Arts box office, containing credit card information for about 2,000 patrons.
8/1/2006Dollar Tree150Customers of the discount store have reported money stolen from their bank accounts due to unauthorized ATM withdrawals. Data may have been intercepted by a thief's use of a wireless laptop computer with the thief then creating counterfeit ATM cards and using them to withdraw money.
8/2/2006Belhaven College300An employee carrying laptop was robbed at gunpoint on July 19 while walking to his car. Computer contained names and SSNs of college employees.
8/2/2006Vassar Brothers Medical Center257800
8/2/2006West Virginia Div. of Rehabilitiation ServicesA laptop was stolen July 24 containing clients' names, addresses, SSNs, and phone numbers. Data was password protected.
8/4/2006Matrix Bancorp Inc.Two laptop computers were stolen during daytime while staffers were away from their desks. One computer contained customers' account information. The bank says data is encrypted and password protected.
8/4/2006PSA HealthCare51000A company laptop was stolen from an employee's vehicle in a public parking lot July 15. It contained names, addresses, SSNs, and medical diagnostic and treatment information used in reimbursement claims.
8/4/2006Toyota1500Laptop belonging to contractor and containing personal information of job applicants and employees was stolen. Data included names and SSNs.
8/6/2006American Online (AOL)In late July AOL posted on a public web site data on 20 million web queries from 650,000 users. Some search records exposed SSNs, credit card numbers, or other pieces of sensitive information.
8/8/2006Virginia Bureau of Insurance202000The Bureau has advised insurance agents in the state that their SSN may have been exposed on its web site from June 13 through July 31, 2006, due to a programming error. The SSNs were not shown on any web page, but could have been found by savvy computer users using the source code tool of a web browser.
8/8/2006Linens n Things90A folder holding about 90 receipts was missing from the store. Receipts included full credit or debit account number and name of the card holder.
8/8/2006U.S. Department of Veterans Affairs38000Computer at contractor's office was reported missing Aug. 3, containing billing records with names, addresses, SSNs, and dates of birth of veterans at 2 Pennsylvania locations.
8/9/2006U.S. Department of Transportation133000The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County; 42,800 persons in FL with FAA pilot certificates; and 9,000 persons with FL driver's licenses.
8/11/2006Madrona Medical Group6000On Dec. 17, 2005, a former employee accessed and downloaded patient files onto his laptop computer. Files included name, address, SSN, and date of birth. The former employee has since been arrested.
8/15/2006U.S. Dept. of TransportationOn April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information.
8/15/2006University of Kentucky630The names and SSNs of 630 students were posted on the University's financial aid web site between Friday and Monday, Aug. 11-14.
8/15/2006University of Kentucky Department of Geography80About 80 geography students were notified Aug. 14 that their SSNs were inadvertently listed on an e-mail communication they all received telling them who their academic advisor would be for the coming year.
8/16/2006ChevronChevron informed its U.S. workers Aug. 14 that a laptop was stolen from 'an employee of an independent public accounting firm' who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans.
8/17/2006Williams-Sonoma1200On July 10, a laptop was stolen from the Los Angeles home of a Deloitte & Touche employee who was conducting an audit for W-S. Computer contained employees' payroll information and SSNs.
8/17/2006HCA Inc.700010 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA. 'thousands of files' Hospital Corp. of America
8/18/2006California Department of Mental Health9468Computer tape with employees' names, addresses, and SSNs has been reported missing. Employees were notified Aug. 17 by e-mail.
8/22/2006Beaverton School District1600Time slips revealing personal information were missing and presumed stolen following a July 24 break-in at a storage shed on the administration office's property. The time slips included names and SSNs but not addresses.
8/22/2006Troy Beaumont Hospital28473A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.
8/22/2006Aflac612A laptop containing customers' personal information was stolen from an agent's car. It contained names, addresses, SSNs, and birth dates of 612 policyholders. They were notified Aug. 11. American Family Life Assurance Co.
8/23/2006United States Department of Education21000A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the Department's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies.
8/25/2006Verizon Wireless5000
8/25/2006Federal Motor Carrier Safety Administration193
8/25/2006Sovereign BankPersonal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.
8/25/2006U.S. Dept. of Transportation, Federal Motor Carrier Safety Administration193A laptop that 'might contain' personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.
8/25/2006Dominion Resources1700Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.
8/26/2006PortTix2000Credit card information for about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site. PortTix is Merrill Auditorium's ticketing agency. The Web site was secured as of Aug. 24.
8/26/2006University of South Carolina6000A security audit this summer found that a computer server was hacked in Sept. 2005. A database could have been accessed with names, SSNs, and birthdates of current and former students.
8/27/2006New Mexico Administrative Office of the Courts1500For 8 days in late May, an unsecured document was exposed on the agency's FTP site on the state's computer server. It contained names, birth dates, SSNs, home addresses and other personal information of judicial branch employees. The FTP site was shut down June 2 and has since be redesigned.
8/29/2006AT&T19000Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying 'fewer than 19,000' customers.' via vendor that operates an order processing computer
8/29/2006Compass Health8000Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.
8/29/2006United States Department of Education43Two laptops were stolen from DTI's office in downtown DC containing personal information on 43 grant reviewers for the Teacher Incentive Fund. DTI could not rule out that the data included SSNs.
8/29/2006Valley Baptist Medical Center73A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.
8/31/2006Diebold, Inc.An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.
8/31/2006LabCorpDuring a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.
9/1/2006City of Chicago38443A laptop was stolen from the home of contractor's employee last April 2005. It was reported to the city July 2006 more than a year later. Data included names, addresses, phone numbers, birthdates and SSNs for those in the city's deferred compensation plan.
9/1/2006Virginia Commonwealth University2100Personal information of freshmen and graduate engineering students from 1998 through 2005 was exposed on the Internet for 8 months (Jan. - Aug.) due to human error. It was discovered by a student who used a search engine to find her name. The data included SSNs and e-mail addresses.
9/1/2006Wells FargoIn a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company.
9/2/2006Lloyd's of LondonA thief reprogrammed more than 150 Lloyd's of London credit card numbers onto phone cards and used them to withdraw money from an ATM in Port St. Lucie, FL (stealing more than $20,000 over 3 days). Key personal and financial information had been skimmed from the magnetic strip on the victims' cards.
9/6/2006Transportation Security Administration1195In late August 2006, Accenture, a contractor for TSA mailed documents containing former employees' SSN,, date of birth, and salary information to the wrong addresses due to an administrative error.
9/7/2006Florida National Guard100A laptop computer was stolen from a soldier's vehicle contained training and administrative records, including Social Security numbers of up to 100 Florida National Guard soldiers.
9/7/2006Chase Card Services2500000Chase Card Services mistakenly discarded 5 computer data tapes in July containing Circuit City cardholders' personal information.
9/8/2006Cleveland Clinic1130A clinic employee stole personal information from electronic files and sold it to her cousin, owner of Advanced Medical Claims, who used it to file fraudulent Medicare claims totaling more than $2.8 million. Information included names, SSNs, birthdates, addresses and other details. Both individuals were indicted.
9/8/2006Linden Lab . Second Life648420On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.
9/8/2006University of Minnesota13084On August 14-15 eve, two computers were stolen from the desk of an Institute of Technology employee, containing information on students who were freshmen from 1992-2006 -- including names, birthdates, addresses, phone numbers, high schools attended, student ID numbers, grades, test scores, and, academic probation. SSNs of 603 students were also exposed.
9/11/2006TelesourceEmployees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses. via Vekstar
9/12/2006City of Paris Kentucky100
9/13/2006American Family Insurance2000The office of an insurance agent was broken into and robbed last July. Among the items stolen was a laptop with customers' names, SSNs, and driver's license numbers.
9/14/2006Illinois Department of Corrections16500A document containing employees' personal information was found outside the agency's premises 'where it should not have been.' It has since been retrieved. Information included employees' names, SSNs, and salaries.
9/14/2006Nikon Inc.3235Workers at a Montgomery, AL, camera store discovered that subscription information for the magazine Nikon World was exposed on the Web for at least 9 hours. Data included subscribers' names, addresses and credit card numbers.
9/15/2006Berks County Pennsylvania25000A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.
9/15/2006Mercy Medical Center Merced295A memory stick containing patient information was found July 18 by a local citizen on the ground at the County Fairgrounds near the hospital's information booth. It was returned to the hospital 4 weeks later. Data included names, SSNs, birthdates, and medical records.
9/15/2006University of Texas at San Antonio64000
9/16/2006Michigan Department of Community Health4000Residents who participated in a scientific study were notified that a flash drive was discovered missing as of Aug. 4, and likely stolen, from an MDCH office.The portable memory device contained names, addresses, phone numbers, dates of birth, and SSNs of participants. The study tracked the long-term exposure to flame retardents ingested by residents in beef and milk.
9/16/2006Howard Rice500A laptop was stolen from the trunk of the car of the law firm's auditor, containing confidential employee pension plan information -- names, SSNs, remaining balances, 401(k) and profit-sharing information.
9/16/2006Beaumont Hospital3The hospital mistakenly mailed medical reports on 3 patients to a retired dentist in Texas. Reports included name, test results, date of birth and patient ID numbers. The hospital admitted to both human and computer error. A new computer system mixed similar names, and staff did not catch it.
9/17/2006Direct Loan21000A security breach exposed private information of student loan borrowers from Aug. 20-22 during a computer software upgrade. Users of the Direct Loans Web site were able to view information other than their own if they used certain options. SSNs were among the data elements exposed online.
9/17/2006Whistle JunctionPersonnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees,
9/18/2006DePaul Medical Center100Two computers were stolen, one on August 28 and the other Sept. 11. Personal data included names, date of birth, treatment information, and some SSNs.
9/19/2006Life Is Good9250Hackers accessed the retailer's database containing customer's credit card numbers. The company said no other personal information was in the database.
9/20/2006City of Savannah8800Because of a 'hole in the firewall,'a City server exposed personal information online for 7 months. Individuals identified by the Red Light Camera Enforcement Program are affected -- name, address, driver's license number, vehicle identification number, and SSNs of those individuals whose driver's license number is still the SSN.
9/20/2006Berry College2093Student applications for need-based financial aid were misplaced by a consultant -- in both paper and digital form. Data included name, SSN, and reported family income for students and potential students for the 2005-06 academic year.
9/21/2006U.S. Dept. of Commerce and Census BureauThe agency reported that 1,137 laptops have been lost or stolen since 2001. Of those, 672 were used by the Census Bureau, with 246 of those containing personal data. Secretary Gutierrez said the computers had 'protections to prevent a breach of personal information.'
9/21/2006Pima County Health Department2500Vaccination records on 2,500 clients had been left in the trunk of a car that was stolen Sept. 12. The car and records have since been recovered. Records included names, dates of birth and ZIP codes, but no SSNs or addresses.
9/22/2006Bank of AmericaStolen laptop with info of Visa Buxx users (debit cards)
9/22/2006University of Colorado at Boulder1372Two computers had been placed in storage during the school's move to temporary quarters in May. When they were to be retrieved Aug. 28, they were found missing. They had been used by 2 faculty members and included students' names, SSNs, and grades.
9/22/2006Purdue University2482A file in a desktop computer in the Chemistry Department may have been accessed illegitimately. The file contained names, SSNs, school, major, and e-mail addresses of people who were students in 2000.
9/22/2006Several Indianapolis pharmaciesEarlier this year a local TV reporter from WTHR found that 'dozens' of pharmacies disposed of customer records in unsecured garbage bins. Now the Indiana Board of Pharmacy has launched an investigation of 30 pharmacies. Both the Board and the Attorney General say that the pharmacies violated state law.
9/23/2006Erlanger Hospital4150Records of hospital employees disappeared from a locked office on Sept. 15. They were stored on a USB 'jump drive.' Information was limited to names and SSNs. Those affected included anyone who went through job 'status changes' from Nov. 2003 to Sept. 2006.
9/23/2006An illegal dumping site northwest of Quinlan, TXInvestigators found boxes of private medical records containing names and personal information of patients of a doctor who lives in Dallas and who has a Greenville, TX, practice. They had apparently been dumped there by a contractor who was hired to remodel his house. The contractor was indicted on a charge of illegal dumping.
9/25/2006General Electric50000An employee's laptop computer holding the names and Social Security numbers of approximately 50,000 current and former GE employees was stolen from a locked hotel room while he was traveling for business.
9/25/2006Movie GalleryA large number of Movie Gallery's files and videos were found in a dumpster. The files contained personal information of people employed by Movie Gallery and people applying for jobs at the video store as well as people applying for movie rental membership. Movie Gallery has agreed to pay $50,000 to the State of NC.
9/27/2006America Online
9/28/2006Illinois Dept. of Transportation40Documents found by state auditors in recycling bins in a hallway contained IDOT employee names and SSNs.
9/28/2006North Carolina Department of Motor Vehicles16000A computer was stolen from a NC Dept. of Motor Vehicles office, reported Sept. 10. It contains names, addresses, driver's license numbers, SSNs, and in some cases immigration visa information of 16,000 people who have been issued licenses in the past 18 months. Most are residents of Franklin County.
9/28/2006Stevens Hospital Emergency Room via dishonest employee of billing company Med Data30A manager for the hospital's billing company, Med Data, stole patients' credit card numbers. She gave them to her brother who bought $30,000 worth of clothes and gift cards over the Internet. The woman is scheduled for sentencing in Nov. and her brother's trial is expected Jan. 2007.
9/29/2006State of Kentucky146000State employees received letters from the Kentucky Personnel Cabinet with their SSNs visible through the envelope windows.
9/29/2006University of Iowa14500A computer containing SSNs of 14,500 psychology department research study subjects was the object of an automated attack designed to store pirated video files for subsequent distribution.
10/2/2006Seattle-Tacoma International Airport6939Six CDs missing from the ID Badging office at Seattle-Tacoma International Airport hold the personal information of 6,939 airport workers. The data include names, addresses, birth dates, SSNs and driver's license numbers, telephone numbers, employer information, and height/weight. The data on the disks were scanned from paper applications for airport badges. The port learned of the missing disks on September 18 and sent letters to the affected employees on Oct. 2.
10/3/2006Cumberland County Pennsylvania1200Cumberland County (PA) officials removed salary board meeting minutes from their Web site because they contained the SSNs of 1,200 county employees. The information was included in minutes from meetings prior to 2000. The county no longer uses SSNs as unique identifiers for employees. Employees will be informed of the data breach in a note included with their paychecks.
10/3/2006Picatinny Arsenal28 computers are missing from the Picatinny Arsenal, a Department of Defense Weapons Research Center. The computers were reported lost or stolen over the last two years. None of the computers was encrypted. Officials state the computers did not contain classified information.
10/3/2006Willamette Educational Service District4500Seven computers stolen from a Willamette Educational service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.
10/4/2006Orange County Controller (FL)A Florida woman discovered her marriage license was visible on the Orange County (FL) controller's Web site with no information blacked out, not even SSNs. She discovered the breach because someone had applied for a loan in her name. The Orange County Comptroller is reportedly paying a vendor $500,000 to black out all SSNs by January 2008.
10/5/2006Capistrano Unified School District
10/5/2006San Juan Capistrano Unified School District (CA)Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program.
10/6/2006Camp Pendleton Marine Corps Base2400A laptop missing from Lincoln B.P. Management Inc. holds personally identifiable data about 2,400 Camp Pendleton residents.
10/6/2006Cleveland Air Route Traffic Control Center400A computer hard drive missing from the Cleveland Air Route Traffic Control Center in Oberlin (OH) contains the names and SSNs of at least 400 air traffic controllers.
10/9/2006Troy Athens High SchoolA hard drive stolen from Troy Athens High School in August contained transcripts, test scores, addresses and SSNs of students from the graduating classes of 1994 to 2004. The school district and the superintendent have notified all affected alumni by regular mail. (Letter mailed Oct. 5, 2006)
10/11/2006Republican National Committee76The Republican National Committee (RNC) inadvertently emailed a list of donors' names, SSNs and races to a New York Sun reporter.
10/11/2006Florida Department of Labor4624The names and SSNs of 4,624 Floridians were accessible on the Internet for approximately 18 days in September. The data were not accessible through Web sites, but an individual came across the information when Googling his own name. The agency has asked Google to remove the pages from its cache, and has notified all affected individuals by mail.
10/11/2006Adams State College184A laptop computer stolen from a locked closet at Adams State College contained personally identifiable data belonging to 184 high school students who participated in the college's Upward Bound program over the last four years. The theft occurred on August 14, but it was not until late September that staff realized the computer held students' data.
10/12/2006University of Texas at Arlington2500Two computers stolen from a University of Texas faculty member's home hold the names, SSNs, grades, e-mail addresses and other information belonging to approximately 2,500 students enrolled in computer science and engineering classes between fall 2000 and fall 2006. The theft occurred on September 29 and was reported on October 2.
10/12/2006U.S. Census BureauThis spring, residents of Travis County, TX helped the Census Bureau test new equipment. When the test period ended, 15 devices were unaccounted for. The Census Bureau and the Commerce Department issued a press release saying the devices held names, addresses and birthdates, but not income or SSNs.
10/12/2006Congressional Budget OfficeHackers broke into the Congressional Budget Office's mailing list and sent a phishing e-mail that appeared to come from the CBO.
10/13/2006Orchard Family PracticeWhen a bankrupt Colorado doctor was evicted from his office, the landlord with help from the sheriff's dept.dumped everything from his office in the parking lot, including file cabinets containing personal information of his patients. Scavengers were seen carting off desks and file cabinets, some containing records. The exposed documents were thought to consist of business records containing names, SSNs, dates of birth, and addresses, but not medical information, which the doctor had previously removed. Sheriff's deputies evicting Dr. Charles Kay put files from his office in a nearby parking lot. In a news report, Dr. Kay said he had removed the patient files but not the business files.
10/13/2006Ohio Ethics CommissionPapers belonging to the Ohio Ethics Commission were found floating on the wind in an alley. The documents are related to state employees' finances and contained SSNs and financial statements. They were supposed to be in the possession of the state archives.
10/15/2006Poulsbo Department of Licensing2200An unspecified ôstorage deviceö containing personally identifiable data of approximately 2,200 North Kitsap (WA) residents has been lost from the Poulsbo Department of Licensing. The data include names, addresses, photographs and driver's license numbers of individuals who conducted transactions at the Poulsbo branch in late September.
10/16/2006VISA/FirstBankFirstBank sent a letter to an unknown number of customers informing them their FirstTeller Visa Check Card numbers were compromised when someone accessed ôa merchant card processor's transaction database.ö The FirstBank letter said customers would receive new cards by October 27.
10/17/2006City of Visalia California200Personally identifiable information of approximately 200 current and former Visalia Recreation Department employees was exposed when copies of city documents were found scattered on a city street.
10/18/2006Germanton Elementary SchoolA computer stolen from Germanton Elementary school holds students' SSNs. The data on the computer are encrypted.
10/19/2006University of Minnesota/Spain200In June, a University of Minnesota art department laptop computer stolen from a faculty member while traveling in Spain holds personally identifiable information of 200 students.
10/20/2006Allina Hospitals and Clinics33000A laptop stolen from a nurse's car on October 8 contains the names and SSNs of individuals in approximately 17,000 households participating in the Allina Hospitals and Clinics obstetric home-care program since June 2005.
10/20/2006T-Mobile43000A laptop computer holding personally identifiable information of approximately 43,000 current and former T-Mobile employees disappeared from a T-Mobile employee's checked luggage. T-Mobile has reportedly sent letters to all those affected. The data are believed to include names, addresses, SSNs, dates of birth and compensation information.
10/23/2006St. Francis Hospital260000On July 28, 2006, a contractor working for Advanced Receivables Strategy, a medical billing records company, misplaced CDs containing the names and SSNs of 266,200 patients, employees, physicians, and boad members of St. Francis hospitals in Indiana and Illinois. Also affected were records of Greater Lafayette Health Services. The disks were inadvertently left in a laptop case that was returned to a store. The purchaser returned the disks. The records were not encrypted even though St. Francis and ARS policies require encryption.
10/24/2006Chicago Board of Election780000An official from the not-for-profit Illinois Ballot Integrity Project says his organization hacked into Chicago's voter database, compromising the names, SSNs and dates of birth of 1.35 million residents. The Chicago Election Board is reportedly looking into removing SSNs from the database. Election officials have patched the flaw that allowed the intrusion.
10/25/2006Department of Homeland Security900A thumb drive is missing from the TSA command center at Portland International Airport and believed to contain the names, addresses, phone numbers and Social Security numbers of approximately 900 current and former employees.
10/25/2006Swedish Medical Center1100An employee stole the names, birthdates, and Social Security numbers from patients who were hospitalized or had day-surgeries from June 22 to Sept 21. She used 3 patients' information to open multiple credit accounts.
10/26/2006Akron Children's Hospital235903Overseas hackers broke into two computers at Children's Hospital. One contains private patient data (including Social Security numbers) and the other holds billing and banking information.
10/26/2006Children's Hospital242000
10/26/2006Colorado Department of Human Services1400000On Oct. 14, a desktop computer was stolen from a state contractor who processes Colorado child support payments for the Dept. of Human Services. Computer also contained the state's Directory of New Hires.
10/26/2006Empire Equity GroupMortgage files that included personal financial details about loan applicants were found in a dumpster. Empire Equity will pay $12,500 to the State of NC.
10/26/2006Hilb, Rogal & Hobbs1243In September 2006, a laptop computer was stolen from the insurance brokerage firm. It contained client information including the names, birthdates, and drivers license numbers of Villanova University students and staff who drive university vehicles.
10/26/2006Jacobs Neurological InstituteThe laptop of a research doctor was stolen from her locked office at the Institute. It included records of patients and her research data.
10/26/2006LimeWire75The Denver Police Dept. reports that LimeWire's file-sharing program was exploited to access personal and financial information from
10/26/2006Tuscarawas County OhioThe Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service.
10/27/2006Gymboree20000A thief stole 3 laptop computers from Gymboree's corporate headquarters. They contained unencrypted human resources data (names and Social Security numbers) of thousands of workers.
10/28/2006Hancock Askew & Co. LLPOn October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew.
10/30/2006Nissan Motor Co., Ltd.5379909The Japanese weekly magazine 'The Weekly Asahi' reported that Nissan experienced the leak of a database containing customers' personal information sometime between May 2003 and February 2004. The data includes the customer name, gender, birth date, address, telephone number, vehicle model owned (including base and class), and license plate number.
10/30/2006Georgia county clerk of courts' web sitesA Georgia TV station reported that SSNs could be found on some records posted on county clerk of court web sites, specifically for individuals with federal tax liens filed against them. At least one county clerk -- Cherokee County -- is now removing SSNs from the web site.
10/31/2006AvayaA laptop stolen from an Avaya employee on October 16 in Florida contained personally identifiable information, including names, addresses, W-2 tax form information and SSNs.
11/1/2006Home Finance Mortgage, Inc.Company dumped files containing names, addresses, Social Security numbers, credit card numbers, and bank account numbers of people who had applied for mortgage loans. Home Finance and its owners have agreed to pay the State of NC $3,000 for their violations.á
11/1/2006U.S. Army Cadet Command4600A laptop computer was stolen that contained the names, addresses, telephone numbers, birthdates, Social Security numbers, parent names, and mother's maiden names of applicants for the Army's four-year ROTC college scholarship.
11/2/2006Muskogee Veterans Affairs Hospital1400Three disks containing billing information, patient names and Social Security numbers, were lost in the mail.
11/2/2006Villanova University1243
11/2/2006Manhattan Veterans Affairs Medical Center1600On Sept. 6, an unencrypted laptop computer containing veterans' names, Social Security numbers, and medical diagnosis, was stolen from the hopsital.
11/2/2006Greater Media Inc.A laptop computer containing the Social Security numbers of the radio broadcasting company's current and former employees was stolen from their Philadelphia offices.
11/2/2006Compulinx50The CEO of Compulinx was arrested for fraudulently using employees' names, addresses, Social Security numbers and other personal information for credit purposes. (It is unclear whether customers' data was also used).
11/3/2006West Shore Bank1000Customers' debit cards and possibly credit cards were compromised from a security break last summer at a common MasterCard point-of-purchase provider.
11/3/2006Intermountain Healthcare6244A computer was purchased at a second-hand store, Deseret Industries, that contained the names, Social Security numbers, employment records, and other personal information about Intermountain Health Care employees employed there in 1999-2000.
11/3/2006University of Virginia632Due to a computer programming error, Student Financial Services sent e-mail messages to students containing 632 other students' Social Security numbers.
11/3/2006Starbucks60000Starbucks lost track of four laptop computers. Two held employee names, addresses, and Social Security numbers.
11/3/2006WescoWesco gas stations experienced a breach in credit card transactions from July 25-Sept. 7 resulting in inaccurate charges to customer accounts.
11/3/2006Several Joliet area motelsMotel owners and employees allegedly stole and sold customers' credit card numbers.
11/6/2006Bowling Green Ohio Police Department200The police dept. accidentally published a report on their website containing personal information on nearly 200 people the police had contact with on Oct. 21. Data included names, Social Security numbers, driver's license numbers, etc.
11/7/2006City of Lubbock Texas5800Hackers broke into the city's web site and compromised the online job application database, which included Social Security numbers.
11/10/2006KSL Services, Inc.1000A disk containing the personal information of approximately 1,000 KSL employees is missing. KSL is a contractor for Los Alamos National Laboratory.
11/10/2006Los Alamos National Laboratory1000
11/10/2006ARCO440From Sept. 29 to Oct. 9, thieves used card skimmers to steal bank account numbers and PIN codes from gas station customers and used the information to fabricate debit cards and make ATM withdrawals.
11/11/2006Hertz Global Holdings Inc.44309The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee.
11/14/2006Connors State College22500On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships.
11/15/2006Internal Revenue Service2359According to document s obtained under the Freedom of Information Act, 478 laptops were either lost or stolen from the IRS between 2002 and 2006. 112 of the computers held sensitive taxpayer information such as SSNs.
11/15/2006Boeing Co.762
11/16/2006American Cancer SocietyAn unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any.
11/16/2006Carson City residents50The Sheriff's Department reported that at least 50 residents had their credit card information stolen by employees of local businesses. The employees apparently sell the account information to international crime rings that produce counterfeit cards. The crime is called 'skimming.'
11/17/2006Automatic Data Processing (ADP)ADP sent paperwork for a small Wisconsin company to a Cordova, TN coffee house. The paperwork contained names, birth dates, SSNs, addresses, salaries, and bank account and routing numbers
11/17/2006Jefferson College of Health Sciences143An email containing the names and SSNs of 143 students intended for one employee was inadvertently sent to the entire student body of 900.
11/20/2006New York City Administration for Childrens ServicesMore than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers.
11/25/2006Indiana Department of Health7500Two computers stolen from an Indiana state health department contractor contained the names, addresses, birth dates, SSNs and medical and billing information for more than 7,500 women. The data were collected as part of the state's Breast and Cervical Cancer Program.
11/27/2006Johnston County North CarolinaPersonal data, including SSNs, of thousands of taxpayers, were inadvertently posted on the county web site. The information was removed from the site within an hour after officials became aware of the situation.
11/27/2006Chicago Public Schools1740A company hired to print and mail health insurance information to former Chicago Public School employees mistakenly included a list of the names, addresses and SSNs of the nearly 1,740 people receiving the mailing. Each received the 125-page list of the 1,740 former employees.
11/27/2006Greenville South Carolina County School District100000School district computers sold to the WH Group at auctions between 1999 and early 2006 contained the birth dates, SSNs, driver's license numbers and Department of Juvenile Justice records of approximately 100,000 students. The computers also held sensitive data for more than 1,000 school district employees.
11/28/2006Kaiser Permanente Colorado38000A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs.
11/29/2006California State University Los Angeles2882An employee's USB drive was inside a purse stolen from a car trunk. It contained personal information on 48 faculty members and more than 2,500 students and applicants of a teacher credentialing program. Information included names, SSNs, campus ID numbers, phone numbers, and e-mail addresses.
11/30/2006Pennsylvania Department of Transportation11384Thieves stole equipment from a driver's license facility late evening Nov. 28, including computers containing personal information on more than 11,000 people. Information included names, addresses, dates of birth, driver's license numbers and both partial and complete SSNs (complete SSNs for 5,348 people). Also stolen were supplies used to create drivers licenses and photo IDs. The state maintains 97 driver's license facilities. (Hanover township driver's license facility, Dunmore, PA)
11/30/2006TransUnion Credit Bureau1700Four different scam companies downloaded the credit information of more than 1,700 individuals, including their credit histories and SSNs. They were able to illegitimately obtain the password to the TransUnion account held by the Kingman, AZ, court office, which apparently has a subscription to the bureau's services.
12/1/2006TD Ameritrade300According to a letter sent to employees, a laptop was removed (presumably stolen) from the office Oct. 18, 2006, that contained unencrypted information including names, addresses, birthdates, and SSNs.
12/2/2006Gundersen Lutheran Medical CenterA Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint.
12/3/2006City of Grand Prairie TexasEmployees of the city of Grand Prairie were notified that personal records were exposed on the city's Web site for at least a year. Included were the names and SSNs of 'hundreds of employees.' The information has since been removed. The city had been working with a contractor on a proposal for workers' compensation insurance. Along with the proposal, names and SSNs were mistakenly listed.
12/5/2006H&R BlockMany past and present customers received unsolicited copies of the program TaxCut that displayed their SSN on the outside.
12/5/2006Nassau Community College21000A printout is missing that contans information about each of NCC's 21,000 students, including names, SSNs, addresses, and phone numbers. It disappeared from a desk in the Student Activities Office.
12/5/2006West Virginia Air National Guard1000A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing.
12/6/2006Premier Bank1800A report was stolen the evening of Nov. 16 from the car of the bank's VP and CFO while employees were celebrating an award received by the bank. The document contained names and account numbers of customers, but reportedly no SSNs.
12/8/2006State of VermontNames and SSNs of 'several hundred' physicians, psychologists and other health care providers were mistakenly posted online by Segal Group, a contractor hired by the state to put its health management contract out for bid. The information was posted from May 12 to June 19. It was discovered when a doctor found her own SSN online.
12/9/2006Virginia Commonwealth University561Personal information of 561 students was inadvertently sent as attachments on Nov. 20 in an e-mail, including names, SSNs, local and permanent addresses and grade-point averages. The e-mail was sent to 195 students to inform them of their eligibility for scholarships.
12/12/2006Aetna Inc. / Group Health Insurance Inc. / Nationwide / Wellpoint396279A lockbox holding personal information of health insurance customers was stolen Oct. 26. Thieves broke into an office building occupied by insurance company vendor, Concentra Preferred Systems. The lockbox contained computer backup tapes of medical claim data for Aetna and other Concentra health plan clients. Exposed data includes member names, hospital codes, and either SSNs or Aetna member ID numbers. SSNs of 750 medical professionals were also exposed. Officials downplay the risk by stating that the tapes cannot be used on a standard PC.
12/12/2006UCLA800000Hacker(s) gained access to a UCLA database containing personal information on current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants, including those who did not attend. Exposed records contained names, SSNs, birth dates, home addresses, and contact information. About 3,200 of those notified are current or former staff and faculty of UC Merced and current and former staff of UC's Oakland headquarters.
12/12/2006University of Texas at Dallas35000The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names, SSNs, home addresses, phone numbers and e-mail addresses.
12/13/2006Boeing Co.382000In early December, a laptop was stolen from an employee's car. Files contained names, salary information, SSNs, home addresses, phone numbers and dates of birth of current and former employees.
12/14/2006St. Vrain Valley School District600Paper records containing student information were stolen, along with a laptop, from a nurse's car Nov. 20. Personal information included students' names, dates of birth, names of their schools, what grade they are in, their Medicaid numbers (presumably SSNs), and their parents' names. The laptop contained no personal data.
12/14/2006Riverside High SchoolTwo students discovered a breach in the security of a Durham Public Schools computer as part of a class assignment. They reported to school officials that they were able to access a database containing SSNs and other personal information of thousands of school employees. The home of one student was searched by Sheriff's deputies and the family computer was seized.
12/14/2006Geisinger Health Systems / Williamson Medical Center / Emory University / Grady Memorial Hospital64030On Nov. 23, 2006, two computers (one desktop, one laptop) were stolen from Electronic Registry Systems, a business contractor in suburban Springdale, OH, that provides cancer patient registry data processing services. It contained the personal information (name, date of birth, Social Security number, address, medical record number, medical data and treatment information) of cancer patients from hospitals in Pennsylvania , Tennessee , Ohio and Georgia , dating back to 1977 at some hospitals.
12/14/2006Durham (N.C.) Public Schools
12/15/2006University of Colorado at Boulder17500A server in the Academic Advising Center was the subject of a hacking attack. Personal information exposed included names and SSNs for individuals who attended orientation sessions from 2002-2004. CU-Boulder has since ceased using SSNs as identifiers for students, faculty, staff, and administrators.
12/16/2006City of Wickliffe Ohio125Hackers breached security in one of the city's three computer servers containing personal information on some city employees, including names and SSNs.
12/16/2006North Bay Regional Center3000
12/19/2006Mississippi State University2400SSNs and other personal information were 'inadvertently' posted on a publicly accessible MSU Web site. The breach was discovered 'last week' and the information has since been removed.
12/20/2006SFX Baseball Inc.117A Chicago man apparently removed documents from a trash bin outside SFX Baseball Inc., a sports agency that deals with Major League Baseball. He used information found on those documents to commit identity theft on at least 27 Lake County residents. Information found during a search of the thief's home included SSNs, birthdates, canceled paychecks, obituaries, and infant death records.
12/20/2006Big Foot High School (WI)87Personal information was accidentally exposed on the High School's Web site for a short time, perhaps for about 36 minutes, according to a report. Information included last names, SSNs, and birthdates.
12/20/2006Deb Shops, Inc.A hacker illegally accessed company Web pages and a related data base used for Internet-based purchases. The intruder may have accessed customers' credit card information including names on cards and credit card numbers.
12/20/2006Lakeland Library Cooperative15000Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed.
12/21/2006Santa Clara County (CA)2500A computer stolen from the agency holds the SSNs of approximately 2,500 individuals.
12/22/2006Texas Woman's University15000A document containing names, addresses and SSNs of 15,000 TWU students was transmitted over a non-secure connection.
12/22/2006United States State Department700A bag containing approximately 700 completed passport applications was reported missing on December 1. The bag, which was supposed to be shipped to Charlotte, NC, was found later in the month at Los Angeles International Airport.
12/22/2006Utah Valley State College15000
12/22/2006Bank of AmericaA former contractor for Bank of America unauthorizedly accessed the personal information (name, address, phone number, Social Security number) of an undisclosed number of customers, for the purpose of committing fraud.
12/27/2006Deaconess Hospital128A computer missing from the hospital holds personal information, including SSNs, of 128 respiratory therapy patients.
12/27/2006Montana State University259A student working in the loan office mistakenly sent packets containing lists of student names, Social Security numbers, and loan information to other students
12/29/2006Wisconsin Department of Revenue171000Tax forms were mailed to taxpayers in which SSNs were inadvertently printed on the front of some Form 1 booklets. Some were retrieved before they were mailed.
12/29/2006KeyCorp9300A laptop computer stolen from a KeyCorp vendor contains personally identifiable information, including SSNs, of 9,300 customers in six states.
1/2/2007News accounts are not clear as to source, but thought to be a realty officeAbout 40 boxes of financial paperwork, thought to be from loan applications, was found in a dumpster. One of the boxes visible to news reporters was said to contain paperwork with bank account details, photocopies of driver's licenses, SSNs and 'other private information.'
1/3/2007Academic Magnet High School500
1/4/2007Unnamed medical center, via Newark Recycling CenterAn individual found unshredded medical records in 36 boxes at the Newark Recycling Center.
1/4/2007Selma, NC, Water Treatment PlantA laptop stolen from the water treatment facility holds the names and SSNs of Selma volunteer firefighters.
1/4/2007Johnston County North Carolina30
1/5/2007Dr. Baceski's office, internal medicineA hard drive was stolen containing personal information on 'hundreds of patients.'
1/8/2007University of Notre DameA University Director's laptop was stolen before Christmas. It contained personal information of employees, including names, SSNs, and salary information.
1/8/2007Altria / United Technologies / Prudential Financial / Random House180005 laptops were stolen from Towers Perrin, allegedly by a former employee. The theft occurred Nov. 27, 2006. The computers contain names, SSNs, and other pension-related information, presumably of several companies, although news reports are not clear.
1/10/2007University of ArizonaBreaches occurred in November and December 2006 that affected services with UA Student Unions, University Library, and UA Procurement and Contracting Services. Some services were shut down for several days.
1/11/2007University of Idaho70000Over Thanksgiving weekend, 3 desktop computers were stolen from the Advancement Services office containing personal information of alumni, donors, employees, and students. 331,000 individuals may have been exposed, with as many as 70,000 records containing SSNs, names and addresses.
1/12/2007MoneyGram79000MoneyGram, a payment service provider, reported that a company server was unlawfully accessed over the Internet last month. It contained information on about 79,000 bill payment customers, including names, addresses, phone numbers, and in some cases, bank account numbers.
1/13/2007North Carolina Department of Revenue30000A laptop computer containing taxpayer data was stolen from the car of a NC Dept. of Revenue employee in mid-December. The files included names, SSNs or federal employer ID numbers , and tax debt owed to the state.
1/16/2007University of New MexicoAt least 3 computers and 4 monitors were stolen from the associate provost's office overnight between Jan. 2 and 3. They may have included faculty members' names and SSNs.
1/17/2007Rincon Del Diablo Municipal Water District5002 computers were stolen from the district office. One included names and credit card numbers of customers.
1/17/2007TJX Companies Inc.94000000The TJX Companies Inc.experienced an 'unauthorized intrusion' into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is 'the leading off-price retailer of apparel and home fashions in the U.S. and worldwide.'
1/18/2007KB Home2700A computer was stolen from one of the home builder's offices. It likely contained names, addresses, and SSNs of people who had visited the sales office for Foxbank Plantation in Berkeley County near Charleston.
1/19/2007Internal Revenue Service / Kansas City Government26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to City Hall. They potentially contain taxpayers' names, SSNs, bank account numbers, or employer information. The 26 tapes were the entire shipment received by the City last August. The disappearance was noticed late December 2006.
1/20/2007Greenville South Carolina County School District
1/22/2007Chicago Board of Election1300000About 100 computer discs (CDs) with 1.3 million Chicago voters' SSNs were mistakenly distributed to aldermen and ward committeemen. CDs also contain birth dates and addresses.
1/22/2007U.S. Dept. of Veteran's AffairsFolders of veterans' personal information were stolen from a locked car in Bremerton, WA. News stories are not clear on the type of information contained in the folders.
1/23/2007Clay High School (Oregon)A former high school student obtained sensitive staff and student information through an apparent security breach. The data was copied onto an iPod and included names, birth dates, SSNs, addresses, and phone numbers.
1/24/2007Rutgers University200An associate professor's laptop was stolen, containing names and SSNs of 200 students. Rutgers no longers uses SSNs as student IDs, but student IDs from past years are still SSNs.
1/25/2007Wahiawa Women Infants and Children11500A WIC employee apparently stole the personal information of agency clients, including SSNs, and committed identity theft on at least 3 families and perhaps 2 more. The Health Director said the agency will no longer use SSNs in its data base.
1/25/2007Ohio Board of Nursing3031The agency's Web site posted names and SSNs of newly licensed nurses twice in the past 2 months. SSNs were supposed to have been removed before posting.
1/26/2007Chase Bank / Bank One4100A Bossier woman bought a used desk from a furniture store. She discovered a 165-page spread sheet in a drawer that included names and SSNs of bank employees. The document was returned to the bank.
1/26/2007Vanguard University5105On Jan. 16, 2 computers were discovered stolen from the financial aid office. Data included names, SSNs, dates of birth, phone numbers, driver's license numbers, and lists of assets.
1/26/2007Eastern Illinois University1400A desktop computer was stolen from the Student Life office containing membership rosters -- including SSNs, birthdates, and addresses -- of the University's 23 fraternities and sororities. A hard drive and memory from 2 other computers were also stolen.
1/26/2007Indiana Department of Transportation4000The names and SSNs of INDOT employees were inadvertently posted on an internal network computer drive sometime between Sept. 6 and Dec. 4, 2006.
1/26/2007Anthem Blue Cross Blue Shield50000Cassette tapes containing customer information were stolen from a lock box held by one of its vendors. Data included names and SSNs.
1/28/2007Salina Regional Health Center1100
1/29/2007Vermont Agency of Human Services70000
1/29/2007Mendoza College of Business, Notre Dame UniversityA file of individuals who took the GMAT test (Graduate Management Admissions Test) was mistakenly left on a computer that was decommissioned. The computer was later reactivated and plugged into the Internet. Its files were available through a file-sharing program. Data included names, scores, SSNs and demographic information from 2001.
2/1/2007Massachusetts Department of Industrial Accidents1200A former state contractor allegedly accessed a workers' compensation data file and stole personal information, including SSNs. The thief used the data to commit identity theft on at least 3 individuals.
2/2/2007Wisconsin Legislative Human Resources Office150A document containing personal information of Wisconsin Assembly members was stolen from a legislative employee's car while she was exercising at a local gym. It contained names, addresses, and SSNs.
2/2/2007University of Missouri1220A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.
2/2/2007San Francisco Indian ConsulateVisa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.
2/2/2007New York Department of StateThe agency's Web site posted commercial loan documents that mistakenly contained SSNs. The forms are posted to let lenders know the current financial status of loan recipients.
2/2/2007Birmingham Veterans Affairs Medical Center1835000An employee reported a portable hard drive stolen or missing that might contain personal information about veterans including Social Security numbers.
2/3/2007CTS800The computer and hard drive of a tax preparation company were stolen. Data included names, bank account numbers, routing numbers, birthdates, SSNs, and addresses.
2/6/2007New York Department of Labor537Laptop computer containing personal information for people who were employed by 13 Capital Region businesses stolen from state tax auditor's apartment.
2/6/2007Metro Credit ServicesFiles of the defunct bill collection company containing medical records, phone bills and Social Security numbers were found in a trash bin.
2/7/2007Johns Hopkins Hospital135000Johns Hopkins reported the disappearance of 9 backup computer tapes containing personal information of employees and patients, Eight of the tapes contained payroll information on 52,000 past and present employees, including SSNs and in some cases bank account numbers. The 9th tape contained 'less sensitive' information about 83,000 hospital patients.
2/7/2007Central Connecticut State University750Social Security numbers of about 750 CCSU students were exposed in the name and address window on envelopes mailed to them. The envelopes were not folded correctly. They contained IRS 1098T forms.
2/7/2007A Toronto, Ontario, residenceCredit card data for more than 35,000 individuals from across North America were discovered by police when they executed a search warrant at a Toronto residence. A man has since been arrested on fraud and counterfeiting charges.
2/7/2007Front Range Ski Shop15000The shop's Web site was broken into and customer information including credit card account data may have been accessed.
2/7/2007University of Nebraska Lincoln72An employee accidentally posted SSNs of 72 students, professors, and staff on UNL's public Web site where they remained for 2 years. They have since been removed.
2/8/2007St. Mary's Hospital130000A laptop was stolen in December that contained names, SSNs, and birthdates for many of the Hospital's patients.
2/8/2007Piper Jaffray1000W-2s sent to current and former employees in January included employees' Social Security numbers on the outside of the envelope. Though the numbers were not identified as Social Security numbers, they followed the standard XXX-XX-XXXX format. Executives indicated the mishap was an error by a third-party vendor.
2/9/2007East Carolina University65000A programming error resulted in personal information of 65,000 individuals being exposed on the University's Web site. The data has since been removed. Included were names, addresses, SSNs, and in some cases credit card numbers.
2/9/2007Radford University2400A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.
2/10/2007State of Indiana76600A hacker gained access to the State Web site and obtained credit card numbers of individuals who had used the site's online services and gained access to Social Security numbers for 71,000 health-care workers. www.IN.gov
2/11/2007Washington D.C Metropolitan Police Department2000
2/14/2007Kaiser Permanente22000A doctor's laptop was stolen from the Medical Center containing medical information of 22,000 patients. But only 500 records contained SSNs.
2/15/2007Iowa Department of Education160000Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.
2/15/2007City College of San Francisco11000Names, grades, and SSNs were posted on an unprotected Web site after summer session in 1999. CCSF stopped using SSNs as studens IDs in 2002.
2/17/2007State of Connecticut1753Personal information of state employees including names and Social Security numbers was inadvertently posted on the Internet in a spreadsheet of vendors used by the state.
2/19/2007Clarksville-Montgomery County Schools633Staff and faculty Social Security numbers, used as employee identification numbers, were embedded in file photos by the company that took yearbook pictures and inadvertently placed in a search engine on school system's Web site.
2/19/2007Seton Family of Hospitals7800A laptop with uninsured patients' names, birth dates and Social Security numbers was stolen last week from the Seton hospital system. The uninsured patients had gone to Seton emergency rooms and city health clinics since July 1, 2005.
2/19/2007Stop & ShopCredit and debit card account information including PIN numbers was stolen by high-tech thieves who apparently broke into checkout-line card readers and PIN pads and tampered with them.
2/19/2007Social Security Admin.13Files of disability applicants containing Social Security numbers, addresses, phone numbers of family members, dates of birth and work history, and detailed medical information were lost/stolen when a telecommuting employee abandoned them in a locked filing cabinet at home after a threat of domestic violence. Several of the files were mailed back to the local SSA office months later; others were found in a dumpster recently, and four were never recovered.
2/20/2007Back and Joint Institute of Texas20 boxes containing Social Security numbers, photocopies of driver's license numbers, addresses, phone numbers and private medical history of chiropractic patients were found in a dumpster.
2/21/2007Georgia Tech University3000Personal information of former employees mostly in the School of Electrical and Computer Engineering including names, addresses, Social Security number, other sensitive information, and about 400 state purchasing card numbers was compromised by unauthorized access to a Georgia Tech computer account.
2/22/2007Speedmark35000Thieves stole several computers, one of which contained a database with personally identifying information including names, addresses, e-mail accounts, and Social Security numbers of Speedmark's mystery shopper employees and contractors.
2/23/2007Rabun Apparel1006Names and Social Security numbers of former employees were accessible on the Internet from Jan. 15 until Feb. 20.
2/28/2007Gulf Coast Medical Center9986Patient information including names and Social Security numbers was compromised when two computers went missing. 1,900 individuals were affected by a theft in Nashville, TN in November and 8,000 when another computer was stolen in Tallahassee in February.
3/1/2007Westerly Hospital2200Patient names, Social Security numbers, contact information as well as insurance information were posted on a publicly-accessible Web site.
3/2/2007Metropolitan State College of Denver988A faculty member's laptop computer that contained the names and Social Security numbers of former students was stolen from its docking station on campus.
3/2/2007Calif. Dept. of Health Services54Benefit notification letters containing names addresses, Medicare Part D plan names and premium payment amounts of some individuals enrolled in the California AIDS Drug Assistance Program (ADAP) were mailed to another enrollee.
3/3/2007Johnny's Selected Seeds11500Hacker accessed credit card account information of online customers. About 20 credit cards have been used fraudulently.
3/7/2007Los Rios Community College2000Student information including Social Security numbers were accessible on the Internet after the school used actual data to test a new onine application process in October.
3/7/2007United States Census BureauPersonal information of 302 households including names, addresses, phone numbers, birth dates and family income ranges were posted on a public Internet site multiple times over a five-month period from October 2006 to Feb. 15, 2007 when Census employees working from home tested new software records.
3/9/2007California National Guard1300A computer hard drive containing Social Security numbers, home addresses, birth dates and other identifying information of California National Guard troops deployed to the U.S.-Mexico border was stolen.
3/10/2007University of Idaho2700A data file posted to the school's Web site contained personal information including names, birthdates and Social Security numbers of University employees.
3/13/2007U.S. Dept. of AgricultureA total of 95 USDA computers were lost or stolen between Oct. 1, 2005, and May 31, 2006. Some may have contained personal information such as names, addresses, Social Security numbers and payment information. Two-thirds of the computers contained unencrypted data.
3/14/2007Empire Blue Cross Blue Shield / Wellpoint75000An unencrypted disc containing patient's names, Social Security numbers, health plan identification numbers and description of medical services back to 2003 was lost en route to a subcontractor.
3/16/2007Springfield (Ohio) City Schools1950
3/16/2007Ohio State Auditor1950A laptop containing personal information of current and former employees of Springfield City Schools including their names and Social Security numbers was stolen from a state auditor employee's vehicle while parked at home in a garage.
3/19/2007Science Applications International Corp. (SAIC)Barrels filled with thousands of sensitive documents including printed copies of e-mail and performance evaluations along with documents marked ôinternal use only û not for public releaseö and ôfor official use onlyö were found on the curb outside of SAIC's local office.
3/20/2007Health Resources, Inc.2031From Jan 24, 2007 to Feb 6, 2007, a Web site glitch allowed employers with access to private health information to obtain the name, address, Social Security number, dependent names and birthdates of other patients.
3/20/2007Tax Service Plus4000Thieves stole the company's backup computer, which contained financial data on thousands of tax returns dating back three years.
3/23/2007Swedish Urology GroupThree computer hard drives with personal files on hundreds of local patients including was stolen.
3/24/2007Group Health Cooperative Health Care System31000Two laptops containing names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees have been reported missing.
3/26/2007U.S. Army Training and Doctrine Command16000
3/27/2007St. Mary Parish Schools (Louisiana)380Personal information including Social Security numbers of St. Mary Parish public school employees was available on the Internet when a Yahoo!Web crawler infiltrated the server of the school's technology department.
3/29/2007RadioShack20 boxes of discarded records including sales receipts with credit card numbers spanning from 2001 to 2005 and personal information of store employees were found in a dumpster.
3/29/2007Los Angeles County Child Support Services243000Three laptops containing personal information including about 130,500 Social Security numbers ù most without names, 12,000 individuals' names and addresses, and more than 101,000 child support case numbers
3/30/2007University of Montana-Western400A computer disk containing students' Social Security numbers, names, birth dates, addresses and other personal information was stolen from a professor's office. The stolen information belonged to students enrolled in the TRIO Student Support Services program, which offers financial and personal counseling and other assistance.
3/30/2007Navy Station San DiegoThree laptops were reported missing that may contain Sailors' names, rates and ratings, Social Security numbers, and college course information. The compromise could impact Sailors and former Sailors homeported on San Diego ships from January 2003 to October 2005 and who were enrolled in the Navy College Program for Afloat College Education.
4/4/2007University of California San Francisco46000An unauthorized party may have accesed the personal information including names, Social Security numbers, and bank account numbers of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years by compromising the security of a campus server.
4/5/2007DCH Health System6000An encrypted disc and hardcopy documents containing retirement benefit information including Social Security numbers and other personal information were lost. Tracking data indicates the package was delivered to the addressee's building, but the intended recipient never received the package.
4/5/2007Security Title AgencyHackers defamed the company's Web site and may have accessed customer information which is stored on the same server as the site.
4/6/2007Hortica268000A locked shipping case of backup tapes containing personal information including names, Social Security numbers, drivers' license numbers, and bank account numbers is missing.
4/6/2007Chicago Public Schools40000Two laptop computers contain the names and Social Security numbers of current and former employees was stolen from Chicago Public Schools headquarters.
4/9/2007Turbo TaxUsing Turbo Tax online to access previous returns, a Nebraska woman was able to access tax returns for other Turbo Tax customers in different parts of the country. The returns contained personal information needed to e-file including bank account numbers with routing digits and Social Security numbers.
4/10/2007Georgia Department of Community Health2900000A computer disk containing personal information including addresses, birthdates, dates of eligibility, full names, Medicaid or children's health care recipient identification numbers, and Social Security numbers went missing from a private vendor, Affiliated Computer Services (ACS), contracted to handle health care claims for the state.
4/11/2007ChildNet12000An organization responsible for managing Broward County's child welfare system believe a dishonest former employee stole a laptop from the agency's office. It contains personal information of adoptive and foster-care parents including financial and credit data, Social Security numbers, driver's license data and passport numbers.
4/11/2007New Horizons Community Credit Union9000A laptop computer that contained personal information of members who had loans with the credit union was stolen from Protiviti, a consultant employed by Bellco Credit Union conducting due diligence to prepare a possible acquisition bid.
4/12/2007Fulton County Georgia7500030 boxes of Fulton County voter registration cards that contain names, addresses and Social Security numbers were found in a trash bin.
4/12/2007Black Hills State University56Names and Social Security numbers of scholarship winners were inadvertently posted and publicly available on the university's web site.
4/12/2007Bank of AmericaA laptop containing personal information of current, former and retired employees including names, addresses, dates of birth and Social Security numbers was stolen when an employee was a 'victim of a recent break-in.'
4/12/2007University of Pittsburgh Medical Center80Personal information including names, Social Security numbers, and radiology images of patients were previously included in two medical symposium presentations that were posted on UPMC's Web site. Though the presentation was later removed in 2005, the presentations were apparently inadvertently re-posted on the site and only recently removed again.
4/17/2007Ohio State University14094A hacker accessed the names, Social Security numbers, employee ID numbers and birth dates of 14,000 current and former staff members. In a separate incident, the names, Social Security numbers and grades of 3,500 former chemistry students were on class rosters housed on two laptop computers stolen from a professor's home in late February.
4/17/2007CVS Corp.1000The Attorney General of Texas filed a complaint against CVS Pharmacy for illegally disposing of personal information including active debit and credit card numbers, complete with expiration dates and medical prescription forms with customer's name, address, date of birth, issuing physician and the types of medication prescribed. The information was found in a dumpster behind a store that apparently was being vacated.
4/18/2007Ohio State University3500
4/18/2007University of California San Francisco3000A computer file server containing names, contact information, and Social Security numbers for study subjects and potential study subjects related to studies on causes and cures for different types of cancer was stolen from a locked UCSF office. For some individuals, the files also included personal health information.
4/19/2007New Mexico State University5600The names and Social Security numbers of students who registered online to attend their commencement ceremonies from 2003 to 2005 were accidentally posted on the school's Web site when an automated program moved what was supposed to be a private file into a public section of the Web site.
4/20/2007Los Alamos National Laboratory550The names and Social Security numbers of lab workers were posted on a Web site run by a subcontractor working on a security system.
4/20/2007Albertsons100Credit and debit card numbers were stolen using bogus checkout-line card readers resulting in card numbers processed at those terminals being captured and some to be misused.
4/20/2007United States Department of Agriculture38700The Social Security numbers of people who received loans or other financial assistance from two Agriculture Department programs were disclosed since 1996 in a publicly available database posted on the Internet.
4/23/2007Federal Emergency Management Agency2300Social Security numbers of Disaster Assistance Employees were printed on the outside address labels of . reappointment letters
4/24/2007Purdue University175Personal information including names and Social Security numbers of students who were enrolled in a freshman engineering honors course was on a computer server connected to the Internet that had been indexed by Internet search engines and consequently was available to individuals searching the Web.
4/24/2007Baltimore County Department of Health6000A laptop containing personal information including names, date of birth, Social Security numbers, telephone numbers and emergency contact information of patients who were seen at the clinic between Jan. 1, 2004 and April 12 was stolen.
4/24/2007The Neiman Marcus Group160000Computer equipment in the possession of a pension consultant containing files with sensitive information including name, address, Social Security number, date of birth, period of employment and salary information of Neiman Marcus Group's current and former employees and their spouses was stolen.
4/26/2007Innovation Interactive150
4/26/2007Ceridian Corp.150A former employee had data containing the personal information of employees including 'ID' and bank-account data and then, accidentally posted it on a personal Web site.
4/27/2007Caterpillar Inc.A laptop computer containing personal data of employees including Social Security numbers, banking informatoin and addresses was stolen from a benefits consultant that works with the company.
4/27/2007Couriers On DemandPersonal information of job applicants was accidentally published to the Internet.
4/27/2007Google AdsTop sponsored Google ads linked to 20 popular search terms were found to install a malware program on users' computers to capture personal information and used to access online accounts for 100 different bank.
4/29/2007University of New Mexico3000Employees' personal information including names, e-mail and home addresses, UNM ID numbers and net pay for a pay period for staff, faculty and a few graduate students may have been stored on a laptop computer stolen from the San Francisco office of an outside consultant working on UNM's human resource and payroll systems.
5/1/2007Maine State Lottery CommissionDocuments containing personal information such as names, Social Security numbers, references to workers compensation claim records, psychiatric and other medical records, and police background checks were found in a dumpster.
5/1/2007JPMorgan Chase47000A computer tape containing personal information of wealthy bank clients and some employees was delivered to a secure off-site facility for storage but was later reported missing.
5/1/2007J. P. MorganDocuments containing personal financial data of customers including names, addresses and Social Security numbers were found in garbage bags outside five branch offices in New York.
5/1/2007Champaign Fraternal Order of Police139The names and Social Security numbers of Champaign police officers were left on a computer donated to charity.
5/1/2007Healing Hands ChiropracticMedical records containing the personal information of chiropractic patients including records Social Security numbers, birth dates, addresses and, in some cases, credit card information wee thrown in a dumpster ôdue to lack of office space.ö
5/3/2007Louisiana State University750A laptop stolen from a faculty member's home contained personally identifiable information including may have included students' Social Security numbers, full names and grades of University students.
5/3/2007Maryland Department of Natural Resources1400Personal information of current and retired employees including names and Social Security numbers was downloaded to a 'thumb drive' by an employee who wanted to work at home but was lost en route.
5/3/2007Montgomery CollegeA new employee posted the personal information of all graduating seniors including names, addresses and Social Security numbers on a computer drive that is publicly accessible on all campus computers.
5/4/2007United States Transportation Security Administration100000A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.
5/7/2007Indiana Department of AdministrationAn employee uploaded a list of certified women and minority business enterprises to the department's Web site and inadvertently included their tax identification numbers, which for some businesses and sole proprietorships is the owner's Social Security number.
5/8/2007University of Missouri22396A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.
5/10/2007Highland Hospital13000Two laptop computers, one containing patient information including Social Security numbers, were stolen from a business office. The computers were sold on eBay, and the one containingápersonal information was recovered.
5/11/2007UCI Medical Center300About 1,600 file boxes stored in an off-site university warehouse were discovered missing. Some of the files included patients' names, addresses, Social Security numbers and medical record numbers.
5/12/2007Doctor and dentistA local TV news reporter exposed that a medical office disposed of patient records without shredding them. Included were SSNs and dates of birth, as well as medical information.
5/12/2007Goshen College7300A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.
5/14/2007Community College of Southern Nevada197518A virus attacked a computer server and could have allowed a hacker to access students' personal information including names, Social Security numbers and dates of birth, but the school isánot certain whether anything was actually stolen from the school's computer system.
5/15/2007IBMAn unnamed IBM vendor lost computer tapes containing information on IBM employees -- mostly ex-workers -- including SSNs, dates of birth, and addresses. They went missing in transit frm a contractor's vehicle.
5/15/2007San Diego Unified School DistrictIn a letter to its employees, the School District said it had been notified by law enforcement that a former employee had access to personal identification information of 'a select number of district employees.' Those employees were notified separately. The letter said it has 'no specific knowledge of any attempted fraud...'
5/16/2007Indianapolis Public Schools7500A local newspaper reporter discovered that sensitive personal information was accessible online, including employee performance reviews, student gradebooks, student special education needs, and essays
5/17/2007Detroit Water and Sewerage Department3000A laptop containing City employee information was stolen from the vehicle of an insurance company employee .
5/17/2007Georgia Department of Human Resources140000The GA Dept. of Human Resources notified parents of infants born between 4/1/06 and 3/16/07 that paper records containing parents' SSNs and medical histories -- but not names or addresses -- were discarded without shredding.
5/17/2007Alcatel-LucentThe telecom and networking equipment maker notified employees that a computer disk containing personal information was lost in transit to Aon Corp., another vendor. It contained names, addresses, SSNs, birth dates, and salary information of current and former employees.
5/19/2007Illinois Department of Financial and Professional Regulation300000A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate professionals were exposed. The hacking incident was discovered May 3.
5/19/2007Stony Brook University89853SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.
5/19/2007Texas Commission on Law Enforcement Officers Standards and Education97000A computer was stolen from the state agency that licenses police officers. It contained information on every licensed peace officer in Texas, including SSNs, driver's license numbers, and birth dates.
5/19/2007Yuma Elementary School District 191SSNs of 91 substitute teachers were stolen May 7 when a district employee's car was broken into and a brief case was taken containing payroll reports. The reports did not include bank account information..
5/20/2007Northwestern UniversityA laptop belonging to the financial aid office was stolen. It contained SSNs and other information of 'some alumni.'
5/20/2007Riverside Community Hospital10000
5/21/2007Columbia Bank (NJ)Columbia Bank notified its online banking customers of a hacking incident. Names and SSNs were accessed, but account numbers and passwords were not.
5/22/2007University of Pittsburgh Medical Center6000UPMC mailed a fundraising letter to 6,000 former patients on May 7. The donor response cards 'inadvertently' included each individual's SSN in the tracking code, visible through the envelope window.
5/22/2007University of Colorado at Boulder44998A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.
5/23/2007Check into CashConsumer loan documents and related reports were found in a trash bin behind the shopping center where Check into Cash is located. Documents contained Social Security numbers, addresses, copies of driver's licenses and other personal information of the company's customers.
5/24/2007Waco Independent School District17400Two high school seniors recently hacked into the district's computer network potentially compromising the personal information including Social Security numbers of students and employees.
5/24/2007Beacon Medical Services5000Private medical and financial information including patient records from at least 10 Colorado clinics and hospitals, and one hospital in Peoria, Illinois that should have been only accessible through VPN access were inadvertently available on the Internet.
5/25/2007Family Health Plus / Child Health Plus
5/25/2007North Carolina Department of Transportation25000A computer server used to back up employee identification badge records that included the names and Social Security numbers of NCDOT employees, contractors and other state employees was compromised.
5/25/2007Booker T. Washington Community CenterA laptop computer with personal information of individuals who applied for Family Health Plus or Child Health Plus state health insurance program benefits was recovered when a woman tried to sell it at a pawn shop.
5/26/2007CoverTN279A computer error at the Cover Tennessee health insurance program caused small business owners who chose not to print out their forms from the Web site to have their personal information including Social Security numbers added to the next user's printout request.
5/31/2007Priority One Credit UnionPriority One Credit Union sent out election ballots to members with Social Security numbers and account numbers printed on the outside of the envelopes
6/1/2007Northwestern University4000Files containing personal information of students and applicants were available online.
6/1/2007JAX Federal Credit Union7500Social Security numbers and account numbers of clients were accidentally posted on the Internet, then indexed by Google. JFCU was transmitting information to a printer for a preapproved auto loan mailing when the information was picked up by Google from the printer's Web site. JFCU normally transmits information on an encrypted disk delivered by courier, but when the printer couldn't open the disk, the information was sent again, but wasn't encrypted and included Social Security numbers and account numbers.
6/1/2007Fresno County California10000Missing computer disk contains names, addresses, Social Security numbers.The county sent it by courier to a software vendor's office in San Jose to determine workers' eligibility for health care benefits.The software company, Refined Technologies Inc., said they never received the disk.
6/3/2007Gadsden State Community College400Students who took an Art Appreciation class at the Ayers Campus between 2005 and 2006 had their names, grades and Social Security numbers scattered across a local business' driveway.
6/4/2007Stevens Hospital550Laptop exposed to Internet, information did include names, addresses, and Social Security numbers.The situation occurred when one of the subcontractors had a lapse in its data security procedures.
6/6/2007HarborOne Credit Union9000Data compromise disclosed by the retailer in January. The breach resulted in HarborOne having to block and reissue about 9,000 debit cards.
6/6/2007Cedarburg High SchoolStudents obtained names, addresses and Social Security numbers and might have accessed personal bank account information of current and former district employees..
6/7/2007Dearfield Medical BuildingA box was discovered at inside a trash bin in May and contains information about lab tests and insurance approvals as well as other medical issues, documents are not medical charts, but do contain patient names and contact information.
6/7/2007Huntsville County400As many as 400 people and banking institutions may be victims in a credit card or debit card cloning. In Alabama and Georgia card numbers were stolen after the cards were used at Huntsville restaurants and carry-out businesses.
6/8/2007University of Iowa1100Social Security numbers of faculty, students and prospective students were stored on the Web database program that was compromised. www.grad.uiowa.edu/news/incident.htm
6/8/2007University of Virginia5735A breach in one of the computer applications that resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005 and April 19, 2007, hackers tapped into the records of 5,735 faculty members.
6/9/2007Concord Hospital9297Names, addresses, dates of birth and Social Security numbers exposed on the internet ôfor a period of time,ösecurity lapsed from a subcontractor that handles its online billing.
6/11/2007Grand Valley State University3000A flash drive containing confidential information was stolen. Social Security numbers of current and former students were on the flash drive, stolen from the English department.
6/11/2007Pfizer17000Installation of certain file sharing software on a Pfizer laptop, exposed files containing names, Social Security numbers, addresses and bonus information of present and former Pfizer colleagues. Investigation revealed that certain files containing data were accessed and copied.
6/14/2007Hamburger Hamlet Restaurant40Former waitress made off with the credit or debit card numbers of at least half a dozen patrons - and possibly as many as 40. Already, about $16,300 in unauthorized charges have been linked to the scam.
6/14/2007City of Lynchburg1200Personal information of Lynchburg city employees and retirees was accidentally posted on the city's website among that information employee's prescription medications.
6/14/2007Division of Workforce Services20000Children's Social Security numbers are believed to have been compromised by identity thieves.
6/14/2007Georgia Tech University23000An electronic file containing the personal information of current and former Georgia Tech students was exposed briefly.
6/15/2007State of Ohio1300000A backup computer storage device with the names and Social Security numbers of every state worker was stolen out of a state intern's car. The tape, which was stolen in June, contains personally identifiable information of nearly 84,000 current and former Ohio state employees and more than 47,000 state taxpayers.
6/18/2007Parisexposed.com750Investigation by The Smoking Gun Web site said that by changing a few characters on the web page URL it was possible to see the subscriber's name, email address, password, phone number, mailing address and credit card number.
6/18/2007Shamokin Area School DistrictA local newspaper employee gained unauthorized access to the Shamokin Area School District's computer database. It is the same system that stores students' personal information, including Social Security numbers. That newspaper employee brought the security flaw to the attention of school officials.
6/18/2007Texas A&M Corpus Christi8000A professor vacationing off the coast of Africa took data with him on a small computer, which was lost or stolen. It is thought to contains SSNs and dates of birth for students enrolled in the spring, summer and fall semesters of 2006
6/20/2007University Community HospitalA parent says his son should never have received bills in the mail for a pre-employment drug screening visit. Among the bills there's something else he was surprised to see, information about others who were also tested, 'Like 17 of them here with the Social Security numbers.'
6/21/2007American Airlines365Personal information including Social Security numbers of pilots and other employees at American Airlines, including the chief executive, was exposed on a company Web site.
6/22/2007Texas First Bank4000Information such as account numbers, Social Security numbers, names and addresses may have been stored on a stolen laptop computer during a car theft in Dallas.
6/23/2007Winn-DixiePharmacy documents were found behind closed Winn-Dixie, containing telephone numbers, Social Security numbers and addresses of thousands. Apparently when they closed up, they put these bundles outside to be picked up and they were never picked up.
6/25/2007Ohio Bureau of Workers Compensation439
6/25/2007Fresno CountyA disk containing information pertaining to home health-care workers -- including their names, addresses and Social Security numbers was lost.
6/27/2007Milwaukee PC65000Credit card information for 65,000 was possibly compromised. A service center noticed a file in their server and was concerned that file could contain customers' credit card numbers and personal information.
6/27/2007University of California Davis1120Computer-security safeguards were breached and accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers.
6/27/2007Bowling Green State University199Lost storage device contained Social Security numbers, and names of 199 former students.
6/29/2007Harrison County Schools West VirginiaSeveral computers that contained the personal information, including Social Security numbers, of several Harrison County school employees were stolen. Workers Comp claims between January of 2001 and February of 2007 are at risk.
7/3/2007Fidelity National Information Services8500000A worker at one of the company's subsidiaries (Certegy Check Services, Inc.) stole customer records containing credit card, bank account and other personal information. Certegy Check Services Inc.
7/5/2007Highland University420A building on the campus had been broken into, and the affected offices might have had such personal information as Social Security numbers, credit card and bank account information exposed.
7/7/2007Securitas Security Services USA Inc.100000
7/9/2007Girl Scouts Mile HiTapes stolen from a car held personal information from a membership database, including names, addresses, phone numbers. A very limited number of credit card numbers and Social Security numbers were included in the stolen data from the camp and event registration database.
7/9/2007Cuyahoga County Department of Development3000Names and Social Security numbers on memory stick stolen in carjacking.
7/11/2007South County Hospital79Paperwork containing personal details from customers was left in a briefcase inside a car that was stolen. That batch of paperwork contained details including names, addresses, Social Security numbers, phone numbers and a summary of hospital accounts.
7/11/2007Disney Movie ClubA contract employee stole an unknown number of credit card numbers. Credit-card information was sold by an employee of a Disney contractor to a federal agent as part of an undercover sting operation.
7/11/2007Texas A&M University49College of Business officials are investigating a faculty member for the misplacement of a business law class roster containing the names and Social Security numbers of students.
7/13/2007City of Encinitis California1200Credit card or checking account information and addresses of people who had enrolled in Encinitas' youth recreation programs was inadvertently posted on the city's Web site.
7/13/2007Metropolitan St. Louis Sewer District1600A employee had downloaded Social Security numbers of current or former district employees to a home computer. The Social Security numbers were part of a computer file the district uses to make sure workers get the proper pay.
7/15/2007Westminster College100Names of students, former and current were printed in two files along with each student's Social Security number. The files were on a student Web server used by Westminster students.
7/16/2007TSA100000Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.
7/16/2007Prudential Financial Inc.1000Data exposed in the breach was faxed to a company by doctors and clinics across the U.S.. Data included the patients' Social Security numbers, bank details and health care information.
7/17/2007Louisiana Board of Regents80000Records of students and staff including Social Security numbers,names, and addresses exposed on web.In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.
7/17/2007Kingston Technology Co.27000Security breach that remained undetected until 'recently' may have compromised the names, addresses and Credit Card details of online customers.
7/17/2007Western Union20000Credit card information and names were hacked from a database.The thieves got names, addresses, phone numbers and complete credit-card information.
7/18/2007Connecticut General Assembly Transportation Committee100Social Security numbers of former employees of defunct L.G. Defelice Inc. was posted on CT transportation committee website.
7/18/2007Purdue University50Files which were no longer in use were discovered on a computer server connected to the Internet. The files contained names and Social Security numbers of students who were enrolled in an industrial engineering course.
7/19/2007Texas Secretary of State
7/19/2007Cricket Communications300Documents stolen from store result in loss of 300 credit card numbers.
7/19/2007Jackson Local Schools1800The Social Security numbers of present and former Jackson Local SchoolsÆ employees were at risk of public access on a county maintained Web site.
7/20/2007SAIC867000Pentagon contractor may have compromised personal information. Information such as names, addresses, birth dates, Social Security numbers and health information about military personnel and their relatives because it did not encrypt data transmitted online.
7/21/2007University of Michigan5500University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed.
7/23/2007Fox News1500000A security hole on the Fox News web server Sunday exposed sensitive content to the public, including login information that allowed hackers to access names, phone numbers, and email addresses of at least 1.5 million people
7/24/2007St. Vincent Hospital51000A security lapse compromised names, addresses and Social Security numbers.
7/25/2007Hidalgo County CommissionerÆs Office25The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website.
7/26/2007United States Marine Corps10554Names and Social Security numbers of Marines were found through Google Internet search engine.
7/27/2007Flexible Benefits Administrators2000A former employee allegedly stole Virginia Beach city and school district employees' personal information and used it to commit prescription fraud. Police discovered a list of names and Social Security numbers at the employees home.
7/27/2007American Education Services5000Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.
7/27/2007CESA #11300
7/27/2007City HarvestCity Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.
7/27/2007City of Virginia Beach2000
7/28/2007Yuba County California70000A laptop stolen from a building contained personally identifiable information of individuals whose cases were opened before May 2001. The laptop was being used as a backup system for the county's computer system. The data include Social Security numbers, birth dates, driverÆs license numbers and other private information.
8/1/2007Lifetime FitnessStaff had discarded customer records in easily accessible trash cans behind Dallas businesses. Information that was discarded contained names, addresses, Social Security numbers, driver's license numbers and credit card information, as well as the date of birth of several children. Lifetime Fitness is based in Minnesota.
8/2/2007University of ToledoA computer was stolen with two hard drives containing student and staff Social Security numbers, names, and grade change information.
8/2/2007E.OnA laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.
8/3/2007Wabash Valley Correctional FacilityA database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved ôfrom a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.ö
8/3/2007WorkCare OremA truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.
8/4/2007Kellogg Community Federal Credit UnionA computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.
8/6/2007VerisignA laptop containing extensive personal information on an undisclosed number of VeriSign employees was stolen from an employee's car. The information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and salary records.
8/7/2007Electronic Data Systems (EDS)498A former employee was arrested this week for allegedly trafficking in stolen identities she received through her work with the company. She 'obtained the names and identifying information of 498 Alabama Medicaid recipients and subsequently sold 50 of those identities.
8/7/2007Merrill Lynch33000A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.
8/8/2007Yale University10200Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers
8/10/2007Legacy Health System747A primary care physician practice has discovered the theft of $13,000 in cash and personal data for patients. Patient receipts, credit card transaction slips and checks are also missing, in addition to Social Security numbers and dates of birth for patients.
8/10/2007Loyola University5800A computer with the Social Security numbers of 58 hundred students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft.
8/10/2007Univ. of North Texas39000Hacking
8/11/2007Providence Alaska Medical Center250A laptop computer that contains the personal information of patients is missing. On the laptop there maybe names, medical record numbers, dates of birth, patient diagnoses, Social Security numbers and addresses.
8/13/2007Pfizer950Axia Ltd. had notified Pfizer on June 14 of an incident in which two Pfizer laptops were stolen from a locked car. The laptops, which disappeared May 31 in Boston, included the names and Social Security numbers of health-care professionals who ôwere providing or considering providing contract services for Pfizer,ö according to the letter.
8/15/2007Idaho Army National Guard3400A small computer drive containing Social Security numbers and other personal information about every Army National Guard soldier in Idaho has been stolen.
8/15/2007Sky Lakes Medical Center30000The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.
8/15/2007Greater Detroit HospitalIt's a repeat of a problem that emerged late last year at the Greater Detroit Hospital where metal thieves stripped everything from copper piping to windows, exposing rows of abandoned patient files. Neighbors said there are hundreds of boxes of patient files and payroll records inside, full of credit card and Social Security numbers.
8/16/2007Utica Title and EscrowBoxes belonging to Utica Title and Escrow had been stored at a storage unit in Bixby. When Utica quit paying rent the storage company went through the legal process to be able to sell everything left behind. No one wanted to buy the boxes of paper so the boxes were thrown out. The boxes contained private information, including Social Security numbers, bank accounts and pay stubs.
8/20/2007University of ToledoA laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.
8/21/2007West Virginia Board of Barbers and Cosmetologists10000Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.
8/21/2007Walter Reed Army Institute of ResearchBoxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.
8/22/2007California Public Employees Retirement System445000Roughly 445,000 retirees across the state received the brochures announcing an upcoming election to fill a rare vacancy on the board of the California Public Employees' Retirement System. All or a portion of each person's Social Security number appeared without hyphens on the address panel.
8/23/2007Monster.com1600000Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.
8/23/2007Loomis Chaffee SchoolValuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.
8/23/2007New York City Financial Information Services Agency280000A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.
8/26/2007American Ex-Prisoners of War35000Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the groupÆs entire membership, including addresses, dates of birth, Social Security numbers and VA claims data.
8/27/2007University of Illinois5247An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.
8/28/2007Connecticut Department of Revenue Services106000A computer laptop with the names and Social Security numbers of more than 100,000 Connecticut taxpayers has been stolen. The Department of Revenue Services intends to launch a web page soon that residents can search to determine whether their personal information was stored on the laptop.
8/30/2007Maryland Department of the EnvironmentA laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.
8/30/2007AT&TA laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.
9/1/2007Johns Hopkins Hospital5783A desktop computer containing the personal information of 5,783 Johns Hopkins Hospital patients was stolen. The computer included patients' names, Social Security numbers, birth dates and medical histories.
9/4/2007Pfizer34000A security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.
9/4/2007Brevard Public Schools61A missing piece of luggage belonging to a state auditor contains the personal information of 61 Brevard Public Schools employees and had district personnel scrambling before the holiday weekend began to notify people that their names and Social Security numbers might be compromised.
9/6/2007De Anza College4375Thousands of former students might be at risk for identity fraud after an instructor's laptop computer, containing students' personal information, was stolen last month. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.
9/6/2007University of South Carolina1482A number of files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may not have known enough about computers to realize the information could be accessed outside the university system.
9/7/2007McKessonMcKesson Health-care services company, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.
9/10/2007Purdue University111The university is warning those who were students in the fall of 2004 that information about them was inadvertently posted on the Internet. The information was in a document that contained the names and Social Security numbers of students in the Animal Sciences 102 class. The page was no longer in use but was on a computer server connected to the Internet. The document was found recently through an internal search and reported to the chief information security officer at Purdue.
9/11/2007Gander Mountain112000Somebody either lost or stole a computer potentially containing the credit card information of anyone who has shopped at the Greensburg store since it first opened more than five years ago. Gander Mountain said credit card information for 112,000 customers of its Greensburg store might have been compromised. That includes 10,000 records with names, card numbers and expiration dates.
9/11/2007Pennsylvania Public Welfare Department375000Two computers containing the mental health histories of more than 300,000 medical-assistance recipients were stolen. The computer work stations were taken during an overnight break-in at an office. The mental health information on the computers identified people by codes and not by name. The information also was protected by multiple passwords, but full names and Social Security numbers of nearly 2,000 people were also on the computers.
9/12/2007TennCare67000There are 67,000 TennCare enrollees at risk of identity theft after a courier service lost their personal information. The lost information includes names, Social Security Numbers, birthdays and addresses.
9/13/2007Voxant.com4500The Voxant online ecommerce store server was hacked using what appeared to be a typical phishing scheme. The server is seperate from the primary business at www.voxant.com. The affected server was immediately taken offline and removed the offending phising pages. Encrypted credit card numbers could have been accessed during the incident. Although the credit card numbers were encrypted, the encryption key was not well protected. The database up through June 19-20 could have been affected, representing approximately 4,500 US customers.
9/14/2007Tennessee Tech University3100Some 3,100 current or past students who owe the university money were notified today that some of their personal data may have been compromised. A technical problem in the way student bills are printed resulted in the chance that some student social security numbers and personal identification numbers may have been sent to another student's address.
9/14/2007TD Ameritrade6300000One of Ameritrades databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. 'We were able to conclude that while Social Security Numbers are stored in this particular database, your SSN were not retrieved.' The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach. Company customers did received unwanted spam because of this breach.
9/19/2007Kansas UniversityA number of documents containing Kansas University student, faculty and staff personal information were recovered from the recycling and trash in the Mathematics Department at Kansas University. The information included student exams, student change of grade forms, class rosters, copies of health insurance cards, copies of immigration forms as well as a copy of a Social Security card.
9/19/2007University of Michigan8585Backup tapes containing patient information like Social Security numbers, patient names and addresses were stolen from the School of Nursing two weeks ago.
9/20/2007State of Connecticut/Accenture Ltd.58A backup tape was stolen in Ohio in June and contained data removed by Accenture from the state's Core-CT computer system, which performs all of the state's payroll, personnel, purchasing, accounting and inventory functions. The backup tape contained state agency bank account numbers, bank names and types of accounts, as well as the names and Social Security numbers of 58 of Connecticut taxpayers. Connecticut officials today revealed plans to file a civil complaint against IT consulting giant Accenture Ltd. related to this security breach involving stolen records tied to state agency bank accounts worth millions of dollars.
9/21/2007City of Columbus Ohio3500The city of Columbus is offering identity-theft protection services to more than 3,000 people whose Social Security numbers were on three computers stolen from a warehouse. The theft affected people who had signed up for the city's Mobile Tool Library, which lends power tools, lawn mowers and supplies.
9/21/2007ABN Amro Mortgage Group5208Three spreadsheets containing 5,200 Social Security numbers and other personal details about customers were inadvertently leaked over an online file-sharing network by a former employee. Tiversa, a company that monitors P2P networks, found Excel spreadsheets from the desktop of a financial analyst at ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had.
9/24/2007Utah Department of Workforce Services2000A laptop computer containing a spreadsheet with the the Social Security numbers and other personal information of about 2,000 people was reported stolen.
9/28/2007Gap Inc.800000A laptop containing the personal information of certain job applicants was recently stolen from the offices of an experienced third-party vendor that manages job applicant data for Gap Inc. Personal data for approximately 800,000 people who applied online or by phone for store positions at one of Gap Inc.'s brands between July 2006 and June 2007 was contained on the stolen laptop. Social Security numbers were included in the information on the laptop.
10/2/2007Athens Regional Health Services1441A computer missing from a Regional First Care clinic in Watkinsville held the personal information of more than 1,400 people, according to Athens Regional Health Services. Workers first noticed on Sept. 24 that the computer was missing. The computer held Social Security numbers for 85 people, some health information for 545 people and the name, address and/or telephone numbers of 811 people. No credit card or other financial information was stored on the computer, which was a backup server for the Watkinsville clinic.
10/2/2007The Nature Conservancy14000A hacker illegally gained access to a computer of The Nature Conservancy containing personal information on current and former employees and their dependents. The stolen information included the names, home addresses, Social Security numbers and birth dates. It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employeesÆ dependents. When employees accessed a particular Web site, the site planted a program on the employeesÆ computers that copied the contents of the hard drives and sent the information to the hacker.
10/4/2007Massachusetts Division of Professional Licensure450000Social Security numbers of about 450,000 licensed professionals were inadvertently released. The information was mailed last month to agencies that submitted a public records request for the names and addresses of professionals licensed by the division. The division mailed 28 computer disks to 23 agencies that use the information as a marketing or promotional tool. The disks would normally contain only the names and addresses of individuals licensed through the Division of Professional Licensure and the Division of Health Professions Licensure. However, the disks also included Social Security numbers.
10/8/2007Carnegie Mellon University400Two laptops were stolen from the office of a computer science professor. Both of the computers were believed to have contained significant personal identifying data, such as Social Security numbers.
10/8/2007SemtechA laptop computer and other personal belongings were stolen from one of Semtech's vendors. The computer was not stolen from a Semtech facility, but may have contained computerized data relating to Semtech employees. Semtech declined to provide further details of the incident, such as what personal employee data may have been put at risk, when the theft happened or how long it took the company to inform its workers of the potential breach.
10/8/2007University of Iowa184A laptop computer was stolen from a former teaching assistant. The theft of the computer, which occurred last month in a break-in of the instructor's home, contained class records such as attendance, test scores, and grades of students who took his philosophy courses at the UI between 2002 and 2006. Social Security numbers were also present in 100 of the records.
10/9/2007Pembroke School DistrictPersonal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the districtÆs computer system. The information included names, birth dates and Social Security numbers.
10/10/2007Commerce Bank3000A hacker gained access to a database with about 3,000 customer records and accessed data belonging to 20 of them. The bank is contacting those who may have been affected. The hacking was quickly detected and stopped, according to Commerce Bank, which then notified law enforcement.
10/10/2007Wheels Inc./Pfizer1823The spouses and domestic partners of about 1,800 Pfizer employees, including 23 from Connecticut, learned late last month about a data breach at Wheels Inc., which provides cars to the company, mostly for use by its sales force. The breach at Wheels, first reported by the Pharmalot Web site, released onto the Internet names, addresses, birth dates and driver's license numbers, but not Social Security numbers, according to the company.
10/12/2007King County (WA) Transportation Department1400A laptop computer containing personal information about current and former employees has been stolen. Workers' names, addresses and Social Security numbers were on the password-protected laptop, which was stolen during a Sept. 28 home burglary. The information was not encrypted.
10/13/2007Montana State University1400An unknown hacker remotely accessed a computer server that housed records containing credit card numbers and Social Security numbers of students who enrolled online for MSU Extended University courses during the last two years. The data in question were encrypted, and there is no evidence that personal information was stolen.
10/15/2007Transportation Security Administration3930Two laptop computers with detailed personal information about commercial drivers across the country who transport hazardous materials are missing and considered stolen. The laptops contained the names, addresses, birthdays, commercial driver's license numbers and, in some cases, Social Security numbers of 3,930 people.
10/16/2007Administaff159000Current and former workers personal data may be compromised because of a stolen laptop. The data wasn't encrypted when it was stored on the portable computer, which is password-protected. Data stored on the laptop included names, addresses and Social Security numbers for most employees paid by Administaff in 2006.
10/17/2007Home Depot10000A laptop computer containing about 10,000 employees' personal data was stolen from a regional manager's car. The computer, which was password protected, didn't contain any customer information. The laptop contained names, home addresses and Social Security numbers of certain Home Depot employees.
10/17/2007Louisiana Office of Student Financial AssistanceSensitive data for virtually all Louisiana college applicants and their parents over the past nine years were in a case lost last month during a move. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved.
10/18/2007University of Cincinnati7000The personal information of thousands of University of Cincinnati students and graduates has been stolen. A flash drive was taken from a UC employee last month. It contained the Social Security numbers and other data for more than 7,000 people.
10/23/2007Bates College500Two publicly accessible documents that contained the records of nearly 500 recipients of the federal Perkins Loan, along with each recipient's address, date of birth, Social Security number, legal name and loan amount, were accessible on the Bates network.
10/23/2007West Virginia Public Employees Insurance Agency200000West Virginia officials are alerting 200,000 past and current members of three health insurance programs that a computer tape containing full names, addresses, phone numbers, Social Security numbers and marital status was lost last week while being shipped via United Parcel Service.
10/23/2007Blockbuster400A Sarasota resident was fishing in a trash container for boxes when he found 400 documents. These documents included membership forms and employment applications with names, addresses, credit card numbers and Social Security numbers.
10/23/2007Dixie State College11000An unauthorized person reportedly gained access to a computer system and confidential files, including Social Security numbers, birth date information and addresses for some 11,000 alumni and current DSC employees who graduated or worked at DSC from 1986 to 2005.
10/24/2007Not Your Average JoesMassachusetts restaurants were targeted by an individual or individuals seeking to illegally obtain credit card data. The data that was compromised included credit card numbers, expiration date and name associated with the card.
10/25/2007University of Akron1200A microfilm containing the personal information of alumni were missing. Names, previous addresses, phone numbers, birth dates and Social Security numbers was on the missing microfilm.
10/28/2007Art.comCyberspace criminals gained systems entry despite 'multiple security layers' and accessed some credit card transactions. The retailer of posters, prints and framed art alerted customers that hackers had gotten into the website to access credit card accounts.
10/29/2007United States Postal Service3000Employees' names, Social Security numbers and other information were on a laptop computer that was stolen.
10/29/2007ABC Phones/ACC CommunicationsTwo men found a box in a dumpster. The cell phone business recently moved and threw away documents that contained personal information from customers. The information contained driver's license numbers, Social Security number, bank account numbers, credit card numbers, work and home addresses.
10/30/2007Hartford Financial Services Group237000Three backup tapes that contained personal information of 230,000 customers, including 9,200 Ohioans, mainly of the company's property lines, were misplaced.
10/30/2007Pathology Group of the Mid-South75000Someone broke into a locked office building, several computers with flat screen monitors were stolen. One of those computers had patient information on about 75,000 people. This information included names, addresses, Social Security number, even medical information
10/30/2007University of Nevada Reno16000A University of Nevada, Reno a administrative employee has lost a flash drive that contained the names and Social Security numbers of 16,000 current and former students.
11/1/2007City University of New York20000A broken laptop containing personal information was taken from the school's financial aid office.
11/2/2007Montana State UniversityAn independent security watchdog group informed MSU that an Excel spreadsheet with the names and Social Security numbers of 42 people, most of them hired in the summer of 2006, was publicly accessible on MSU's Web site.
11/2/2007Montana State UniversityWhile investigating that breach, MSU data-security staff found another Excel spreadsheet accidentally posted on the MSU Web site since 2002. It contained the Social Security numbers of 13 people who got travel vouchers from the computer science department in the College of Engineering.
11/6/2007Butte Community BankA laptop with customers' personal information including names, addresses, Social Security numbers and bank account numbers was stolen from Butte Community Bank.
11/6/2007Montana State University271MSU learned that an employee's laptop computer had been stolen somewhere off-campus. It contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to 2007
11/6/2007Alabama Department of Public Health1554The personal information, including the names, ages and Social Security numbers of families enrolled in the state's ALL Kids health care coverage program, were accidentally sent to the wrong families last week. 1,554 affected families were alerted that some of their confidential information might have been released.
11/7/2007Carolinas Medical Center - NorthEast28000A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.
11/7/2007University of Connecticut Foundation/ConvioUConn was notified of a security breach by an outside party on the network of Convio, Inc., a vendor used by The University of Connecticut Foundation, Inc. for processing online gift transactions and communicating by e-mail. This breach affected 92 of ConvioÆs clients nationwide, including the UConn Foundation. User name and password for Convio account preferences was compromised in this breach.
11/11/2007State of Nevada
11/13/2007Commerce BancorpA Commerce Bancorp Inc. employee gave out personal information on an unspecified number of the Cherry Hill bank's customers. The Bank discovered the breach through an internal investigation and sent letters to affected customers. The bank does not know if the information included account numbers and Social Security numbers.
11/15/2007Roudebush VA Medical Center12000Two personal computers and a laptop computer were allegedly stolen from an unsecured room. One of the stolen computers contained the names, Social Security numbers and dates of service of approximately 12,000 veterans.
11/16/2007University of Wisconsin-WhitewaterOfficials were notified by one individual about his ability to access a online search feature for the schools website. A search feature that could be used to see student names and Social Security numbers along with some other limited student information. Access to the feature was promptly disabled upon notification of the problem.
11/16/2007A.J. Falciani Realty Company500Computers containing the personal information of between 500 to 1,000 clients of A.J. Falciani Realty Company were taken in a burglary. Many of the stolen computers stored the names, addresses, Social Security numbers, dates of birth, telephone numbers and other information on the company's clients.
11/16/2007Kansas State University128
11/16/2007U.S. Department of Veterans Affairs1800000Investigation from a man's home uncovered a computer that held about 1.8 million Social Security numbers from the U.S. Department of Veteran Affairs, where he had been employed as an auditor. Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.
11/17/2007Ohio Masonic Home / Community Blood Bank1200A laptop stolen from a Kettering auditing firm contained personal information on employees of up to 10 businesses, including Springfield-based Ohio Masonic Home. Battelle & Battelle LLC would not disclose the number of individuals affected by the theft but Masonic Home officials said 600 of its employees' information was stored in the laptop.
11/21/2007University of Florida415More than 400 former UF students might have been put at risk for identity theft after their Social Security numbers were posted on UF's Computing & Networking Services Web site. A news release from the Liberty Coalition, a group that works to preserve the privacy of individuals, said 14 files on the Web site contained 'sensitive information' of 534 former UF students, including 415 Social Security numbers.
11/21/2007United HealthcareUnited Healthcare posted the Social Security numbers of doctors at Columbia UniversityÆs faculty practice on a public Web site. United posted the taxpayer identification numbers, some of which were Social Security numbers, alongside the names of 993 providers at Columbia who participate in the insurerÆs network. The list was supposed to be accessible to Columbia employees during the current open enrollment period
11/29/2007American Red CrossSix boxes were left unattended in a public hallway for more than six hours. The files contained personal information of current and former employees and were placed there by human resources. Names, addresses and social security numbers could have easily been stolen. The files also contained embarrassing information, including disciplinary actions, results from a drug test, a sexual harassment case; even someone's criminal record from another state.
11/30/2007Prescription Advantage150000The state of Massachusetts is warning 150,000 members of its Prescription Advantage insurance program that their personal information may have been snatched by an identity thief. Local authorities arrested a lone identity thief who had been using information taken from the program in an attempted identity theft scheme. Although the thief used information from just a small number of participants in the scheme, state data-breach laws require that the 150,000 people who could have possibly been affected by the breach be contacted.
12/1/2007Community Blood Center/Battelle & Battelle LLC600Battelle & Battelle LLC was conducting an audit of the blood center's 401K plan when a laptop was stolen from a Battelle employee's vehicle. Up to 600 employees appeared to be affected.
12/4/2007Duke University1400Social Security numbers of about 1,400 prospective law school applicants may have been compromised when a school Web site was accessed illegally.
12/4/2007Indianapolis Power and Light3000The private information of thousands of customers was inadvertently posted online for up to four years. Data included names, addresses and Social Security numbers.
12/5/2007Forrester ResearchThieves stole a laptop from the home of a Forrester Research employee, potentially exposing the names, addresses and Social Security numbers of an undisclosed number of current and former employees and directors.
12/5/2007Memorial Blood Centers268000A laptop computer holding donor information was stolen. About 268,000 donor records on this laptop computer contain a donor name in combination with the donorÆs Social Security number.
12/6/2007Oak Ridge National Laboratory12000Hackers may have infiltrated a non-classified database containing names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004. The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The lab has sent letters to about 12,000 potential victims.
12/7/2007Beacon Medical ServicesDetailed, personally identifiable medical records of thousands of Colorado residents were viewable on a publicly accessible Internet site for an uncertain period of time. The data included details of patients' visits to emergency rooms -- what ailments they complained of, diagnoses, treatments, and medical histories, along with the patients' names, occupations, addresses, phone numbers, insurance providers, and in some cases, Social Security numbers. The company is trying to determine the exact number of patients affected, but Beck says the number looks to be fewer than 5,000.
12/7/2007Colorado Board of Dental ExaminersMore than a hundred Colorado dentists and their patients could be at risk for identity theft after a car containing a bag of sensitive information was stolen. Authorities found the car a few days later at an apartment complex where one of the alleged thieves lived. Inside the unit, police discovered a massive amount of personal information from previous crimes. Social Security numbers, dates of birth, the credit card numbers, the pin numbers to those credit cards, they even have the photo IDs of the individuals they stole those credit cards from.
12/10/2007Cameron County TexasAn employee released an e-mail with a list of all county officials and employees. It reportedly contained names, Social Security numbers, and salaries.
12/10/2007Sutter Lakeside Hospital45000A laptop computer containing personal and medical information of approximately 45,000 former patients, employees and physicians has been stolen from the residence of a contractor.
12/10/2007Tricare Europe
12/11/2007Iowa Department of Natural Resources7000A contractor working for the DNR revealed that a computer jump drive containing the names and Social Security numbers for 7000 people is missing. The contractor believes the jump drive fell off of his desk and into a garbage can.
12/14/2007Deloitte & ToucheA laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents. The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates.
12/17/2007West Penn Allegheny Health System42000The names, Social Security numbers, phone numbers, addresses and patient care information of 42,000 patients were all on a laptop computer stolen from a nurseÆs home. Only home care and hospice patients could be impacted, not patients at the hospitals.
12/18/2007Brownsville School DistrictForms with employee personal information littered the fence of a Brownsville school district warehouse. Information on litter contained confidential letters with names, bank account numbers, and Social Security numbers. The forms may be more than ten years old, but they each contain information that's still valuable.
12/19/2007Pennsylvania Department of Aging20632A state Department of Aging-owned laptop computer containing personal information on senior citizens was stolen from a Johnstown home. The information included names, addresses, Social Security numbers and some medical information.
12/20/2007Dormitory Authority of the State of New York900Data tapes containing Social Security numbers, phone numbers and addresses for up to 800 current and former employees of the state Dormitory Authority are missing.
12/20/2007Greenville County School District500The district notified employees last week that the computers had been compromised and that employees' personal information was taken, including their names, home phone numbers and Social Security numbers.
12/21/2007Franklin County Ohio Municipal Court270At least six central Ohioans are now under investigation by the U.S. Secret Service for hacking into a government Web site and stealing Social Security numbers to create false credit accounts. More than 270 people nationwide might have been victimized by a security lapse in the Franklin County Municipal Court Web site. Someone was randomly feeding Social Security numbers into a clerk's site, which contained personal information for thousands of people charged with misdemeanors, some guilty of only a speeding ticket. Once a number was hit on, the name, address, age and other information could be used to obtain credit cards and open bank accounts.
12/21/2007Connecticut Department of Motor Vehicles155The Connecticut Department of Motor Vehicles is notifying customers that their personal information may have been on a computer stolen from a mobile service center vehicle while it was being repaired. Personal data on the computer included names, addresses, date of birth, license numbers, photo and signature.
12/28/2007Davidson County Election Commission337000Someone broke into several county offices over Christmas and stole laptop computers that county officials now believe may have contained Social Security numbers and other personal information for every registered voter in Davidson County.
12/28/2007Minnesota Department of Commerce219A laptop computer containing personal information on Minnesotans licensed by the state Commerce Department was stolen from one of its Pennsylvania vendors.
12/28/2007United States Air Force10501A military laptop computer is missing and it contains personal information including Social Security numbers, birth dates, addresses, and telephone numbers of active and retired Air Force members. The laptop belonged to an Air Force band member at Bolling Air Force Base, he reported it missing from his home.
12/29/2007Administrative Systems
1/2/2008Workers Compensation Fund2800Officials with one of Utah's largest insurance companies are searching for a stolen laptop containing Social Security numbers and other personal information for about 2,800 people and 1,400 companies. The computer was taken from a car parked in the home garage of an auditor for the Workers Compensation Fund.
1/3/2008Dorothy Hains Elementary SchoolThe library door was kicked in and the circulation computer was stolen, something the principal desperately wants back because it has the Social Security numbers of students and teachers on it.
1/3/2008Robotics Industries AssociationA hacker accessed the administration site for Robotics Online gaining access to individual orders that contained credit card information. Seven residents of NH were affected, but national totals were not indicated.
1/4/2008Health Net5000Thousands of Health Net employees in Connecticut and other states have been notified that their names and Social Security numbers were on a laptop computer that was stolen more than a month ago from a company vendor. The laptop had information on about 5,000 employees companywide and an undisclosed number of health-care providers outside the Northeast.
1/4/2008Maryland Department of Assessments and Taxation900The Maryland Department of Assessments and Taxation Web site may have exposed Social Security numbers online because the application system did not have a necessary security certificate to encrypt the information before it was sent out over the Internet. Roughly 900 people used the system.
1/4/2008Florida Department of Children and FamiliesSocial Security numbers, birth dates and other information about day-care workers in Orange, Seminole and Osceola counties were among the data on five laptop computers that were stolen from the DCF office near Orlando.
1/5/2008New Mexico State UniversityA computer hard drive containing the names and Social Security numbers of current and former NMSU employees is missing from the Pan American Center.
1/7/2008Geeks.comPersonal and financial data may have been compromised by an intrusion into the systems of the online retailer's Web site. Compromised information included the names, addresses, telephone numbers and Visa credit card numbers.
1/7/2008Sears/ManageMyHome.comSears' ManageMyHome.com site exposed customer purchase data to any online visitor who asked about it.
1/8/2008Wisconsin Department of Health and Family Services260000Social Security numbers were printed on about 260,000 informational brochures sent by a vendor hired by the state to recipients of SeniorCare and other state programs.
1/9/2008University of Georgia4250Former and perspective residents of a university housing complex effected by a hacker that was able to access a server containing personal information, including Social Security numbers. A computer with an overseas IP address was able to access the personal information ù including Social Security numbers, names and addresses ù of 540 current graduate students living in graduate family housing and 3,710 former students and applicants.
1/10/2008Select Physical Therapy4000The company dumped about 4,000 pieces of sensitive customer information in garbage containers behind its facility. The records included Social Security numbers, credit and debit card account numbers, names, addresses and telephone numbers.
1/11/2008Virginia Department of Social Services1500The Department of Social Services has mailed about 1,500 letters to warn of a 'potential security breach' involving a department computer that police suspect was used to commit fraud. A woman is accused of using her work computer while employed by Social Services last summer to apply for a credit card using her landlord's information. She was charged with two felony counts, credit card fraud and forgery, and is accused of spending nearly $1,000 on the card.
1/11/2008University of Akron800A portable hard drive containing personal information is missing and may have been discarded or destroyed. The device contained Social Security numbers, names and addresses of students and graduates.
1/11/2008University of Iowa216Iowa College of Engineering has notified some of its former students that some of their personal information, including Social Security numbers, was inadvertently exposed on the Internet for several months.
1/12/2008California State University StanislausA possible data breach occurred on a food vendor's computer server. Credit card numbers, cardholder names and expiration dates were exposed, leaving hundreds, possibly thousands, of university students, staff and guests open to identity theft, with victims reporting fake charges on their cards. Social Security numbers were not accessible.
1/14/2008Tennessee Tech University990A portable storage drive containing the names and Social Security numbers of 990 students has been lost. A school employee transferred the information onto a portable flash drive when the printer where he was working did not print. The employee noticed the drive was missing the next morning.
1/15/2008Naval Surface Warfare Center Dahlgren Division100Officials at the Naval Surface Warfare Center are warning past and present employees that their identities and credit ratings could be at risk. Two pages of a Naval Surface Warfare Center Employment Verification Report was found when four people were arrested in Bensalem Township, Pa., last week for attempted identity fraud. The report included names, Social Security numbers, birth dates, position titles, tenure codes, pay grades, salaries and other information about the employees.
1/15/2008Wisconsin Department of Revenue5000Taxpayers in northeastern Wisconsin had their Social Security numbers exposed in a state mailing. A folding error, apparently the result of a faulty machine, allowed the Social Security numbers to be seen through the clear address window of the envelope.
1/16/2008University of Wisconsin-Madison529The personal information, including e-mail addresses, phone numbers, Social Security numbers and campus ID numbers of faculty and staff who made purchases from the DoIT computer shop had been accessible on a campus Internet site.
1/17/2008GE Money650000Personal information on customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. The missing information includes Social Security numbers for about 150,000 people.
1/23/2008Baylor UniversityA student employee breached the security of the Baylor Information Network to access the Bear ID and passwords of those logging on to the BIN. This access didn't include sensitive information like Social Security Numbers, financial information or academic records. It was just unlawful access to Bear IDs and passwords. The information did, however, give access to Baylor e-mail and Blackboard accounts.
1/24/2008Fallon Community Health Plan29800A vendor computer containing personal information on patients of Fallon Community Health Plan has been stolen. The data included names, dates of birth, some diagnostic information and medical ID numbers. Some of which may be based on Social Security numbers.
1/25/2008OmniAmerican Bank100An international gang of cyber criminals hacked into the bank's records. They stole account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, Russia, Ukraine, Britain, Canada and New York. Fewer than 100 accounts, some of them dormant, were compromised.
1/25/2008Penn State University677A university laptop containing archived information and Social Security numbers for 677 students attending Penn State between 1999 and 2004 was recently stolen from a faculty member.
1/28/2008T. Rowe Price Retirement Plan Services35000Current and former participants in ôseveral hundredö retirement plans had their names and Social Security numbers contained in files on computers that were stolen.
1/29/2008Horizon Blue Cross Blue Shield of New Jersey300000More than 300,000 members names, Social Security numbers and other personal information were contained on a laptop computer that was stolen. The laptop was being taken home by an employee who regularly works with member data.
1/29/2008Georgetown University38000A hard drive containing the Social Security numbers of Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs.
1/29/2008Wake County North Carolina Emergency Medical Services4642A Panasonic Toughbook used by county paramedics to store patient information on ambulance runs went missing from the WakeMed emergency department and now is thought to have been stolen. The laptop contained names, addresses and Social Security numbers.
1/30/2008Davidson Companies226000A computer hacker broke into a database and obtained the names and Social Security numbers of virtually all of the Great Falls financial services company's clients. The database also included information such as account numbers and balances.
1/31/2008South Carolina Department of Health and Environmental Control400A laptop containing the names and Social Security numbers of state health department employees is missing. The computer was inside a worker's vehicle when it was stolen last week from a convenience store. State officials say the password-protected computer contains personal information of state health department workers from Spartanburg, Cherokee, Union, Greenville and Pickens counties.
1/31/2008University of Minnesota Reproductive Medicine Center3100A doctor at the fertility clinic, lost a flash drive that he used to back up his computer. The drive holds details of infertility treatments for 3,100 patients going back to 1999. The lost drive did not seem to contain any financial or Social Security information.
2/1/2008Marine Corps Bases Japan4000A laptop was stolen , which contained personally identifiable information for clients of Marine Corps Community Services' New Parent Support Program. The laptop may contain names, ranks, Social Security numbers, dates of birth, children's names and mailing addresses of U.S. military service members, U.S. government employees and Status of Forces Agreement personnel on Okinawa and Marine Corps Air Station Iwakuni. It does not include driver's license numbers or bank and credit card information.
2/2/2008Diocese of Providence5000Four computers were taken, and one had personal information on current and former Catholic school employees. The theft possibly exposed names, addresses and Social Security numbers.
2/7/2008Memorial Hospital4300A laptop containing the personal information of full and part time employees and retirees is missing. The missing computer contains their names, addresses, birth dates, ID numbers and Social Security numbers.
2/8/2008MLSGear.comInjection attacks on web servers hosted by a third-party service provider has compromised the personal data of an unspecified number of individuals who had shopped on Major League Soccer's MLSgear.com Web site. The compromised information included names, addresses, credit card data, debit card data, and MLSgear.com passwords.
2/10/2008Administrative Systems, IncA desktop computer stolen from an Administrative Systems, Inc. (ASI) office in Seattle contained names and sensitive information about customers or employees of several of the firm's clients: Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental. Personal details may have included name, date of birth, mailing address, and Social Security number, depending on the service being provided.
2/11/2008Jefferson County Colorado Public Schools2900A special education technician had a personal laptop and jump drive stolen during a home robbery. Student name and date of birth, Student ID number, School location If the student has received district transportation additional information such as parent or guardian name and contact information, may also have been on the jump drive. The stolen information did not contain any Social Security numbers or financial information.
2/12/2008Long Island University30000Students tax forms mailed to them last week in were in defective mailers. The mailers containing each student's annual 1098-T 'Tuition Statement' were supposed to have adhesive on all four sides. But one side of each envelope was missing adhesive. The statement contains the student's name, address and Social Security number.
2/12/2008Modesto California City Schools / Clovis Unified / Los Angeles Department of Water and Power / Torrance Unified School District / Nestle Waters North America40000A computer hard drive holding the names, addresses, birth dates and Social Security numbers of Modesto City SchoolsÆ employees was stolen.
2/13/2008Lifeblood321000Laptop computers with birth dates and other personal information of roughly 321,000 blood donors are missing and presumed stolen. Stored inside both computers were names, birth dates and addresses at the time of the individual's last donation or attempted donation. In most cases, the donors' Social Security numbers were also stored, along with driver's licenses, telephone numbers, e-mail addresses, ethnicity, marital status, blood type and cholesterol levels. Social Security numbers had been used to track blood from the donor to the recipients.
2/13/2008Middle Tennessee State University1500A professor left the university computer unattended in the mass communication department about two weeks ago and an unidentified person is believed to have used the machine to send spam e-mails. The computer contained the names and Social Security numbers of past and current students.
2/13/2008Milwaukee CountyMilwaukee County officials mistakenly released numerous confidential court records for a citizens group's Web site that detail payments for tests and other costs linked to to mental competency, paternity and guardianship cases. Entries for psychiatric examinations and guardianship fees in which the clients' names were still listed,
2/14/2008Tenet Healthcare Corporation37000A ex-employee worked at a Frisco, Texas, billing center for less than two years, and is confirmed to have stolen the names, Social Security numbers and other personal information of about 90 patients. The employee also had access to 37,000 other accounts.
2/15/2008Crosslines Ministries of Carthage2000One of the largest aid agencies in Carthage was burglarized and files, containing the personal information of about 2,000 families, were stolen. Kaiser said among the items stolen were paper files containing names, addresses, Social Security numbers and other personal information of individuals served by Crosslines.
2/15/2008First Magnus FinancialOutside a University of Phoenix Building in Ft. Lauderdale, files and paperwork belonging to the defunct First Magnus Financial were just lying in stacked boxes inside an industrial garbage container. The paperwork contained Social Security numbers, credit card information, addresses, and properties.
2/15/2008Lexmark InternationalThe employee personal data was inadvertently exposed, it included Social Security numbers, dates of birth, along with names and addresses. The data was accessed by two unknown parties when the data was loaded to a company file sharing site.
2/15/2008Systematic Automation Inc40000Police filed possession of stolen property charges against a prison parolee who was arrested for having a computer with more than 40,000 names, addresses and Social Security numbers of California residents. The computer was stolen from Systematic Automation Inc., which processes individualized annual statements customized for employees with a summary of their health and other employee benefits. The hard drive contained employee information from 19 agencies. Some of the larger agencies include the Modesto City Schools, Clovis Unified School District, Los Angeles Department of Water and Power, and the Torrance Unified School District.
2/16/2008Texas A&M University3000A computer file containing the names and Social Security numbers of current and former Texas A&M University agricultural employees was inadvertently posted online and accessible to the public for three weeks.
2/25/2008Mecklenburg County North Carolina400A County employee's car was stolen, and in that car was a printout of bank draft transactions within the Park and Recreation Department. bank account information of an unknown number of people in Mecklenburg County has been stolen.
2/27/2008Health Net Federal Services103000Thousands of doctors in eleven states had their personal information openly posted on a company website. Social Security numbers were part of the personal information exposed. The states involved include Wisconsin, Michigan, Illinois, Indiana, Ohio, Pennsylvania, Tennessee, Iowa, Missouri, Kentucky and West Virginia.
2/29/2008Wellesley Health Department480Information in an envelope that had been mailed by the townÆs health department to a Medicare office in Boston say when the envelope arrived, it was open and the contents were missing. The material included social security numbers, addresses and dates of birth of seniors who had received flu shots from the town last fall.
3/3/2008Kraft Foods20000A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business. The laptop contained the names and may have contained Social Security numbers.
3/5/2008Nevada Department of Public Safety109A private firm working for the Nevada Department of Public Safety has lost personal information provided by individuals seeking jobs with the agency. Data included Social Security numbers, addresses and background check information.
3/6/2008Cascade Healthcare Community11500A computer virus may have exposed to outside eyes the names, credit card numbers, dates of birth and home addresses individuals who donated to Cascade Healthcare Community.
3/8/2008MTV Networks5000Computer files with confidential data on employees at MTV Networks were breached by someone outside the company. Personal information in the files included names, birth dates, Social Security numbers and compensation data.
3/10/2008Blue Cross Blue Shield of Western New York40000A laptop hard-drive containing vital information about members has gone missing. Blue-Cross Blue-Shield of Western New York says it is notifying its members about identity theft concerns after one of it's company laptops went missing.
3/10/2008Central Florida Regional Hospital28The medical records of Central Florida Regional Hospital patients were sold last month at a Salt Lake City surplus store for about $20. The records were sold to a local school teacher looking for scrap paper for her fourth-grade class. The records contained detailed medical histories, phone numbers, addresses, Social Security numbers and insurance information.
3/10/2008Texas Department of Health and Human ServicesInformation, including Social Security numbers that could be used to steal Medicaid clients' identity may have been stored on two computers stolen during a burglary. Computers could have contained personal information only on e-mails. The e-mails, however, would normally contain only an individual's case number. It is unlikely those e-mails would have listed Social Security numbers.
3/12/2008Harvard University10000Harvard Graduate School of Arts and Sciences (GSAS) Web server may have compromised 10,000 sets of personal information from applicants and students, including 6,600 Social Security numbers and 500 Harvard ID numbers.
3/13/2008University Health Care4800PatientÆs information could have been compromised, when a laptop with names, Social Security numbers and personal health information was stolen from University Healthcare. The hospital says that someone broke into a locked office and took a lap top and a flash drive.
3/15/2008Sterling Insurance and AssociatesA server stolen from the locked offices contained names, addresses, and Social Security numbers, dates of birth, driver's license numbers, and/or account information for an unspecified number of customers.
3/15/2008Utah Division of Finance500Computer files containing the personal information of approximately 500 individuals may have been accessed by unauthorized persons during a security breach. An initial investigation indicates it is highly unlikely the person who breached the computer system was able to access any personal information.
3/15/2008Broward County School District38000A Atlantic Technical High School senior hacked into a district computer and collected Social Security numbers and addresses of district employees.
3/17/2008Binghamton University300A university employee mistakenly sent an e-mail attachment containing the names, grade point averages and Social Security numbers of junior and senior accounting students to another group of School of Management students.
3/17/2008Hannaford4200000This security breach affects all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products. The company is currently aware of about 1,800 cases of reported fraud related to the security breach. Credit and debit card numbers were stolen during the card authorization transmission process, but no personal information was divulged.
3/17/2008Minneola City9Nine Minneola firefighters are trying to keep their names clean after their personal information ended up on the city's Web site. The city clerk accidentally published the information. Social security numbers, phone numbers, addresses and personal information from union application cards found its way onto the city's Web site for over 36 hours.
3/19/2008Affordable RealtySocial Security numbers and financial records of customers. Affordable Realty occupied office space inside the Ben Agree building on Dort Highway for years. The company was evicted and all of its sensitive customer information ended up outside in a dumpster or on the ground nearby.
3/20/2008Lasell College20000A hacker accessed data containing personal information on about current and former students, faculty, staff and alumni. Information included names and Social Security numbers.
3/20/2008Pennsylvania Department of State30000The state was forced to pull the plug on a voter registration Web site after it was found to be exposing sensitive data about voters. Because of a Web programming error, the Web site was allowing anyone on the Internet to view data such as the voter's name, date of birth, driver's license number, and political party affiliation. On some forms, the last four digits of Social Security numbers could also be seen.
3/21/2008Compass Bank1000000
3/21/2008Rhode Island Department of Administration1400A state computer disk containing Social Security numbers is missing. The information was discovered missing within the last two weeks when human resources staff members who had relocated from Providence to Cranston could not find the data on the server.
3/22/2008Agilent Technologies51000A laptop containing sensitive and unencrypted personal data on current and former employees of Agilent Technologies was stolen from the car of an Agilent vendor. The data includes employee names, Social Security numbers, home addresses and details of stock options and other stock-related awards. Agilent blamed the San Jose vendor, Stock & Option Solutions, for failing to scramble or otherwise safeguard the data - 'in violation of the contracted agreement.'
3/23/2008Western Carolina University555Someone had hacked into a computer server and had access to the Social Security numbers of 555 graduates of the university who had signed up for a newsletter.
3/24/2008National Institutes of Health2500A laptop was stolen from the trunk of a car. It contained information about heart disease patients, including their names, dates of birth and diagnoses of their medical conditions.
3/24/2008Super 8 Motel
3/26/2008BNY Mellon Shareowner Services3500The company lost a box of computer data tapes storing personal information including names, Social Security numbers and possibly bank account numbers.
3/26/2008The Dental Network75000A security breach of The Dental Network web site left access to member personal data, including names, Social Security numbers, addresses and dates of birth unprotected for approximately two weeks. The Dental Network is an independent licensee of the Blue Cross and Blue Shield Association.
3/28/2008Antioch University70000A computer system that contained personal information on about 70,000 people was breached by an unauthorized intruder three times. The system contained the names, Social Security numbers, academic records and payroll documents for current and former students, applicants and employees.
3/28/2008Museum of Science Boston140The museum has notified 140 patrons that their names, credit card numbers, and other personal information were exposed on the museum's website because of a contractor's error.
3/29/2008San Quentin State Prison3500A flash memory drive containing names, birth dates and driver's license numbers of people who either volunteered or visited San Quentin State Prison in a group tour has been lost.
3/29/2008Department of Human ResourcesA thief has stolen computer records containing identifying information on current and former employees of the state Department of Human Resources, including names, Social Security numbers, birth dates and home contact information. An external hard drive that stored a database was removed by an unauthorized person.
3/31/2008Advance Auto Parts56000
4/1/2008Okemo Mountain Resort
4/4/2008Harley-Davidson, Inc.(HOG)60000A laptop computer containing certain HOG members' personal information was determined to be missing from their facilities. The personal information stored on the computer included names, addresses, credit card numbers, their expiration dates, and driver's license numbers.
4/4/2008University of California Irvine7000
4/7/2008Army Acquisition Support Center24"A spreadsheet containing a ""hidden"" column of Social Security numbers belonging to about two dozen officers and civilian employees of one Army agency was left on the agency's website for five months after being notified of the presence of the personal information. The center has temporarily shut down its website to scrub the information from the spreadsheet."
4/7/2008Pfizer800A laptop was stolen by a burglar from the home of a contractor who helps arrange planning travel and meetings for Pfizer. Information on the laptop included names, credit card numbers and, in some instances, credit card expiration dates, various addresses and phone numbers, hotel loyalty program numbers and other information. It did not appear that any Social Security numbers or PIN codes were exposed
4/7/2008RedboxRedbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country. They announced that they'd found credit card skimmers attached to three of their kiosks.
4/8/2008WellCare71000Private records of members of health insurance programs for the poor or working poor were accidentally made available on the Internet for several days. Those whose data was made available on the Internet included members of Medicaid, the federal health program for the poor, and PeachCare for Kids, a federal-state insurance plan for children of the working poor. About 10,500 members' Social Security numbers may have been viewed by unauthorized people on the Internet, all members of Medicaid or PeachCare. There is a possibility that an initial 59,000 members may have had some personal information made accessible.
4/8/2008Wellpoint128000Personal information that may have included Social Security numbers and pharmacy or medical data for customers in several states was exposed online over the past year.
4/9/2008Norfolk's Community Services Board30The personal information of clients of Norfolk's Community Services Board was compromised when a case worker's briefcase was stolen. The briefcase was left in the worker's car in a Virginia Beach parking garage, but someone smashed a window and stole it. It's unclear what information was in the files but that it likely included Social Security numbers.
4/10/2008Joliet West High SchoolA student using a school computer last month was able to access personal information about every student enrolled. The student allegedly downloaded a list of names and Social Security numbers to his iPod.
4/11/2008New York-Presbyterian Hospital/Weill Cornell Medical Center49841One of the hospitals employees may have stolen records containing the names, phone numbers and, in some cases, social security numbers of some of it's patients patients.
4/12/2008West Seneca School District1800Several current and former students are believed to have broken into the school district’s computer system and copied secure files that included the personal information and Social Security numbers of school employees
4/13/2008University of Toledo6488Personal information of the University of Toledo employees, the majority having worked on the Health Science Campus in 1993 and 1999 - last month was inadvertently placed on a server to which all employees had access. The information, which was used for payroll purposes, included names, addresses, and Social Security numbers and was accessible for about 24 hours.
4/14/2008Utah Department of Workforce ServicesA former state employee who took applications from people seeking food stamps and other welfare aid worked with three others to steal the identity of Utah residents and charge tens of thousands of dollars in purchases.
4/14/2008Stokes County Schools800A school computer containing the names, test scores and Social Security numbers of students from three Stokes County high schools was stolen from a locked closet.
4/15/2008First Federal Bank of California"This bank was not the only financial institute impacted by a security breach that occurred in a banking in a ""subsystem of a financial data processor,"" Fiserv, Inc. of Wisconsin last month.The bank said that it was ""company policy"" not to reveal any details about the breach including the number of banks involved, how many customers were impacted, the depth of information breached, how extensive the breach was geographically even which federal agencies were involved. However, non-public private account information might be at risk."
4/16/2008University of Virginia7000A laptop stolen from a University of Virginia employee contained sensitive information about students, staff and faculty members. Stolen from an unidentified employee from an undisclosed location in Albemarle County, the laptop contained a confidential file filled with names and Social Security numbers.
4/16/2008Hexter Elementary SchoolEmployee and volunteer records were found at a recycling bin near the school. It's unknow what type of documents were found.
4/17/2008University of Miami2100000Computer tapes containing confidential information of Miami patients was stolen last month when thieves took a case out of a van used by a private off-site storage company. The data included names, addresses, Social Security numbers or health information.
4/17/2008Connecticut State University System / Buffalo State / Northwest Missouri State University28879At least 18 colleges are scrambling to inform tens of thousands of students they are at risk of having their identities stolen. A laptop computer that was stolen from a vendor contained the data of current and former students from the four state universities, including Western Connecticut State University. The computer was password-protected but contained unencrypted files with personally identifiable data, including names and Social Security numbers.
4/19/2008Central Collection Bureau700000A computer server containing Social Security numbers and other personal information was stolen last month from a Southside debt-collection bureau. The information includes customer-billing records for Indiana businesses, including Citizens Gas & Coke Utility, St. Vincent Health and Methodist Medical Group.
4/20/2008Helping Homeless Veterans and FamiliesHundreds of files containing medical histories and Social Security numbers were found in the trash on Indianapolis' east side. The records belong to homeless veterans. A lot of the things inside the folders are confidential information about the clients including Social Secrutiy numbers.
4/21/2008Brunswick Corp700An electronic devices that scans customers' drivers' licenses to make sure they're of legal drinking age was stolen from a company-owned bowling facility in suburban Naperville. The device contains information such as driver's license number, date of birth and first and last names of customers whose licenses were scanned.
4/22/2008Fishback Financial CorpThere has been an unauthorized access to one of the database servers by a third party. The database includes names, addresses and Social Security numbers.
4/22/2008Central New England HealthAlliance384Personal data could be at risk of exposure after a home health nurse reported that her handheld computer was missing. The unencrypted data include names, Social Security numbers, and health insurance records.
4/22/2008Smithtown Post OfficeA Smithtown postal worker was arrested after he stole credit cards from the mail and went on a shopping spree.
4/22/2008LendingTree"Outside loan companies may have accessed information, including Social Security numbers, between October 2006 and early 2008 and used it to market their own mortgages to LendingTree customers. Several former employees may have shared confidential passwords with ""a handful"" of lenders that were not approved by the company."
4/22/2008HealthNow New YorkClients may be at risk for identity theft, after a former employees laptop computer went missing with confidential information several months ago. The potential information includes names, dates of birth, Social Security numbers, addresses, employer group names, and health insurance identifier numbers.
4/22/2008University of MassachusettsHackers breached the computer system used by UMass Amherst's Health Services, potentially gaining access to thousands of medical records. More than half of the student population at UMass Amherst are patients on record at the University Health Services.
4/22/2008CollegeInvest200000Customers had personal information stored on a computer hard drive that disappeared during a recent move. CollegeInvest moved to a new office space recently using an international relocation firm that offered specialists in moving computer equipment. CollegeInvest discovered while unpacking at the new location that a hard drive was missing.
4/23/2008Southern Connecticut State University11000Southern Connecticut State University is taking action to prevent its students from becoming victims of identity theft. The move comes after a website with student and alumni information was found to be easily accessible to hackers. It appears that no financial information was accessed but Social Security numbers were vulnerable.
4/23/2008University of Texas Health Science Center2000About 2,000 medical bills were mailed last week with patients' Social Security numbers visible on the envelope.
4/24/2008Collections Lawyers Pellegrino & Feldstein530Consumer information somehow escaped the New Jersey law offices of and ended up posted on several websites. The Liberty Coalition discovered cached versions of an Excel file that contained the full names, Social Security numbers, dates of birth, addresses, account numbers, and financial information.
4/24/2008Harmony Information SystemsA computer program housing personal information about Wisconsin seniors and disabled people had a significant security hole. A senior center volunteer in McFarland said he could see hundreds of files of people's private information from across the country in the system run by Virginia-based Harmony Information Systems. The information is entered into an electronic record that includes the person's name and Social Security number.
4/25/2008Canton WiseBuysSomeone apparently hacked into the Canton WiseBuys store computer system during a changeover between December 5 and December 20. The hacker obtained personal identification and banking numbers of hundreds of customers.
4/25/2008Baltimore State Highway Department1800An employee transferred personnel transaction data from a secure drive to a SHA shared drive. Sensitive personal information concerning employees, included names and Social Security numbers.
4/25/2008University of Colorado 9500"Three computers in the Division of Continuing Education and Professional Studies were compromised, leaving people open to potential identity theft. One of the three computers had personal data, including names, Social Security numbers, addresses and grades.
UPDATE (5/1/08) :
Upon further analysis, the University concluded that no personal data had been exposed. 9,500 records were initially thought to be comprised, but later this was revised to zero."
4/27/2008General Internal Medicine of LancasterA laptop was stolen from a doctors office containing the Social Security numbers of patients.
4/28/2008Hough, MacAdam & Wartnik500A notebook computer was stolen from a locked vehicle. The notebook's hard drive may have contained names, Social Security numbers, and other personal information.
4/28/2008Coos County Oregon500
5/1/2008Lunardi's Supermarket100"An ATM and credit card reader in a checkout aisle at the Los Gatos Lunardi's supermarket was recently switched, resulting in cases of identity theft. Victims all had their card numbers stolen after officials from Lunardi's contacted them about a problem with one of their card readers.""It was a switched card reader at one of the aisles,"""
5/1/2008Staten Island University Hospital88000Computer equipment stolen from an administrator contained personal information from patients. Social Security numbers and health insurance numbers were contained in computer files on a desktop computer and the backup hard drive.
5/1/2008Cove Creek Mortgage/Front Range MortgageSensitive mortgage files with people's personal information were recently found in a Dumpster. The files and computers contained sensitive information on many former customers of Front Range Mortgage, including names and addresses, Social Security numbers and bank, credit card and investment account information.
5/1/2008University of California San Francisco6313
5/2/2008Marine Corps Reserve Center17000A former U.S. military contractor has pleaded guilty to exceeding authorized access to a computer and aggravated identity theft after he was accused of selling names and Social Security numbers of 17,000 military employees.
5/2/2008Iredell County Tax Collector468A courier vehicle providing services for First Citizens Bank was stolen in Charlotte. The stolen shipment contained a computer report of taxpayer's check information, including account numbers, check numbers, check amounts and routing numbers from various banks on which the checks were drawn. There were also copies of tax bills that contained taxpayer names, addresses and other public information related to tax payments.
5/5/2008Target America Inc./UCSF6313Information on UCSF patients was accessible on the Internet. The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients' physicians also were available online.
5/6/2008Northeast SecurityNews Channel 8 found Social Security numbers, bank account numbers and even canceled checks inside a dumpster. The files appear to belong to Northeast Security, a subcontractor for Safe Home Security, based out of Rocky Hill. Northeast Security recently moved out of a West Haven storefront, and it seems they left their clients personal information behind.
5/6/2008International Visa Service1000An employee has been arrested and charged with stealing the personal information of people who were applying for a passport and sold the identities on the black market.
5/6/2008Finjan5878Researchers at security vendor Finjan uncovered a server containing the sensitive email and Web-based data of thousands of people, including healthcare information, credit card numbers and business personnel documents and other sensitive data. Finjan notified more than 40 major international financial institutions located in the United States, Europe and India whose customers were compromised as well as various law enforcements around the world. Server logs contained a mountain of healthcare information, including personal data, health data, treatment, medications, insurance details, Social Security Numbers, and healthcare providers' data, including physician's name. Banking data, including credit card numbers and account login numbers were also discovered on the server.
5/6/2008Ohio State University Agricultural Technical Institute192Personal information on faculty and staff members was accidentally emailed to about 680 students. The email contained spreadsheet information listing the names, positions, salaries and Social Security numbers.
5/7/2008SAIC4690(877) 277-8001 SAIC stockholders are at risk of identity theft after a box of magnetic backup tapes went missing. The tapes contained names, addresses, Social Security numbers, stock account information, transaction activity and possibly bank account numbers for current or former shareholders.
5/7/2008Bank of New York Mellon4500000
5/8/2008Las Cruces Public Schools1800A part-time computer analyst for Las Cruces Public Schools inadvertently posted personal data for 50 special education students and 1,750 district employees on the Internet. Information posted included Social Security number, date of birth, name, the nature of disability and caseworker's name."
5/8/2008Dominican University5000Two students were able to access records on a staff network storage area. The files accessed were three spreadsheets that included the students names, addresses, phone numbers, birthdays and Social Security numbers.
5/9/2008Princeton University Tower Club103Tower Club is taking steps to protect 103 of its alumni in the classes of 2006 and 2007 after a spreadsheet listing their names and Social Security numbers was e-mailed to current club members. The document was attached to an apparently unrelated e-mail that informed current members about a club event. The spreadsheet was attached unintentionally because of a technical glitch in an email program.
5/12/2008Pfizer13000About 13,000 employees at Pfizer Inc., including about 5,000 from Connecticut, had their personal information compromised when a company laptop and flash drive were stolen. No Social Security numbers were on the laptop, but names, home addresses, home telephone numbers, employee ID numbers, positions and salaries were possibly compromised. Other information possibly lost included the department employees worked in, the Pfizer site where the employees worked, the name of employees’ managers and descriptions of their jobs.
5/12/2008Dave & Buster's5000
5/14/2008Oklahoma State University70000A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of students, staff and faculty who bought parking and transit services permits in the past six years.
5/15/2008BB&T InsuranceA BB&T Insurance laptop containing the personnel information of some Harrisonburg City Schools employees was stolen. The laptop, used by an outside sales representative to develop an insurance proposal for the school system, was stolen from a car. The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history.
5/16/2008Greil Memorial Psychiatric HospitalIndex cards containing patients personal information, names, dates of birth, even Social Security numbers are gone. Hundreds of records have simply disappeared.
5/16/2008Chester County School District50000A 15-year-old student gained access to files on a computer at Downingtown West High School. Private information, including names, addresses and Social Security numbers, of more than 50,000 people were accessed. The student apparently used a flash drive to save the personal data of about 40,000 taxpayers and 15,000 students.
5/16/2008Amateur Athletic UnionBoxes filled with personal information were found in a dumpster. Information on athletes and their guardians included Social Security numbers and copies of birth certificates.
5/16/2008Spring Independent School District8000A laptop computer containing the personal information of students was stolen from a employee’s car. The car burglars made off with her school laptop and an external flash drive. The flash drive contains students’ Social Security numbers, personal information, schools those students attend, as well as their grade level and birthdates. The drive also contained the Texas Assessment of Knowledge and Skills test results.
5/17/2008University of Louisville20Documents being copied and taken from a private office in the president’s office, to its Internal Audit Office and Department of Public Safety may have resulted in a security breach. The documents contained personal information — including Social Security numbers, student and employee identification numbers and salary information — for current and recent student employees. The university learned of the theft when salary information was shared anonymously with some employees in the office.
5/20/2008New York University273Duke University's Fuqua School of Business is notifying former New York University students that some of their personal information was inadvertently accessible by targeted Internet searches. The personal data included names and Social Security numbers and was contained in the faculty member's research records. The information could have been accessed only if searched by specific student names, along with a search code for Social Security numbers.
5/20/2008University of Florida College of Medicine - Jacksonville1900A UF assistant professor of plastic surgery at the UF College of Medicine-Jacksonville, stored unsecured digital photographs of his patients and identifying information -- such as names, dates of birth, Social Security numbers, and Medicare numbers -- on a computer. He then gave the computer to a family he was friends.
5/21/2008Oklahoma Corporation Commission5000The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after a server containing the names and Social Security numbers of thousands of residents was sold at an auction.
5/22/2008Downingtown Area School District56000
5/22/2008HealthSpring9000A laptop computer containing personal information of about 450 state residents was stolen. The laptop, believed to contain names, dates of birth and Social Security numbers of about 9,000 individuals, was stolen from a HealthSpring employee's locked car.
5/23/2008R.E. Moulton19000Thieves broke intothe Irving, Texas regional office and stole a laptop computer containing personally information of numerous individuals, including names and Social Security numbers.
5/28/2008University of California San Francisco3569During routine monitoring of a campus computer network, UCSF discovered unusual data traffic on one of its computers. During the investigation, UCSF determined that an unauthorized movie-sharing program had been installed on one computer by an unknown individual. Installation of this program required high-level system access. The computer contained files with lists of patients from the UCSF pathology department’s database. The data included information such as patient names, dates of pathology service, health information and, in some cases, Social Security numbers.
5/29/2008State Street Corp45500Computer equipment containing personal information on customers and employees of a State Street unit was stolen. The computer equipment was stolen from a vendor hired by Investors Financial Services to provide legal support services. The personal information included names, addresses and social security numbers.
5/30/2008Circuit Court of Louisville312(502) 595-3273 Louisville Metro Police made an arrest, and during that arrest they found 312 stolen court traffic files in that person's possession. All of the files contain personal information of people in Louisville such as, name, address, date of birth and in some cases Social Security numbers and copies of drivers’ licenses.
5/31/2008Pocono Mountain School District11000A hacker apparently broke into the computers at Pocono Mountain School District and may have tapped into confidential information concerning students and their parents. Information may have included the students' birth dates, Social Security numbers, student IDs, home phones, and the parents' names, phone numbers and emergency phone numbers. ''If you see any unauthorized activity, promptly contract your service provider and or the office of the director of technology at 570-873-7121, ext. 10151,''
6/2/2008Walter Reed Army Medical Center1000Records with confidential information on about 2,100 people have been lost and might have been mistakenly shredded. The files contained copies of letters informing applicants that they were ineligible for the unemployment insurance. They were dated between May 2 and May 20 and contained names, addresses and Social Security numbers.
6/2/2008Connecticut Department of Labor1200Sensitive information on patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach. The computer file that was breached did not include information such as medical records, or the diagnosis or prognosis for patients, but may have included names, Social Security numbers, birth dates as well as other information.
6/3/2008Oregon State University4700http://www.privacyrights.org/ar/ChrondataBreaches.htm
6/4/2008AT&TA laptop was stolen from the car of an employee. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.
6/6/2008Stanford University72000Stanford University determined that a university laptop, which was recently stolen, contained confidential personnel data. The university is not disclosing details about the theft as an investigation is under way.
6/7/2008East Tennessee State University62006,200 people may have had there identities compromised by the theft of a desktop computer. The computer is password protected and files cannot be easily accessed. But there is a small possibility that the information could be compromised.
6/7/2008Southington Water Department26Documents with the names and Social Security numbers of 26 people were found scattered by the Quinnipiac River.
6/9/2008University of South Carolina7000Several items were stolen from an office in the Moore School of Business. Among the items was a desktop computer. As a result of the computer being stolen, it is possible that some personally identifiable data could have been compromised.
6/10/2008Wheeler's Moving CompanyPersonal files with tax information, Social Security numbers and license numbers, were found in a Boca Raton dumpster.
6/10/2008University of Utah Hospitals and Clinics2200000Billing records of 2.2 million patients at the University of Utah Hospitals and Clinics were stolen from a vehicle after a courier failed to immediately take them to a storage center. The records, described only as backup information tapes, contained Social Security numbers of 1.3 million people treated at the university over the last 16 years.
6/10/2008University of Florida11300Current and former students had their Social Security numbers, names and addresses accidentally posted online. The information became available when former student employees of the Office for Academic Support and Institutional Service, or OASIS, program created online records of students participating in the program between 2003 and 2005.
6/10/20081st Source Bank1st Source Bank is replacing ATM cards this month for all its account holders after cyber-thieves accessed an unknown amount of debit-related data.
6/11/2008Dickson County TN Board of Education850A computer containing sensitive personal was stolen from the Dickson County Board of Education. The computer belongs to the new director of schools and was loaded with the name and Social Security number of every school employee from the 2006-2007 school year, a total of 850.
6/12/2008Columbia University5000A student employee had posted a database of students' housing information on a Google-hosted Web site. Their Social Security numbers had been searchable online for the last 16 months.
6/13/2008Texas Insurance Claims ServicesHundreds of files with people's names, Social Security numbers and policy numbers were found in a Richardson dumpster.
6/15/2008Conn. Department of Administrative ServicesDepartment of Administrative Services posted the Social Security numbers of individual contractors on a state Web site. An audit also uncovered the Social Security numbers of prospective nursing employees accessible on an agency Web site for 19 months until a complaint was lodged.
6/18/2008Domino's PizzaInvestigators found credit card numbers blowing in the wind. These piles and papers contained hundreds of old receipts from Domino's Pizza stores. The former owner had been discarding boxes of old records and somehow all those receipts got loose.
6/19/2008CitibankA Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached. The computer intrusion into the Citibank server led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines, pocketing at least $750,000 in cash.
6/19/2008Petroleum WholesaleThe company dumped hundreds of records in a publicly accessible trash container outside its former headquarters. The records included receipts with customers' names and full credit or debit card numbers, including expiration dates. The records also included returned checks and forms containing customers' names and bank routing, driver's license and Social Security numbers.
6/23/2008Bank AtlanticBank Atlantic confirms they had a data loss, involving their MasterCard debit cards. It happened through a local merchant, but at this time, isn't saying which one.
6/23/2008CNET Networks / GoogleBurglars stole computer systems from the offices of the company that administers the Internet publisher's benefit plans. The computers contained names, birth dates, Social Security numbers and employment information of the beneficiaries of CNET's health insurance plans. CNET was only one of several clients affected.
6/24/2008California Department of Consumer Affairs5000A Microsoft Word document was improperly transmitted electronically outside of the department. The document contained the salaries and titles of everyone on the document. It may have also compromised their names and Social Security numbers.
6/24/2008Southeast Missouri State University800A former employee has been indicted on two charges of identity fraud and one charge of computer trespass after being found in possession of 800 student names and Social Security numbers.
6/26/2008Texas Department of Public Safety826http://www.privacyrights.org/ar/ChrondataBreaches.htm
6/27/2008Montgomery Ward51000Hackers extracted stolen information from an online database that held credit card account information.
7/2/2008University of Nebraska at Kearney2035Officials at the University of Nebraska at Kearney discovered a security breach involving nine university computers. Of the nine computers involved, five contained names and partial or complete Social Security numbers.
7/2/2008Baptist Health1800Due to a breach by an unauthorized person in the information systems, there is a possibility that some personal information, such as name, address, date of birth, Social Security number, and reason for coming to Baptist Health. No information in the patient’s “medical records” and no information about the patient’s diagnosis or prognosis was accessed.
7/4/2008Clark County Nevada District Court380A contracted vendor released personal information on about 380 potential jurors to an employee's private e-mail address. The information provided to the e-mail account could have included names, addresses, Social Security numbers and birth dates.
7/7/2008Florida Agency for Health Care Administration55000A security breach in the Organ and Tissue Donor Registry may have exposed thousands of donors' personal information, including their Social Security numbers. Other data included donors' names, addresses, birth dates and driver license numbers.
7/8/2008LPL Financial10219Hackers potentially got their hands on clients unencrypted names, addresses and Social Security numbers. Hackers compromised the logon passwords of 14 financial advisers and four assistants.
7/9/2008Wagner Resource GroupSometime late last year, an employee of a McLean investment firm used the online file-sharing network LimeWire. In doing so, he inadvertently opened the private files of his firm to the public. That exposed the names, dates of birth and Social Security numbers of about 2,000 of the firm's clients, including a number of high-powered lawyers and Supreme Court Justice Stephen G. Breyer.
7/10/2008Williamson County (TN) Schools4000Social Security numbers and other personal information of 4,000 children were posted on the Internet.
7/11/2008Fort Lewis900A laptop computer that was reported stolen from an Army employee’s truck contained personal information on about 800 to 900 Fort Lewis soldiers. UPDATE (7/11/08) :A 17-year-old Lacey boy faces a charge of suspicion of possession of stolen property after Tumwater police uncovered items from vehicle prowls, including a stolen Army laptop containing information about up to 900 Fort Lewis soldiers.
7/14/2008Washington Metropolitan Area Transit Authority4700Metro accidentally published the Social Security numbers of past and present employees on its Web site. The numbers were posted with a solicitation to companies for workers' compensation and risk management services.
7/15/2008Indiana State University2500"A password-protected laptop computer containing personal information for current and former Indiana State University students was stolen. The laptop contained data for students who took economics classes from 1997 through the spring semester 2008. The information includes names, grades, e-mail addresses and student identification numbers and in some cases Social Security numbers.
UPDATE (7/22/08) :The laptop computer was mailed anonymously back to the professor it was stolen from six days after it was stolen along with other personal items."
7/15/2008Weber Law FirmSheriff's deputies uncovered hundreds of people's personal financial files that had been discarded in a dumpster in northwest Houston. Box after box of records including personal financial records, documents with Social Security numbers, people's medical files and more were found in the dumpster.
7/15/2008Missouri National Guard2000The Missouri National Guard has called for a criminal investigation after it learned that the personal information of as many as 2,000 soldiers had been breached. The Guard would not release how the personal information had been taken -- whether by computer hackers or other means -- because it has asked for a full law enforcement investigation into the matter.
7/15/2008University of Texas at Austin2500The personal information of University of Texas students and faculty has been exposed on the Internet. An independent watchdog discovered more than five dozen files containing confidential graduate applications, test scores, and Social Security numbers. The files were inadvertently posted by at least four different UT professors to a file server for the School of Biological Sciences.
7/16/2008Greensboro Gynecology Associates47000A backup tape of patient information was stolen from an employee who was taking the tape to an off-site storage facility for safekeeping. The stolen information included patients' names, addresses, Social Security numbers, employers, insurance companies, policy numbers and family members.
7/17/2008Department of Consumer Affairs5000A Consumer Affairs personnel specialist in Sacramento, emailed an alpha personnel file containing names and Social Security numbers of the department's more than 5,000 staff to a personal Yahoo email account at the end of the day, her last day at the department.
7/17/2008University of Maryland23000University of Maryland accidentally released the addresses and Social Security numbers of thousands of students. A brochure with on-campus parking information was sent by U.S. Mail to students. The University discovered the labels on the mailing had the students' Social Security numbers on it.
7/17/2008Bristol-Myers Squibb42000A backup computer-data tape containing employees' personal information, including Social Security numbers, was stolen recently. The backup data tape was stolen while being transported from a storage facility. The information on the tapes included names, addresses, dates of birth, Social Security numbers and marital status, and in some cases bank-account information. Data for some employees' family members also were on the tape.
7/18/2008Falkirk and District Royal Infirmary89
7/19/2008Minneapolis Veterans Home336A backup computer server stolen from the Minneapolis Veterans Home contained telephone numbers, addresses, next-of-kin information, dates of birth, Social Security numbers and some medical information, including diagnoses for the home's 336 residents.
7/23/2008San Francisco Human Services DepartmentPotentially thousands of files contaning personal information was exposed after a San Francisco agency left confidential files in unsecured curbside garbage and recycling bins. In some cases entire case files were discarded. Blown up copies of social security cards, driver's licenses, passports, bank statements and other sensitive personal information were all left in these unlocked bins.
7/24/2008Village of Tinley Park Illinois20400Computer backup tapes that contain thousands of Social Security numbers of Tinley Park residents have been lost. The tapes containing information from as long ago as 15 years were lost while being transferred from the village hall to another site within the Chicago suburb.
7/24/2008Hillsborough Community College2000Hillsborough Community College warned its employees to monitor their bank accounts because an HCC programmer's laptop was stolen from a hotel parking lot in Georgia. The programmer had been working on a payroll project for a group of employees using their names, bank-routing numbers, retirement information and Social Security numbers.
7/24/2008University of Houston259The names and Social Security numbers of University of Houston students were inadvertently posted on the Internet for more than two years. The posting occurred when a math department lecturer posted student grades on a UH Web server in October 2005.
7/24/2008St Marys Regional Medical Center128000A unauthorized person may have accessed the Saint Mary's database. The database, used for Saint Mary's health education classes and wellness programs, contained personal information such as names and addresses, limited health information and some Social Security numbers. The database did not contain medical records or credit card information.
7/25/2008Ohio University492A clerical error led to the online posting of the names and Social Security numbers of people who spoke at Ohio University's Centers for Osteopathic Research and Education. A spreadsheet that contained the information had been accessible since March 20 and was discovered when a nurse found the information last week while conducting online research. In addition to names and Social Security numbers, the spreadsheet included contact numbers, addresses, their speaking topics and federal employer identification numbers.
7/25/2008Grady Memorial HospitalHospital records were stolen. It remains unknown how many patient records were stolen, which patients were affected or how the records were stolen. The records pertained to recorded physician comments that Grady sent to a vendor to transcribe into medical notes. The records were stolen from a subcontractor employed by the vendor.
7/26/2008Connecticut College2815A Connecticut College library system was breached by hackers apparently looking to set up chat rooms or send spam e-mails. The systems database included the names, addresses and Social Security or driver's license numbers of approximately 2,800 Connecticut College library patrons, 12 Wesleyan University patrons and three from Trinity.
7/28/2008FacebookFacebook accidentally publicly revealed personal information about its members, which could be useful to identity thieves. The full dates of birth of many of Facebook's 80 million active users were visible to others, even if the individual member had requested that the information remained confidential. 80 million Not added to total since the breach is not SSNs or financial account data.
7/29/2008Blue Cross Blue Shield of Georgia202000Benefit letters containing personal and health information were sent to the wrong addresses last week. The letters included the patient's name and ID number, the name of the medical provider delivering the service, and the amounts charged and owed. A small percentage of letters also contained the patient's Social Security numbers.
7/29/2008Anheuser-BuschA laptop containing personal information of current and former employees, including some from Hampton Roads, was stolen from a St. Louis-area Anheuser-Busch office. Information contained on the computer included employees' Social Security numbers, home addresses and marital status.
7/30/2008City of Yuma Arizona300"The Social Security numbers of about 300 city of Yuma employees were ""unintentionally released"" in an e-mail sent to city administrative personnel."
7/31/2008University of Texas at Dallas9100"A security breach in UTD’s computer network may have exposed Social Security numbers along with names, addresses, email addresses or telephone numbers.
4,406 students who were on the Dean’s List or graduated between 2000 and 2003
3,892 students who were contacted to take part in a survey by the Office of Undergraduate Education in 2002
88 staff members from Facilities Management
716 faculty and staff members listed in a space inventory record from 2001."
8/1/2008Tennessee Valley AuthorityA laptop stolen from TVA contained Social Security numbers and reflects generally inadequate policies and procedures for tracking computers at the agency. The laptop was one of approximately 26 computer and computer-related items stolen from TVA between May 26, 2006, and Nov. 30, 2007, according to the IG, although the report stated it was unclear whether sensitive information was present on any of the laptops or PCs stolen from TVA.
8/1/2008Delphi Automotive / Ohio Department of Job and Family Services2600A flash drive with Social Security numbers and other personal information from former Dayton-area Delphi workers was removed from the unattended laptop of a state employee and is missing. The drive included the names, addresses, telephone numbers as well as the Social Security numbers of the workers.
8/1/2008Stepping Hill Hospital1581
8/2/2008Clarkson University245 non-malicious student intruder gained access to a restricted server and promptly reported the vulnerability to campus authorities. Approximately 245 employees and former employees had personal information, including name, social security number, and date of birth, compromised during the security breach. The file containing personal information was a record of employees that had university credit cards known as purchase cards (or p-cards). Any university member requesting a p-card must provide their social security number and date of birth on the application form.
8/2/2008Countrywide Financial Corp2000000The FBI on Friday arrested a former Countrywide Financial Corp. employee and another man in an alleged scheme to steal and sell sensitive personal information, including Social Security numbers. The breach occurred over a two-year period though July. The insider was a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. The alleged data thief was said to have downloaded about 20,000 customer profiles each week and sold files with that many names for $500, according to the affidavit. He typically would e-mail the data in Excel spreadsheets to his buyers, often using computers at Kinko's copying and business center stores. Some, perhaps most, and possibly all the names were being sold to people in the mortgage industry to make new pitches.
8/3/2008Oakland School DistrictThieves stole 10 desktop computers containing employees' personal information from the Oakland school district's main office. District officials are still determining what information was on each computer, but the machines may contain personal information provided to the district when employees were hired. It is unknown how many employees' records were on the computers.
8/4/2008Arapahoe Community College15000A contractor who manages the student information database had a flash drive lost or stolen. Information on the drive included the names, addresses, credit card numbers and Social Security numbers.
8/5/2008"The Clear Program
""Fast-pass"" Registered Travel program
for airline passengers, operated by
Verified Identity Pass for the U.S.
Transportation Security Admin."33000A laptop containing personal information for about 33,000 people was reported stolen in a possible security breach for the Clear Program. The laptop was stolen at San Francisco International Airport. The stolen information included names, addresses, dates of birth, and driver's license numbers or passport numbers.
8/7/2008Harris County Hospital District1200A lower-level Harris County Hospital District administrator downloaded medical and financial records for patients with HIV, AIDS and other medical conditions onto a flash drive that later was lost or stolen. This may have been a violation of law. The data on the device included the patients' names, medical record numbers, billing codes, the facilities where the office visits occurred and other billing information. It also included the patients' Medicaid or Medicare numbers, which can indicate their Social Security numbers or those of their spouses.
8/11/2008Ireland Department of Social and Family Affairs380000
8/12/2008Wells Fargo5000"Wells Fargo is notifying customers that hackers have accessed their confidential personal data by illegally using its access codes. Personal information including names, addresses, dates of birth, Social Security numbers, driver's licence numbers and in some cases, credit account information was accessed by ""unauthorised persons""."
8/12/2008Child Protective ServicesHundreds of private, personal records were discarded with the trash, including records detailing medical histories of clients with diseases and drug addictions. Documents showing sexual abuse and information that could be used for identity theft, such as Social Security numbers, were also found in the trash.
8/14/2008Wuesthoff Medical Center500Hundreds of people in Brevard County found out their personal information was stolen. Names, Social Security numbers and even personal medical information were posted on the Internet.
8/18/2008Department for Work and Pensions9000
8/18/2008Keller High School45Keller family's received a mailing from Keller High School last week. Upon opening it, they found two enrollment forms. One was an emergency-care authorization form. But the other was a student information form containing another classmate’s Social Security number, student ID number, home address, phone number and contact information for his parents at home and at work. They quickly realized that their child’s private information, which they used to set up their college fund and other accounts, was mailed to someone else.
8/18/2008Dominion Enterprises / InterActive Financial Marketing Group92095A computer server within InterActive Financial Marketing Group (IFMG), a division of Dominion Enterprises located in Richmond, Virginia, was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008. The data intrusion resulted in the potential exposure of personal information, including the names, addresses, birth dates, and Social Security numbers of 92,095 applicants who submitted credit applications to IFMG's family of special finance Web sites.
8/19/2008Kingston Tax ServiceOffice computers were stolen from the business. On each of the computers is information which can be used by identity thieves including credit card information and Social Security numbers.
8/20/2008Barclays Bank PLC17000
8/20/2008The Princeton Review108000The test-preparatory firm accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site. One file on the site contained information on about 34,000 students in the public schools in Sarasota, Fl. Another folder contained dozens of files with names and birth dates for 74,000 students in the school system of Fairfax County, Va.
8/21/2008PA Consulting / The Home Office94000
8/22/2008Louisiana Real Estate Commission13000A glitch during a computer upgrade caused the names, addresses and Social Security numbers of licensed agents to be exposed on the Internet. The commission was transferring its online programs to a new server when the sensitive electronic file, which is not normally posted on the Internet, was left unsecured and slipped in among the commission materials that could be seen online.
8/22/2008Korean Ministry of Education7617
8/22/2008Liberty McDonald's RestaurantAn employee at a Liberty McDonald's restaurant, took credit or debit cards from drive-through customers and used a device she had hidden near the window to swipe the cards to record their numbers. The information on the device then was downloaded and used to make new cards either in the names of the persons to which the original cards belonged or in the names of the perpetrators.
8/23/2008Best Western0
8/26/2008Royal Bank of Scotland / NatWest / American Express1000000
8/26/2008Pennsylvania Public Welfare Department2845Paper jams in a state Department of General Services mail inserter caused benefit renewal packets to go to the wrong Pennsylvania welfare client's homes. Nearly half of them included the intended recipients' Social Security numbers.
8/26/2008Prince William Co. Public Schools2600Personal information of some students, employees and volunteers was accidentally posted online by a Prince William County Public Schools employee. Information for more than 2,600 people was exposed through a file-sharing program by an employee working from home on a personal computer. The compromised information included: names, addresses and student identification numbers of more than 1,600 students; names and Social Security numbers of 65 employees; other confidential information for about 250 employees; and the names, addresses and e-mail addresses of more than 700 volunteers.
8/27/2008Kansas State University86An instructor for classes offered through the Division of Continuing Education, taught through the UFM Community Learning Center, reported an overnight theft of numerous items from a car, which was parked outside a Manhattan residence. Items taken included a backpack with a list of names and Social Security numbers of 86 K-State students who had taken that instructor’s classes from fall 2007 through summer 2008.
8/27/2008YMCACustomers who paid for items at a YMCA fund-raiser with checks or credit cards are being warned about a burglary at which credit and debit card numbers were taken.
8/28/2008The Washington Trust Co.1000The Washington Trust Co. has notified about 1,000 customers that their debit and credit card accounts might have been compromised in a suspected security breach at an unidentified MasterCard merchant. The company is investigating a suspected security breach of a U.S. e-commerce-based merchant's Web server which contained debit card data.
8/28/2008Reynoldsburg (Ohio) City School District4259Reynoldsburg school officials were phasing out the use of Social Security numbers in the district's student database when someone stole a laptop containing that information. The district laptop, taken from a computer technician's car, also included names, addresses and phone numbers for two-thirds of the district's enrollment.
8/29/2008Wachovia BankIt was confirmed that the Camelot branch, at Cape Coral Parkway and Chiquita Boulevard, has had several debit cards’ identities stolen because someone placed what’s known as a “skimming” device on the ATM. The device collected each person’s card information, including personal identification numbers, and allowed the suspect to create different debit cards with that information.
8/30/2008"National Technical Institute for the Deaf
Rochester Institute of Technology"13800A recently stolen laptop contained the names, birth dates and Social Security numbers of about 12,700 applicants to the National Technical Institute for the Deaf and another 1,100 people at Rochester Institute of Technology. The laptop belonged to an employee and was stolen on Monday from an office at NTID. People at RIT, who are not affiliated with NTID, are affected because their personal information was being used as part of a control group in an internal study.
8/30/2008Ohio Police & Fire Pension System13000A former mailroom supervisor at the Ohio Police & Fire Pension System forwarded the names, addresses and Social Security numbers from his work e-mail address to his personal e-mail address before quitting his job. The file contains information for 13,000 of the approximately 24,000 retired members of the Ohio Police & Fire Pension System, most of whom are former police officers.
8/30/2008Southwest Medical AssociationThousands of medical charts were found in an abandoned storage unit that was purchaced for $25.
9/2/2008Clarkson University245
9/5/2008East Burke (Morganton, NC) High School163For the past five years, East Burke High School's web site exposed files containing personal information including names, Social Security numbers, addresses, phone numbers, job titles, email addresses and unlisted phone numbers of teachers, bus drivers, custodians and other staff members on the Internet.
9/6/2008National Offender Management Service5000
9/6/2008GS Caltex11000000
9/9/2008University of Pittsburgh0A laptop containing personal information including names and Social Security numbers was stolen. The laptop, stolen from Mervis Hall was being used by an employee to conduct surveys of alumni that are used in college rankings.
9/10/2008Ivy Tech Community College0An employee of the college used an internal file sharing system to send a file that consisted of students enrolled in the spring 2008 semester for distance education courses. The employee intended to share the file with a single employee of the college. Instead, due to a clerical error, the invitation to view the file was sent to a list of all Indianapolis region employees.
9/10/2008Franklin Savings and Loan25000An unauthorized person gained access to a database containing personal information such as names, addresses, phone numbers, account numbers, account balances and Social Security numbers.
9/11/2008Marshall University198The names and Social Security numbers of Marshall University students were openly available on the Internet.
9/11/2008University of Iowa College of Engineering500Some students are being notified by the college that their personal information may have been exposed in a recent computer breach. The compromised computer contained a file with names and Social Security numbers of students stored on its hard drive.
9/12/2008Tennessee State University9000A flash drive containing the financial information and Social Security numbers of students was reported missing. The flash, which contained financial records of TSU students dating back to 2002.
9/13/2008State Farm Insurance137An employee of State Farm fraudulently used customer information to open credit-card accounts. Customers' Social Security numbers, driver's license numbers, addresses and possibly financial account numbers could have been accessed.
9/15/2008Forever2198930If you shopped at the stores between November 26, 2003 and October 24, 2005, criminals may have jacked your credit and debit card numbers from its computers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data. The data included credit and debit card numbers and in some instances expiration dates and other card data, but did not include customer name and address.
9/19/2008Texas A&M University31A class roster was among some documents located on a computer server that was hacked. The class roster was for Economics-2301 held during the first summer session of 2004. Social Security numbers were part of the information on those documents.
9/22/2008Sonoma State University600Social Security numbers have been exposed to the public through an internal department website.
9/23/2008Texas Lottery Commission27075A former Texas Lottery Commission computer analyst has been arrested for copying the personal data of Texas lottery winners. He downloaded his own work files off his computer and took them to his next job. The names and Social Security numbers of 27,075 mid-level lottery winners -- people who have won prizes from $600 up to around $1 million -- were on the employee's hard drive.
9/26/2008Fort Wayne Community Schools3348A man arrested on forgery and counterfeiting charges may have used some employees' personal information in his possession. A 94-page document containing personal information belonging to 3,348 FWCS employees was found by police. The information included names, Social Security numbers, dates of birth and salary.
9/30/2008University of Indianapolis11000A hacker attacked the University of Indianapolis' computer system and gained access to personal information and Social Security numbers for 11,000 students, faculty and staff,
9/30/2008Blue Cross & Blue Shield1700A document containing the personal data was accidentally attached to a general e-mail being sent out to brokers notifying them of a software upgrade. Information such as Social Security numbers, phone numbers and addresses were exposed.
9/30/2008Dormitory Authority's3600On the trip from the Albany headquarters of this New York based construction organization, to their data center in New York City 5 tapes had fallen out of their yellow mailing envelope. The tapes contained personal private or sensitive information of over 600 employees and approximately 3,000 vendors. Social security numbers and tax ID numbers were compromised.
10/1/2008The Foothills Parks and Recreation District0The district noticed unusual activity last week which they believe was caused by a virus introduced to cover up the actions of the intruder. Some customer information, including credit card information, may have been compromised.
10/7/2008UND Alumni Association84000A laptop computer containing sensitive personal and financial information on alumni, donors and others was stolen from a vehicle belonging to a software vendor retained by the UND. The information, included individuals’ credit card and Social Security numbers,
10/7/2008Department of Administration535A laptop was taken from an auditor's vehicle. It contains payroll and benefits information for 425 employees of the state Insurance Commission and 110 employees of the Department of Health and Human Resources' Bureau of Medical Services and Child Support Enforcement Division. The information includes full names or first names and Social Security numbers.
10/13/2008Southwest Mississippi Community College1000Former Southwest Mississippi Community College students had some of their personal information made available temporarily on the Internet. The breach involved names, addresses, and in some cases, Social Security numbers.
10/15/2008City of Indianapolis3300A spreadsheet containing the names, Social Security numbers and dates of birth for people charged with minor offenses in 2006 and 2007 was accidentally posted on the city of Indianapolis' new Web site.
10/17/2008The Planet25000A security breach that may have affected the customer portal account and server passwords, was discovered. The Planet identified the methods by which the systems were compromised and have closed those holes. Only two user accounts were definitely affected, and no credit card information is believed to have been compromised.
10/18/2008City of Goodyear570A list of their Social Security numbers was stolen from the car of a staffer who had taken the data home. Burglars took the list while the employee's car was parked at her home.
10/19/2008Mary Washington Hospital803A security breach in an online computer system exposed the private medical information of some of its maternity patients. Social Security numbers, phone numbers, address, insurance carrier, birth dates and doctor's names were exposed.

Copyright 2008 Stratos, LLC