| Date | Name | Records Compromised | Description |
| 1/1/2006 | University Pittsburgh Medical Ctr. | 700 | 6 Stolen computers. Names, Social Security numbers, birthdates |
| 1/2/2006 | H&R Block | | SSNs exposed in 40-digit number string on mailing label |
| 1/8/2006 | Kerzner International / Atlantis | 55000 | Dishonest insider or hacking. Names, addresses, credit card details, Social Security numbers, driver's licence numbers and/or bank account data. |
| 1/11/2006 | People's Bank | 90000 | Lost computer tape containing names, addresses, Social Security numbers, and checking account numbers. |
| 1/15/2006 | Illinois Education Association | | |
| 1/16/2006 | New York City Teachers Retirement System | | |
| 1/17/2006 | City of San Diego, Water & Sewer Dept. | | Dishonest employee accessed customer account files, including SSNs, and committed identity theft on some individuals. |
| 1/20/2006 | University of Kansas | | |
| 1/20/2006 | Univ. Place Conference Center & Hotel, Indiana Univ. | | Hacking. Reservation information including credit card account number compromised. |
| 1/21/2006 | California National Guard | | Stolen briefcase with personal information of National Guardsmen including a 'seniority roster,' Social Security numbers and dates of birth. |
| 1/23/2006 | University of Notre Dame | | Hackers accessed Social Security numbers, credit card information and check images of school donors. |
| 1/24/2006 | University of Washington Med Ctr. | 1600 | Stolen laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data. |
| 1/25/2006 | Ameriprise Financial | 226000 | A laptop was stolen from an employee's car Christmas eve. It contained customers' names and Social Security numbers and in some cases, Ameriprise account information. |
| 1/25/2006 | University of Delaware | 159 | |
| 1/26/2006 | Providence Home Services | 365000 | Stolen backup tapes and disks containing Social Security numbers, clinical and demographic information. In a small number of cases, patient financial data was stolen. |
| 1/27/2006 | College of St. Scholastica | 12000 | |
| 1/28/2006 | State of Rhode Island | 4118 | Hackers obtained credit card information in conjunction with names and addresses. |
| 1/30/2006 | Cooks Illustrated | | |
| 1/31/2006 | Washington State Health Care Authority | 6000 | |
| 1/31/2006 | Boston Globe / Worcester Telegram and Gazette | 240000 | Inadvertently exposed. Credit and debit card information along with routing information for personal checks printed on recycled paper used in wrapping newspaper bundles for distribution. |
| 1/31/2006 | Honeywell International | 19000 | Exposed online. Personal information of current and former employees including Social Security numbers and bank account information posted on an Internet Web site. |
| 2/1/2006 | University of Colorado CO Springs | 2500 | |
| 2/2/2006 | Presbyterian Health Care Service | 450 | |
| 2/4/2006 | FedEx | 8500 | Inadvertently exposed. W-2 forms included other workers' tax information such as SSNs and salaries. |
| 2/6/2006 | Regions Bank | 100000 | |
| 2/7/2006 | Blue Cross Blue Shield NC | 600 | Inadvertently exposed. SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan. |
| 2/9/2006 | Bank of America / OfficeMax | 200000 | Hacking. Debit card accounts exposed involving bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo). |
| 2/15/2006 | Old Dominion University | 601 | Exposed online. Instructor posted a class roster containing names and Social Security numbers to a web site. |
| 2/15/2006 | Suffolk County Clerks Office NY | 7000 | |
| 2/16/2006 | University of Washington Med Ctr. | | |
| 2/16/2006 | United States Department of Agriculture | 350000 | Inadvertently exposed Social Security and tax identification numbers in FOIA request. |
| 2/16/2006 | Blue Cross Blue Shield Florida | 27000 | Contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.A judge today ordered a former computer consultant to reimburse the Jacksonville-based health insurer $580,000 for expenses related to his theft . |
| 2/17/2006 | Mount St. Mary's Hospital | | Two laptops containing date of birth, address and Social Security numbers of patients was stolen in an armed robbery in the New Jersey. |
| 2/17/2006 | Pelican Bay State Prison | | Inmates gained access to files containing employees' Social Security numbers, birth dates and pension account information stored in warehouse. |
| 2/18/2006 | University of Northern Iowa | 6000 | Hacking. Laptop computer holding W-2 forms of student employees and faculty was illegally accessed. |
| 2/20/2006 | Alltel | | |
| 2/22/2006 | Univ. Texas MD Anderson | 4000 | |
| 2/22/2006 | New Hampshire DMV | | |
| 2/23/2006 | Denver International Airport | | |
| 2/23/2006 | McAfee | 9000 | External auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee employees. |
| 2/25/2006 | Ernst & Young | | Laptop stolen from employee's car with customers' personal information including Social Security numbers. |
| 3/1/2006 | OH Secretary of State's Office | | SSNs, dates of birth, and other personal data of citizens routinely posted on a State web site as part of standard business practice. |
| 3/1/2006 | Medco Health Solutions Inc. | 4600 | Stolen laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories. |
| 3/2/2006 | Olympic Funding Chicago | | 3 hard drives containing clients names, Social Security numbers, addresses and phone numbers stolen during break in. |
| 3/2/2006 | Hamilton County Clerk of Courts | 1300000 | SSNs, other personal data of residents posted on county Web site, were stolen and used to commit identity theft. |
| 3/2/2006 | Los Angeles Cty. Dept. of Social Services | 2000000 | File boxes containing names, dependents, Social Security numbers, telephone numbers, medical information, employer, W-2, and date of birth were left unattended and unshredded. |
| 3/3/2006 | Metropolitan State College | 93000 | Stolen laptop containing names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester. |
| 3/5/2006 | Georgetown University | 41000 | Hacking. Personal information including names, birthdates and Social Security numbers of District seniors served by the Office on Aging. |
| 3/8/2006 | iBill | 17781462 | Dishonest insider or possibly malicious software linked to iBill used to post names, phone numbers, addresses, e-mail addresses, Internet IP addresses, logins and passwords, credit card types and purchase amount online. Credit card account numbers, expiration dates, security codes, and SSNs were NOT included, but in our opinion the affected individuals could be vulnerable to social engineering to obtain such information. |
| 3/8/2006 | Verizon | | 2 stolen laptops containing employees' personal information including Social Security numbers. |
| 3/11/2006 | CA Dept. of Consumer Affairs (DCA) | | Mail theft. Applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms include full or partial Social Security numbers, driver's license numbers, and potentially payment checks. |
| 3/14/2006 | Buffalo Bisons Web Site | | Hacker accessed sensitive financial information including credit card numbers names, passwords of customers who ordered items online. |
| 3/14/2006 | General Motors | 100 | Dishonest insider keep Social Security numbers of co-workers to perpetrate identity theft. |
| 3/15/2006 | Ernst & Young | | Laptop lost containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP employees exposed. |
| 3/16/2006 | Bananas.com | 274 | Hacker accessed names, addresses, phone numbers and credit card numbers of customers. |
| 3/22/2006 | District of Columbia Board of Elections and Ethics | | |
| 3/22/2006 | Hewlett Packard | 196000 | |
| 3/23/2006 | Fidelity Investments | 196000 | Stolen laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was stolen. |
| 3/24/2006 | CA State Employment Development Division | 64000 | Computer glitch sends state Employment Development Division 1099 tax forms containing Social Security numbers and income information to the wrong addresses, potentially exposing those taxpayers to identity theft. |
| 3/24/2006 | Vermont State Colleges | 14000 | Laptop stolen containing Social Security numbers and payroll data of students, faculty and staff associated with the five-college system from as long ago as 2000. |
| 3/24/2006 | California State University Dominguez Hills | 2486 | |
| 3/26/2006 | Florida Department of Management Services | 108000 | |
| 3/29/2006 | University of Nebraska Lincoln | 342 | |
| 3/30/2006 | Connecticut Tech High School Sys. | 1250 | Social Security numbers of students and faculty mistakenly distributed via email. |
| 3/30/2006 | Georgia Technology Authority | 553000 | Hacker exploited security flaw to gain access to confidential information including Social Security numbers and bank-account details of state pensioners. |
| 3/30/2006 | United States Marine Corp | 207750 | Portable drive lost that contains personal information used for research on re-enlistment bonuses. |
| 3/31/2006 | LA County Dept. Social Services | 94000 | |
| 4/1/2006 | Shorter College | | |
| 4/1/2006 | Con Edison | 15704 | Con Edison shipped 2 cartridge tapes to JPMorgan Chase in upstate Binghamton so it could input data on behalf of the NY Dept. of Taxation and Finance. One tape was apparently lost containing employees' W-2 data, including names, addresses, SSNs, taxes paid and salaries. |
| 4/3/2006 | Authorize.net | 3000 | |
| 4/6/2006 | Progressive Casualty Insurance | 13 | Dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure properties she was interested in buying. |
| 4/7/2006 | DiscountDomainRegistry.com | | Exposed online. Domain registrants' personal information including usernames, passwords and credit card numbers were accessible online. |
| 4/9/2006 | Univ. of Medicine Dentistry NJ | 2000 | Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni. |
| 4/10/2006 | Broward Co. Records Division FL | | |
| 4/12/2006 | Ross-Simons | 32000 | Security breach exposed account and personal information of those who applied for its private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants. |
| 4/13/2006 | Fifth Third Bank | 1000 | |
| 4/14/2006 | Voluntary Employees Benefit Association of Hawaii | 40000 | |
| 4/14/2006 | University of South Carolina | 1400 | Social Security numbers of students were mistakenly e-mailed to classmates. |
| 4/14/2006 | NewTech Imaging | 40000 | Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaiiwere illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation. |
| 4/15/2006 | Scott County, IA | | The Social Security numbers of people who obtained mortgages in the early 1990s are visible in documents posted on the county's website. The county will redact the information at the individuals' request. |
| 4/16/2006 | Fraser Health Authority | | |
| 4/21/2006 | Boeing Co. | 3664 | A laptop was taken from a Boeing human resources employee at Sea-Tac airport. It contained SSNs and other personal information, including personnel information from the 2000 acquisition of Hughes Space and Communications |
| 4/21/2006 | Ohio University Innovation Center | | a server containing data including e-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes was compromised. |
| 4/21/2006 | University of Alaska Fairbanks | 38941 | A hacker accessed names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff. |
| 4/21/2006 | Impac | 92 | |
| 4/23/2006 | Univ. Texas McCombs Business | 197000 | Hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members. |
| 4/24/2006 | University of Virginia | | |
| 4/26/2006 | Aetna Inc. | 39000 | Laptop containing personal information including names, addresses and Social Security numbers of Dept. of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car. |
| 4/26/2006 | Clydesdale Bank - Morgan Stanley | 2000 | |
| 4/26/2006 | Purdue University Elec. Comp. Eng. | 1351 | Hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships. |
| 4/27/2006 | Long Island Railroad | 20000 | Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of 'virtually everyone' who worked for the agency was lost by delivery contractor Iron Mountain while enroute. Data tapes belonging to the U.S. Department of Veteran's Affairs may also have been affected. |
| 4/28/2006 | Ohio's Secretary of State | 7700000 | The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained SSNs, which were not supposed to have been included on the CDs. |
| 4/28/2006 | U.S. Department of Defense | 14000 | Hacker accessed a Tricare |
| 5/1/2006 | Ohio University | 2480 | A breach was discovered on a computer that housed IRS 1099 forms for vendors and independent contractors for calendar years 2004 and 2005. |
| 5/1/2006 | Ohio University | | A breach of a computer that hosted a variety of Web-based forms, including some that processed on-line business transactions. Although this computer was not set up to store personal information, investigators did discover files that contained fragments of personal information, including Social Security numbers. The data is fragmentary and it is not certain if the compromised information can be traced to individuals. Also found on the computer were 12 credit card numbers that were used for event registration. |
| 5/2/2006 | Ohio University | 137000 | Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum. |
| 5/2/2006 | State of Georgia | | Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens. |
| 5/4/2006 | Idaho Power Company | | Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO. |
| 5/5/2006 | Wells Fargo | 39442 | Computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another. |
| 5/11/2006 | Columbus Bank and Trust | 2000 | |
| 5/11/2006 | Ohio University Hudson Health Center | 60000 | Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students. |
| 5/12/2006 | Mercantile Potomac Bank | 48000 | Laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates. |
| 5/16/2006 | American Institute of CPAs | 330000 | An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company. |
| 5/16/2006 | University of California Berkeley | 1200 | |
| 5/17/2006 | M & T Bank | 2524 | Laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name. |
| 5/18/2006 | American Red Cross | 8000 | Dishonest employee had access to Social Security numbers of donors to call urging them to give blood again. The employee misused the persoal information of at least 3 people to perpetrate identity theft and had access to the personal information of 1 million donors. |
| 5/19/2006 | Frost Bank | 100 | |
| 5/19/2006 | Unknown retail merchant | | Visa, MasterCard, and other debit and credit card numbers from banks across the country were stolen when a national retailer's database was breached. No names, Social Security numbers or other personal identification were taken. |
| 5/22/2006 | U.S. Department of Veterans Affairs | 26500000 | On May 3, data of all American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone numbers and addresses, were stolen from a VA employee's home. Theft of the laptop and computer storage device included data of 26.5 milliion veterans. The data did not contain medical or financial information, but may have disability numerical rankings. |
| 5/23/2006 | Butler Co. Dept.of Mental Retardation Developmental Disabilities | 100 | Three laptop computers were stolen 'last month' from the agency's office. They contained personal information on mental health clients, including SSNs. |
| 5/23/2006 | Mortgage Lenders Network USA | 231000 | A former employee was arrested for extortion for attempting to blackmail his former employer for $6.9 million. He threatened to expose company files containing sensitive customer information - including customers' names, addressess, Social Security numbers, loan numbers, and loan types - if the company didn't pay him. He stole the files over the 16 months he worked there. |
| 5/23/2006 | University of Delaware Dept. Public Safety | 1076 | Security breach of a Department of Public Safety computer server potentialy exposes names, Social Security numbers and driver's license numbers. |
| 5/24/2006 | Sacred Heart University | 135000 | It was discovered on May 8th that a computer containing personal information including names, addresses and Social Security numbers was breached. |
| 5/25/2006 | Security Savings Bank | 13 | |
| 5/26/2006 | California State University Stanislaus | 1294 | |
| 5/30/2006 | Florida International University | | Hacker accessed a database that contained personal information, such as student and applicant names and Social Security numbers. |
| 5/31/2006 | Humana | 268 | On May 5, 2006, Medicare drug benefit applications were stolen from an insurance agent's unlocked car in Brooklyn Park, MN. Information included applicants' name, address, date of birth, Social Security number, and bank routing information. |
| 5/31/2006 | Texas Guaranteed Student Loan Corp. | 1300000 | Texas Guaranteed (TG) was notified by subcontractor Hummingbird that on May 24, an employee had lost a piece of equipment containing names and Social Security numbers of TG borrowers. |
| 5/31/2006 | VyStar Credit Union | 34000 | Hacker gained access to member accounts 'a few weeks ago' and stole personal information including names, addresses, birth dates, mother's maiden names, SSNs and/or email addresses. |
| 6/1/2006 | Hotels.com | 243000 | |
| 6/1/2006 | YMCA of Greater Providence | 65000 | Laptop computer containing personal information of members was stolen. The information included credit card and debit card numbers, checking account information, Social Security numbers, the names and addresses of children in daycare programs and medical information about the children, such as allergies and the medicine they take, though the type of stolen information about each person varies. |
| 6/1/2006 | Miami Ohio University | 851 | An employee lost a hand-held personal computer containing personal information of students who were enrolled between July 2001 and May 2006. |
| 6/1/2006 | Ernst & Young | 243000 | A laptop containing names, addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas. |
| 6/1/2006 | University of Kentucky | 1300 | Personal information of current and former University of Kentucky employees including Social Security numbers was inadvertently accessible online for 19 days last month. |
| 6/2/2006 | Ahold USA | | An EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts. |
| 6/3/2006 | Buckeye Community Health Plan | 72000 | Four laptop computers containing customer names, Social Security numbers, and addresses were stolen from the Medicaid insurance provider. |
| 6/3/2006 | Humana Medicare | 17000 | Personal information of Humana customers enrolled in the company's Medicare prescription drug plans could have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file. |
| 6/5/2006 | United States Internal Revenue Service | 291 | A laptop computer containing personal information of employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth, was lost during transit on an airline flight |
| 6/6/2006 | University of Texas El Paso | 4719 | Students demonstrated that student body and faculty elections could be rigged by hacking into student information including Social Security numbers. |
| 6/7/2006 | Colorado Mental Health Institute | 287 | |
| 6/8/2006 | University of Michigan Credit Union | 5000 | Paper documents containing personal information of credit union members were stolen from a storage rooms. The documents were supposed to have been digitally imaged and then shredded. Instead, they were stolen and used to perpetrate identity theft. |
| 6/9/2006 | National Nuclear Safety Administration | 1500 | Names, Social Security numbers, security clearance levels and place of employment for mostly contract employees who worked for National Nuclear Security Administration may have been compromised when a hacker gained entry to a computer system at a service center in Albuquerque, N.M. eight months ago. |
| 6/9/2006 | Ohio University | 70000 | |
| 6/10/2006 | Nationwide Retirement Systems | | |
| 6/11/2006 | Denver Election Commission | 150000 | Records containing personal information on more than 150,000 voters are missing at city election offices. The microfilmed voter registration files from 1989 to 1998 were in a 500-pound cabinet that disappeared when the commission moved to new offices in February. The files contain voters' Social Security numbers, addresses and other personal information. |
| 6/12/2006 | Fish & Richardson | 10 | |
| 6/13/2006 | Hanford Nuclear Reservation | 4000 | Current and former workers at the Hanford Nuclear Reservation that their personal information may have been compromised, after police found a 1996 list with workers' names and other information in a home during an unrelated investigation. |
| 6/13/2006 | Oregon Department of Revenue | 2200 | Electronic files containing personal data of Oregon taxpayers may have been compromised by an ex-employee's downloaded a contaminated file from a porn site. The 'trojan' attached to the file may have sent taxpayer information back to the source when the computer was turned on. |
| 6/13/2006 | State of Minnesota | | Three laptops possibly containing Social Security numbers of employees and recipients of housing and welfare benefits along with other personal information of local governments the auditor oversees have gone missing. |
| 6/14/2006 | American International Group | 969000 | The computer server was stolen on March 31 containing personal information including names, Social Security numbers, birth dates, and some medical and disability information. |
| 6/16/2006 | ING | 8500 | Two ING laptops that carried sensitive data affecting of Jackson Health System hospital workers were stolen in December 2005. The computers, belonging to financial services provider ING, contained information gathered during a voluntary life insurance enrollment drive in December and included names, birth dates and Social Security numbers. |
| 6/16/2006 | New York State Comptrollers Office | 1300 | State controller data cartridge containing payroll data of employees who work for a variety of state agencies was lost during shipment. The data contained names, salaries, Social Security numbers and home addresses. |
| 6/16/2006 | Union Pacific | 30000 | On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates and Social Security numbers. |
| 6/17/2006 | Automatic Data Processing | 80 | Personal and payroll information of workers were intended to be faxed between ADP offices and were mistakenly sent to a third party. |
| 6/17/2006 | CA Dept. of Health Services (CDHS) | 1550 | CDHS documents were inappropriately emptied from an employee's cubicle on June 5 and 9 rather than shredded. |
| 6/17/2006 | Western Illinois University | 240000 | On June 5th, a hacker compromised a University server that contained names, addresses, credit card numbers and Social Security numbers of people connected to the University. |
| 6/18/2006 | ING U.S. Financial Services | 13000 | Laptop stolen from employee's home containing retirement plan information including Social Security numbers of D.C. city employees. |
| 6/20/2006 | Equifax Inc. | 2500 | On May 29, a company laptop containing employee names and partial and full Social Security numbers was stolen from an employee. |
| 6/20/2006 | New Jersey Department of Labor and Workforce Development | 498 | |
| 6/20/2006 | University of Alabama Birmingham | 9800 | In February a computer was stolen from a locked office of the kidney transplant program at the University of Alabama at Birmingham that contained confidential information of donors, organ recipients and potential recipients including names, Social Security numbers and medical information. |
| 6/21/2006 | Cumberland County Emergency Medical Services | 24000 | |
| 6/21/2006 | Lancaster General Hospital | | A desktop computer with personal information of hundreds of doctors was stolen from a locked office June 10. The unencrypted data included names, practice addresses, and SSNS of physicians on medical and dental staff. |
| 6/21/2006 | Cape Fear Valley Health System | 24350 | Portable computer containing personal information of more than 24,000 people was stolen from ambulance of Cumberland Co. Emergency Medical Services on June 8th. It contained information on people treated by the EMS, including names, addresses, and birthdates, plus SSNs of 84% of those listed. |
| 6/22/2006 | United States Department of Agriculture | 26000 | During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors. |
| 6/22/2006 | University of Kentucky | 6500 | The personal data of current and former students including classroom rosters names, grades and Social Security numbers was reported stolen on May 26 following the theft of a professor's flash drive. |
| 6/22/2006 | Federal Trade Commission | 110 | Two laptop computers containing personal and financial data were stolen from an employee's vehicle. The data included names, addresses, Social Security numbers, dates of birth, and in some instances, financial account numbers gathered in law enforcement investigations. |
| 6/23/2006 | CA Dept. of Health Services (CDHS) | 323 | On June 12, a box of Medi-Cal forms from December 2005 were found in the cubicle of a CDHS employee. The claim forms contained the names, addresses, Social Security numbers and prescriptions for beneficiaries or their family members. |
| 6/23/2006 | San Francisco State University | 3000 | a faculty member's laptop was stolen from a car on June 1 that contained personal information of former and current students including Social Security numbers, and names and ins some instance, phone numbers and grade point averages. |
| 6/23/2006 | United States Navy | 28000 | Navy personnel were notified on June 22 that a civilian web site contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers. |
| 6/24/2006 | Catawba County Schools | 619 | On June 22, it was discovered that a web site posted names, Social Security numbers, and test scores of students who had taken a keyboarding and computer applications placement test during the 2001-02 school year. |
| 6/24/2006 | Social Security Administration | 228 | |
| 6/26/2006 | King County Elections | | Social Security numbers for potentially thousands of current and former county residents may be exposed on the agency's web site. Residents can request that the image of any document that contains a Social Security number, Mother's Maiden Name or Drivers License be removed. Officials state that they are unable to alter original public documents and cannot choose to not record documents presented for recording.á |
| 6/27/2006 | AAAAA Rent-A-Space | 13000 | Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in its online payment system. |
| 6/27/2006 | Government Accountability Office | 1000 | Data from audit reports on Defense Department travel vouchers from the 1970s were inadvertently posted online and included some service members' names, Social Security numbers and addresses. The agency has subsequently removed the information. |
| 6/28/2006 | Minnesota Department of Revenue | 2400 | On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers. |
| 6/29/2006 | Allstate | 27000 | Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen. |
| 6/29/2006 | Nat.Institutes of Health Federal Credit Union | 41000 | NIHFCU is investigating with law enforcement the identity theft of some of its 41,000 members. No details given on type of information stolen, or how it was stolen. |
| 6/29/2006 | Nebraska Treasurer's Office | 300000 | A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses. |
| 6/30/2006 | U.S. Department of Veterans Affairs | 16000 | A data tape disappeared from a VA facility in Indianapolis, IN that contained information on legal cases involving U.S. veterans and included veterans' Social Security numbers, dates of birth and legal documents. |
| 6/30/2006 | Washington Regional Medical Center | 5000 | |
| 7/1/2006 | American Red Cross | | Sometime in May, 3 laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005. |
| 7/5/2006 | Bisys Group Inc. | 61000 | Personal details about 61,000 hedge fund investors were lost when an employee's truck carrying backup tapes was stolen. The data included SSNs of 35,000 individuals. The tapes were being moved from one Bisys facility to another on June 8 when the theft occurred. |
| 7/6/2006 | Automatic Data Processing | | Payroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley , Bear Stearns, Citigroup, Merrill Lynch. |
| 7/6/2006 | University of Tennessee | 36000 | Hacker broke into UT computer containing names, addresses and SSNs of about 36,000 past and current employees. Intruder apparently used computer from Aug. '05 to May '06 to store and transmit movies. |
| 7/7/2006 | Hattiesburg City Hall | | Video surveillance cameras caught 2 intruders stealing hard drives from 18 computers June 23. Data files contained names, addresses, and SSNs of current and former city employees and registered voters as well as bank account information for employees paid through direct deposit and water system customers who paid bills electronically. |
| 7/7/2006 | United States Navy | 100000 | SSNs and other personal information of naval and Marine Corps aviators and air crew, both active and reserve, were exposed on Center web site and on 1,100 computer discs mailed to naval commands. |
| 7/7/2006 | Montana Public Health and Human Services | | A state government computer was stolen from the office of a drug dependency program. during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised. |
| 7/7/2006 | National Association of Securities Dealers | 73 | Ten laptops were stolen on Feb. 25 '06 from NASD investigators. They included SSNs of securities dealers who were the subject of investigations involving possible misconduct. Inactive account numbers of about 1,000 consumers were also contained on laptops. |
| 7/13/2006 | Moraine Park Technical College | 1500 | Computer disk (CD) with personal information of 1,500 students was reported missing. Information includes names, addresses, phone numbers & SSNs of apprenticeship students back to 1993. |
| 7/14/2006 | California Polytechnic State University (Cal Poly) | 3020 | Laptop computer was stolen from the home of a physics department professor July 3. It included names and SSNs of physics and astronomy students from 1994-2004. (Date of letter sent to students. Date of news story is 8/1/06) |
| 7/14/2006 | Hampton Circuit Court | | |
| 7/14/2006 | Northwestern University | 17000 | Files containing names and some personal information including SSNs were on 9 desktop computers that had been accessed by unauthorized persons outside the University. The computers were in the Office of Admissions and Financial Aid Office. |
| 7/14/2006 | Treasurer's computer in Circuit Court Clerk's office | | Public computer in city government building containing taxpayer information was found to display SSNs of many residents -- those who paid personal property and real estate taxes. It was shut down and confiscated by the police on July 12th. |
| 7/14/2006 | University of Iowa | 280 | Laptop computer containing personal information of current and former MBA students was stolen. Data files included SSNs and some contact info. |
| 7/16/2006 | Mississippi Secretary of State | | The state agency's web site listed 2 million+ Uniform Commercial Code (UCC) filings in which thousands of individuals' SSNs were exposed. |
| 7/17/2006 | Vassar Brothers Medical Center | | Laptop was stolen from the emergency department between June 23-26. It contained information on patients dating back to 2000, including SSNs and dates of birth. |
| 7/18/2006 | CS Stars, subsidiary of insurance company Marsh Inc. | 540000 | On May 9, CS Stars lost track of a personal computer containing records of more than a half million New Yorkers who made claims to a special workers' comp fund. The lost data includes SSNs and date of birth but apparently no medical information. |
| 7/18/2006 | Nelnet Inc. | 188000 | Computer tape containing personal information of student loan customers and parents, mostly from Colorado, was lost when shipped via UPS. The loans were previously serviced by College Access Network |
| 7/18/2006 | United States Department of Agriculture | 350 | Laptop computer and printout containing names, addresses and SSNs of 350 employees was stolen from an employee's car and later recovered. |
| 7/21/2006 | Special Funds Conservation Committee | 540000 | |
| 7/21/2006 | BCTGM Local 192 Union | 140 | |
| 7/24/2006 | New York Department of Homeless Services | 8400 | The personal information of 8,400 homeless persons, including SSNs, was leaked in an e-mail attachment July 21, when accidentally sent to homeless advocates and city officials. |
| 7/24/2006 | Wolters Kluwer | 8500 | |
| 7/25/2006 | Armstrong World Industries | 12000 | A laptop containing personal information of current and former employers was stolen. The computer was in the possession of the company's auditor, Deloitte & Touche. Data included names, home addresses, phone numbers, SSNs, employee ID numbers, salary data, and bank account numbers of employees who have their checks directly deposited. |
| 7/25/2006 | Cablevision | 13700 | A tape en route to the company's 401(k) plan record-keeper ACS was lost when shipped by FedEx to Dallas, TX. No customer data was on the tape. (lost when shipped to Dallas-based ACS) |
| 7/25/2006 | Georgetown University Hospital | 23000 | Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX. |
| 7/25/2006 | Old Mutual Capital Inc | 6500 | Laptop was stolen sometime in May containing personal information of U.S. clients, including names, addresses, account numbers and some SSNs. |
| 7/26/2006 | United States Navy | 31000 | Two laptop computers with information on Navy recruiters and applicants were stolen in June and July. Also included was information from selective service and school lists. About 4,000 records contained SSNs. Files were password protected. |
| 7/27/2006 | Kaiser Permanente | 160000 | A laptop was stolen containing names, phone numbers, and the Kaiser number for each HMO member. The data file did not include SSNs. The data was being used to market Hearing Aid Services to Health Plan members. |
| 7/27/2006 | Los Angeles County Dept. Community Senior Services | | In May, a laptop was stolen from the home of a community and senior services employee. It contained information on LA County employees. |
| 7/27/2006 | Los Angeles Count Adult Protective Services | | Last weekend 11 laptops were stolen from the Burbank office. It is not clear what type of personal information was included. |
| 7/27/2006 | Los Angeles County Community Development Commission | 4800 | Earlier in July, a computer hacker located in Germany gained access to the CDC's computer system, containing personal information on 4,800 public housing residents. |
| 7/28/2006 | Lancaster General Hospital | | |
| 7/28/2006 | Riverside, Calif., city employees | 2000 | The SSNs and financial information regarding 401(k) accounts was accidentally e-mailed to 2,300 city employees due to a computer operator's error. The data was intended for the city payroll dept. |
| 7/29/2006 | Sentry Insurance | 112198 | Personal information including SSNs on worker's compensation claimants was stolen, some of which was later sold on the Internet. No medical records were included. The thief was a lead programmer-consultant who had access to claimants' data. The consultant was arrested and faces felony charges. |
| 8/1/2006 | Ron Tonkin Nissan | 16000 | Several months ago the car dealership experienced a security breach affecting the personal information of those who bought cars or applied for credit between 2001 and March 2006. |
| 8/1/2006 | Wichita State University | 2040 | WSU learned on June 29 that someone gained unauthorized access into 3 computers in its College of Fine Arts box office, containing credit card information for about 2,000 patrons. |
| 8/1/2006 | U.S. Bank | | A bank employee's briefcase was stolen from the employee's car with documents containing names, phone numbers, and SSNs of customers. |
| 8/1/2006 | Wichita State University | 40 | An intrusion into a WSU psychology department's server was discovered July 16. It contained information on about 40 applicants to the doctoral program. |
| 8/1/2006 | Dollar Tree | 150 | Customers of the discount store have reported money stolen from their bank accounts due to unauthorized ATM withdrawals. Data may have been intercepted by a thief's use of a wireless laptop computer with the thief then creating counterfeit ATM cards and using them to withdraw money. |
| 8/1/2006 | Cal Poly | 3020 | |
| 8/1/2006 | CoreLogic for ComUnity Lending | | In early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNS, and property addresses related to an existing or anticipated mortgage loan. |
| 8/2/2006 | Belhaven College | 300 | An employee carrying laptop was robbed at gunpoint on July 19 while walking to his car. Computer contained names and SSNs of college employees. |
| 8/2/2006 | Vassar Brothers Medical Center | 257800 | |
| 8/2/2006 | West Virginia Div. of Rehabilitiation Services | | A laptop was stolen July 24 containing clients' names, addresses, SSNs, and phone numbers. Data was password protected. |
| 8/4/2006 | Matrix Bancorp Inc. | | Two laptop computers were stolen during daytime while staffers were away from their desks. One computer contained customers' account information. The bank says data is encrypted and password protected. |
| 8/4/2006 | PSA HealthCare | 51000 | A company laptop was stolen from an employee's vehicle in a public parking lot July 15. It contained names, addresses, SSNs, and medical diagnostic and treatment information used in reimbursement claims. |
| 8/4/2006 | Toyota | 1500 | Laptop belonging to contractor and containing personal information of job applicants and employees was stolen. Data included names and SSNs. |
| 8/6/2006 | American Online (AOL) | | In late July AOL posted on a public web site data on 20 million web queries from 650,000 users. Some search records exposed SSNs, credit card numbers, or other pieces of sensitive information. |
| 8/8/2006 | U.S. Department of Veterans Affairs | 38000 | Computer at contractor's office was reported missing Aug. 3, containing billing records with names, addresses, SSNs, and dates of birth of veterans at 2 Pennsylvania locations. |
| 8/8/2006 | Virginia Bureau of Insurance | 202000 | The Bureau has advised insurance agents in the state that their SSN may have been exposed on its web site from June 13 through July 31, 2006, due to a programming error. The SSNs were not shown on any web page, but could have been found by savvy computer users using the source code tool of a web browser. |
| 8/8/2006 | Linens n Things | 90 | A folder holding about 90 receipts was missing from the store. Receipts included full credit or debit account number and name of the card holder. |
| 8/9/2006 | U.S. Department of Transportation | 133000 | The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County; 42,800 persons in FL with FAA pilot certificates; and 9,000 persons with FL driver's licenses. |
| 8/11/2006 | Madrona Medical Group | 6000 | On Dec. 17, 2005, a former employee accessed and downloaded patient files onto his laptop computer. Files included name, address, SSN, and date of birth. The former employee has since been arrested. |
| 8/15/2006 | U.S. Dept. of Transportation | | On April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information. |
| 8/15/2006 | University of Kentucky | 630 | The names and SSNs of 630 students were posted on the University's financial aid web site between Friday and Monday, Aug. 11-14. |
| 8/15/2006 | University of Kentucky Department of Geography | 80 | About 80 geography students were notified Aug. 14 that their SSNs were inadvertently listed on an e-mail communication they all received telling them who their academic advisor would be for the coming year. |
| 8/16/2006 | Chevron | | Chevron informed its U.S. workers Aug. 14 that a laptop was stolen from 'an employee of an independent public accounting firm' who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans. |
| 8/17/2006 | HCA Inc. | 7000 | 10 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA. 'thousands of files' Hospital Corp. of America |
| 8/17/2006 | Williams-Sonoma | 1200 | On July 10, a laptop was stolen from the Los Angeles home of a Deloitte & Touche employee who was conducting an audit for W-S. Computer contained employees' payroll information and SSNs. |
| 8/18/2006 | California Department of Mental Health | 9468 | Computer tape with employees' names, addresses, and SSNs has been reported missing. Employees were notified Aug. 17 by e-mail. |
| 8/22/2006 | Aflac | 612 | A laptop containing customers' personal information was stolen from an agent's car. It contained names, addresses, SSNs, and birth dates of 612 policyholders. They were notified Aug. 11. American Family Life Assurance Co. |
| 8/22/2006 | Beaverton School District | 1600 | Time slips revealing personal information were missing and presumed stolen following a July 24 break-in at a storage shed on the administration office's property. The time slips included names and SSNs but not addresses. |
| 8/22/2006 | Troy Beaumont Hospital | 28473 | A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients. |
| 8/23/2006 | United States Department of Education | 21000 | A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the Department's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies. |
| 8/25/2006 | Sovereign Bank | | Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data. |
| 8/25/2006 | Verizon Wireless | 5000 | |
| 8/25/2006 | U.S. Dept. of Transportation, Federal Motor Carrier Safety Administration | 193 | A laptop that 'might contain' personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies. |
| 8/25/2006 | Dominion Resources | 1700 | Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company. |
| 8/25/2006 | Federal Motor Carrier Safety Administration | 193 | |
| 8/26/2006 | PortTix | 2000 | Credit card information for about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site. PortTix is Merrill Auditorium's ticketing agency. The Web site was secured as of Aug. 24. |
| 8/26/2006 | University of South Carolina | 6000 | A security audit this summer found that a computer server was hacked in Sept. 2005. A database could have been accessed with names, SSNs, and birthdates of current and former students. |
| 8/27/2006 | New Mexico Administrative Office of the Courts | 1500 | For 8 days in late May, an unsecured document was exposed on the agency's FTP site on the state's computer server. It contained names, birth dates, SSNs, home addresses and other personal information of judicial branch employees. The FTP site was shut down June 2 and has since be redesigned. |
| 8/29/2006 | AT&T | 19000 | Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying 'fewer than 19,000' customers.' via vendor that operates an order processing computer |
| 8/29/2006 | Compass Health | 8000 | Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness. |
| 8/29/2006 | United States Department of Education | 43 | Two laptops were stolen from DTI's office in downtown DC containing personal information on 43 grant reviewers for the Teacher Incentive Fund. DTI could not rule out that the data included SSNs. |
| 8/29/2006 | Valley Baptist Medical Center | 73 | A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form. |
| 8/31/2006 | Diebold, Inc. | | An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number. |
| 8/31/2006 | LabCorp | | During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results. |
| 9/1/2006 | Wells Fargo | | In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company. |
| 9/1/2006 | Virginia Commonwealth University | 2100 | Personal information of freshmen and graduate engineering students from 1998 through 2005 was exposed on the Internet for 8 months (Jan. - Aug.) due to human error. It was discovered by a student who used a search engine to find her name. The data included SSNs and e-mail addresses. |
| 9/1/2006 | City of Chicago | 38443 | A laptop was stolen from the home of contractor's employee last April 2005. It was reported to the city July 2006 more than a year later. Data included names, addresses, phone numbers, birthdates and SSNs for those in the city's deferred compensation plan. |
| 9/2/2006 | Lloyd's of London | | A thief reprogrammed more than 150 Lloyd's of London credit card numbers onto phone cards and used them to withdraw money from an ATM in Port St. Lucie, FL (stealing more than $20,000 over 3 days). Key personal and financial information had been skimmed from the magnetic strip on the victims' cards. |
| 9/6/2006 | Transportation Security Administration | 1195 | In late August 2006, Accenture, a contractor for TSA mailed documents containing former employees' SSN,, date of birth, and salary information to the wrong addresses due to an administrative error. |
| 9/7/2006 | Chase Card Services | 2500000 | Chase Card Services mistakenly discarded 5 computer data tapes in July containing Circuit City cardholders' personal information. |
| 9/7/2006 | Florida National Guard | 100 | A laptop computer was stolen from a soldier's vehicle contained training and administrative records, including Social Security numbers of up to 100 Florida National Guard soldiers. |
| 9/8/2006 | Cleveland Clinic | 1130 | A clinic employee stole personal information from electronic files and sold it to her cousin, owner of Advanced Medical Claims, who used it to file fraudulent Medicare claims totaling more than $2.8 million. Information included names, SSNs, birthdates, addresses and other details. Both individuals were indicted. |
| 9/8/2006 | Linden Lab . Second Life | 648420 | On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world. |
| 9/8/2006 | University of Minnesota | 13084 | On August 14-15 eve, two computers were stolen from the desk of an Institute of Technology employee, containing information on students who were freshmen from 1992-2006 -- including names, birthdates, addresses, phone numbers, high schools attended, student ID numbers, grades, test scores, and, academic probation. SSNs of 603 students were also exposed. |
| 9/11/2006 | Telesource | | Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses. via Vekstar |
| 9/12/2006 | City of Paris Kentucky | 100 | |
| 9/13/2006 | American Family Insurance | 2000 | The office of an insurance agent was broken into and robbed last July. Among the items stolen was a laptop with customers' names, SSNs, and driver's license numbers. |
| 9/14/2006 | Illinois Department of Corrections | 16500 | A document containing employees' personal information was found outside the agency's premises 'where it should not have been.' It has since been retrieved. Information included employees' names, SSNs, and salaries. |
| 9/14/2006 | Nikon Inc. | 3235 | Workers at a Montgomery, AL, camera store discovered that subscription information for the magazine Nikon World was exposed on the Web for at least 9 hours. Data included subscribers' names, addresses and credit card numbers. |
| 9/15/2006 | Mercy Medical Center Merced | 295 | A memory stick containing patient information was found July 18 by a local citizen on the ground at the County Fairgrounds near the hospital's information booth. It was returned to the hospital 4 weeks later. Data included names, SSNs, birthdates, and medical records. |
| 9/15/2006 | University of Texas at San Antonio | 64000 | |
| 9/15/2006 | Berks County Pennsylvania | 25000 | A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs. |
| 9/16/2006 | Beaumont Hospital | 3 | The hospital mistakenly mailed medical reports on 3 patients to a retired dentist in Texas. Reports included name, test results, date of birth and patient ID numbers. The hospital admitted to both human and computer error. A new computer system mixed similar names, and staff did not catch it. |
| 9/16/2006 | Howard Rice | 500 | A laptop was stolen from the trunk of the car of the law firm's auditor, containing confidential employee pension plan information -- names, SSNs, remaining balances, 401(k) and profit-sharing information. |
| 9/16/2006 | Michigan Department of Community Health | 4000 | Residents who participated in a scientific study were notified that a flash drive was discovered missing as of Aug. 4, and likely stolen, from an MDCH office.The portable memory device contained names, addresses, phone numbers, dates of birth, and SSNs of participants. The study tracked the long-term exposure to flame retardents ingested by residents in beef and milk. |
| 9/17/2006 | Direct Loan | 21000 | A security breach exposed private information of student loan borrowers from Aug. 20-22 during a computer software upgrade. Users of the Direct Loans Web site were able to view information other than their own if they used certain options. SSNs were among the data elements exposed online. |
| 9/17/2006 | Whistle Junction | | Personnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees, |
| 9/18/2006 | DePaul Medical Center | 100 | Two computers were stolen, one on August 28 and the other Sept. 11. Personal data included names, date of birth, treatment information, and some SSNs. |
| 9/19/2006 | Life Is Good | 9250 | Hackers accessed the retailer's database containing customer's credit card numbers. The company said no other personal information was in the database. |
| 9/20/2006 | Berry College | 2093 | Student applications for need-based financial aid were misplaced by a consultant -- in both paper and digital form. Data included name, SSN, and reported family income for students and potential students for the 2005-06 academic year. |
| 9/20/2006 | City of Savannah | 8800 | Because of a 'hole in the firewall,'a City server exposed personal information online for 7 months. Individuals identified by the Red Light Camera Enforcement Program are affected -- name, address, driver's license number, vehicle identification number, and SSNs of those individuals whose driver's license number is still the SSN. |
| 9/21/2006 | Pima County Health Department | 2500 | Vaccination records on 2,500 clients had been left in the trunk of a car that was stolen Sept. 12. The car and records have since been recovered. Records included names, dates of birth and ZIP codes, but no SSNs or addresses. |
| 9/21/2006 | U.S. Dept. of Commerce and Census Bureau | | The agency reported that 1,137 laptops have been lost or stolen since 2001. Of those, 672 were used by the Census Bureau, with 246 of those containing personal data. Secretary Gutierrez said the computers had 'protections to prevent a breach of personal information.' |
| 9/22/2006 | Bank of America | | Stolen laptop with info of Visa Buxx users (debit cards) |
| 9/22/2006 | Purdue University | 2482 | A file in a desktop computer in the Chemistry Department may have been accessed illegitimately. The file contained names, SSNs, school, major, and e-mail addresses of people who were students in 2000. |
| 9/22/2006 | Several Indianapolis pharmacies | | Earlier this year a local TV reporter from WTHR found that 'dozens' of pharmacies disposed of customer records in unsecured garbage bins. Now the Indiana Board of Pharmacy has launched an investigation of 30 pharmacies. Both the Board and the Attorney General say that the pharmacies violated state law. |
| 9/22/2006 | University of Colorado at Boulder | 1372 | Two computers had been placed in storage during the school's move to temporary quarters in May. When they were to be retrieved Aug. 28, they were found missing. They had been used by 2 faculty members and included students' names, SSNs, and grades. |
| 9/23/2006 | An illegal dumping site northwest of Quinlan, TX | | Investigators found boxes of private medical records containing names and personal information of patients of a doctor who lives in Dallas and who has a Greenville, TX, practice. They had apparently been dumped there by a contractor who was hired to remodel his house. The contractor was indicted on a charge of illegal dumping. |
| 9/23/2006 | Erlanger Hospital | 4150 | Records of hospital employees disappeared from a locked office on Sept. 15. They were stored on a USB 'jump drive.' Information was limited to names and SSNs. Those affected included anyone who went through job 'status changes' from Nov. 2003 to Sept. 2006. |
| 9/25/2006 | General Electric | 50000 | An employee's laptop computer holding the names and Social Security numbers of approximately 50,000 current and former GE employees was stolen from a locked hotel room while he was traveling for business. |
| 9/25/2006 | Movie Gallery | | A large number of Movie Gallery's files and videos were found in a dumpster. The files contained personal information of people employed by Movie Gallery and people applying for jobs at the video store as well as people applying for movie rental membership. Movie Gallery has agreed to pay $50,000 to the State of NC. |
| 9/27/2006 | America Online | | |
| 9/28/2006 | Stevens Hospital Emergency Room via dishonest employee of billing company Med Data | 30 | A manager for the hospital's billing company, Med Data, stole patients' credit card numbers. She gave them to her brother who bought $30,000 worth of clothes and gift cards over the Internet. The woman is scheduled for sentencing in Nov. and her brother's trial is expected Jan. 2007. |
| 9/28/2006 | North Carolina Department of Motor Vehicles | 16000 | A computer was stolen from a NC Dept. of Motor Vehicles office, reported Sept. 10. It contains names, addresses, driver's license numbers, SSNs, and in some cases immigration visa information of 16,000 people who have been issued licenses in the past 18 months. Most are residents of Franklin County. |
| 9/28/2006 | Illinois Dept. of Transportation | 40 | Documents found by state auditors in recycling bins in a hallway contained IDOT employee names and SSNs. |
| 9/29/2006 | State of Kentucky | 146000 | State employees received letters from the Kentucky Personnel Cabinet with their SSNs visible through the envelope windows. |
| 9/29/2006 | University of Iowa | 14500 | A computer containing SSNs of 14,500 psychology department research study subjects was the object of an automated attack designed to store pirated video files for subsequent distribution. |
| 10/2/2006 | Seattle-Tacoma International Airport | 6939 | Six CDs missing from the ID Badging office at Seattle-Tacoma International Airport hold the personal information of 6,939 airport workers. The data include names, addresses, birth dates, SSNs and driver's license numbers, telephone numbers, employer information, and height/weight. The data on the disks were scanned from paper applications for airport badges. The port learned of the missing disks on September 18 and sent letters to the affected employees on Oct. 2. |
| 10/3/2006 | Willamette Educational Service District | 4500 | Seven computers stolen from a Willamette Educational service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information. |
| 10/3/2006 | Picatinny Arsenal | | 28 computers are missing from the Picatinny Arsenal, a Department of Defense Weapons Research Center. The computers were reported lost or stolen over the last two years. None of the computers was encrypted. Officials state the computers did not contain classified information. |
| 10/3/2006 | Cumberland County Pennsylvania | 1200 | Cumberland County (PA) officials removed salary board meeting minutes from their Web site because they contained the SSNs of 1,200 county employees. The information was included in minutes from meetings prior to 2000. The county no longer uses SSNs as unique identifiers for employees. Employees will be informed of the data breach in a note included with their paychecks. |
| 10/4/2006 | Orange County Controller (FL) | | A Florida woman discovered her marriage license was visible on the Orange County (FL) controller's Web site with no information blacked out, not even SSNs. She discovered the breach because someone had applied for a loan in her name. The Orange County Comptroller is reportedly paying a vendor $500,000 to black out all SSNs by January 2008. |
| 10/5/2006 | Capistrano Unified School District | | |
| 10/5/2006 | San Juan Capistrano Unified School District (CA) | | Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program. |
| 10/6/2006 | Cleveland Air Route Traffic Control Center | 400 | A computer hard drive missing from the Cleveland Air Route Traffic Control Center in Oberlin (OH) contains the names and SSNs of at least 400 air traffic controllers. |
| 10/6/2006 | Camp Pendleton Marine Corps Base | 2400 | A laptop missing from Lincoln B.P. Management Inc. holds personally identifiable data about 2,400 Camp Pendleton residents. |
| 10/9/2006 | Troy Athens High School | | A hard drive stolen from Troy Athens High School in August contained transcripts, test scores, addresses and SSNs of students from the graduating classes of 1994 to 2004. The school district and the superintendent have notified all affected alumni by regular mail. (Letter mailed Oct. 5, 2006) |
| 10/11/2006 | Florida Department of Labor | 4624 | The names and SSNs of 4,624 Floridians were accessible on the Internet for approximately 18 days in September. The data were not accessible through Web sites, but an individual came across the information when Googling his own name. The agency has asked Google to remove the pages from its cache, and has notified all affected individuals by mail. |
| 10/11/2006 | Republican National Committee | 76 | The Republican National Committee (RNC) inadvertently emailed a list of donors' names, SSNs and races to a New York Sun reporter. |
| 10/11/2006 | Adams State College | 184 | A laptop computer stolen from a locked closet at Adams State College contained personally identifiable data belonging to 184 high school students who participated in the college's Upward Bound program over the last four years. The theft occurred on August 14, but it was not until late September that staff realized the computer held students' data. |
| 10/12/2006 | Congressional Budget Office | | Hackers broke into the Congressional Budget Office's mailing list and sent a phishing e-mail that appeared to come from the CBO. |
| 10/12/2006 | University of Texas at Arlington | 2500 | Two computers stolen from a University of Texas faculty member's home hold the names, SSNs, grades, e-mail addresses and other information belonging to approximately 2,500 students enrolled in computer science and engineering classes between fall 2000 and fall 2006. The theft occurred on September 29 and was reported on October 2. |
| 10/12/2006 | U.S. Census Bureau | | This spring, residents of Travis County, TX helped the Census Bureau test new equipment. When the test period ended, 15 devices were unaccounted for. The Census Bureau and the Commerce Department issued a press release saying the devices held names, addresses and birthdates, but not income or SSNs. |
| 10/13/2006 | Ohio Ethics Commission | | Papers belonging to the Ohio Ethics Commission were found floating on the wind in an alley. The documents are related to state employees' finances and contained SSNs and financial statements. They were supposed to be in the possession of the state archives. |
| 10/13/2006 | Orchard Family Practice | | When a bankrupt Colorado doctor was evicted from his office, the landlord with help from the sheriff's dept.dumped everything from his office in the parking lot, including file cabinets containing personal information of his patients. Scavengers were seen carting off desks and file cabinets, some containing records. The exposed documents were thought to consist of business records containing names, SSNs, dates of birth, and addresses, but not medical information, which the doctor had previously removed. Sheriff's deputies evicting Dr. Charles Kay put files from his office in a nearby parking lot. In a news report, Dr. Kay said he had removed the patient files but not the business files. |
| 10/15/2006 | Poulsbo Department of Licensing | 2200 | An unspecified ôstorage deviceö containing personally identifiable data of approximately 2,200 North Kitsap (WA) residents has been lost from the Poulsbo Department of Licensing. The data include names, addresses, photographs and driver's license numbers of individuals who conducted transactions at the Poulsbo branch in late September. |
| 10/16/2006 | VISA/FirstBank | | FirstBank sent a letter to an unknown number of customers informing them their FirstTeller Visa Check Card numbers were compromised when someone accessed ôa merchant card processor's transaction database.ö The FirstBank letter said customers would receive new cards by October 27. |
| 10/17/2006 | City of Visalia California | 200 | Personally identifiable information of approximately 200 current and former Visalia Recreation Department employees was exposed when copies of city documents were found scattered on a city street. |
| 10/18/2006 | Germanton Elementary School | | A computer stolen from Germanton Elementary school holds students' SSNs. The data on the computer are encrypted. |
| 10/19/2006 | University of Minnesota/Spain | 200 | In June, a University of Minnesota art department laptop computer stolen from a faculty member while traveling in Spain holds personally identifiable information of 200 students. |
| 10/20/2006 | T-Mobile | 43000 | A laptop computer holding personally identifiable information of approximately 43,000 current and former T-Mobile employees disappeared from a T-Mobile employee's checked luggage. T-Mobile has reportedly sent letters to all those affected. The data are believed to include names, addresses, SSNs, dates of birth and compensation information. |
| 10/20/2006 | Allina Hospitals and Clinics | 33000 | A laptop stolen from a nurse's car on October 8 contains the names and SSNs of individuals in approximately 17,000 households participating in the Allina Hospitals and Clinics obstetric home-care program since June 2005. |
| 10/23/2006 | St. Francis Hospital | 260000 | On July 28, 2006, a contractor working for Advanced Receivables Strategy, a medical billing records company, misplaced CDs containing the names and SSNs of 266,200 patients, employees, physicians, and boad members of St. Francis hospitals in Indiana and Illinois. Also affected were records of Greater Lafayette Health Services. The disks were inadvertently left in a laptop case that was returned to a store. The purchaser returned the disks. The records were not encrypted even though St. Francis and ARS policies require encryption. |
| 10/24/2006 | Chicago Board of Election | 780000 | An official from the not-for-profit Illinois Ballot Integrity Project says his organization hacked into Chicago's voter database, compromising the names, SSNs and dates of birth of 1.35 million residents. The Chicago Election Board is reportedly looking into removing SSNs from the database. Election officials have patched the flaw that allowed the intrusion. |
| 10/25/2006 | Department of Homeland Security | 900 | A thumb drive is missing from the TSA command center at Portland International Airport and believed to contain the names, addresses, phone numbers and Social Security numbers of approximately 900 current and former employees. |
| 10/25/2006 | Swedish Medical Center | 1100 | An employee stole the names, birthdates, and Social Security numbers from patients who were hospitalized or had day-surgeries from June 22 to Sept 21. She used 3 patients' information to open multiple credit accounts. |
| 10/26/2006 | Jacobs Neurological Institute | | The laptop of a research doctor was stolen from her locked office at the Institute. It included records of patients and her research data. |
| 10/26/2006 | Tuscarawas County Ohio | | The Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service. |
| 10/26/2006 | LimeWire | 75 | The Denver Police Dept. reports that LimeWire's file-sharing program was exploited to access personal and financial information from |
| 10/26/2006 | Hilb, Rogal & Hobbs | 1243 | In September 2006, a laptop computer was stolen from the insurance brokerage firm. It contained client information including the names, birthdates, and drivers license numbers of Villanova University students and staff who drive university vehicles. |
| 10/26/2006 | Empire Equity Group | | Mortgage files that included personal financial details about loan applicants were found in a dumpster. Empire Equity will pay $12,500 to the State of NC. |
| 10/26/2006 | Colorado Department of Human Services | 1400000 | On Oct. 14, a desktop computer was stolen from a state contractor who processes Colorado child support payments for the Dept. of Human Services. Computer also contained the state's Directory of New Hires. |
| 10/26/2006 | Akron Children's Hospital | 235903 | Overseas hackers broke into two computers at Children's Hospital. One contains private patient data (including Social Security numbers) and the other holds billing and banking information. |
| 10/26/2006 | Children's Hospital | 242000 | |
| 10/27/2006 | Gymboree | 20000 | A thief stole 3 laptop computers from Gymboree's corporate headquarters. They contained unencrypted human resources data (names and Social Security numbers) of thousands of workers. |
| 10/28/2006 | Hancock Askew & Co. LLP | | On October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew. |
| 10/30/2006 | Nissan Motor Co., Ltd. | 5379909 | The Japanese weekly magazine 'The Weekly Asahi' reported that Nissan experienced the leak of a database containing customers' personal information sometime between May 2003 and February 2004. The data includes the customer name, gender, birth date, address, telephone number, vehicle model owned (including base and class), and license plate number. |
| 10/30/2006 | Georgia county clerk of courts' web sites | | A Georgia TV station reported that SSNs could be found on some records posted on county clerk of court web sites, specifically for individuals with federal tax liens filed against them. At least one county clerk -- Cherokee County -- is now removing SSNs from the web site. |
| 10/31/2006 | Avaya | | A laptop stolen from an Avaya employee on October 16 in Florida contained personally identifiable information, including names, addresses, W-2 tax form information and SSNs. |
| 11/1/2006 | Home Finance Mortgage, Inc. | | Company dumped files containing names, addresses, Social Security numbers, credit card numbers, and bank account numbers of people who had applied for mortgage loans. Home Finance and its owners have agreed to pay the State of NC $3,000 for their violations.á |
| 11/1/2006 | U.S. Army Cadet Command | 4600 | A laptop computer was stolen that contained the names, addresses, telephone numbers, birthdates, Social Security numbers, parent names, and mother's maiden names of applicants for the Army's four-year ROTC college scholarship. |
| 11/2/2006 | Muskogee Veterans Affairs Hospital | 1400 | Three disks containing billing information, patient names and Social Security numbers, were lost in the mail. |
| 11/2/2006 | Villanova University | 1243 | |
| 11/2/2006 | Greater Media Inc. | | A laptop computer containing the Social Security numbers of the radio broadcasting company's current and former employees was stolen from their Philadelphia offices. |
| 11/2/2006 | Compulinx | 50 | The CEO of Compulinx was arrested for fraudulently using employees' names, addresses, Social Security numbers and other personal information for credit purposes. (It is unclear whether customers' data was also used). |
| 11/2/2006 | Manhattan Veterans Affairs Medical Center | 1600 | On Sept. 6, an unencrypted laptop computer containing veterans' names, Social Security numbers, and medical diagnosis, was stolen from the hopsital. |
| 11/3/2006 | Wesco | | Wesco gas stations experienced a breach in credit card transactions from July 25-Sept. 7 resulting in inaccurate charges to customer accounts. |
| 11/3/2006 | West Shore Bank | 1000 | Customers' debit cards and possibly credit cards were compromised from a security break last summer at a common MasterCard point-of-purchase provider. |
| 11/3/2006 | University of Virginia | 632 | Due to a computer programming error, Student Financial Services sent e-mail messages to students containing 632 other students' Social Security numbers. |
| 11/3/2006 | Starbucks | 60000 | Starbucks lost track of four laptop computers. Two held employee names, addresses, and Social Security numbers. |
| 11/3/2006 | Several Joliet area motels | | Motel owners and employees allegedly stole and sold customers' credit card numbers. |
| 11/3/2006 | Intermountain Healthcare | 6244 | A computer was purchased at a second-hand store, Deseret Industries, that contained the names, Social Security numbers, employment records, and other personal information about Intermountain Health Care employees employed there in 1999-2000. |
| 11/6/2006 | Bowling Green Ohio Police Department | 200 | The police dept. accidentally published a report on their website containing personal information on nearly 200 people the police had contact with on Oct. 21. Data included names, Social Security numbers, driver's license numbers, etc. |
| 11/7/2006 | City of Lubbock Texas | 5800 | Hackers broke into the city's web site and compromised the online job application database, which included Social Security numbers. |
| 11/10/2006 | ARCO | 440 | From Sept. 29 to Oct. 9, thieves used card skimmers to steal bank account numbers and PIN codes from gas station customers and used the information to fabricate debit cards and make ATM withdrawals. |
| 11/10/2006 | KSL Services, Inc. | 1000 | A disk containing the personal information of approximately 1,000 KSL employees is missing. KSL is a contractor for Los Alamos National Laboratory. |
| 11/10/2006 | Los Alamos National Laboratory | 1000 | |
| 11/11/2006 | Hertz Global Holdings Inc. | 44309 | The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee. |
| 11/14/2006 | Connors State College | 22500 | On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships. |
| 11/15/2006 | Internal Revenue Service | 2359 | According to document s obtained under the Freedom of Information Act, 478 laptops were either lost or stolen from the IRS between 2002 and 2006. 112 of the computers held sensitive taxpayer information such as SSNs. |
| 11/15/2006 | Boeing Co. | 762 | |
| 11/16/2006 | American Cancer Society | | An unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any. |
| 11/16/2006 | Carson City residents | 50 | The Sheriff's Department reported that at least 50 residents had their credit card information stolen by employees of local businesses. The employees apparently sell the account information to international crime rings that produce counterfeit cards. The crime is called 'skimming.' |
| 11/17/2006 | Jefferson College of Health Sciences | 143 | An email containing the names and SSNs of 143 students intended for one employee was inadvertently sent to the entire student body of 900. |
| 11/17/2006 | Automatic Data Processing (ADP) | | ADP sent paperwork for a small Wisconsin company to a Cordova, TN coffee house. The paperwork contained names, birth dates, SSNs, addresses, salaries, and bank account and routing numbers |
| 11/20/2006 | New York City Administration for Childrens Services | | More than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers. |
| 11/25/2006 | Indiana Department of Health | 7500 | Two computers stolen from an Indiana state health department contractor contained the names, addresses, birth dates, SSNs and medical and billing information for more than 7,500 women. The data were collected as part of the state's Breast and Cervical Cancer Program. |
| 11/27/2006 | Chicago Public Schools | 1740 | A company hired to print and mail health insurance information to former Chicago Public School employees mistakenly included a list of the names, addresses and SSNs of the nearly 1,740 people receiving the mailing. Each received the 125-page list of the 1,740 former employees. |
| 11/27/2006 | Greenville South Carolina County School District | 100000 | School district computers sold to the WH Group at auctions between 1999 and early 2006 contained the birth dates, SSNs, driver's license numbers and Department of Juvenile Justice records of approximately 100,000 students. The computers also held sensitive data for more than 1,000 school district employees. |
| 11/27/2006 | Johnston County North Carolina | | Personal data, including SSNs, of thousands of taxpayers, were inadvertently posted on the county web site. The information was removed from the site within an hour after officials became aware of the situation. |
| 11/28/2006 | Kaiser Permanente Colorado | 38000 | A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs. |
| 11/29/2006 | California State University Los Angeles | 2882 | An employee's USB drive was inside a purse stolen from a car trunk. It contained personal information on 48 faculty members and more than 2,500 students and applicants of a teacher credentialing program. Information included names, SSNs, campus ID numbers, phone numbers, and e-mail addresses. |
| 11/30/2006 | Pennsylvania Department of Transportation | 11384 | Thieves stole equipment from a driver's license facility late evening Nov. 28, including computers containing personal information on more than 11,000 people. Information included names, addresses, dates of birth, driver's license numbers and both partial and complete SSNs (complete SSNs for 5,348 people). Also stolen were supplies used to create drivers licenses and photo IDs. The state maintains 97 driver's license facilities. (Hanover township driver's license facility, Dunmore, PA) |
| 11/30/2006 | TransUnion Credit Bureau | 1700 | Four different scam companies downloaded the credit information of more than 1,700 individuals, including their credit histories and SSNs. They were able to illegitimately obtain the password to the TransUnion account held by the Kingman, AZ, court office, which apparently has a subscription to the bureau's services. |
| 12/1/2006 | TD Ameritrade | 300 | According to a letter sent to employees, a laptop was removed (presumably stolen) from the office Oct. 18, 2006, that contained unencrypted information including names, addresses, birthdates, and SSNs. |
| 12/2/2006 | Gundersen Lutheran Medical Center | | A Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint. |
| 12/3/2006 | City of Grand Prairie Texas | | Employees of the city of Grand Prairie were notified that personal records were exposed on the city's Web site for at least a year. Included were the names and SSNs of 'hundreds of employees.' The information has since been removed. The city had been working with a contractor on a proposal for workers' compensation insurance. Along with the proposal, names and SSNs were mistakenly listed. |
| 12/5/2006 | H&R Block | | Many past and present customers received unsolicited copies of the program TaxCut that displayed their SSN on the outside. |
| 12/5/2006 | West Virginia Air National Guard | 1000 | A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing. |
| 12/5/2006 | Nassau Community College | 21000 | A printout is missing that contans information about each of NCC's 21,000 students, including names, SSNs, addresses, and phone numbers. It disappeared from a desk in the Student Activities Office. |
| 12/6/2006 | Premier Bank | 1800 | A report was stolen the evening of Nov. 16 from the car of the bank's VP and CFO while employees were celebrating an award received by the bank. The document contained names and account numbers of customers, but reportedly no SSNs. |
| 12/8/2006 | State of Vermont | | Names and SSNs of 'several hundred' physicians, psychologists and other health care providers were mistakenly posted online by Segal Group, a contractor hired by the state to put its health management contract out for bid. The information was posted from May 12 to June 19. It was discovered when a doctor found her own SSN online. |
| 12/9/2006 | Virginia Commonwealth University | 561 | Personal information of 561 students was inadvertently sent as attachments on Nov. 20 in an e-mail, including names, SSNs, local and permanent addresses and grade-point averages. The e-mail was sent to 195 students to inform them of their eligibility for scholarships. |
| 12/12/2006 | Aetna Inc. / Group Health Insurance Inc. / Nationwide / Wellpoint | 396279 | A lockbox holding personal information of health insurance customers was stolen Oct. 26. Thieves broke into an office building occupied by insurance company vendor, Concentra Preferred Systems. The lockbox contained computer backup tapes of medical claim data for Aetna and other Concentra health plan clients. Exposed data includes member names, hospital codes, and either SSNs or Aetna member ID numbers. SSNs of 750 medical professionals were also exposed. Officials downplay the risk by stating that the tapes cannot be used on a standard PC. |
| 12/12/2006 | UCLA | 800000 | Hacker(s) gained access to a UCLA database containing personal information on current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants, including those who did not attend. Exposed records contained names, SSNs, birth dates, home addresses, and contact information. About 3,200 of those notified are current or former staff and faculty of UC Merced and current and former staff of UC's Oakland headquarters. |
| 12/12/2006 | University of Texas at Dallas | 35000 | The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names, SSNs, home addresses, phone numbers and e-mail addresses. |
| 12/13/2006 | Boeing Co. | 382000 | In early December, a laptop was stolen from an employee's car. Files contained names, salary information, SSNs, home addresses, phone numbers and dates of birth of current and former employees. |
| 12/14/2006 | St. Vrain Valley School District | 600 | Paper records containing student information were stolen, along with a laptop, from a nurse's car Nov. 20. Personal information included students' names, dates of birth, names of their schools, what grade they are in, their Medicaid numbers (presumably SSNs), and their parents' names. The laptop contained no personal data. |
| 12/14/2006 | Durham (N.C.) Public Schools | | |
| 12/14/2006 | Geisinger Health Systems / Williamson Medical Center / Emory University / Grady Memorial Hospital | 64030 | On Nov. 23, 2006, two computers (one desktop, one laptop) were stolen from Electronic Registry Systems, a business contractor in suburban Springdale, OH, that provides cancer patient registry data processing services. It contained the personal information (name, date of birth, Social Security number, address, medical record number, medical data and treatment information) of cancer patients from hospitals in Pennsylvania , Tennessee , Ohio and Georgia , dating back to 1977 at some hospitals. |
| 12/14/2006 | Riverside High School | | Two students discovered a breach in the security of a Durham Public Schools computer as part of a class assignment. They reported to school officials that they were able to access a database containing SSNs and other personal information of thousands of school employees. The home of one student was searched by Sheriff's deputies and the family computer was seized. |
| 12/15/2006 | University of Colorado at Boulder | 17500 | A server in the Academic Advising Center was the subject of a hacking attack. Personal information exposed included names and SSNs for individuals who attended orientation sessions from 2002-2004. CU-Boulder has since ceased using SSNs as identifiers for students, faculty, staff, and administrators. |
| 12/16/2006 | North Bay Regional Center | 3000 | |
| 12/16/2006 | City of Wickliffe Ohio | 125 | Hackers breached security in one of the city's three computer servers containing personal information on some city employees, including names and SSNs. |
| 12/19/2006 | Mississippi State University | 2400 | SSNs and other personal information were 'inadvertently' posted on a publicly accessible MSU Web site. The breach was discovered 'last week' and the information has since been removed. |
| 12/20/2006 | Big Foot High School (WI) | 87 | Personal information was accidentally exposed on the High School's Web site for a short time, perhaps for about 36 minutes, according to a report. Information included last names, SSNs, and birthdates. |
| 12/20/2006 | Lakeland Library Cooperative | 15000 | Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed. |
| 12/20/2006 | Deb Shops, Inc. | | A hacker illegally accessed company Web pages and a related data base used for Internet-based purchases. The intruder may have accessed customers' credit card information including names on cards and credit card numbers. |
| 12/20/2006 | SFX Baseball Inc. | 117 | A Chicago man apparently removed documents from a trash bin outside SFX Baseball Inc., a sports agency that deals with Major League Baseball. He used information found on those documents to commit identity theft on at least 27 Lake County residents. Information found during a search of the thief's home included SSNs, birthdates, canceled paychecks, obituaries, and infant death records. |
| 12/21/2006 | Santa Clara County (CA) | 2500 | A computer stolen from the agency holds the SSNs of approximately 2,500 individuals. |
| 12/22/2006 | Bank of America | | A former contractor for Bank of America unauthorizedly accessed the personal information (name, address, phone number, Social Security number) of an undisclosed number of customers, for the purpose of committing fraud. |
| 12/22/2006 | United States State Department | 700 | A bag containing approximately 700 completed passport applications was reported missing on December 1. The bag, which was supposed to be shipped to Charlotte, NC, was found later in the month at Los Angeles International Airport. |
| 12/22/2006 | Utah Valley State College | 15000 | |
| 12/22/2006 | Texas Woman's University | 15000 | A document containing names, addresses and SSNs of 15,000 TWU students was transmitted over a non-secure connection. |
| 12/27/2006 | Montana State University | 259 | A student working in the loan office mistakenly sent packets containing lists of student names, Social Security numbers, and loan information to other students |
| 12/27/2006 | Deaconess Hospital | 128 | A computer missing from the hospital holds personal information, including SSNs, of 128 respiratory therapy patients. |
| 12/29/2006 | KeyCorp | 9300 | A laptop computer stolen from a KeyCorp vendor contains personally identifiable information, including SSNs, of 9,300 customers in six states. |
| 12/29/2006 | Wisconsin Department of Revenue | 171000 | Tax forms were mailed to taxpayers in which SSNs were inadvertently printed on the front of some Form 1 booklets. Some were retrieved before they were mailed. |
