Home | Advertise | Donate | Speaking Engagements | Consulting

Data Security Breach Statistics

2007 Summary

Records Compromised by Breach Source 2007


Incidents by Breach Source 2007


Security Breaches

DateNameRecords CompromisedDescription
1/2/2007News accounts are not clear as to source, but thought to be a realty officeAbout 40 boxes of financial paperwork, thought to be from loan applications, was found in a dumpster. One of the boxes visible to news reporters was said to contain paperwork with bank account details, photocopies of driver's licenses, SSNs and 'other private information.'
1/3/2007Academic Magnet High School500
1/4/2007Johnston County North Carolina30
1/4/2007Unnamed medical center, via Newark Recycling CenterAn individual found unshredded medical records in 36 boxes at the Newark Recycling Center.
1/4/2007Selma, NC, Water Treatment PlantA laptop stolen from the water treatment facility holds the names and SSNs of Selma volunteer firefighters.
1/5/2007Dr. Baceski's office, internal medicineA hard drive was stolen containing personal information on 'hundreds of patients.'
1/8/2007University of Notre DameA University Director's laptop was stolen before Christmas. It contained personal information of employees, including names, SSNs, and salary information.
1/8/2007Altria / United Technologies / Prudential Financial / Random House180005 laptops were stolen from Towers Perrin, allegedly by a former employee. The theft occurred Nov. 27, 2006. The computers contain names, SSNs, and other pension-related information, presumably of several companies, although news reports are not clear.
1/10/2007University of ArizonaBreaches occurred in November and December 2006 that affected services with UA Student Unions, University Library, and UA Procurement and Contracting Services. Some services were shut down for several days.
1/11/2007University of Idaho70000Over Thanksgiving weekend, 3 desktop computers were stolen from the Advancement Services office containing personal information of alumni, donors, employees, and students. 331,000 individuals may have been exposed, with as many as 70,000 records containing SSNs, names and addresses.
1/12/2007MoneyGram79000MoneyGram, a payment service provider, reported that a company server was unlawfully accessed over the Internet last month. It contained information on about 79,000 bill payment customers, including names, addresses, phone numbers, and in some cases, bank account numbers.
1/13/2007North Carolina Department of Revenue30000A laptop computer containing taxpayer data was stolen from the car of a NC Dept. of Revenue employee in mid-December. The files included names, SSNs or federal employer ID numbers , and tax debt owed to the state.
1/16/2007University of New MexicoAt least 3 computers and 4 monitors were stolen from the associate provost's office overnight between Jan. 2 and 3. They may have included faculty members' names and SSNs.
1/17/2007TJX Companies Inc.94000000The TJX Companies Inc.experienced an 'unauthorized intrusion' into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is 'the leading off-price retailer of apparel and home fashions in the U.S. and worldwide.'
1/17/2007Rincon Del Diablo Municipal Water District5002 computers were stolen from the district office. One included names and credit card numbers of customers.
1/18/2007KB Home2700A computer was stolen from one of the home builder's offices. It likely contained names, addresses, and SSNs of people who had visited the sales office for Foxbank Plantation in Berkeley County near Charleston.
1/19/2007Internal Revenue Service / Kansas City Government26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to City Hall. They potentially contain taxpayers' names, SSNs, bank account numbers, or employer information. The 26 tapes were the entire shipment received by the City last August. The disappearance was noticed late December 2006.
1/20/2007Greenville South Carolina County School District
1/22/2007U.S. Dept. of Veteran's AffairsFolders of veterans' personal information were stolen from a locked car in Bremerton, WA. News stories are not clear on the type of information contained in the folders.
1/22/2007Chicago Board of Election1300000About 100 computer discs (CDs) with 1.3 million Chicago voters' SSNs were mistakenly distributed to aldermen and ward committeemen. CDs also contain birth dates and addresses.
1/23/2007Xerox297
1/23/2007Clay High School (Oregon)A former high school student obtained sensitive staff and student information through an apparent security breach. The data was copied onto an iPod and included names, birth dates, SSNs, addresses, and phone numbers.
1/24/2007Rutgers University200An associate professor's laptop was stolen, containing names and SSNs of 200 students. Rutgers no longers uses SSNs as student IDs, but student IDs from past years are still SSNs.
1/25/2007Ohio Board of Nursing3031The agency's Web site posted names and SSNs of newly licensed nurses twice in the past 2 months. SSNs were supposed to have been removed before posting.
1/25/2007Wahiawa Women Infants and Children11500A WIC employee apparently stole the personal information of agency clients, including SSNs, and committed identity theft on at least 3 families and perhaps 2 more. The Health Director said the agency will no longer use SSNs in its data base.
1/26/2007Anthem Blue Cross Blue Shield50000Cassette tapes containing customer information were stolen from a lock box held by one of its vendors. Data included names and SSNs.
1/26/2007Chase Bank / Bank One4100A Bossier woman bought a used desk from a furniture store. She discovered a 165-page spread sheet in a drawer that included names and SSNs of bank employees. The document was returned to the bank.
1/26/2007Eastern Illinois University1400A desktop computer was stolen from the Student Life office containing membership rosters -- including SSNs, birthdates, and addresses -- of the University's 23 fraternities and sororities. A hard drive and memory from 2 other computers were also stolen.
1/26/2007Indiana Department of Transportation4000The names and SSNs of INDOT employees were inadvertently posted on an internal network computer drive sometime between Sept. 6 and Dec. 4, 2006.
1/26/2007Vanguard University5105On Jan. 16, 2 computers were discovered stolen from the financial aid office. Data included names, SSNs, dates of birth, phone numbers, driver's license numbers, and lists of assets.
1/28/2007Salina Regional Health Center1100
1/29/2007Vermont Agency of Human Services70000
1/29/2007Mendoza College of Business, Notre Dame UniversityA file of individuals who took the GMAT test (Graduate Management Admissions Test) was mistakenly left on a computer that was decommissioned. The computer was later reactivated and plugged into the Internet. Its files were available through a file-sharing program. Data included names, scores, SSNs and demographic information from 2001.
2/1/2007Massachusetts Department of Industrial Accidents1200A former state contractor allegedly accessed a workers' compensation data file and stole personal information, including SSNs. The thief used the data to commit identity theft on at least 3 individuals.
2/2/2007Wisconsin Legislative Human Resources Office150A document containing personal information of Wisconsin Assembly members was stolen from a legislative employee's car while she was exercising at a local gym. It contained names, addresses, and SSNs.
2/2/2007New York Department of StateThe agency's Web site posted commercial loan documents that mistakenly contained SSNs. The forms are posted to let lenders know the current financial status of loan recipients.
2/2/2007San Francisco Indian ConsulateVisa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.
2/2/2007University of Missouri1220A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.
2/2/2007Birmingham Veterans Affairs Medical Center1835000An employee reported a portable hard drive stolen or missing that might contain personal information about veterans including Social Security numbers.
2/3/2007CTS800The computer and hard drive of a tax preparation company were stolen. Data included names, bank account numbers, routing numbers, birthdates, SSNs, and addresses.
2/6/2007New York Department of Labor537Laptop computer containing personal information for people who were employed by 13 Capital Region businesses stolen from state tax auditor's apartment.
2/6/2007Metro Credit ServicesFiles of the defunct bill collection company containing medical records, phone bills and Social Security numbers were found in a trash bin.
2/7/2007Johns Hopkins Hospital135000Johns Hopkins reported the disappearance of 9 backup computer tapes containing personal information of employees and patients, Eight of the tapes contained payroll information on 52,000 past and present employees, including SSNs and in some cases bank account numbers. The 9th tape contained 'less sensitive' information about 83,000 hospital patients.
2/7/2007Front Range Ski Shop15000The shop's Web site was broken into and customer information including credit card account data may have been accessed.
2/7/2007Central Connecticut State University750Social Security numbers of about 750 CCSU students were exposed in the name and address window on envelopes mailed to them. The envelopes were not folded correctly. They contained IRS 1098T forms.
2/7/2007A Toronto, Ontario, residenceCredit card data for more than 35,000 individuals from across North America were discovered by police when they executed a search warrant at a Toronto residence. A man has since been arrested on fraud and counterfeiting charges.
2/7/2007University of Nebraska Lincoln72An employee accidentally posted SSNs of 72 students, professors, and staff on UNL's public Web site where they remained for 2 years. They have since been removed.
2/8/2007St. Mary's Hospital130000A laptop was stolen in December that contained names, SSNs, and birthdates for many of the Hospital's patients.
2/8/2007Piper Jaffray1000W-2s sent to current and former employees in January included employees' Social Security numbers on the outside of the envelope. Though the numbers were not identified as Social Security numbers, they followed the standard XXX-XX-XXXX format. Executives indicated the mishap was an error by a third-party vendor.
2/9/2007East Carolina University65000A programming error resulted in personal information of 65,000 individuals being exposed on the University's Web site. The data has since been removed. Included were names, addresses, SSNs, and in some cases credit card numbers.
2/9/2007Radford University2400A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.
2/10/2007State of Indiana76600A hacker gained access to the State Web site and obtained credit card numbers of individuals who had used the site's online services and gained access to Social Security numbers for 71,000 health-care workers. www.IN.gov
2/11/2007Washington D.C Metropolitan Police Department2000
2/14/2007Kaiser Permanente22000A doctor's laptop was stolen from the Medical Center containing medical information of 22,000 patients. But only 500 records contained SSNs.
2/15/2007Iowa Department of Education160000Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.
2/15/2007City College of San Francisco11000Names, grades, and SSNs were posted on an unprotected Web site after summer session in 1999. CCSF stopped using SSNs as studens IDs in 2002.
2/17/2007State of Connecticut1753Personal information of state employees including names and Social Security numbers was inadvertently posted on the Internet in a spreadsheet of vendors used by the state.
2/19/2007Clarksville-Montgomery County Schools633Staff and faculty Social Security numbers, used as employee identification numbers, were embedded in file photos by the company that took yearbook pictures and inadvertently placed in a search engine on school system's Web site.
2/19/2007Stop & ShopCredit and debit card account information including PIN numbers was stolen by high-tech thieves who apparently broke into checkout-line card readers and PIN pads and tampered with them.
2/19/2007Seton Family of Hospitals7800A laptop with uninsured patients' names, birth dates and Social Security numbers was stolen last week from the Seton hospital system. The uninsured patients had gone to Seton emergency rooms and city health clinics since July 1, 2005.
2/19/2007Social Security Admin.13Files of disability applicants containing Social Security numbers, addresses, phone numbers of family members, dates of birth and work history, and detailed medical information were lost/stolen when a telecommuting employee abandoned them in a locked filing cabinet at home after a threat of domestic violence. Several of the files were mailed back to the local SSA office months later; others were found in a dumpster recently, and four were never recovered.
2/20/2007Back and Joint Institute of Texas20 boxes containing Social Security numbers, photocopies of driver's license numbers, addresses, phone numbers and private medical history of chiropractic patients were found in a dumpster.
2/21/2007Georgia Tech University3000Personal information of former employees mostly in the School of Electrical and Computer Engineering including names, addresses, Social Security number, other sensitive information, and about 400 state purchasing card numbers was compromised by unauthorized access to a Georgia Tech computer account.
2/22/2007Speedmark35000Thieves stole several computers, one of which contained a database with personally identifying information including names, addresses, e-mail accounts, and Social Security numbers of Speedmark's mystery shopper employees and contractors.
2/23/2007Rabun Apparel1006Names and Social Security numbers of former employees were accessible on the Internet from Jan. 15 until Feb. 20.
2/28/2007Gulf Coast Medical Center9986Patient information including names and Social Security numbers was compromised when two computers went missing. 1,900 individuals were affected by a theft in Nashville, TN in November and 8,000 when another computer was stolen in Tallahassee in February.
3/1/2007Westerly Hospital2200Patient names, Social Security numbers, contact information as well as insurance information were posted on a publicly-accessible Web site.
3/2/2007Calif. Dept. of Health Services54Benefit notification letters containing names addresses, Medicare Part D plan names and premium payment amounts of some individuals enrolled in the California AIDS Drug Assistance Program (ADAP) were mailed to another enrollee.
3/2/2007Metropolitan State College of Denver988A faculty member's laptop computer that contained the names and Social Security numbers of former students was stolen from its docking station on campus.
3/3/2007Johnny's Selected Seeds11500Hacker accessed credit card account information of online customers. About 20 credit cards have been used fraudulently.
3/7/2007United States Census BureauPersonal information of 302 households including names, addresses, phone numbers, birth dates and family income ranges were posted on a public Internet site multiple times over a five-month period from October 2006 to Feb. 15, 2007 when Census employees working from home tested new software records.
3/7/2007Los Rios Community College2000Student information including Social Security numbers were accessible on the Internet after the school used actual data to test a new onine application process in October.
3/9/2007California National Guard1300A computer hard drive containing Social Security numbers, home addresses, birth dates and other identifying information of California National Guard troops deployed to the U.S.-Mexico border was stolen.
3/10/2007University of Idaho2700A data file posted to the school's Web site contained personal information including names, birthdates and Social Security numbers of University employees.
3/13/2007U.S. Dept. of AgricultureA total of 95 USDA computers were lost or stolen between Oct. 1, 2005, and May 31, 2006. Some may have contained personal information such as names, addresses, Social Security numbers and payment information. Two-thirds of the computers contained unencrypted data.
3/14/2007Empire Blue Cross Blue Shield / Wellpoint75000An unencrypted disc containing patient's names, Social Security numbers, health plan identification numbers and description of medical services back to 2003 was lost en route to a subcontractor.
3/16/2007Ohio State Auditor1950A laptop containing personal information of current and former employees of Springfield City Schools including their names and Social Security numbers was stolen from a state auditor employee's vehicle while parked at home in a garage.
3/16/2007Springfield (Ohio) City Schools1950
3/19/2007Science Applications International Corp. (SAIC)Barrels filled with thousands of sensitive documents including printed copies of e-mail and performance evaluations along with documents marked ôinternal use only û not for public releaseö and ôfor official use onlyö were found on the curb outside of SAIC's local office.
3/20/2007Tax Service Plus4000Thieves stole the company's backup computer, which contained financial data on thousands of tax returns dating back three years.
3/20/2007Health Resources, Inc.2031From Jan 24, 2007 to Feb 6, 2007, a Web site glitch allowed employers with access to private health information to obtain the name, address, Social Security number, dependent names and birthdates of other patients.
3/23/2007Swedish Urology GroupThree computer hard drives with personal files on hundreds of local patients including was stolen.
3/24/2007Group Health Cooperative Health Care System31000Two laptops containing names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees have been reported missing.
3/26/2007U.S. Army Training and Doctrine Command16000
3/27/2007St. Mary Parish Schools (Louisiana)380Personal information including Social Security numbers of St. Mary Parish public school employees was available on the Internet when a Yahoo!Web crawler infiltrated the server of the school's technology department.
3/29/2007Los Angeles County Child Support Services243000Three laptops containing personal information including about 130,500 Social Security numbers ù most without names, 12,000 individuals' names and addresses, and more than 101,000 child support case numbers
3/29/2007RadioShack20 boxes of discarded records including sales receipts with credit card numbers spanning from 2001 to 2005 and personal information of store employees were found in a dumpster.
3/30/2007University of Montana-Western400A computer disk containing students' Social Security numbers, names, birth dates, addresses and other personal information was stolen from a professor's office. The stolen information belonged to students enrolled in the TRIO Student Support Services program, which offers financial and personal counseling and other assistance.
3/30/2007Navy Station San DiegoThree laptops were reported missing that may contain Sailors' names, rates and ratings, Social Security numbers, and college course information. The compromise could impact Sailors and former Sailors homeported on San Diego ships from January 2003 to October 2005 and who were enrolled in the Navy College Program for Afloat College Education.
4/4/2007University of California San Francisco46000An unauthorized party may have accesed the personal information including names, Social Security numbers, and bank account numbers of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years by compromising the security of a campus server.
4/5/2007Security Title AgencyHackers defamed the company's Web site and may have accessed customer information which is stored on the same server as the site.
4/5/2007DCH Health System6000An encrypted disc and hardcopy documents containing retirement benefit information including Social Security numbers and other personal information were lost. Tracking data indicates the package was delivered to the addressee's building, but the intended recipient never received the package.
4/6/2007Chicago Public Schools40000Two laptop computers contain the names and Social Security numbers of current and former employees was stolen from Chicago Public Schools headquarters.
4/6/2007Hortica268000A locked shipping case of backup tapes containing personal information including names, Social Security numbers, drivers' license numbers, and bank account numbers is missing.
4/9/2007Turbo TaxUsing Turbo Tax online to access previous returns, a Nebraska woman was able to access tax returns for other Turbo Tax customers in different parts of the country. The returns contained personal information needed to e-file including bank account numbers with routing digits and Social Security numbers.
4/10/2007Georgia Department of Community Health2900000A computer disk containing personal information including addresses, birthdates, dates of eligibility, full names, Medicaid or children's health care recipient identification numbers, and Social Security numbers went missing from a private vendor, Affiliated Computer Services (ACS), contracted to handle health care claims for the state.
4/11/2007New Horizons Community Credit Union9000A laptop computer that contained personal information of members who had loans with the credit union was stolen from Protiviti, a consultant employed by Bellco Credit Union conducting due diligence to prepare a possible acquisition bid.
4/11/2007ChildNet12000An organization responsible for managing Broward County's child welfare system believe a dishonest former employee stole a laptop from the agency's office. It contains personal information of adoptive and foster-care parents including financial and credit data, Social Security numbers, driver's license data and passport numbers.
4/12/2007University of Pittsburgh Medical Center80Personal information including names, Social Security numbers, and radiology images of patients were previously included in two medical symposium presentations that were posted on UPMC's Web site. Though the presentation was later removed in 2005, the presentations were apparently inadvertently re-posted on the site and only recently removed again.
4/12/2007Black Hills State University56Names and Social Security numbers of scholarship winners were inadvertently posted and publicly available on the university's web site.
4/12/2007Bank of AmericaA laptop containing personal information of current, former and retired employees including names, addresses, dates of birth and Social Security numbers was stolen when an employee was a 'victim of a recent break-in.'
4/12/2007Fulton County Georgia7500030 boxes of Fulton County voter registration cards that contain names, addresses and Social Security numbers were found in a trash bin.
4/17/2007Ohio State University14094A hacker accessed the names, Social Security numbers, employee ID numbers and birth dates of 14,000 current and former staff members. In a separate incident, the names, Social Security numbers and grades of 3,500 former chemistry students were on class rosters housed on two laptop computers stolen from a professor's home in late February.
4/17/2007CVS Corp.1000The Attorney General of Texas filed a complaint against CVS Pharmacy for illegally disposing of personal information including active debit and credit card numbers, complete with expiration dates and medical prescription forms with customer's name, address, date of birth, issuing physician and the types of medication prescribed. The information was found in a dumpster behind a store that apparently was being vacated.
4/18/2007Ohio State University3500
4/18/2007University of California San Francisco3000A computer file server containing names, contact information, and Social Security numbers for study subjects and potential study subjects related to studies on causes and cures for different types of cancer was stolen from a locked UCSF office. For some individuals, the files also included personal health information.
4/19/2007New Mexico State University5600The names and Social Security numbers of students who registered online to attend their commencement ceremonies from 2003 to 2005 were accidentally posted on the school's Web site when an automated program moved what was supposed to be a private file into a public section of the Web site.
4/20/2007United States Department of Agriculture38700The Social Security numbers of people who received loans or other financial assistance from two Agriculture Department programs were disclosed since 1996 in a publicly available database posted on the Internet.
4/20/2007Albertsons100Credit and debit card numbers were stolen using bogus checkout-line card readers resulting in card numbers processed at those terminals being captured and some to be misused.
4/20/2007Los Alamos National Laboratory550The names and Social Security numbers of lab workers were posted on a Web site run by a subcontractor working on a security system.
4/23/2007Federal Emergency Management Agency2300Social Security numbers of Disaster Assistance Employees were printed on the outside address labels of . reappointment letters
4/24/2007Baltimore County Department of Health6000A laptop containing personal information including names, date of birth, Social Security numbers, telephone numbers and emergency contact information of patients who were seen at the clinic between Jan. 1, 2004 and April 12 was stolen.
4/24/2007The Neiman Marcus Group160000Computer equipment in the possession of a pension consultant containing files with sensitive information including name, address, Social Security number, date of birth, period of employment and salary information of Neiman Marcus Group's current and former employees and their spouses was stolen.
4/24/2007Purdue University175Personal information including names and Social Security numbers of students who were enrolled in a freshman engineering honors course was on a computer server connected to the Internet that had been indexed by Internet search engines and consequently was available to individuals searching the Web.
4/26/2007Ceridian Corp.150A former employee had data containing the personal information of employees including 'ID' and bank-account data and then, accidentally posted it on a personal Web site.
4/26/2007Innovation Interactive150
4/27/2007Caterpillar Inc.A laptop computer containing personal data of employees including Social Security numbers, banking informatoin and addresses was stolen from a benefits consultant that works with the company.
4/27/2007Couriers On DemandPersonal information of job applicants was accidentally published to the Internet.
4/27/2007Google AdsTop sponsored Google ads linked to 20 popular search terms were found to install a malware program on users' computers to capture personal information and used to access online accounts for 100 different bank.
4/29/2007University of New Mexico3000Employees' personal information including names, e-mail and home addresses, UNM ID numbers and net pay for a pay period for staff, faculty and a few graduate students may have been stored on a laptop computer stolen from the San Francisco office of an outside consultant working on UNM's human resource and payroll systems.
5/1/2007J. P. MorganDocuments containing personal financial data of customers including names, addresses and Social Security numbers were found in garbage bags outside five branch offices in New York.
5/1/2007Healing Hands ChiropracticMedical records containing the personal information of chiropractic patients including records Social Security numbers, birth dates, addresses and, in some cases, credit card information wee thrown in a dumpster ôdue to lack of office space.ö
5/1/2007JPMorgan Chase47000A computer tape containing personal information of wealthy bank clients and some employees was delivered to a secure off-site facility for storage but was later reported missing.
5/1/2007Maine State Lottery CommissionDocuments containing personal information such as names, Social Security numbers, references to workers compensation claim records, psychiatric and other medical records, and police background checks were found in a dumpster.
5/1/2007Champaign Fraternal Order of Police139The names and Social Security numbers of Champaign police officers were left on a computer donated to charity.
5/3/2007Louisiana State University750A laptop stolen from a faculty member's home contained personally identifiable information including may have included students' Social Security numbers, full names and grades of University students.
5/3/2007Maryland Department of Natural Resources1400Personal information of current and retired employees including names and Social Security numbers was downloaded to a 'thumb drive' by an employee who wanted to work at home but was lost en route.
5/3/2007Montgomery CollegeA new employee posted the personal information of all graduating seniors including names, addresses and Social Security numbers on a computer drive that is publicly accessible on all campus computers.
5/4/2007United States Transportation Security Administration100000A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.
5/7/2007Indiana Department of AdministrationAn employee uploaded a list of certified women and minority business enterprises to the department's Web site and inadvertently included their tax identification numbers, which for some businesses and sole proprietorships is the owner's Social Security number.
5/8/2007University of Missouri22396A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.
5/10/2007Highland Hospital13000Two laptop computers, one containing patient information including Social Security numbers, were stolen from a business office. The computers were sold on eBay, and the one containingápersonal information was recovered.
5/11/2007UCI Medical Center300About 1,600 file boxes stored in an off-site university warehouse were discovered missing. Some of the files included patients' names, addresses, Social Security numbers and medical record numbers.
5/12/2007Doctor and dentistA local TV news reporter exposed that a medical office disposed of patient records without shredding them. Included were SSNs and dates of birth, as well as medical information.
5/12/2007Goshen College7300A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.
5/14/2007Community College of Southern Nevada197518A virus attacked a computer server and could have allowed a hacker to access students' personal information including names, Social Security numbers and dates of birth, but the school isánot certain whether anything was actually stolen from the school's computer system.
5/15/2007San Diego Unified School DistrictIn a letter to its employees, the School District said it had been notified by law enforcement that a former employee had access to personal identification information of 'a select number of district employees.' Those employees were notified separately. The letter said it has 'no specific knowledge of any attempted fraud...'
5/15/2007IBMAn unnamed IBM vendor lost computer tapes containing information on IBM employees -- mostly ex-workers -- including SSNs, dates of birth, and addresses. They went missing in transit frm a contractor's vehicle.
5/16/2007Indianapolis Public Schools7500A local newspaper reporter discovered that sensitive personal information was accessible online, including employee performance reviews, student gradebooks, student special education needs, and essays
5/17/2007Alcatel-LucentThe telecom and networking equipment maker notified employees that a computer disk containing personal information was lost in transit to Aon Corp., another vendor. It contained names, addresses, SSNs, birth dates, and salary information of current and former employees.
5/17/2007Georgia Department of Human Resources140000The GA Dept. of Human Resources notified parents of infants born between 4/1/06 and 3/16/07 that paper records containing parents' SSNs and medical histories -- but not names or addresses -- were discarded without shredding.
5/17/2007Detroit Water and Sewerage Department3000A laptop containing City employee information was stolen from the vehicle of an insurance company employee .
5/19/2007Texas Commission on Law Enforcement Officers Standards and Education97000A computer was stolen from the state agency that licenses police officers. It contained information on every licensed peace officer in Texas, including SSNs, driver's license numbers, and birth dates.
5/19/2007Yuma Elementary School District 191SSNs of 91 substitute teachers were stolen May 7 when a district employee's car was broken into and a brief case was taken containing payroll reports. The reports did not include bank account information..
5/19/2007Illinois Department of Financial and Professional Regulation300000A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate professionals were exposed. The hacking incident was discovered May 3.
5/19/2007Stony Brook University89853SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.
5/20/2007Northwestern UniversityA laptop belonging to the financial aid office was stolen. It contained SSNs and other information of 'some alumni.'
5/20/2007Riverside Community Hospital10000
5/21/2007Columbia Bank (NJ)Columbia Bank notified its online banking customers of a hacking incident. Names and SSNs were accessed, but account numbers and passwords were not.
5/22/2007University of Pittsburgh Medical Center6000UPMC mailed a fundraising letter to 6,000 former patients on May 7. The donor response cards 'inadvertently' included each individual's SSN in the tracking code, visible through the envelope window.
5/22/2007University of Colorado at Boulder44998A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.
5/23/2007Check into CashConsumer loan documents and related reports were found in a trash bin behind the shopping center where Check into Cash is located. Documents contained Social Security numbers, addresses, copies of driver's licenses and other personal information of the company's customers.
5/24/2007Waco Independent School District17400Two high school seniors recently hacked into the district's computer network potentially compromising the personal information including Social Security numbers of students and employees.
5/24/2007Beacon Medical Services5000Private medical and financial information including patient records from at least 10 Colorado clinics and hospitals, and one hospital in Peoria, Illinois that should have been only accessible through VPN access were inadvertently available on the Internet.
5/25/2007Family Health Plus / Child Health Plus
5/25/2007Booker T. Washington Community CenterA laptop computer with personal information of individuals who applied for Family Health Plus or Child Health Plus state health insurance program benefits was recovered when a woman tried to sell it at a pawn shop.
5/25/2007North Carolina Department of Transportation25000A computer server used to back up employee identification badge records that included the names and Social Security numbers of NCDOT employees, contractors and other state employees was compromised.
5/26/2007CoverTN279A computer error at the Cover Tennessee health insurance program caused small business owners who chose not to print out their forms from the Web site to have their personal information including Social Security numbers added to the next user's printout request.
5/31/2007Priority One Credit UnionPriority One Credit Union sent out election ballots to members with Social Security numbers and account numbers printed on the outside of the envelopes
6/1/2007JAX Federal Credit Union7500Social Security numbers and account numbers of clients were accidentally posted on the Internet, then indexed by Google. JFCU was transmitting information to a printer for a preapproved auto loan mailing when the information was picked up by Google from the printer's Web site. JFCU normally transmits information on an encrypted disk delivered by courier, but when the printer couldn't open the disk, the information was sent again, but wasn't encrypted and included Social Security numbers and account numbers.
6/1/2007Northwestern University4000Files containing personal information of students and applicants were available online.
6/1/2007Fresno County California10000Missing computer disk contains names, addresses, Social Security numbers.The county sent it by courier to a software vendor's office in San Jose to determine workers' eligibility for health care benefits.The software company, Refined Technologies Inc., said they never received the disk.
6/3/2007Gadsden State Community College400Students who took an Art Appreciation class at the Ayers Campus between 2005 and 2006 had their names, grades and Social Security numbers scattered across a local business' driveway.
6/4/2007Stevens Hospital550Laptop exposed to Internet, information did include names, addresses, and Social Security numbers.The situation occurred when one of the subcontractors had a lapse in its data security procedures.
6/6/2007Cedarburg High SchoolStudents obtained names, addresses and Social Security numbers and might have accessed personal bank account information of current and former district employees..
6/6/2007HarborOne Credit Union9000Data compromise disclosed by the retailer in January. The breach resulted in HarborOne having to block and reissue about 9,000 debit cards.
6/7/2007Dearfield Medical BuildingA box was discovered at inside a trash bin in May and contains information about lab tests and insurance approvals as well as other medical issues, documents are not medical charts, but do contain patient names and contact information.
6/7/2007Huntsville County400As many as 400 people and banking institutions may be victims in a credit card or debit card cloning. In Alabama and Georgia card numbers were stolen after the cards were used at Huntsville restaurants and carry-out businesses.
6/8/2007University of Virginia5735A breach in one of the computer applications that resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005 and April 19, 2007, hackers tapped into the records of 5,735 faculty members.
6/8/2007University of Iowa1100Social Security numbers of faculty, students and prospective students were stored on the Web database program that was compromised. www.grad.uiowa.edu/news/incident.htm
6/9/2007UPS142
6/9/2007Concord Hospital9297Names, addresses, dates of birth and Social Security numbers exposed on the internet ôfor a period of time,ösecurity lapsed from a subcontractor that handles its online billing.
6/11/2007Grand Valley State University3000A flash drive containing confidential information was stolen. Social Security numbers of current and former students were on the flash drive, stolen from the English department.
6/11/2007Pfizer17000Installation of certain file sharing software on a Pfizer laptop, exposed files containing names, Social Security numbers, addresses and bonus information of present and former Pfizer colleagues. Investigation revealed that certain files containing data were accessed and copied.
6/14/2007Georgia Tech University23000An electronic file containing the personal information of current and former Georgia Tech students was exposed briefly.
6/14/2007Division of Workforce Services20000Children's Social Security numbers are believed to have been compromised by identity thieves.
6/14/2007City of Lynchburg1200Personal information of Lynchburg city employees and retirees was accidentally posted on the city's website among that information employee's prescription medications.
6/14/2007Hamburger Hamlet Restaurant40Former waitress made off with the credit or debit card numbers of at least half a dozen patrons - and possibly as many as 40. Already, about $16,300 in unauthorized charges have been linked to the scam.
6/15/2007State of Ohio1300000A backup computer storage device with the names and Social Security numbers of every state worker was stolen out of a state intern's car. The tape, which was stolen in June, contains personally identifiable information of nearly 84,000 current and former Ohio state employees and more than 47,000 state taxpayers.
6/18/2007Texas A&M Corpus Christi8000A professor vacationing off the coast of Africa took data with him on a small computer, which was lost or stolen. It is thought to contains SSNs and dates of birth for students enrolled in the spring, summer and fall semesters of 2006
6/18/2007Parisexposed.com750Investigation by The Smoking Gun Web site said that by changing a few characters on the web page URL it was possible to see the subscriber's name, email address, password, phone number, mailing address and credit card number.
6/18/2007Shamokin Area School DistrictA local newspaper employee gained unauthorized access to the Shamokin Area School District's computer database. It is the same system that stores students' personal information, including Social Security numbers. That newspaper employee brought the security flaw to the attention of school officials.
6/20/2007University Community HospitalA parent says his son should never have received bills in the mail for a pre-employment drug screening visit. Among the bills there's something else he was surprised to see, information about others who were also tested, 'Like 17 of them here with the Social Security numbers.'
6/21/2007American Airlines365Personal information including Social Security numbers of pilots and other employees at American Airlines, including the chief executive, was exposed on a company Web site.
6/22/2007Texas First Bank4000Information such as account numbers, Social Security numbers, names and addresses may have been stored on a stolen laptop computer during a car theft in Dallas.
6/23/2007Winn-DixiePharmacy documents were found behind closed Winn-Dixie, containing telephone numbers, Social Security numbers and addresses of thousands. Apparently when they closed up, they put these bundles outside to be picked up and they were never picked up.
6/25/2007Fresno CountyA disk containing information pertaining to home health-care workers -- including their names, addresses and Social Security numbers was lost.
6/25/2007Ohio Bureau of Workers Compensation439
6/27/2007Milwaukee PC65000Credit card information for 65,000 was possibly compromised. A service center noticed a file in their server and was concerned that file could contain customers' credit card numbers and personal information.
6/27/2007University of California Davis1120Computer-security safeguards were breached and accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers.
6/27/2007Bowling Green State University199Lost storage device contained Social Security numbers, and names of 199 former students.
6/29/2007Harrison County Schools West VirginiaSeveral computers that contained the personal information, including Social Security numbers, of several Harrison County school employees were stolen. Workers Comp claims between January of 2001 and February of 2007 are at risk.
7/3/2007Fidelity National Information Services8500000A worker at one of the company's subsidiaries (Certegy Check Services, Inc.) stole customer records containing credit card, bank account and other personal information. Certegy Check Services Inc.
7/5/2007Highland University420A building on the campus had been broken into, and the affected offices might have had such personal information as Social Security numbers, credit card and bank account information exposed.
7/7/2007Securitas Security Services USA Inc.100000
7/9/2007Girl Scouts Mile HiTapes stolen from a car held personal information from a membership database, including names, addresses, phone numbers. A very limited number of credit card numbers and Social Security numbers were included in the stolen data from the camp and event registration database.
7/9/2007Cuyahoga County Department of Development3000Names and Social Security numbers on memory stick stolen in carjacking.
7/11/2007Texas A&M University49College of Business officials are investigating a faculty member for the misplacement of a business law class roster containing the names and Social Security numbers of students.
7/11/2007South County Hospital79Paperwork containing personal details from customers was left in a briefcase inside a car that was stolen. That batch of paperwork contained details including names, addresses, Social Security numbers, phone numbers and a summary of hospital accounts.
7/11/2007Disney Movie ClubA contract employee stole an unknown number of credit card numbers. Credit-card information was sold by an employee of a Disney contractor to a federal agent as part of an undercover sting operation.
7/13/2007City of Encinitis California1200Credit card or checking account information and addresses of people who had enrolled in Encinitas' youth recreation programs was inadvertently posted on the city's Web site.
7/13/2007Metropolitan St. Louis Sewer District1600A employee had downloaded Social Security numbers of current or former district employees to a home computer. The Social Security numbers were part of a computer file the district uses to make sure workers get the proper pay.
7/15/2007Westminster College100Names of students, former and current were printed in two files along with each student's Social Security number. The files were on a student Web server used by Westminster students.
7/16/2007TSA100000Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.
7/16/2007Prudential Financial Inc.1000Data exposed in the breach was faxed to a company by doctors and clinics across the U.S.. Data included the patients' Social Security numbers, bank details and health care information.
7/17/2007Louisiana Board of Regents80000Records of students and staff including Social Security numbers,names, and addresses exposed on web.In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.
7/17/2007Kingston Technology Co.27000Security breach that remained undetected until 'recently' may have compromised the names, addresses and Credit Card details of online customers.
7/17/2007Western Union20000Credit card information and names were hacked from a database.The thieves got names, addresses, phone numbers and complete credit-card information.
7/18/2007Connecticut General Assembly Transportation Committee100Social Security numbers of former employees of defunct L.G. Defelice Inc. was posted on CT transportation committee website.
7/18/2007Purdue University50Files which were no longer in use were discovered on a computer server connected to the Internet. The files contained names and Social Security numbers of students who were enrolled in an industrial engineering course.
7/19/2007Texas Secretary of State
7/19/2007Cricket Communications300Documents stolen from store result in loss of 300 credit card numbers.
7/19/2007Jackson Local Schools1800The Social Security numbers of present and former Jackson Local SchoolsÆ employees were at risk of public access on a county maintained Web site.
7/20/2007SAIC867000Pentagon contractor may have compromised personal information. Information such as names, addresses, birth dates, Social Security numbers and health information about military personnel and their relatives because it did not encrypt data transmitted online.
7/21/2007University of Michigan5500University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed.
7/23/2007Fox News1500000A security hole on the Fox News web server Sunday exposed sensitive content to the public, including login information that allowed hackers to access names, phone numbers, and email addresses of at least 1.5 million people
7/24/2007St. Vincent Hospital51000A security lapse compromised names, addresses and Social Security numbers.
7/25/2007Hidalgo County CommissionerÆs Office25The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website.
7/26/2007United States Marine Corps10554Names and Social Security numbers of Marines were found through Google Internet search engine.
7/27/2007Flexible Benefits Administrators2000A former employee allegedly stole Virginia Beach city and school district employees' personal information and used it to commit prescription fraud. Police discovered a list of names and Social Security numbers at the employees home.
7/27/2007City of Virginia Beach2000
7/27/2007City HarvestCity Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.
7/27/2007American Education Services5000Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.
7/27/2007CESA #11300
7/28/2007Yuba County California70000A laptop stolen from a building contained personally identifiable information of individuals whose cases were opened before May 2001. The laptop was being used as a backup system for the county's computer system. The data include Social Security numbers, birth dates, driverÆs license numbers and other private information.
8/1/2007Lifetime FitnessStaff had discarded customer records in easily accessible trash cans behind Dallas businesses. Information that was discarded contained names, addresses, Social Security numbers, driver's license numbers and credit card information, as well as the date of birth of several children. Lifetime Fitness is based in Minnesota.
8/2/2007University of ToledoA computer was stolen with two hard drives containing student and staff Social Security numbers, names, and grade change information.
8/2/2007E.OnA laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.
8/3/2007WorkCare OremA truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.
8/3/2007Wabash Valley Correctional FacilityA database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved ôfrom a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.ö
8/4/2007Kellogg Community Federal Credit UnionA computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.
8/6/2007VerisignA laptop containing extensive personal information on an undisclosed number of VeriSign employees was stolen from an employee's car. The information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and salary records.
8/7/2007Electronic Data Systems (EDS)498A former employee was arrested this week for allegedly trafficking in stolen identities she received through her work with the company. She 'obtained the names and identifying information of 498 Alabama Medicaid recipients and subsequently sold 50 of those identities.
8/7/2007Merrill Lynch33000A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.
8/8/2007Yale University10200Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers
8/10/2007Univ. of North Texas39000Hacking
8/10/2007Legacy Health System747A primary care physician practice has discovered the theft of $13,000 in cash and personal data for patients. Patient receipts, credit card transaction slips and checks are also missing, in addition to Social Security numbers and dates of birth for patients.
8/10/2007Loyola University5800A computer with the Social Security numbers of 58 hundred students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft.
8/11/2007Providence Alaska Medical Center250A laptop computer that contains the personal information of patients is missing. On the laptop there maybe names, medical record numbers, dates of birth, patient diagnoses, Social Security numbers and addresses.
8/13/2007Pfizer950Axia Ltd. had notified Pfizer on June 14 of an incident in which two Pfizer laptops were stolen from a locked car. The laptops, which disappeared May 31 in Boston, included the names and Social Security numbers of health-care professionals who ôwere providing or considering providing contract services for Pfizer,ö according to the letter.
8/15/2007Sky Lakes Medical Center30000The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.
8/15/2007Idaho Army National Guard3400A small computer drive containing Social Security numbers and other personal information about every Army National Guard soldier in Idaho has been stolen.
8/15/2007Greater Detroit HospitalIt's a repeat of a problem that emerged late last year at the Greater Detroit Hospital where metal thieves stripped everything from copper piping to windows, exposing rows of abandoned patient files. Neighbors said there are hundreds of boxes of patient files and payroll records inside, full of credit card and Social Security numbers.
8/16/2007Utica Title and EscrowBoxes belonging to Utica Title and Escrow had been stored at a storage unit in Bixby. When Utica quit paying rent the storage company went through the legal process to be able to sell everything left behind. No one wanted to buy the boxes of paper so the boxes were thrown out. The boxes contained private information, including Social Security numbers, bank accounts and pay stubs.
8/20/2007University of ToledoA laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.
8/21/2007Walter Reed Army Institute of ResearchBoxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.
8/21/2007West Virginia Board of Barbers and Cosmetologists10000Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.
8/22/2007California Public Employees Retirement System445000Roughly 445,000 retirees across the state received the brochures announcing an upcoming election to fill a rare vacancy on the board of the California Public Employees' Retirement System. All or a portion of each person's Social Security number appeared without hyphens on the address panel.
8/23/2007Loomis Chaffee SchoolValuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.
8/23/2007Monster.com1600000Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.
8/23/2007New York City Financial Information Services Agency280000A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.
8/26/2007American Ex-Prisoners of War35000Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the groupÆs entire membership, including addresses, dates of birth, Social Security numbers and VA claims data.
8/27/2007University of Illinois5247An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.
8/28/2007Connecticut Department of Revenue Services106000A computer laptop with the names and Social Security numbers of more than 100,000 Connecticut taxpayers has been stolen. The Department of Revenue Services intends to launch a web page soon that residents can search to determine whether their personal information was stored on the laptop.
8/30/2007AT&TA laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.
8/30/2007Maryland Department of the EnvironmentA laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.
9/1/2007Johns Hopkins Hospital5783A desktop computer containing the personal information of 5,783 Johns Hopkins Hospital patients was stolen. The computer included patients' names, Social Security numbers, birth dates and medical histories.
9/4/2007Brevard Public Schools61A missing piece of luggage belonging to a state auditor contains the personal information of 61 Brevard Public Schools employees and had district personnel scrambling before the holiday weekend began to notify people that their names and Social Security numbers might be compromised.
9/4/2007Pfizer34000A security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.
9/6/2007De Anza College4375Thousands of former students might be at risk for identity fraud after an instructor's laptop computer, containing students' personal information, was stolen last month. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.
9/6/2007University of South Carolina1482A number of files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may not have known enough about computers to realize the information could be accessed outside the university system.
9/7/2007McKessonMcKesson Health-care services company, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.
9/10/2007Purdue University111The university is warning those who were students in the fall of 2004 that information about them was inadvertently posted on the Internet. The information was in a document that contained the names and Social Security numbers of students in the Animal Sciences 102 class. The page was no longer in use but was on a computer server connected to the Internet. The document was found recently through an internal search and reported to the chief information security officer at Purdue.
9/11/2007Pennsylvania Public Welfare Department375000Two computers containing the mental health histories of more than 300,000 medical-assistance recipients were stolen. The computer work stations were taken during an overnight break-in at an office. The mental health information on the computers identified people by codes and not by name. The information also was protected by multiple passwords, but full names and Social Security numbers of nearly 2,000 people were also on the computers.
9/11/2007Gander Mountain112000Somebody either lost or stole a computer potentially containing the credit card information of anyone who has shopped at the Greensburg store since it first opened more than five years ago. Gander Mountain said credit card information for 112,000 customers of its Greensburg store might have been compromised. That includes 10,000 records with names, card numbers and expiration dates.
9/12/2007TennCare67000There are 67,000 TennCare enrollees at risk of identity theft after a courier service lost their personal information. The lost information includes names, Social Security Numbers, birthdays and addresses.
9/13/2007Voxant.com4500The Voxant online ecommerce store server was hacked using what appeared to be a typical phishing scheme. The server is seperate from the primary business at www.voxant.com. The affected server was immediately taken offline and removed the offending phising pages. Encrypted credit card numbers could have been accessed during the incident. Although the credit card numbers were encrypted, the encryption key was not well protected. The database up through June 19-20 could have been affected, representing approximately 4,500 US customers.
9/14/2007TD Ameritrade6300000One of Ameritrades databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. 'We were able to conclude that while Social Security Numbers are stored in this particular database, your SSN were not retrieved.' The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach. Company customers did received unwanted spam because of this breach.
9/14/2007Tennessee Tech University3100Some 3,100 current or past students who owe the university money were notified today that some of their personal data may have been compromised. A technical problem in the way student bills are printed resulted in the chance that some student social security numbers and personal identification numbers may have been sent to another student's address.
9/19/2007University of Michigan8585Backup tapes containing patient information like Social Security numbers, patient names and addresses were stolen from the School of Nursing two weeks ago.
9/19/2007Kansas UniversityA number of documents containing Kansas University student, faculty and staff personal information were recovered from the recycling and trash in the Mathematics Department at Kansas University. The information included student exams, student change of grade forms, class rosters, copies of health insurance cards, copies of immigration forms as well as a copy of a Social Security card.
9/20/2007State of Connecticut/Accenture Ltd.58A backup tape was stolen in Ohio in June and contained data removed by Accenture from the state's Core-CT computer system, which performs all of the state's payroll, personnel, purchasing, accounting and inventory functions. The backup tape contained state agency bank account numbers, bank names and types of accounts, as well as the names and Social Security numbers of 58 of Connecticut taxpayers. Connecticut officials today revealed plans to file a civil complaint against IT consulting giant Accenture Ltd. related to this security breach involving stolen records tied to state agency bank accounts worth millions of dollars.
9/21/2007ABN Amro Mortgage Group5208Three spreadsheets containing 5,200 Social Security numbers and other personal details about customers were inadvertently leaked over an online file-sharing network by a former employee. Tiversa, a company that monitors P2P networks, found Excel spreadsheets from the desktop of a financial analyst at ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had.
9/21/2007City of Columbus Ohio3500The city of Columbus is offering identity-theft protection services to more than 3,000 people whose Social Security numbers were on three computers stolen from a warehouse. The theft affected people who had signed up for the city's Mobile Tool Library, which lends power tools, lawn mowers and supplies.
9/24/2007Utah Department of Workforce Services2000A laptop computer containing a spreadsheet with the the Social Security numbers and other personal information of about 2,000 people was reported stolen.
9/28/2007Gap Inc.800000A laptop containing the personal information of certain job applicants was recently stolen from the offices of an experienced third-party vendor that manages job applicant data for Gap Inc. Personal data for approximately 800,000 people who applied online or by phone for store positions at one of Gap Inc.'s brands between July 2006 and June 2007 was contained on the stolen laptop. Social Security numbers were included in the information on the laptop.
10/2/2007Athens Regional Health Services1441A computer missing from a Regional First Care clinic in Watkinsville held the personal information of more than 1,400 people, according to Athens Regional Health Services. Workers first noticed on Sept. 24 that the computer was missing. The computer held Social Security numbers for 85 people, some health information for 545 people and the name, address and/or telephone numbers of 811 people. No credit card or other financial information was stored on the computer, which was a backup server for the Watkinsville clinic.
10/2/2007The Nature Conservancy14000A hacker illegally gained access to a computer of The Nature Conservancy containing personal information on current and former employees and their dependents. The stolen information included the names, home addresses, Social Security numbers and birth dates. It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employeesÆ dependents. When employees accessed a particular Web site, the site planted a program on the employeesÆ computers that copied the contents of the hard drives and sent the information to the hacker.
10/4/2007Massachusetts Division of Professional Licensure450000Social Security numbers of about 450,000 licensed professionals were inadvertently released. The information was mailed last month to agencies that submitted a public records request for the names and addresses of professionals licensed by the division. The division mailed 28 computer disks to 23 agencies that use the information as a marketing or promotional tool. The disks would normally contain only the names and addresses of individuals licensed through the Division of Professional Licensure and the Division of Health Professions Licensure. However, the disks also included Social Security numbers.
10/8/2007Carnegie Mellon University400Two laptops were stolen from the office of a computer science professor. Both of the computers were believed to have contained significant personal identifying data, such as Social Security numbers.
10/8/2007SemtechA laptop computer and other personal belongings were stolen from one of Semtech's vendors. The computer was not stolen from a Semtech facility, but may have contained computerized data relating to Semtech employees. Semtech declined to provide further details of the incident, such as what personal employee data may have been put at risk, when the theft happened or how long it took the company to inform its workers of the potential breach.
10/8/2007University of Iowa184A laptop computer was stolen from a former teaching assistant. The theft of the computer, which occurred last month in a break-in of the instructor's home, contained class records such as attendance, test scores, and grades of students who took his philosophy courses at the UI between 2002 and 2006. Social Security numbers were also present in 100 of the records.
10/9/2007Pembroke School DistrictPersonal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the districtÆs computer system. The information included names, birth dates and Social Security numbers.
10/10/2007Commerce Bank3000A hacker gained access to a database with about 3,000 customer records and accessed data belonging to 20 of them. The bank is contacting those who may have been affected. The hacking was quickly detected and stopped, according to Commerce Bank, which then notified law enforcement.
10/10/2007Pfizer1800
10/10/2007Wheels Inc./Pfizer1823The spouses and domestic partners of about 1,800 Pfizer employees, including 23 from Connecticut, learned late last month about a data breach at Wheels Inc., which provides cars to the company, mostly for use by its sales force. The breach at Wheels, first reported by the Pharmalot Web site, released onto the Internet names, addresses, birth dates and driver's license numbers, but not Social Security numbers, according to the company.
10/12/2007King County (WA) Transportation Department1400A laptop computer containing personal information about current and former employees has been stolen. Workers' names, addresses and Social Security numbers were on the password-protected laptop, which was stolen during a Sept. 28 home burglary. The information was not encrypted.
10/13/2007Montana State University1400An unknown hacker remotely accessed a computer server that housed records containing credit card numbers and Social Security numbers of students who enrolled online for MSU Extended University courses during the last two years. The data in question were encrypted, and there is no evidence that personal information was stolen.
10/15/2007Transportation Security Administration3930Two laptop computers with detailed personal information about commercial drivers across the country who transport hazardous materials are missing and considered stolen. The laptops contained the names, addresses, birthdays, commercial driver's license numbers and, in some cases, Social Security numbers of 3,930 people.
10/16/2007Administaff159000Current and former workers personal data may be compromised because of a stolen laptop. The data wasn't encrypted when it was stored on the portable computer, which is password-protected. Data stored on the laptop included names, addresses and Social Security numbers for most employees paid by Administaff in 2006.
10/17/2007Louisiana Office of Student Financial AssistanceSensitive data for virtually all Louisiana college applicants and their parents over the past nine years were in a case lost last month during a move. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved.
10/17/2007Home Depot10000A laptop computer containing about 10,000 employees' personal data was stolen from a regional manager's car. The computer, which was password protected, didn't contain any customer information. The laptop contained names, home addresses and Social Security numbers of certain Home Depot employees.
10/18/2007University of Cincinnati7000The personal information of thousands of University of Cincinnati students and graduates has been stolen. A flash drive was taken from a UC employee last month. It contained the Social Security numbers and other data for more than 7,000 people.
10/23/2007West Virginia Public Employees Insurance Agency200000West Virginia officials are alerting 200,000 past and current members of three health insurance programs that a computer tape containing full names, addresses, phone numbers, Social Security numbers and marital status was lost last week while being shipped via United Parcel Service.
10/23/2007Bates College500Two publicly accessible documents that contained the records of nearly 500 recipients of the federal Perkins Loan, along with each recipient's address, date of birth, Social Security number, legal name and loan amount, were accessible on the Bates network.
10/23/2007Dixie State College11000An unauthorized person reportedly gained access to a computer system and confidential files, including Social Security numbers, birth date information and addresses for some 11,000 alumni and current DSC employees who graduated or worked at DSC from 1986 to 2005.
10/23/2007Blockbuster400A Sarasota resident was fishing in a trash container for boxes when he found 400 documents. These documents included membership forms and employment applications with names, addresses, credit card numbers and Social Security numbers.
10/24/2007Not Your Average JoesMassachusetts restaurants were targeted by an individual or individuals seeking to illegally obtain credit card data. The data that was compromised included credit card numbers, expiration date and name associated with the card.
10/25/2007University of Akron1200A microfilm containing the personal information of alumni were missing. Names, previous addresses, phone numbers, birth dates and Social Security numbers was on the missing microfilm.
10/28/2007Art.comCyberspace criminals gained systems entry despite 'multiple security layers' and accessed some credit card transactions. The retailer of posters, prints and framed art alerted customers that hackers had gotten into the website to access credit card accounts.
10/29/2007United States Postal Service3000Employees' names, Social Security numbers and other information were on a laptop computer that was stolen.
10/29/2007ABC Phones/ACC CommunicationsTwo men found a box in a dumpster. The cell phone business recently moved and threw away documents that contained personal information from customers. The information contained driver's license numbers, Social Security number, bank account numbers, credit card numbers, work and home addresses.
10/30/2007University of Nevada Reno16000A University of Nevada, Reno a administrative employee has lost a flash drive that contained the names and Social Security numbers of 16,000 current and former students.
10/30/2007Hartford Financial Services Group237000Three backup tapes that contained personal information of 230,000 customers, including 9,200 Ohioans, mainly of the company's property lines, were misplaced.
10/30/2007Pathology Group of the Mid-South75000Someone broke into a locked office building, several computers with flat screen monitors were stolen. One of those computers had patient information on about 75,000 people. This information included names, addresses, Social Security number, even medical information
11/1/2007City University of New York20000A broken laptop containing personal information was taken from the school's financial aid office.
11/2/2007Montana State UniversityWhile investigating that breach, MSU data-security staff found another Excel spreadsheet accidentally posted on the MSU Web site since 2002. It contained the Social Security numbers of 13 people who got travel vouchers from the computer science department in the College of Engineering.
11/2/2007Montana State UniversityAn independent security watchdog group informed MSU that an Excel spreadsheet with the names and Social Security numbers of 42 people, most of them hired in the summer of 2006, was publicly accessible on MSU's Web site.
11/6/2007Alabama Department of Public Health1554The personal information, including the names, ages and Social Security numbers of families enrolled in the state's ALL Kids health care coverage program, were accidentally sent to the wrong families last week. 1,554 affected families were alerted that some of their confidential information might have been released.
11/6/2007Butte Community BankA laptop with customers' personal information including names, addresses, Social Security numbers and bank account numbers was stolen from Butte Community Bank.
11/6/2007Montana State University271MSU learned that an employee's laptop computer had been stolen somewhere off-campus. It contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to 2007
11/7/2007University of Connecticut Foundation/ConvioUConn was notified of a security breach by an outside party on the network of Convio, Inc., a vendor used by The University of Connecticut Foundation, Inc. for processing online gift transactions and communicating by e-mail. This breach affected 92 of ConvioÆs clients nationwide, including the UConn Foundation. User name and password for Convio account preferences was compromised in this breach.
11/7/2007Carolinas Medical Center - NorthEast28000A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.
11/11/2007State of Nevada
11/13/2007Commerce BancorpA Commerce Bancorp Inc. employee gave out personal information on an unspecified number of the Cherry Hill bank's customers. The Bank discovered the breach through an internal investigation and sent letters to affected customers. The bank does not know if the information included account numbers and Social Security numbers.
11/15/2007Roudebush VA Medical Center12000Two personal computers and a laptop computer were allegedly stolen from an unsecured room. One of the stolen computers contained the names, Social Security numbers and dates of service of approximately 12,000 veterans.
11/16/2007A.J. Falciani Realty Company500Computers containing the personal information of between 500 to 1,000 clients of A.J. Falciani Realty Company were taken in a burglary. Many of the stolen computers stored the names, addresses, Social Security numbers, dates of birth, telephone numbers and other information on the company's clients.
11/16/2007Kansas State University128
11/16/2007U.S. Department of Veterans Affairs1800000Investigation from a man's home uncovered a computer that held about 1.8 million Social Security numbers from the U.S. Department of Veteran Affairs, where he had been employed as an auditor. Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.
11/16/2007University of Wisconsin-WhitewaterOfficials were notified by one individual about his ability to access a online search feature for the schools website. A search feature that could be used to see student names and Social Security numbers along with some other limited student information. Access to the feature was promptly disabled upon notification of the problem.
11/17/2007Ohio Masonic Home / Community Blood Bank1200A laptop stolen from a Kettering auditing firm contained personal information on employees of up to 10 businesses, including Springfield-based Ohio Masonic Home. Battelle & Battelle LLC would not disclose the number of individuals affected by the theft but Masonic Home officials said 600 of its employees' information was stored in the laptop.
11/21/2007United HealthcareUnited Healthcare posted the Social Security numbers of doctors at Columbia UniversityÆs faculty practice on a public Web site. United posted the taxpayer identification numbers, some of which were Social Security numbers, alongside the names of 993 providers at Columbia who participate in the insurerÆs network. The list was supposed to be accessible to Columbia employees during the current open enrollment period
11/21/2007University of Florida415More than 400 former UF students might have been put at risk for identity theft after their Social Security numbers were posted on UF's Computing & Networking Services Web site. A news release from the Liberty Coalition, a group that works to preserve the privacy of individuals, said 14 files on the Web site contained 'sensitive information' of 534 former UF students, including 415 Social Security numbers.
11/29/2007American Red CrossSix boxes were left unattended in a public hallway for more than six hours. The files contained personal information of current and former employees and were placed there by human resources. Names, addresses and social security numbers could have easily been stolen. The files also contained embarrassing information, including disciplinary actions, results from a drug test, a sexual harassment case; even someone's criminal record from another state.
11/30/2007Prescription Advantage150000The state of Massachusetts is warning 150,000 members of its Prescription Advantage insurance program that their personal information may have been snatched by an identity thief. Local authorities arrested a lone identity thief who had been using information taken from the program in an attempted identity theft scheme. Although the thief used information from just a small number of participants in the scheme, state data-breach laws require that the 150,000 people who could have possibly been affected by the breach be contacted.
12/1/2007Community Blood Center/Battelle & Battelle LLC600Battelle & Battelle LLC was conducting an audit of the blood center's 401K plan when a laptop was stolen from a Battelle employee's vehicle. Up to 600 employees appeared to be affected.
12/4/2007Duke University1400Social Security numbers of about 1,400 prospective law school applicants may have been compromised when a school Web site was accessed illegally.
12/4/2007Indianapolis Power and Light3000The private information of thousands of customers was inadvertently posted online for up to four years. Data included names, addresses and Social Security numbers.
12/5/2007Forrester ResearchThieves stole a laptop from the home of a Forrester Research employee, potentially exposing the names, addresses and Social Security numbers of an undisclosed number of current and former employees and directors.
12/5/2007Memorial Blood Centers268000A laptop computer holding donor information was stolen. About 268,000 donor records on this laptop computer contain a donor name in combination with the donorÆs Social Security number.
12/6/2007Oak Ridge National Laboratory12000Hackers may have infiltrated a non-classified database containing names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004. The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The lab has sent letters to about 12,000 potential victims.
12/7/2007Beacon Medical ServicesDetailed, personally identifiable medical records of thousands of Colorado residents were viewable on a publicly accessible Internet site for an uncertain period of time. The data included details of patients' visits to emergency rooms -- what ailments they complained of, diagnoses, treatments, and medical histories, along with the patients' names, occupations, addresses, phone numbers, insurance providers, and in some cases, Social Security numbers. The company is trying to determine the exact number of patients affected, but Beck says the number looks to be fewer than 5,000.
12/7/2007Colorado Board of Dental ExaminersMore than a hundred Colorado dentists and their patients could be at risk for identity theft after a car containing a bag of sensitive information was stolen. Authorities found the car a few days later at an apartment complex where one of the alleged thieves lived. Inside the unit, police discovered a massive amount of personal information from previous crimes. Social Security numbers, dates of birth, the credit card numbers, the pin numbers to those credit cards, they even have the photo IDs of the individuals they stole those credit cards from.
12/10/2007Cameron County TexasAn employee released an e-mail with a list of all county officials and employees. It reportedly contained names, Social Security numbers, and salaries.
12/10/2007Sutter Lakeside Hospital45000A laptop computer containing personal and medical information of approximately 45,000 former patients, employees and physicians has been stolen from the residence of a contractor.
12/10/2007Tricare Europe
12/11/2007Iowa Department of Natural Resources7000A contractor working for the DNR revealed that a computer jump drive containing the names and Social Security numbers for 7000 people is missing. The contractor believes the jump drive fell off of his desk and into a garbage can.
12/14/2007Deloitte & ToucheA laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents. The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates.
12/17/2007West Penn Allegheny Health System42000The names, Social Security numbers, phone numbers, addresses and patient care information of 42,000 patients were all on a laptop computer stolen from a nurseÆs home. Only home care and hospice patients could be impacted, not patients at the hospitals.
12/18/2007Brownsville School DistrictForms with employee personal information littered the fence of a Brownsville school district warehouse. Information on litter contained confidential letters with names, bank account numbers, and Social Security numbers. The forms may be more than ten years old, but they each contain information that's still valuable.
12/19/2007Pennsylvania Department of Aging20632A state Department of Aging-owned laptop computer containing personal information on senior citizens was stolen from a Johnstown home. The information included names, addresses, Social Security numbers and some medical information.
12/20/2007Dormitory Authority of the State of New York900Data tapes containing Social Security numbers, phone numbers and addresses for up to 800 current and former employees of the state Dormitory Authority are missing.
12/20/2007Greenville County School District500The district notified employees last week that the computers had been compromised and that employees' personal information was taken, including their names, home phone numbers and Social Security numbers.
12/21/2007Franklin County Ohio Municipal Court270At least six central Ohioans are now under investigation by the U.S. Secret Service for hacking into a government Web site and stealing Social Security numbers to create false credit accounts. More than 270 people nationwide might have been victimized by a security lapse in the Franklin County Municipal Court Web site. Someone was randomly feeding Social Security numbers into a clerk's site, which contained personal information for thousands of people charged with misdemeanors, some guilty of only a speeding ticket. Once a number was hit on, the name, address, age and other information could be used to obtain credit cards and open bank accounts.
12/21/2007Connecticut Department of Motor Vehicles155The Connecticut Department of Motor Vehicles is notifying customers that their personal information may have been on a computer stolen from a mobile service center vehicle while it was being repaired. Personal data on the computer included names, addresses, date of birth, license numbers, photo and signature.
12/28/2007United States Air Force10501A military laptop computer is missing and it contains personal information including Social Security numbers, birth dates, addresses, and telephone numbers of active and retired Air Force members. The laptop belonged to an Air Force band member at Bolling Air Force Base, he reported it missing from his home.
12/28/2007Davidson County Election Commission337000Someone broke into several county offices over Christmas and stole laptop computers that county officials now believe may have contained Social Security numbers and other personal information for every registered voter in Davidson County.
12/28/2007Minnesota Department of Commerce219A laptop computer containing personal information on Minnesotans licensed by the state Commerce Department was stolen from one of its Pennsylvania vendors.
12/29/2007Administrative Systems
Copyright 2008 Stratos, LLC
child stool test positive nexium