|
DATE MADE PUBLIC |
NAME & Location |
TYPE OF BREACH |
Privacy Requirement: |
NUMBER
OF RECORDS |
|
Jan. 1, 2006 |
University of Pittsburgh Medical Center, Squirrel Hill Family Medicine |
Portable Unencrypted
Data Breach
Six Stolen computers. Names, Social Security numbers, birthdates
|
HIPAA |
700 |
|
Jan. 2, 2006 |
H&R Block |
SSNs exposed in 40-digit number string on mailing label |
|
Unknown |
| Jan. 9, 2006
|
Atlantis Hotel - Kerzner Int'l
|
Dishonest insider or hacking. Names, addresses, credit card details, Social Security numbers, driver's
license numbers and/or bank account data. |
|
55,000 |
| Jan. 12, 2006
|
People's Bank
|
Portable Unencrypted
Data Breach
Lost computer tape containing names, addresses, Social Security numbers, and checking account numbers. |
|
90,000 |
| Jan. 17, 2006
|
City of San Diego, Water & Sewer Dept.
(San Diego, CA) |
Dishonest employee accessed customer account files, including SSNs, and committed identity theft on some individuals. |
|
Unknown |
| Jan. 20, 2006
|
Univ. Place Conference Center & Hotel, Indiana Univ.
|
Hacking. Reservation information including credit card account number compromised.
|
|
Unknown |
| Jan. 21, 2006
|
California Army National Guard
|
Stolen briefcase with personal information of National Guardsmen including a "seniority roster," Social Security numbers and dates of birth. |
|
"hundreds of officers"
|
| Jan. 23, 2006 |
Univ. of Notre Dame
|
Hackers accessed Social Security numbers, credit card information and check images of school donors.
|
|
Unknown |
| Jan. 24, 2006
|
Univ. of WA Medical Center
|
Portable Unencrypted
Data Breach
Stolen laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data. |
HIPAA |
1,600 |
| Jan. 25, 2006
|
Providence Home Services
(Portland, OR) |
Portable Unencrypted
Data Breach
Stolen backup tapes and disks containing Social Security numbers, clinical and demographic information. In a small number of cases, patient financial data was stolen. |
HIPAA |
365,000 |
| Jan. 27, 2006 |
State of RI web site (www.RI.gov) |
Hackers obtained credit card information in conjunction with names and addresses.
|
|
4,117 |
| Jan. 31, 2006
|
Boston Globe and The Worcester Telegram & Gazette
|
Inadvertently exposed. Credit and debit card information along with routing information for personal checks printed on recycled paper used in wrapping newspaper bundles for distribution. |
|
240,000 potentially exposed
|
| Feb. 1, 2006
|
Blue Cross and Blue Shield of North Carolina
|
Inadvertently exposed. SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan. |
HIPAA |
600 |
| Feb. 4, 2006
|
FedEx |
Inadvertently exposed. W-2 forms included other workers' tax information such as SSNs and salaries.
|
|
8,500 |
| Feb. 9, 2006
|
Unknown retail merchants, apparently OfficeMax and perhaps others. |
Hacking. Debit card accounts exposed involving bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo).
[3/13/06 Crime ring arrested.] |
|
200,000, although total number is unknown. |
| Feb. 9, 2006
|
Honeywell International
|
Exposed online. Personal information of current and former employees including Social Security numbers and bank account information posted on an Internet Web site. |
|
19,000 |
| Feb. 13, 2006
|
Ernst & Young
(UK) |
Portable Unencrypted
Data Breach
Laptop stolen from employee's car with customers' personal information including Social Security numbers.
|
|
38,000 BP employees in addition to Sun, Cisco and IBM employees.
|
| Feb. 15, 2006
|
Dept. of Agriculture
|
Inadvertently exposed Social Security and tax identification numbers in FOIA request.
|
|
350,000 |
| Feb. 15, 2006
|
Old Dominion Univ.
|
Exposed online. Instructor posted a class roster containing names and Social Security numbers to a web site. |
|
601 |
| Feb. 16, 2006
|
Blue Cross and Blue Shield of Florida
|
Contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.
|
|
27,000 |
| Feb. 17, 2006
|
Calif. Dept. of Corrections, Pelican Bay
(Sacramento, CA) |
Inmates gained access to files containing employees' Social Security numbers, birth dates and pension account information stored in warehouse.
|
|
Unknown |
| Feb. 17, 2006
|
Mount St. Mary's Hospital (1 of 10 hospitals with patient info. stolen)
(Lewiston, NY)
|
Portable Unencrypted
Data Breach
Two laptops containing date of birth, address and Social Security numbers of patients was stolen in an armed robbery in the New Jersey. |
HIPAA |
17,000 |
| Feb. 18, 2006 |
Univ. of Northern Iowa
|
Hacking. Laptop computer holding W-2 forms of student employees and faculty was illegally accessed.
|
|
6,000 |
| Feb. 23, 2006
|
Deloitte & Touche (McAfee employee information)
|
External auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee employees. |
|
9,290 |
| Mar. 1, 2006
|
Medco Health Solutions
(Columbus, OH) |
Portable Unencrypted
Data Breach
Stolen laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories. |
HIPAA |
4,600 |
| Mar. 1, 2006
|
OH Secretary of State's Office
|
SSNs, dates of birth, and other personal data of citizens routinely posted on a State web site as part of standard business practice. |
|
Unknown |
| Mar. 2, 2006
|
Olympic Funding
(Chicago, IL) |
Portable Unencrypted
Data Breach
3 hard drives containing clients names, Social Security numbers, addresses and phone numbers stolen during break in. |
|
Unknown |
| Mar. 2, 2006
|
Los Angeles Cty. Dept. of Social Services
(Los Angeles, CA) |
File boxes containing names, dependents, Social Security numbers, telephone numbers, medical information, employer, W-2, and date of birth were left unattended and unshredded.
|
HIPAA |
[Potentially 2,000,000, but number unknown]
Not included in number below. |
| Mar. 2, 2006
|
Hamilton County Clerk of Courts
(OH) |
SSNs, other personal data of residents posted on county Web site, were stolen and used to commit identity theft.
|
|
[1,300,000]
Not included in number below. |
| Mar. 3, 2006
|
Metropolitan State College
(Denver, CO) |
Portable Unencrypted
Data Breach
Stolen laptop containing names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester. |
|
93,000 |
| Mar. 5, 2006
|
Georgetown Univ.
(Washington, D.C.) |
Hacking. Personal information including names, birthdates and Social Security numbers of District seniors served by the Office on Aging. |
|
41,000 |
| Mar. 8, 2006
|
Verizon Communications
(New York, NY) |
Portable Unencrypted
Data Breach
2 stolen laptops containing employees' personal information including Social Security numbers. |
|
"Significant number" |
| Mar. 8, 2006
|
iBill
(Deerfield Beach, FL) |
Dishonest insider or possibly malicious software linked to iBill used to post names, phone numbers, addresses, e-mail addresses, Internet IP addresses, logins and passwords, credit card types and purchase amount online. Credit card account numbers, expiration dates, security codes, and SSNs were NOT included, but in our opinion the affected individuals could be vulnerable to social engineering to obtain such information. |
|
[17,781,462]
Not included in total below. |
| Mar. 11, 2006
|
CA Dept. of Consumer Affairs (DCA)
(Sacramento, CA) |
Mail theft. Applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms include full or partial Social Security numbers, driver's license numbers, and potentially payment checks.
|
|
"A small number"
|
| Mar. 14, 2006
|
General Motors
(Detroit, MI) |
Dishonest insider keep Social Security numbers of co-workers to perpetrate identity theft.
|
|
100 |
Mar. 14
2006 |
Buffalo Bisons and Choice One Online
(Buffalo, NY) |
Hacker accessed sensitive financial information including credit card numbers names, passwords of customers who ordered items online.
|
|
Unknown |
Mar. 15,
2006 |
Ernst & Young
(UK) |
Portable Unencrypted
Data Breach
Laptop lost containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP employees exposed.
|
|
Unknown |
Mar. 16,
2006 |
Bananas.com
(San Rafael, CA) |
Hacker accessed names, addresses, phone numbers and credit card numbers of customers.
|
|
274 |
Mar. 23,
2006 |
Fidelity Investments
(Boston, MA) |
Portable Unencrypted
Data Breach
Stolen laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was stolen. |
|
196,000 |
Mar. 24,
2006 |
CA State Employment Development Division
(Sacramento, CA)
|
Computer glitch sends state Employment Development Division 1099 tax forms containing Social Security numbers and income information to the wrong addresses, potentially exposing those taxpayers to identity theft. |
|
64,000 |
Mar. 24,
2006 |
Vermont State Colleges (VT)
|
Portable Unencrypted
Data Breach
Laptop stolen containing Social Security numbers and payroll data of students, faculty and staff associated with the five-college system from as long ago as 2000.
|
|
14,000 |
Mar. 30,
2006 |
Marines
(Monterey, CA) |
Portable Unencrypted
Data Breach
Portable drive lost that contains personal information used for research on re-enlistment bonuses.
|
|
207,750 |
Mar. 30,
2006 |
Georgia Technology Authority
(Atlanta, GA) |
Hacker exploited security flaw to gain access to confidential information including Social Security numbers and bank-account details of state pensioners.
|
|
573,000 |
Mar. 30,
2006 |
Conn. Technical High School System
(Middletown, CT) |
Social Security numbers of students and faculty mistakenly distributed via email.
|
|
1,250 |
| April 1, 2006
|
Con Edison
(New York) |
Portable Unencrypted
Data Breach
Con Edison shipped 2 cartridge tapes to JPMorgan Chase in upstate Binghamton so it could input data on behalf of the NY Dept. of Taxation and Finance. One tape was apparently lost containing employees' W-2 data, including names, addresses, SSNs, taxes paid and salaries.
|
|
15,000 Con Edison employees
|
April 6,
2006 |
Progressive Casualty Insurance
(Mayfield Village, OH) |
Dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure properties she was interested in buying. |
|
13 |
April 7,
2006 |
DiscountDomain
Registry.com
(Brooklyn, NY) |
Exposed online. Domain registrants' personal information including usernames, passwords and credit card numbers were accessible online.
|
|
"thousands of domain name registrations" |
April 9,
2006 |
University of Medicine and Dentistry of New Jersey
(Newark, NJ) |
Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni. |
HIPAA |
1,850 |
April 12,
2006 |
Ross-Simons
(Providence, RI) |
Security breach exposed account and personal information of those who applied for its private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants.
|
|
Unknown |
April 14,
2006 |
Univ. of South Carolina
(Columbia, SC) |
Social Security numbers of students were mistakenly e-mailed to classmates. |
|
1,400 |
| April 15, 2006
|
Scott County, IA
|
The Social Security numbers of people who obtained mortgages in the early 1990s are visible in documents posted on the county's website. The county will redact the information at the individuals' request. |
|
Unknown |
| April 21, 2006 |
University of Alaska, Fairbanks
(Fairbanks, AK) |
A hacker accessed names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff.
|
|
38,941 |
| April 21, 2006
|
Boeing
(Seattle, WA) |
Portable Unencrypted
Data Breach
A laptop was taken from a Boeing
human resources employee at SeaTac airport. It contained SSNs and other personal information, including personnel information from the 2000 acquisition of Hughes Space and Communications. .
|
|
3,600 current and former employees |
April 21,
2006 |
Ohio University
Innovation Center
(Athens, OH) |
a server containing data including e-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes was compromised.
|
|
Unknown |
April 24,
2006 |
University of Texas' McCombs School of Business
(Austin, TX)
|
Hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members.
|
|
197,000 |
April 24,
2006 |
Ohio University
(Athens, OH) |
Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum.
|
|
300,000 |
April 26,
2006 |
Purdue University
(West Lafayette, IN) |
Hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships. |
|
1,351 |
April 26,
2006 |
Aetna -- health insurance records for employees of 2 members, including Omni Hotels and the Dept. of Defense NAF
(Hartford, CT) |
Portable Unencrypted
Data Breach
Laptop containing personal information including names, addresses and Social Security numbers of Dept. of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car.
|
HIPAA |
38,000 |
April 27,
2006 |
MasterCard
(Potentially UK only) |
Though MasterCard refused to say how the breach occurred, fraudsters stole the credit card details of holders in a major security breach. |
|
[2,000]
Not included in total below. |
April 27,
2006 |
Long Island Rail
Road
(Jamaica, NY) |
Portable Unencrypted
Data Breach
Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of "virtually everyone" who worked for the agency was lost by delivery contractor Iron Mountain while enroute. Data tapes belonging to the U.S. Department of Veterans Affairs may also have been affected.
|
|
17,000 |
April 28,
2006 |
Ohio's Secretary of State
(Cleveland, OH)
|
The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained SSNs, which were not supposed to have been included on the CDs. |
|
"Potentially millions of registered voters"
|
April 28,
2006 |
Dept. of Defense
(Washington, DC) |
Hacker accessed a Tricare
Management Activity (TMA) public server containing personal information about military employees. |
HIPAA |
Unknown |
May 2,
2006 |
Georgia State Government
(Atlanta, GA) |
Portable Unencrypted
Data Breach
Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens. |
|
Unknown |
May 4,
2006 |
Idaho Power Co.
(Boise, ID) |
Portable Unencrypted
Data Breach
Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO. |
|
Unknown |
May 4,
2006 |
Ohio University
Hudson Health Center
(Athens, OH) |
Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students. |
HIPAA |
60,000 |
|
May 2006 |
Ohio University
(Athens, OH) |
A breach was discovered on a computer that housed IRS 1099 forms for vendors and independent contractors for calendar years 2004 and 2005.
|
|
2,480 |
|
May 2006 |
Ohio University
(Athens, OH) |
A breach of a computer that hosted a variety of Web-based forms, including some that processed on-line business transactions. Although this computer was not set up to store personal information, investigators did discover files that contained fragments of personal information, including Social Security numbers. The data is fragmentary and it is not certain if the compromised information can be traced to individuals. Also found on the computer were 12 credit card numbers that were used for event registration.
|
|
Unknown |
May 5,
2006 |
Dept. of Veteran Affairs
(Washington, D.C.) |
Portable Unencrypted
Data Breach
A data tape disappeared from a VA facility in Indianapolis, IN that contained information on legal cases involving U.S. veterans and included veterans' Social Security numbers, dates of birth and legal documents. |
HIPAA |
16,500 |
May 5,
2006 |
Wells Fargo
(San Francisco, CA) |
Portable Unencrypted
Data Breach
Computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another. |
|
Unknown |
May 12,
2006 |
Mercantile Potomac Bank
(Gaithersburg, MD) |
Portable Unencrypted
Data Breach
Laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates. |
|
48,000 |
May 19,
2006 |
American Institute of Certified Public Accountants (AICPA)
(New York, NY) |
Portable Unencrypted
Data Breach
An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company.
|
|
330,000
[Updated 6/16/06] |
May 19,
2006 |
Unknown retail merchant |
Visa, MasterCard, and other debit and credit card numbers from banks across the country were stolen when a national retailer's database was breached. No names, Social Security numbers or other personal identification were taken. |
|
Unknown |
May 22,
2006 |
Dept. of Veterans Affairs
(Washington, DC)
(800) 827-1000 |
Portable Unencrypted
Data Breach
On May 3, data of all Currently Serving Personnel and Discharged American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone numbers and addresses, were stolen from a VA employee's home. Theft of the laptop and computer storage device included data of 26.5
million veterans. The data included individually identifiable
medical information |
HIPAA |
28,600,000 |
May 23,
2006 |
Univ. of Delaware
(Newark, DE) |
Security breach of a Department of Public Safety computer server
potentially exposes names, Social Security numbers and driver's license numbers. |
|
1,076 |
May 23,
2006 |
M&T Bank
(Buffalo, NY) |
Portable Unencrypted
Data Breach
Laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name. |
|
Unknown |
|
May 23, 2006 |
Butler Co. Dept. of Mental Retardation & Developmental Disabilities
(Cincinatti, OH) |
Portable Unencrypted
Data Breach
Three laptop computers were stolen "last month" from the agency's office. They contained personal information on mental health clients, including SSNs.
|
|
100 clients |
|
May 23, 2006 |
Mortgage Lenders Network USA
(Middletown, CT) |
A former employee was arrested for extortion for attempting to blackmail his former employer for $6.9 million. He threatened to expose company files containing sensitive customer information if the company didn't pay him. He stole the files over the 16 months he worked there.
|
|
Unknown |
May 24,
2006 |
Sacred Heart Univ.
(Fairfield, CT) |
Portable Unencrypted
Data Breach
It was discovered on May 8th that a computer containing personal information including names, addresses and Social Security numbers was breached. |
HIPAA |
Unknown |
May 24,
2006 |
American Red Cross, St. Louis Chapter
(St. Louis, |
Dishonest employee had access to Social Security numbers of donors to call urging them to give blood again. The employee misused the
personal information of at least 3 people to perpetrate identity theft and had access to the personal information of 1 million donors.
|
|
1,000,000 |
|
May 25, 2006 |
Vystar Credit Union
(Jacksonville, FL) |
Hacker gained access to member accounts "a few weeks ago" and stole personal information including names, addresses, birth dates, mother's maiden names, SSNs and/or email addresses.
|
|
Approx. 34,400
("less than 10% of its 344,000 members") |
May 30,
2006 |
Texas Guaranteed Student Loan Corp.
(Round Rock, TX)
via subcontractor, Hummingbird
(Toronto, Canada) |
Portable Unencrypted
Data Breach
Texas Guaranteed (TG) was notified by subcontractor Hummingbird that on May 24, an employee had lost a piece of equipment containing names and Social Security numbers of TG borrowers.
Update (6/16/06): TG now says a total of 1.7 million people's information was compromised, 400,000 more than original estimate of 1.3 million.
|
|
1,300,000
plus 400,000
for total of 1,700,000 |
May 30,
2006 |
Florida Int'l Univ.
(Miami, FL) |
Hacker accessed a database that contained personal information, such as student and applicant names and Social Security numbers. |
|
"thousands" |
|
May 31, 2006 |
Humana
(Louisville, KY) |
On May 5, 2006, Medicare drug benefit applications were stolen from an insurance agent's unlocked car in Brooklyn Park, MN. Information included applicants' name, address, date of birth, Social Security number, and bank routing information. |
HIPAA |
268 Minnesota and North Dakota applicants
|
June 1,
2006 |
Miami University
(Oxford, OH) |
Portable Unencrypted
Data Breach
An employee lost a hand-held personal computer containing personal information of students who were enrolled between July 2001 and May 2006. |
|
851 |
June 1,
2006 |
Ernst & Young
(UK) |
Portable Unencrypted
Data Breach
A laptop containing names, addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas. |
|
243,000 |
June 1,
2006 |
Univ. of Kentucky
(Lexington, KY) |
Personal information of current and former University of Kentucky employees including Social Security numbers was inadvertently accessible online for 19 days last month.
|
|
1,300 |
June 2,
2006 |
Buckeye Community Health Plan
(Columbus, OH) |
Portable Unencrypted
Data Breach
Four laptop computers containing customer names, Social Security numbers, and addresses were stolen from the Medicaid insurance provider. |
|
72,000 |
June 2,
2006 |
Ahold USA
(Landover, MD)
Parent company of Stop & Shop, Giant stores and Tops stores via subcontractor Electronic Data Systems
(Plano, TX)
|
An EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts. |
|
Unknown |
June 2,
2006 |
YMCA
(Providence, RI) |
Portable Unencrypted
Data Breach
Laptop computer containing personal information of members was stolen. The information included credit card and debit card numbers, checking account information, Social Security numbers, the names and addresses of children in daycare programs and medical information about the children, such as allergies and the medicine they take, though the type of stolen information about each person varies. |
|
65,000 |
June 2,
2006
|
Humana
(Louisville, KY) |
Personal information of Humana customers enrolled in the company's Medicare prescription drug plans could have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file. |
HIPAA |
17,000 current and former Medicare enrollees
|
June 5,
2006 |
Internal Revenue Service
(Washington, DC) |
Portable Unencrypted
Data Breach
A laptop computer containing personal information of employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth, was lost during transit on an airline flight
|
|
291 |
June 6,
2006 |
Univ. of Texas
(El Paso, TX) |
Students demonstrated that student body and faculty elections could be rigged by hacking into student information including Social Security numbers.
|
|
4,719 |
June 8,
2006 |
Univ. of Michigan Credit Union
(Ann Arbor, MI)
|
Paper documents containing personal information of credit union members were stolen from a storage rooms. The documents were supposed to have been digitally imaged and then shredded. Instead, they were stolen and used to perpetrate identity theft. |
|
5,000 |
June 11,
2006 |
Denver Election Commission
(Denver, CO) |
Records containing personal information on more than 150,000 voters are missing at city election offices. The microfilmed voter registration files from 1989 to 1998 were in a 500-pound cabinet that disappeared when the commission moved to new offices in February. The files contain voters' Social Security numbers, addresses and other personal information. |
|
150,000 |
June 12,
2006 |
U.S. Dept. of Energy
(Washington, D.C.) |
Names, Social Security numbers, security clearance levels and place of employment for mostly contract employees who worked for National Nuclear Security Administration may have been compromised when a hacker gained entry to a computer system at a service center in Albuquerque, N.M. eight months ago.
|
|
1,502 |
June 13,
2006 |
Minn. State Auditor
(St. Paul, MN) |
Portable Unencrypted
Data Breach
Three laptops possibly containing Social Security numbers of employees and recipients of housing and welfare benefits along with other personal information of local governments the auditor oversees have gone missing. |
|
493 |
June 13,
2006 |
Oregon Dept. of Revenue
(Salem, OR) |
Electronic files containing personal data of Oregon taxpayers may have been compromised by an ex-employee's downloaded a contaminated file from a porn site. The "Trojan" attached to the file may have sent taxpayer information back to the source when the computer was turned on.
|
|
2,200 |
June 13,
2006 |
U.S. Dept of Energy, Hanford Nucear Reservation
(Richland, WA) |
Current and former workers at the Hanford Nuclear Reservation that their personal information may have been compromised, after police found a 1996 list with workers' names and other information in a home during an unrelated investigation.
|
|
4,000 |
June 14,
2006 |
American Insurance Group (AIG), Indiana Office of Medical Excess, LLC
(New York, NY) |
Portable Unencrypted
Data Breach
The computer server was stolen on March 31 containing personal information including names, Social Security numbers, birth dates, and some medical and disability information.
|
|
930,000 |
June 14,
2006 |
Western Illinios Univ.
(Macomb, IL) |
On June 5th, a hacker compromised a University server that contained names, addresses, credit card numbers and Social Security numbers of people connected to the University.
|
|
180,000 |
June 16,
2006 |
Union Pacific
(Omaha, NE) |
Portable Unencrypted
Data Breach
On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates and Social Security numbers.
|
|
30,000 |
June 16,
2006 |
NY State Controller's Office
(Albany, NY) |
State controller data cartridge containing payroll data of employees who work for a variety of state agencies was lost during shipment. The data contained names, salaries, Social Security numbers and home addresses. |
|
1,300 |
June 16,
2006 |
ING
(Miami, FL)
|
Portable Unencrypted
Data Breach
Two ING laptops that carried sensitive data affecting of Jackson Health System hospital workers were stolen in December 2005. The computers, belonging to financial services provider ING, contained information gathered during a voluntary life insurance enrollment drive in December and included names, birth dates and Social Security numbers.
|
HIPAA |
8,500 |
June 16,
2006 |
Univ. of Kentucky
(Lexington, KY) |
The personal data of current and former students including classroom rosters names, grades and Social Security numbers was reported stolen on May 26 following the theft of a professor's flash drive..
|
|
6,500 |
June 17,
2006 |
ING
(Washington, D.C.) |
Laptop stolen from employee's home containing retirement plan information including Social Security numbers of D.C. city employees. |
|
13,000 |
June 17,
2006 |
Automatic Data Processing (ADP)
(Roseland, NJ) |
Personal and payroll information of workers were intended to be faxed between ADP offices and were mistakenly sent to a third party. |
|
80 |
June 17,
2006 |
CA Dept. of Health Services (CDHS)
(Sacramento, CA) |
CDHS documents were inappropriately emptied from an employee's cubicle on June 5 and 9 rather than shredded.
The documents contained state employees and other individuals applying for employment with the state including names, addresses, Social Security numbers and home and work telephone numbers. They were mostly expired state employment certification lists, but also included requests for personnel action, copies of e-mail messages and handwritten notes.
|
HIPAA |
1,550 |
June 20,
2006 |
Equifax
(Atlanta, GA) |
Portable Unencrypted
Data Breach
On May 29, a company laptop containing employee names and partial and full Social Security numbers was stolen from an employee. |
|
2,500 |
June 20,
2006 |
Univ. of Alabama
(Birmingham, AL) |
Portable Unencrypted
Data Breach
In February a computer was stolen from a locked office of the kidney transplant program at the University of Alabama at Birmingham that contained confidential information of donors, organ recipients and potential recipients including names, Social Security numbers and medical information.
|
HIPAA |
9,800 |
June 21,
2006 |
U.S. Dept. of Agriculture (USDA)
(Washington, D.C.) |
During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors. |
|
26,000 |
| June 21, 2006
|
Cape Fear Valley Health System
(Fayetteville, NC) |
Portable Unencrypted
Data Breach
Portable computer containing personal information of more than 24,000 people was stolen from ambulance of Cumberland Co. Emergency Medical Services on June 8th. It contained information on people treated by the EMS, including names, addresses, and birthdates, plus SSNs of 84% of those listed. |
HIPAA |
24,350 |
June 21, 2006
(Date of letter sent to doctors. Date of news story is July 28, 2006) |
Lancaster General Hospital
(Lancaster, PA) |
A desktop computer with personal information of hundreds of doctors was stolen from a locked office June 10. The unencrypted data included names, practice addresses, and SSNS of physicians on medical and dental staff.
|
HIPAA |
"Hundreds of local physicians" (not included in total below)
|
June 22,
2006 |
Federal Trade Commission (FTC)
(Washington, D.C.) |
Portable Unencrypted
Data Breach
Two laptop computers containing personal and financial data were stolen from an employee's vehicle. The data included names, addresses, Social Security numbers, dates of birth, and in some instances, financial account numbers gathered in law enforcement investigations. |
|
110 |
June 23,
2006 |
San Francisco State Univ.
(San Francisco, CA) |
Portable Unencrypted
Data Breach
a faculty member's laptop was stolen from a car on June 1 that contained personal information of former and current students including Social Security numbers, and names and ins some instance, phone numbers and grade point averages. |
|
3,000 |
June 23,
2006 |
U.S. Navy
(Washington, D.C.) |
Navy personnel were notified on June 22 that a civilian web site contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.
|
|
30,000 |
June 23,
2006 |
CA Dept. of Health Services (CDHS)
(Sacramento, CA) |
On June 12, a box of Medi-Cal forms from December 2005 were found in the cubicle of a CDHS employee. The claim forms contained the names, addresses, Social Security numbers and prescriptions for beneficiaries or their family members.
|
HIPAA |
323 |
June 23,
2006 |
Catawba County Schools
(Newton, NC) |
On June 22, it was discovered that a web site posted names, Social Security numbers, and test scores of students who had taken a keyboarding and computer applications placement test during the 2001-02 school year.
Update: The web site containing the data has been removed.
|
|
619 |
June 23,
2006 |
King County Records, Elections, and Licensing Services Division
(Seattle, WA) |
Social Security numbers for potentially thousands of current and former county residents may be exposed on the agency's web site. Residents can request that the image of any document that contains a Social Security number, Mother's Maiden Name or Drivers License be removed. Officials state that they are unable to alter original public documents and cannot choose to not record documents presented for recording.
|
|
Unknown |
June 27,
2006 |
Gov't Accountability Office (GAO)
(Washington, D.C.)
|
Data from audit reports on Defense Department travel vouchers from the 1970s were inadvertently posted online and included some service members' names, Social Security numbers and addresses. The agency has subsequently removed the information. |
|
"Fewer than 1,000"
[1,000 used in total] |
June 28,
2006 |
AAAAA Rent-A-Space
(Colma, CA) |
Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in its online payment system.
|
|
13,000 |
June 29,
2006 |
AllState Insurance
Huntsville branch
(Huntsville, AL) |
Portable Unencrypted
Data Breach
Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen. |
|
2,700 |
June 29,
2006 |
Nebraska Treasurer's Office
(Lincoln, NE) |
A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses.
|
|
309,000 |
| June 29, 2006
|
Minnesota Dept. of Revenue
(St. Paul, MN) |
Portable Unencrypted
Data Breach
On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers. |
|
50,400 |
| June 30, 2006
|
Nat'l Institutes of Health Federal Credit Union
(Rockville, MD) |
NIHFCU is investigating with law enforcement the identity theft of some of its 41,000 members. No details given on type of information stolen, or how it was stolen.
|
|
"Very few" of 41,000 members affected
[not included in total] |
| July 1, 2006
|
American Red Cross, Farmers Branch
(Dallas, TX) |
Portable Unencrypted
Data Breach
Sometime in May, 3 laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005. |
HIPAA |
Unknown |
| July 5, 2006
|
Bisys Group Inc.
(Roseland, NJ) |
Personal details about 61,000 hedge fund investors were lost when an employee's truck carrying backup tapes was stolen. The data included SSNs of 35,000 individuals. The tapes were being moved from one Bisys facility to another on June 8 when the theft occurred. |
|
61,000 |
| July 6, 2006
|
Automated Data Processing (ADP)
(Roseland, NJ) |
Payroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley , Bear Stearns, Citigroup, Merrill Lynch.
|
|
"Hundreds of thousands"
[not included in total] |
| July 7, 2006
|
University of Tennessee
(866) 748-1680
|
Hacker broke into UT computer containing names, addresses and SSNs of about 36,000 past and current employees. Intruder apparently used computer from Aug. '05 to May '06 to store and transmit movies.
|
|
36,000 |
| July 7, 2006
|
Nat'l Association of Securities Dealers (NASD)
(Boca Raton, FL)
|
Portable Unencrypted
Data Breach
Ten laptops were stolen on Feb. 25 '06 from NASD investigators. They included SSNs of securities dealers who were the subject of investigations involving possible misconduct. Inactive account numbers of about 1,000 consumers were also contained on laptops.
|
|
73 |
| July 7, 2006
|
Naval Safety Center
|
SSNs and other personal information of naval and Marine Corps aviators and air crew, both active and reserve, were exposed on Center web site and on 1,100 computer discs mailed to naval commands.
|
HIPAA |
"more than 100,000" |
| July 7, 2006
|
Montana Public Health and Human Services Dept.
(Helena, MT)
|
Portable Unencrypted
Data Breach
A state government computer was stolen from the office of a drug dependency program. during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised.
|
HIPAA |
Unknown |
| July 7, 2006
|
City of Hattiesburg
(Hattiesburg, MS) |
Portable Unencrypted
Data Breach
Video surveillance cameras caught 2 intruders stealing hard drives from 18 computers June 23. Data files contained names, addresses, and SSNs of current and former city employees and registered voters as well as bank account information for employees paid through direct deposit and water system customers who paid bills electronically.
|
|
"thousands of city workers and contractors"
|
| July 13, 2006
|
Moraine Park Technical College
(Beaver Dam, Fond du Lac, & West Bend, WI) |
Portable Unencrypted
Data Breach
Computer disk (CD) with personal information of 1,500 students was reported missing. Information includes names, addresses, phone numbers & SSNs of apprenticeship students back to 1993.
|
|
1,500 |
| July 14, 2006
|
Northwestern Univ.
(Evanston, IL)
(888-209-0097) |
Files containing names and some personal information including SSNs were on 9 desktop computers that had been accessed by unauthorized persons outside the University. The computers were in the Office of Admissions and Financial Aid Office.
|
|
"As many as 17,000 individuals' records" exposed
|
| July 14, 2006
|
University of Iowa
(Davenport, IA) |
Portable Unencrypted
Data Breach
Laptop computer containing personal information of current and former MBA students was stolen. Data files included SSNs and some contact info. |
|
280 |
July 14, 2006
(Date of letter sent to students. Date of news story is 8/1/06)
|
California Polytechnic State University (Cal Poly)
(San Luis Obispo, CA)
(Call (805) 756-2226 or (805) 756-2171) |
Portable Unencrypted
Data Breach
Laptop computer was stolen from the home of a physics department professor July 3. It included names and SSNs of physics and astronomy students from 1994-2004.
|
|
3,020 students
|
| July 14, 2006
|
Treasurer's computer in Circuit Court Clerk's office
(Hampton, VA) |
Public computer in city government building containing taxpayer information was found to display SSNs of many residents -- those who paid personal property and real estate taxes. It was shut down and confiscated by the police on July 12th. |
|
"Over 100,000 records"
(The number containing SSNs is not known yet and not included in total below.)
|
| July 16, 2006
|
Mississippi Secretary of State
(Jackson, MS) |
The state agency's web site listed 2 million+ Uniform Commercial Code (UCC) filings in which thousands of individuals' SSNs were exposed.
|
|
Among the 2 million postings are "thousands" containings SSNs
(not included in total) |
| July 17, 2006
|
Vassar Brothers Medical Center
(Poughkeepsie, NY)
(845) 483-6990 |
Portable Unencrypted
Data Breach
Laptop was stolen from the emergency department between June 23-26. It contained information on patients dating back to 2000, including SSNs and dates of birth.
|
HIPAA |
[257,800 patients were initially notified, but an analysis by Kroll later determined that the laptop contained no personal information. This number is not included in the total below.] |
| July 18, 2006
|
Nelnet Inc.
(Lincoln, NE)
(800) 552-7925 |
Portable Unencrypted
Data Breach
Computer tape containing personal information of student loan customers and parents, mostly from Colorado, was lost when shipped via UPS. The loans were previously serviced by College Access Network |
|
188,000 |
| July 18, 2006
|
CS Stars, subsidiary of insurance company Marsh Inc.
(Chicago, IL) |
On May 9, CS Stars lost track of a personal computer containing records of more than a half million New Yorkers who made claims to a special workers' comp fund. The lost data includes SSNs and date of birth but apparently no medical information.
Update (7/26/06): Computer was recovered. |
|
540,000 |
| July 18, 2006
|
U.S. Dept. of Agriculture
(Wellington, KS) |
Portable Unencrypted
Data Breach
Laptop computer and printout containing names, addresses and SSNs of 350 employees was stolen from an employee's car and later recovered.
|
|
350 |
| July 24, 2006 |
New York City Dept. of Homeless Services
|
The personal information of 8,400 homeless persons, including SSNs, was leaked in an e-mail attachment July 21, when accidentally sent to homeless advocates and city officials.
|
|
8,400 |
| July 25, 2006
|
Armstrong World Industries
(Lancaster Co., PA) |
Portable Unencrypted
Data Breach
A laptop containing personal information of current and former employers was stolen. The computer was in the possession of the company's auditor, Deloitte & Touche. Data included names, home addresses, phone numbers, SSNs, employee ID numbers, salary data, and bank account numbers of employees who have their checks directly deposited.
|
|
12,000 |
| July 25, 2006
|
Belhaven College
(Jackson, MS) |
Portable Unencrypted
Data Breach
An employee carrying laptop was robbed at gunpoint on July 19 while walking to his car. Computer contained names and SSNs of college employees.
|
|
300 employees
|
| July 25, 2006
|
Georgetown University Hospital
(Washington, DC) |
Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX.
|
HIPAA |
"between 5,600 and 23,000 patients were affected"
(23,000 added to total below) |
| July 25, 2006
|
Old Mutual Capital Inc., subsidiary of United Kingdom-based financial services firm Old Mutual PLC
|
Portable Unencrypted
Data Breach
Laptop was stolen sometime in May containing personal information of U.S. clients, including names, addresses, account numbers and some SSNs.
|
|
6,500 fund shareholders
|
| July 25, 2006
|
Cablevision Systems Corp.
(lost when shipped to Dallas-based ACS) |
Portable Unencrypted
Data Breach
A tape en route to the company's 401(k) plan record-keeper ACS was lost when shipped by FedEx to Dallas, TX. No customer data was on the tape.
|
|
13,700 current and former employees
|
| July 26, 2006
|
U.S. Navy recruitment offices
(Trenton, NJ, and Jersey City, NJ) |
Portable Unencrypted
Data Breach
Two laptop computers with information on Navy recruiters and applicants were stolen in June and July. Also included was information from selective service and school lists. About 4,000 records contained SSNs. Files were password protected. |
|
31,000 records were stolen, with about 4,000 containing SSNs. The latter number is included in the total below.
|
| July 26, 2006
|
West Virginia Div. of Rehabilitation Services
(Beckley, WV) |
Portable Unencrypted
Data Breach
A laptop was stolen July 24 containing clients' names, addresses, SSNs, and phone numbers. Data was password protected.
|
HIPAA |
Unknown |
| July 27, 2006
|
Kaiser Permanente Northern Calif. Office
(Oakland, CA)
(866) 453-3934 |
Portable Unencrypted
Data Breach
A laptop was stolen containing names, phone numbers, and the Kaiser number for each HMO member. The data file did not include SSNs. The data was being used to market Hearing Aid Services to Health Plan members.
|
HIPAA |
160,000 records. Because the data file did not include SSNs, this number is not added to the total below.
|
| July 27, 2006
|
Los Angeles County
(Los Angeles, CA) |
Portable Unencrypted
Data Breach
In May, a laptop was stolen from the home of a community and senior services employee. It contained information on LA County employees.
|
|
Unknown |
| July 27, 2006
|
Los Angeles Co., Community Development Commission (CDC)
(Monterey Park, CA) |
Earlier in July, a computer hacker located in Germany gained access to the CDC's computer system, containing personal information on 4,800 public housing residents.
|
|
4,800 records. Because it is not clear if SSNs were included, this number is not added to the total below.
|
| July 27, 2006
|
Los Angeles County, Adult Protective Services
(Burbank, CA) |
Portable Unencrypted
Data Breach
Last weekend 11 laptops were stolen from the Burbank office. It is not clear what type of personal information was included.
|
|
Unknown |
| July 28, 2006
|
Matrix Bancorp Inc.
(Denver, CO)
(877-250-7742)
|
Portable Unencrypted
Data Breach
Two laptop computers were stolen during daytime while staffers were away from their desks. One computer contained customers' account information. The bank says data is encrypted and password protected.
|
|
Unknown |
| July 28, 2006
|
Riverside, Calif., city employees
|
The SSNs and financial information regarding 401(k) accounts was accidentally e-mailed to 2,300 city employees due to a computer operator's error. The data was intended for the city payroll dept.
|
|
"nearly 2,000 employees"
|
| July 29, 2006
|
Sentry Insurance
(Stevens Point, WI) |
Personal information including SSNs on worker's compensation claimants was stolen, some of which was later sold on the Internet. No medical records were included. The thief was a lead programmer-consultant who had access to claimants' data. The consultant was arrested and faces felony charges.
|
|
Information on 72 claimants was sold on the Internet. Data on an additional 112,198 claimants was also stolen with no evidence of being sold online. .
Total affected is 112,270 |
| Aug. ?, 2006
|
CoreLogic for ComUnity Lending
(Sacramento, CA)
(877) 510-3700
identityprotection@
corelogic.com |
Portable Unencrypted
Data Breach
In early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNS, and property addresses related to an existing or anticipated mortgage loan.
|
|
Unknown |
| Aug. 1, 2006
|
U.S. Bank
(Covington, KT) |
A bank employee's briefcase was stolen from the employee's car with documents containing names, phone numbers, and SSNs of customers.
|
|
"very small" number |
| Aug. 1, 2006
|
Wichita State University
(Wichita, KS) |
WSU learned on June 29 that someone gained unauthorized access into 3 computers in its College of Fine Arts box office, containing credit card information for about 2,000 patrons.
|
|
2,000 |
| Aug. 1, 2006
|
Wichita State University
(Wichita, KS) |
An intrusion into a WSU psychology department's server was discovered July 16. It contained information on about 40 applicants to the doctoral program.
|
|
40
(not included in total below because it is not known if SSNs were included in breached data)
|
| Aug. 1, 2006
|
Dollar Tree
(Carmichael and Modesto, CA, as well as Ashland, OR, and perhaps other locations)
|
Customers of the discount store have reported money stolen from their bank accounts due to unauthorized ATM withdrawals. Data may have been intercepted by a thief's use of a wireless laptop computer with the thief then creating counterfeit ATM cards and using them to withdraw money.
|
|
Total number unknown |
| Aug. 4, 2006
|
Toyota plant
(San Antonio, TX) |
Portable Unencrypted
Data Breach
Laptop belonging to contractor and containing personal information of job applicants and employees was stolen. Data included names and SSNs.
|
|
1,500 |
| Aug. 4, 2006
|
PSA HealthCare
(Norcross, GA)
(866) 752-5259 |
Portable Unencrypted
Data Breach
A company laptop was stolen from an employee's vehicle in a public parking lot July 15. It contained names, addresses, SSNs, and medical diagnostic and treatment information used in reimbursement claims.
|
HIPAA |
51,000 current and former patients |
| Aug. 6, 2006
|
American Online (AOL)
(nationwide) |
In late July AOL posted on a public web site data on 20 million web queries from 650,000 users. Some search records exposed SSNs, credit card numbers, or other pieces of sensitive information.
Update (9/26/06):
Three individuals whose data were exposed have filed a lawsuit against AOL.
|
|
Unknown how many records contain high-risk personal information
|
| Aug. 7, 2006
|
Veterans Affairs Dept. through its contractor Unisys Corp.
(Reston, VA) |
Computer at contractor's office was reported missing Aug. 3, containing billing records with names, addresses, SSNs, and dates of birth of veterans at 2 Pennsylvania locations.
Update (9/15/06): Law enforcement recovered the computer and arrested an individual who had worked for a company that provides temporary labor to Unisys.
|
HIPAA |
5,000 Philadelphia patients,
11,000 Pittsburgh patients,
2,000 deceased patients,
plus possibly 20,000 more
(18,000 is included in total below) |
| Aug. 8, 2006
|
Virginia Bureau of Insurance
(804) 726-2630 |
The Bureau has advised insurance agents in the state that their SSN may have been exposed on its web site from June 13 through July 31, 2006, due to a programming error. The SSNs were not shown on any web page, but could have been found by savvy computer users using the source code tool of a web browser.
|
|
Unknown |
| Aug. 8, 2006
|
Linens 'n Things
(Sterling, VA) |
A folder holding about 90 receipts was missing from the store. Receipts included full credit or debit account number and name of the card holder.
|
|
90 |
| Aug. 9, 2006
|
U.S. Dept. of Transportation
(800) 424-9071
hotline@
oig.dot.gov |
The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County; 42,800 persons in FL with FAA pilot certificates; and 9,000 persons with FL driver's licenses.
Update (11/21/06): A suspect was arrested in the same parking lot where the theft occurred, but the laptop has not been recovered. Investigators found a theft ring operating in the vicinity of the restaurant parking lot. |
|
132,470 |
| Aug. 11, 2006
|
Madrona Medical Group
(Bellingham, WA) |
On Dec. 17, 2005, a former employee accessed and downloaded patient files onto his laptop computer. Files included name, address, SSN, and date of birth. The former employee has since been arrested.
|
HIPAA |
At least 6,000 patients |
| Aug. 15, 2006
|
University of Kentucky
|
The names and SSNs of 630 students were posted on the University's financial aid web site between Friday and Monday, Aug. 11-14. |
|
630 |
| Aug. 15, 2006
|
University of Kentucky
|
About 80 geography students were notified Aug. 14 that their SSNs were inadvertently listed on an e-mail communication they all received telling them who their academic advisor would be for the coming year.
|
|
80 |
| Aug. 15, 2006
|
U.S. Dept. of Transportation
(Orlando, FL) |
Portable Unencrypted
Data Breach
On April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information.
|
|
Unknown |
| Aug. 16, 2006
|
Chevron
(San Ramon, CA) |
Portable Unencrypted
Data Breach
Chevron informed its U.S. workers Aug. 14 that a laptop was stolen from "an employee of an independent public accounting firm" who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans.
|
|
Total employees affected is unclear. Nearly half of its 59,000 workers are from North America.
|
| Aug. 17, 2006
|
Williams-Sonoma
(San Francisco, CA) |
Portable Unencrypted
Data Breach
On July 10, a laptop was stolen from the Los Angeles home of a Deloitte & Touche employee who was conducting an audit for W-S. Computer contained employees' payroll information and SSNs.
|
|
1,200 current and former employees
|
| Aug. 17, 2006
|
HCA, Inc.
Hospital Corp. of America
(Nashville, TN)
(800) 354-1036
hcahealthcare.com
|
Portable Unencrypted
Data Breach
10 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA.
|
HIPAA |
"thousands of files" |
| Aug. 18, 2006
|
Calif. Dept. of Mental Health
(916) 654-2309 |
Portable Unencrypted
Data Breach
Computer tape with employees' names, addresses, and SSNs has been reported missing. Employees were notified Aug. 17 by e-mail.
|
HIPAA |
9,468 employees
|
| Aug. 21, 2006
|
U.S. Dept. of Education via contractor, DTI Associates
(Washington, DC) |
Portable Unencrypted
Data Breach
Two laptops were stolen from DTI's office in downtown DC containing personal information on 43 grant reviewers for the Teacher Incentive Fund. DTI could not rule out that the data included SSNs.
|
|
43 |
| Aug. 22, 2006
|
AFLAC
American Family Life Assurance Co.
(Greenville, SC)
(888) 794-2352 |
Portable Unencrypted
Data Breach
A laptop containing customers' personal information was stolen from an agent's car. It contained names, addresses, SSNs, and birth dates of 612 policyholders. They were notified Aug. 11.
|
HIPAA |
612 policyholders
|
| Aug. 22, 2006
|
Beaverton School District
(Beaverton, OR) |
Time slips revealing personal information were missing and presumed stolen following a July 24 break-in at a storage shed on the administration office's property. The time slips included names and SSNs but not addresses.
|
|
1,600 employees
|
| Aug. 22, 2006
|
Beaumont Hospital
(Troy, MI) |
Portable Unencrypted
Data Breach
A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.
|
|
28,400 home care patients
|
| Aug. 23, 2006
|
U.S. Dept. of Education, Direct Loan Servicing Online
(Atlanta, GA)
www.dlssonline.com
and
dlservicer.ed.gov |
A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the Department's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies.
|
|
21,000 |
| Aug. 25, 2006
|
Dominion Resources
(Richmond, VA) |
Portable Unencrypted
Data Breach
Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.
|
|
Unknown |
| Aug. 25, 2006
|
U.S. Dept. of Transportation, Federal Motor Carrier Safety Administration
(Baltimore, MD)
(800) 832-5660 |
Portable Unencrypted
Data Breach
A laptop that "might contain" personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.
|
|
193
(not added to total) |
| Aug. 25, 2006 |
Sovereign Bank
(New Bedford, MA) |
Portable Unencrypted
Data Breach
Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.
|
|
"thousands of customers" |
| Aug. 26, 2006
|
PortTix
(Portland, ME) |
Credit card information for about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site. PortTix is Merrill Auditorium's ticketing agency. The Web site was secured as of Aug. 24.
|
|
2,000 |
| Aug. 26, 2006
|
University of South Carolina
(Columbia, SC) |
A security audit this summer found that a computer server was hacked in Sept. 2005. A database could have been accessed with names, SSNs, and birthdates of current and former students.
|
|
6,000 current and former students
|
| Aug. 27, 2006
|
New Mexico Administrative Office of the Courts
(Santa Fe, NM) |
For 8 days in late May, an unsecured document was exposed on the agency's FTP site on the state's computer server. It contained names, birth dates, SSNs, home addresses and other personal information of judicial branch employees. The FTP site was shut down June 2 and has since be redesigned. .
|
|
1,500 employees
|
Aug. 29, 2006
|
Valley Baptist Medical Center
(Harlingen, TX)
(877) 840-5999 |
A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.
|
HIPAA |
Unknown |
| Aug. 29, 2006
|
AT&T
via vendor that operates an order processing computer
(San Francisco, CA) |
Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying "fewer than 19,000" customers." |
|
"Fewer than 19,000" customers
|
| Aug. 29, 2006
|
Compass Health
(Everett, WA)
(800) 508-0059 |
Portable Unencrypted
Data Breach
Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.
|
HIPAA |
"A limited number of people" |
| Aug. 31, 2006
|
Labcorp
(Monroe, NJ)
(800) 788-9091 x3925 |
Portable Unencrypted
Data Breach
During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.
|
|
Unknown |
| Aug. 31, 2006
|
Diebold, Inc.
(Canton, OH) |
Portable Unencrypted
Data Breach
An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.
|
|
Unknown |
| Sept. 1, 2006
|
Wells Fargo via unnamed auditor
(San Francisco, CA)
|
Portable Unencrypted
Data Breach
In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company. |
|
Unknown |
| Sept. 1, 2006
|
Virginia Commonwealth University
(Richmond, VA)
www.ts.vcu.edu
|
Personal information of freshmen and graduate engineering students from 1998 through 2005 was exposed on the Internet for 8 months (Jan. - Aug.) due to human error. It was discovered by a student who used a search engine to find her name. The data included SSNs and e-mail addresses.
|
|
2,100 current and former students
|
| Sept. 1, 2006
|
City of Chicago via contractor Nationwide Retirement Solutions, Inc.
(Chicago, IL)
(800) 638-1485
www.chicagofop.org
|
Portable Unencrypted
Data Breach
A laptop was stolen from the home of contractor's employee last April 2005. It was reported to the city July 2006 more than a year later. Data included names, addresses, phone numbers, birthdates and SSNs for those in the city's deferred compensation plan.
|
|
"Up to 38,443 city employees and retirees"
|
| Sept. 2, 2006
|
Lloyd's of London
(Port St. Lucie, FL) |
A thief reprogrammed more than 150 Lloyd's of London credit card numbers onto phone cards and used them to withdraw money from an ATM in Port St. Lucie, FL (stealing more than $20,000 over 3 days). Key personal and financial information had been skimmed from the magnetic strip on the victims' cards.
|
|
Unknown |
| Sept. 5, 2006
|
Transportation Security Administration (TSA) via Accenture
(Washington, DC) |
In late August 2006, Accenture, a contractor for TSA mailed documents containing former employees' SSN,, date of birth, and salary information to the wrong addresses due to an administrative error.
|
|
1,195 former TSA employees
|
| Sept. 7, 2006
|
Florida National Guard
(Bradenton, FL) |
Portable Unencrypted
Data Breach
A laptop computer was stolen from a soldier's vehicle contained training and administrative records, including Social Security numbers of up to 100 Florida National Guard soldiers.
|
|
100 |
| Sept. 7, 2006
|
Circuit City and Chase Card Services, a division of JP Morgan Chase & Co.
(Wilmington, DE) |
Portable Unencrypted
Data Breach
Chase Card Services mistakenly discarded 5 computer data tapes in July containing Circuit City cardholders' personal information.
|
|
2.6 million past and current Circuit City credit cardholders
|
| Sept. 8, 2006
|
Linden Lab
(San Francisco, CA)
www.secondlife.com
|
On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.
|
|
Unknown |
| Sept. 8, 2006
|
University of Minnesota
(Minneapolis, MN) |
Portable Unencrypted
Data Breach
On August 14-15 eve, two computers were stolen from the desk of an Institute of Technology employee, containing information on students who were freshmen from 1992-2006 -- including names, birthdates, addresses, phone numbers, high schools attended, student ID numbers, grades, test scores, and, academic probation. SSNs of 603 students were also exposed.
|
|
13,084 students including SSNs of 603 students
|
| Sept. 8, 2006
|
Berks Co. Sheriff's Office via contractor Canon Technology Solutions
(Reading, PA) |
A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.
Update (10/6/06): The Berks County solicitor's office says the entire list of more than 25,000 gun permit holders was exposed.
|
|
25,000 gun permit holders exposed, although initially the number was unknown
|
| Sept. 9, 2006
|
Cleveland Clinic
(Naples, FL)
(866) 907-0675 |
A clinic employee stole personal information from electronic files and sold it to her cousin, owner of Advanced Medical Claims, who used it to file fraudulent Medicare claims totaling more than $2.8 million. Information included names, SSNs, birthdates, addresses and other details. Both individuals were indicted.
|
HIPAA |
1,100 patients
|
| Sept. 11, 2006
|
Telesource
via Vekstar
(Indianapolis, IN) |
Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses.
|
|
Unknown |
| Sept. 13, 2006
|
American Family Insurance
(Madison, WI) |
Portable Unencrypted
Data Breach
The office of an insurance agent was broken into and robbed last July. Among the items stolen was a laptop with customers' names, SSNs, and driver's license numbers.
|
HIPAA |
2,089 customers
|
| Sept. 14, 2006
|
Nikon Inc. and Nikon World Magazine
(Melville, NY) |
Workers at a Montgomery, AL, camera store discovered that subscription information for the magazine Nikon World was exposed on the Web for at least 9 hours. Data included subscribers' names, addresses and credit card numbers.
|
|
3,235 magazine subscribers
|
| Sept. 14, 2006
|
Illinois Dept. of Corrections
(Springfield, IL) |
A document containing employees' personal information was found outside the agency's premises "where it should not have been." It has since been retrieved. Information included employees' names, SSNs, and salaries.
|
|
Unknown |
| Sept. 15, 2006
|
Mercy Medical Center
(Merced, CA) |
Portable Unencrypted
Data Breach
A memory stick containing patient information was found July 18 by a local citizen on the ground at the County Fairgrounds near the hospital's information booth. It was returned to the hospital 4 weeks later. Data included names, SSNs, birthdates, and medical records.
|
HIPAA |
295 patients
|
| Sept. 15, 2006
|
Whistle Junction restaurant
(Orlando, FL) |
Personnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees,
|
|
Unknown |
| Sept. 16, 2006
|
Michigan Dept. of Community Health
(Detroit, MI) |
Portable Unencrypted
Data Breach
Residents who participated in a scientific study were notified that a flash drive was discovered missing as of Aug. 4, and likely stolen, from an MDCH office.The portable memory device contained names, addresses, phone numbers, dates of birth, and SSNs of participants. The study tracked the long-term exposure to flame retardents ingested by residents in beef and milk. |
HIPAA |
4,000 Michigan residents
|
| Sept. 16, 2006
|
Beaumont Hospital
(Royal Oak, MI) |
The hospital mistakenly mailed medical reports on 3 patients to a retired dentist in Texas. Reports included name, test results, date of birth and patient ID numbers. The hospital admitted to both human and computer error. A new computer system mixed similar names, and staff did not catch it..
|
HIPAA |
3 patients |
| Sept. 17, 2006
|
Direct Loans, part of William D. Ford Federal Direct Loan Program within U.S. Dept. of Education and Federal Student Aid via its IT contractor ACS
|
A security breach exposed private information of student loan borrowers from Aug. 20-22 during a computer software upgrade. Users of the Direct Loans Web site were able to view information other than their own if they used certain options. SSNs were among the data elements exposed online.
|
|
21,000 accounts
|
| Sept. 18, 2006
|
Howard, Rice, Nemerovski, Canady, Falk & Rabkin law firm
(San Francisco, CA)
via its auditor Morris, Davis & Chan
(Oakland, CA) |
Portable Unencrypted
Data Breach
A laptop was stolen from the trunk of the car of the law firm's auditor, containing confidential employee pension plan information -- names, SSNs, remaining balances, 401(k) and profit-sharing information.
|
|
500 current and former employees |
| Sept. 18, 2006
|
DePaul Medical Center, Radiation Therapy Dept.
(Norfolk, VA)
(757) 889-5945 |
Portable Unencrypted
Data Breach
Two computers were stolen, one on August 28 and the other Sept. 11. Personal data included names, date of birth, treatment information, and some SSNs.
|
|
"More than 100 patients" |
| Sept. 19, 2006
|
Life Is Good
(Hudson, NH) |
Hackers accessed the retailer's database containing customer's credit card numbers. The company said no other personal information was in the database.
|
|
9,250 customers' credit card numbers
|
| Sept. 20, 2006
|
City of Savannah, Georgia
(912) 651-6565
savannahga.gov
|
Because of a "hole in the
firewall," a City server exposed personal information online for 7 months. Individuals identified by the Red Light Camera Enforcement Program are affected -- name, address, driver's license number, vehicle identification number, and SSNs of those individuals whose driver's license number is still the SSN.
|
|
8,800 individuals whose identities were captured by red-light cameras
|
| Sept. 20, 2006
|
Berry College via consultant Financial Aid Services Inc.
(Mount Berry, GA)
(800) 961-4692
www.berry.edu
|
Student applications for need-based financial aid were misplaced by a consultant -- in both paper and digital form. Data included name, SSN, and reported family income for students and potential students for the 2005-06 academic year.
|
|
2,093 students and potential students (of those, 1,322 are currently enrolled)
|
| Sept. 21, 2006
|
Pima Co. Health Dept.
(Tucson, AZ) |
Vaccination records on 2,500 clients had been left in the trunk of a car that was stolen Sept. 12. The car and records have since been recovered. Records included names, dates of birth and ZIP codes, but no SSNs or addresses.
|
|
2,500
(not included in Total below) |
| Sept. 21, 2006
|
U.S. Dept. of Commerce and Census Bureau
(Washington, DC) |
Portable Unencrypted
Data Breach
The agency reported that 1,137 laptops have been lost or stolen since 2001. Of those, 672 were used by the Census Bureau, with 246 of those containing personal data. Secretary Gutierrez said the computers had "protections to prevent a breach of personal information."
|
|
Unknown |
| Sept. 22, 2006
|
Purdue University College of Science
(West Lafayette, IN)
(866) 307-8520
www.purdue.edu |
A file in a desktop computer in the Chemistry Department may have been accessed illegitimately. The file contained names, SSNs, school, major, and e-mail addresses of people who were students in 2000.
|
|
2,482 students from the year 2000
|
| Sept. 22, 2006
|
University of Colorado-Boulder, Leeds School of Business
(Boulder, CO)
(303) 492-8741 |
Portable Unencrypted
Data Breach
Two computers had been placed in storage during the school's move to temporary quarters in May. When they were to be retrieved Aug. 28, they were found missing. They had been used by 2 faculty members and included students' names, SSNs, and grades.
|
|
1,372 students and former students
|
| Sept. 22, 2006
|
Several Indianapolis pharmacies
(Indianapolis, IN) |
Earlier this year a local TV reporter from WTHR found that "dozens" of pharmacies disposed of customer records in unsecured garbage bins. Now the Indiana Board of Pharmacy has launched an investigation of 30 pharmacies. Both the Board and the Attorney General say that the pharmacies violated state law.
|
|
Unknown |
| Sept. 23, 2006
|
An illegal dumping site northwest of Quinlan, TX
|
Investigators found boxes of private medical records containing names and personal information of patients of a doctor who lives in Dallas and who has a Greenville, TX, practice. They had apparently been dumped there by a contractor who was hired to remodel his house. The contractor was indicted on a charge of illegal dumping.
|
HIPAA |
Unknown |
| Sept. 23, 2006
|
Erlanger Health System
(Chattanooga, TN) |
Records of hospital employees disappeared from a locked office on Sept. 15. They were stored on a USB "jump drive." Information was limited to names and SSNs. Those affected included anyone who went through job "status changes" from Nov. 2003 to Sept. 2006.
|
HIPAA |
4,150 current and former employees |
| Sept. 25, 2006
|
General Electric
(US Corporate HQ: Fairfield , CT ) |
Portable Unencrypted
Data Breach
An employee's laptop computer holding the names and Social Security numbers of approximately 50,000 current and former GE employees was stolen from a locked hotel room while he was traveling for business.
|
|
50,000 employees
|
| Sept. 28, 2006
|
North Carolina Dept. of Motor Vehicles
(Louisville , NC)
(888) 495-5568 |
Portable Unencrypted
Data Breach
A computer was stolen from a NC Dept. of Motor Vehicles office, reported Sept. 10. It contains names, addresses, driver's license numbers, SSNs, and in some cases immigration visa information of 16,000 people who have been issued licenses in the past 18 months. Most are residents of Franklin County.
|
|
16,000 |
| Sept. 28, 2006
|
Illinois Dept. of Transportation
(Springfield, IL) |
Documents found by state auditors in recycling bins in a hallway contained IDOT employee names and SSNs.
|
|
40 |
| Sept. 28, 2006
|
Stevens Hospital Emergency Room via dishonest employee of billing company Med Data
(Edmonds, WA) |
A manager for the hospital's billing company, Med Data, stole patients' credit card numbers. She gave them to her brother who bought $30,000 worth of clothes and gift cards over the Internet. The woman is scheduled for sentencing in Nov. and her brother's trial is expected Jan. 2007.
|
HIPAA |
"about 30 patients" |
| Sept. 29, 2006
|
University of Iowa Dept of Psychology
(Iowa City, IA) |
Portable Unencrypted
Data Breach
A computer containing SSNs of 14,500 psychology department research study subjects was the object of an automated attack designed to store pirated video files for subsequent distribution.
|
HIPAA |
14,500 individuals who had participated in a research study |
| Sept. 29, 2006
|
Kentucky Personnel Cabinet
(Frankfort, KY) |
State employees received letters from the Kentucky Personnel Cabinet with their SSNs visible through the envelope windows.
|
|
146,000 |
| Sept. ??, 2006
|
Adams State College
(Alamosa, CO) |
Portable Unencrypted
Data Breach
A laptop computer stolen from a locked closet at Adams State College contained personally identifiable data belonging to 184 high school students who participated in the college's Upward Bound program over the last four years. The theft occurred on August 14, but it was not until late September that staff realized the computer held students' data.
|
|
184 Upward Bound students
|
| Oct. 2, 2006 |
Port of Seattle
(Seattle, WA)
(888) 902-PORT |
Portable Unencrypted Data Breach
Six CDs missing from the ID Badging office at Seattle-Tacoma International Airport hold the personal information of 6,939 airport workers. The data include names, addresses, birth dates, SSNs and driver's license numbers, telephone numbers, employer information, and height/weight. The data on the disks were scanned from paper applications for airport badges. The port learned of the missing disks on September 18 and sent letters to the affected employees on Oct. 2.
|
|
6,939 current and former Seattle-Tacoma International Airport employees
|
|
| Oct. 3, 2006
|
Cumberland County, PA
|
Cumberland County (PA) officials removed salary board meeting minutes from their Web site because they contained the SSNs of 1,200 county employees. The information was included in minutes from meetings prior to 2000. The county no longer uses SSNs as unique identifiers for employees. Employees will be informed of the data breach in a note included with their paychecks.
|
|
1,200 employees of the county
|
| Oct. 3, 2006 |
Willamette Educational Service District
(Salem, OR) |
Portable Unencrypted
Data Breach
Seven computers stolen from a Willamette Educational service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.
|
|
4,500 Oregon high school students
[not included in total because not thought to contain sensitive info. such as SSNs]
|
| Oct. 3, 2006
|
Picatinny Arsenal
(Rockaway Twp., NJ)
(If you have tips, call (973) 989-0652) |
Portable Unencrypted
Data Breach
28 computers are missing from the Picatinny Arsenal, a Department of Defense Weapons Research Center. The computers were reported lost or stolen over the last two years. None of the computers was encrypted. Officials state the computers did not contain classified information.
|
|
Unknown |
| Oct. 4, 2006
|
Orange County Controller (FL)
|
A Florida woman discovered her marriage license was visible on the Orange County (FL) controller's Web site with no information blacked out, not even SSNs. She discovered the breach because someone had applied for a loan in her name. The Orange County Comptroller is reportedly paying a vendor $500,000 to black out all SSNs by January 2008.
|
|
Unknown |
| Oct. 5, 2006
|
San Juan Capistrano Unified School District (CA)
|
Portable Unencrypted
Data Breach
Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program.
|
|
Unknown |
| Oct. 6, 2006
|
Cleveland Air Route Traffic Control Center
(Oberlin, OH) |
Portable Unencrypted
Data Breach
A computer hard drive missing from the Cleveland Air Route Traffic Control Center in Oberlin (OH) contains the names and SSNs of at least 400 air traffic controllers.
|
|
At least 400
|
| Oct. 6, 2006
|
Camp Pendleton Marine Corps base via Lincoln B.P. Management
(Camp Pendleton near Oceanside, CA) |
Portable Unencrypted
Data Breach
A laptop missing from Lincoln B.P. Management Inc. holds personally identifiable data about 2,400 Camp Pendleton residents.
|
|
2,400 |
Oct. 9, 2006
(Letter mailed Oct. 5, 2006) |
Troy Athens High School
(Troy, MI)
(For questions or comments, call (248) 823-4035) |
Portable Unencrypted
Data Breach
A hard drive stolen from Troy Athens High School in August contained transcripts, test scores, addresses and SSNs of students from the graduating classes of 1994 to 2004. The school district and the superintendent have notified all affected alumni by regular mail.
|
|
4,400 |
| Oct. 10, 2006
|
Florida Labor Department
|
The names and SSNs of 4,624 Floridians were accessible on the Internet for approximately 18 days in September. The data were not accessible through Web sites, but an individual came across the information when Googling his own name. The agency has asked Google to remove the pages from its cache, and has notified all affected individuals by mail.
|
|
4,624 individuals who had registered with Florida 's Agency for Workforce Innovation
|
| Oct. 11, 2006
|
Republican National Committee
(Washington, D.C.) |
The Republican National Committee (RNC) inadvertently emailed a list of donors' names, SSNs and races to a New York Sun reporter.
|
|
76 RNC donors
|
| Oct. 12, 2006
|
U.S. Census Bureau
|
Portable Unencrypted
Data Breach
This spring, residents of Travis County, TX helped the Census Bureau test new equipment. When the test period ended, 15 devices were unaccounted for. The Census Bureau and the Commerce Department issued a press release saying the devices held names, addresses and birthdates, but not income or SSNs.
|
|
Unknown number of Travis Co., TX, residents |
| Oct. 12, 2006
|
Congressional Budget Office
(Washington, D.C.) |
| Hackers broke into the Congressional Budget Office's mailing list and sent a phishing e-mail that appeared to come from the CBO.
|
|
|
Unknown number of e-mail addresses
|
| Oct. 12, 2006 |
University of Texas at Arlington
|
Portable Unencrypted
Data Breach
Two computers stolen from a University of Texas faculty member's home hold the names, SSNs, grades, e-mail addresses and other information belonging to approximately 2,500 students enrolled in computer science and engineering classes between fall 2000 and fall 2006. The theft occurred on September 29 and was reported on October 2.
|
|
2,500 students |
| Oct. 13, 2006
|
Ohio Ethics Committee
(Columbus, OH) |
Papers belonging to the Ohio Ethics Commission were found floating on the wind in an alley. The documents are related to state employees' finances and contained SSNs and financial statements. They were supposed to be in the possession of the state archives.
|
|
Unknown number of Ohio state employees
|
| Oct. 13, 2006
|
Orchard Family Practice (Colorado doctor's patient files dumped in a parking lot)
(Englewood, CO) |
When a bankrupt Colorado doctor was evicted from his office, everything in his office was dumped in the parking lot by the landlord and the sheriff's department, including file cabinets containing personal information of his patients. Scavengers were seen carting off some desks and file cabinets, some containing records. The exposed documents were thought to consist of bgusiness records containing names, SSNs, dates of birth, and addresses, but not medical information, which the doctor had previously removed. |
|
Unknown |
| Oct. 14, 2006
|
T-Mobile USA Inc.
(Bellvue, WA) |
Portable Unencrypted
Data Breach
A laptop computer holding personally identifiable information of approximately 43,000 current and former T-Mobile employees disappeared from a T-Mobile employee's checked luggage. T-Mobile has reportedly sent letters to all those affected. The data are believed to include names, addresses, SSNs, dates of birth and compensation information.
|
|
43,000 current and former employees
|
| Oct. 15, 2006 |
Poulsbo Department of Licensing
(Poulsbo, WA) |
Portable Unencrypted
Data Breach
An unspecified “storage device” containing personally identifiable data of approximately 2,200 North Kitsap (WA) residents has been lost from the Poulsbo Department of Licensing. The data include names, addresses, photographs and driver's license numbers of individuals who conducted transactions at the Poulsbo branch in late September.
|
|
2,200 |
| Oct. 16, 2006
|
Germanton Elementary School
(Germanton, NC) |
Portable Unencrypted
Data Breach
A computer stolen from Germanton Elementary school holds students' SSNs. The data on the computer are encrypted.
|
|
Unknown |
| Oct. 16, 2006
|
VISA/FirstBank |
FirstBank sent a letter to an unknown number of customers informing them their FirstTeller Visa Check Card numbers were compromised when someone accessed “a merchant card processor's transaction database.” The FirstBank letter said customers would receive new cards by October 27.
|
|
Unknown |
| Oct. 16, 2006
|
Dr, Charles Kay of Orchard Family Practice
(Englewood, CO) |
Sheriff's deputies evicting Dr. Charles Kay put files from his office in a nearby parking lot. In a news report, Dr. Kay said he had removed the patient files but not the business files.
|
HIPAA |
Unknown |
| Oct. 17, 2006
|
City of Visalia, Recreation Division
(Visalia, CA) |
Personally identifiable information of approximately 200 current and former Visalia Recreation Department employees was exposed when copies of city documents were found scattered on a city street.
|
|
200 current and former employees
|
| Oct. 19, 2006
|
Allina Hospitals and Clinics
(Minneapolis-St. Paul, MN) |
Portable Unencrypted
Data Breach
A laptop stolen from a nurse's car on October 8 contains the names and SSNs of individuals in approximately 17,000 households participating in the Allina Hospitals and Clinics obstetric home-care program since June 2005.
|
HIPAA |
Individuals in 17,000 households
|
| Oct. 19, 2006
|
University of Minnesota/Spain
|
Portable Unencrypted
Data Breach
In June, a University of Minnesota art department laptop computer stolen from a faculty member while traveling in Spain holds personally identifiable information of 200 students.
|
|
200 students (not included in total) |
| Oct. 20, 2006
|
Manhattan Veterans Affairs Medical Center, New York Harbor Health Care System
(New York, NY) |
Portable Unencrypted
Data Breach
On Sept. 6, an unencrypted laptop computer containing veterans' names, Social Security numbers, and medical diagnosis, was stolen from the
hospital. |
HIPAA |
1,600 veterans who receive pulmonary care at the facility
|
| Oct. 21, 2006
|
Bowling Green Police Dept.
(Bowling Green, OH) |
The police dept. accidentally published a report on their website containing personal information on nearly 200 people the police had contact with on Oct. 21. Data included names, Social Security numbers, driver's license numbers, etc .
|
|
Approx. 200 victims or suspects
|
| Oct. 23, 2006
|
Sisters of St. Francis Health Services via
Advanced Receivables Strategy (ARS), a Perot Systems Company
(Indianapolis, IN)
(866) 714-7606
|
On July 28, 2006, a contractor working for
Advanced Receivables Strategy, a medical billing records company, misplaced CDs containing the names and SSNs of 266,200 patients, employees, physicians, and boad members of St. Francis hospitals in Indiana and Illinois. Also affected were records of
Greater Lafayette Health Services.
The disks were inadvertently left in a laptop case that was returned to a store. The purchaser returned the disks. The records were not encrypted even though St. Francis and ARS policies require encryption.
|
HIPAA |
260,000 patients and about 6,200 employees, board members and physicians for a total of 266,200
|
| Oct. 23, 2006
|
Chicago Voter Database
(Chicago, IL) |
An official from the not-for-profit Illinois Ballot Integrity Project says his organization hacked into Chicago's voter database, compromising the names, SSNs and dates of birth of 1.35 million residents. The Chicago Election Board is reportedly looking into removing SSNs from the database. Election officials have patched the flaw that allowed the intrusion.
|
|
1.35 million Chicago residents
|
| Oct. 24, 2006
|
Jacobs Neurological Institute
(Buffalo, NY) |
Portable Unencrypted
Data Breach
The laptop of a research doctor was stolen from her locked office at the Institute. It included records of patients and her research data. |
|
Unknown |
| Oct. 25, 2006
|
Transportation Security Administration (TSA)
(Portland, OR)
|
Portable Unencrypted
Data Breach
A thumb drive is missing from the TSA command center at Portland International Airport and believed to contain the names, addresses, phone numbers and Social Security numbers of approximately 900 current and former employees. |
|
900 current and former Oregon TSA employees
|
| Oct. 25, 2006
|
Swedish Medical Center, Ballard Campus
(Seattle, WA)
(800) 840-6452 |
An employee stole the names, birthdates, and Social Security numbers from patients who were hospitalized or had day-surgeries from June 22 to Sept 21. She used 3 patients' information to open multiple credit accounts.
|
|
Up to 1,100 patients
|
| Oct. 25, 2006 |
Tuscarawas County and Warren County
(OH) |
The Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service.
Update (11/1/06): LexisNexis says it has now removed the SSNs. |
|
Unknown |
| Oct. 26, 2006
|
Akron Children's Hospital
(Akron, OH) |
Overseas hackers broke into two computers at Children's Hospital. One contains private patient data (including Social Security numbers) and the other holds billing and banking information.
|
HIPAA |
235,903 |
| Oct. 26, 2006
|
Hilb, Rogal & Hobbs
(Plymouth Meeting, PA) |
Portable Unencrypted
Data Breach
In September 2006, a laptop computer was stolen from the insurance brokerage firm. It contained client information including the names, birthdates, and drivers license numbers of Villanova University students and staff who drive university vehicles.
|
|
1,243 Villanova University students and staff
|
| Oct. 27, 2006
|
Gymboree
(San Francisco, CA) |
Portable Unencrypted
Data Breach
A thief stole 3 laptop computers from Gymboree's corporate headquarters. They contained unencrypted human resources data (names and Social Security numbers) of thousands of workers. |
|
up to 20,000 employees
|
| Oct. 27, 2006
|
Hancock Askew & Co.
(Savannah, GA) |
Portable Unencrypted
Data Breach
On October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew.
|
|
Unknown |
| Oct. 27, 2006
|
Hertz Global Holdings, Inc.
(Oklahoma City, OK)
1-888-222-8086 |
The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee.
|
|
Unknown |
| Oct. 30, 2006
|
Georgia county clerk of courts' web sites
|
A Georgia TV station reported that SSNs could be found on some records posted on county clerk of court web sites, specifically for individuals with federal tax liens filed against them. At least one county clerk -- Cherokee County -- is now removing SSNs from the web site.
|
|
Unknown |
| Oct. 31, 2006
|
Avaya
(theft occurred in Maitland, FL, office of company, headquartered in Basking Ridge, NJ)
|
Portable Unencrypted
Data Breach
A laptop stolen from an Avaya employee on October 16 in Florida contained personally identifiable information, including names, addresses, W-2 tax form information and SSNs.
|
|
Unknown |
| Nov. 1, 2006
|
U.S. Army Cadet Command
(Fort Monroe, VA)
1-866-423-4474
Email: mydata@
usaac.army.mil
|
Portable Unencrypted
Data Breach
A laptop computer was stolen that contained the names, addresses, telephone numbers, birthdates, Social Security numbers, parent names, and mother's maiden names of applicants for the Army's four-year ROTC college scholarship.
|
|
4,600 high school seniors
|
| Nov. 2, 2006
|
Colorado Dept. of Human Services via Affiliated Computer Services (ACS)
(Dallas, TX)
For questions, call ACS at
(800) 350-0399 |
Portable Unencrypted
Data Breach
On Oct. 14, a desktop computer was stolen from a state contractor who processes Colorado child support payments for the Dept. of Human Services. Computer also contained the state's Directory of New Hires. |
|
Up to 1.4 million
|
| Nov. 2, 2006
|
Greater Media, Inc.
(Philadelphia, PA) |
Portable Unencrypted
Data Breach
A laptop computer containing the Social Security numbers of the radio broadcasting company's current and former employees was stolen from their Philadelphia offices.
|
|
Unknown |
| Nov. 2, 2006
|
McAlester Clinic and Veteran's Affairs Medical Center
(Muskogee, OK) |
Portable Unencrypted
Data Breach
Three disks containing billing information, patient names and Social Security numbers, were lost in the mail.
|
|
1,400 veterans
|
| Nov. 2, 2006
|
Intermountain Health Care
(Salt Lake City, UT)
|
Portable Unencrypted
Data Breach
A computer was purchased at a second-hand store, Deseret Industries, that contained the names, Social Security numbers, employment records, and other personal information about Intermountain Health Care employees employed there in 1999-2000.
|
HIPAA |
6,244 |
| Nov. 2, 2006
|
Compulinx
(White Plains, NY) |
The CEO of Compulinx was arrested for fraudulently using employees' names, addresses, Social Security numbers and other personal information for credit purposes. (It is unclear whether customers' data was also used).
|
|
Up to 50 Compulinx employees |
| Nov. 3, 2006 |
University of Virginia
(Charlottesville, VA) |
Due to a computer programming error, Student Financial Services sent e-mail messages to students containing 632 other students' Social Security numbers.
|
|
632 students
|
| Nov. 3, 2006
|
West Shore
Bank
(Ludington, MI) |
Customers' debit cards and possibly credit cards were compromised from a security break last summer at a common MasterCard point-of-purchase provider.
|
|
About 1,000 |
| Nov. 3, 2006
|
Wesco
(Muskegon, MI) |
Wesco gas stations experienced a breach in credit card transactions from July 25-Sept. 7 resulting in inaccurate charges to customer accounts.
|
|
Unknown |
| Nov. 3, 2006
|
Starbucks Corp.
(Seattle, WA)
1-800-453-1048 |
Portable Unencrypted
Data Breach
Starbucks lost track of four laptop computers. Two held employee names, addresses, and Social Security numbers. |
|
60,000 current and former U.S. employees and about 80 Canadian workers and contractors |
| Nov. 3, 2006
|
Several Joliet area motels
(Joliet, IL) |
Motel owners and employees allegedly stole and sold customers' credit card numbers. |
|
Unknown |
| Nov 7, 2006
|
City of Lubbock
(Lubbock, TX) |
Hackers broke into the city's web site and compromised the online job application database, which included Social Security numbers.
|
|
5,800 |
| Nov. 9, 2006
|
Four ARCO gas stations
(Costa Mesa, CA)
(Westminster, CA)
(Torrance, CA) |
From Sept. 29 to Oct. 9, thieves used card skimmers to steal bank account numbers and PIN codes from gas station customers and used the information to fabricate debit cards and make ATM withdrawals.
|
|
At least 440
|
| Nov. 10, 2006
|
KSL Services, Inc.
(Los Alamos, NM) |
Portable Unencrypted
Data Breach
A disk containing the personal information of approximately 1,000 KSL employees is missing. KSL is a contractor for Los Alamos National Laboratory. |
|
Approximately 1,000 |
| Nov. 13, 2006
|
Connors State College
(Warner, OK)
(918) 463-6267
perline@
connorsstate.edu |
Portable Unencrypted
Data Breach
On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships.
|
|
Considerably more than 22,500
|
| Nov. 15, 2006
|
Internal Revenue Service
(Washington, DC) |
Portable Unencrypted
Data Breach
According to document s obtained under the Freedom of Information Act, 478 laptops were either lost or stolen from the IRS between 2002 and 2006. 112 of the computers held sensitive taxpayer information such as SSNs. .
|
|
Unknown |
| Nov. 16, 2006 |
American Cancer Society
(Louisville , KY, offices, HQ in Atlanta , GA)
If you have tips, call (502) 574-5673
|
Portable Unencrypted
Data Breach
An unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any.
|
HIPAA |
Unknown |
| Nov. 16, 2006
|
Carson City residents
(Carson City, NV) |
The Sheriff's Department reported that at least 50 residents had their credit card information stolen by employees of local businesses. The employees apparently sell the account information to international crime rings that produce counterfeit cards. The crime is called "skimming."
|
|
50 |
| Nov. 17, 2006
|
Jefferson College of Health Sciences
(Roanoke, VA)
|
|
An email containing the names and SSNs of 143 students intended for one employee was inadvertently sent to the entire student body of 900.
|
HIPAA |
143 |
| Nov. 17, 2006
|
Automatic Data Processing (ADP)
(Roseland , NJ) |
ADP sent paperwork for a small Wisconsin company to a Cordova, TN coffee house. The paperwork contained names, birth dates, SSNs, addresses, salaries, and bank account and routing numbers
|
|
Unknown |
| Nov. 20, 2006
|
Administration for Children's Services
(New York , NY) |
More than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers.
|
|
200 case files
(not included in Total because it is not clear if SSNs were exposed)
|
| Nov. 25, 2006
|
Indiana State Department of Health via Family Health Center of Clark County
(Jeffersonville, IN) |
Portable Unencrypted
Data Breach
Two computers stolen from an Indiana state health department contractor contained the names, addresses, birth dates, SSNs and medical and billing information for more than 7,500 women. The data were collected as part of the state's Breast and Cervical Cancer Program.
|
HIPAA |
7,700 |
| Nov. 27, 2006 |
Johnston County, NC
|
Personal data, including SSNs, of thousands of taxpayers, were inadvertently posted on the county web site . The information was removed from the site within an hour after officials became aware of the situation.
|
|
Unknown |
| Nov. 27, 2006
|
Greenville County School District
(Greenville, SC) |
Portable Unencrypted
Data Breach
School district computers sold to the WH Group at auctions between 1999 and early 2006 contained the birth dates, SSNs, driver's license numbers and Department of Juvenile Justice records of approximately 100,000 students. The computers also held sensitive data for more than 1,000 school district employees.
UPDATE (12/10/06): A judge ordered the WH Group to return the computers and the confidential data on them to the school district.
|
|
At least 101,000 students and employees
|
| Nov. 27, 2006
|
Chicago Public Schools via All Printing & Graphics, Inc.
(Chicago, IL) |
A company hired to print and mail health insurance information to former Chicago Public School employees mistakenly included a list of the names, addresses and SSNs of the nearly 1,740 people receiving the mailing. Each received the 125-page list of the 1,740 former employees. |
|
1,740 former Chicago Public School employees
|
| Nov. 28, 2006 |
Kaiser Permanente Colorado -- its Skyline and Southwest offices
(Denver, CO)
For members who have questions:
(866) 529-0813 . |
Portable Unencrypted
Data Breach
A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs.
|
|
38,000
(not included in total, because SSNs were apparently not exposed)
|
| Nov. 28, 2006
|
Cal State Los Angeles, Charter College of Education
(Los Angeles, CA)
(800) 883-4029 |
Portable Unencrypted
Data Breach
An employee's USB drive was inside a purse stolen from a car trunk. It contained personal information on 48 faculty members and more than 2,500 students and applicants of a teacher credentialing program. Information included names, SSNs, campus ID numbers, phone numbers, and e-mail addresses.
|
|
2,534 |
| Nov. 30, 2006
|
Pennsylvania Dept. of Transportation
(Hanover township driver's license facility, Dunmore, PA)
Affected individuals can call (800) PENNDOT if you have questions.
Call PA Crimestoppers if you have tips, (800) 4PATIPS, reward offered. |
Thieves stole equipment from a driver's license facility late evening Nov. 28, including computers containing personal information on more than 11,000 people. Information included names, addresses, dates of birth, driver's license numbers and both partial and complete SSNs (complete SSNs for 5,348 people). Also stolen were supplies used to create drivers licenses and photo IDs. The state maintains 97 driver's license facilities.
|
|
11,384 |
| Nov. 30, 2006 |
TransUnion Credit Bureau via Kingman, AZ, court office |
Four different scam companies downloaded the credit information of more than 1,700 individuals, including their credit histories and SSNs. They were able to illegitimately obtain the password to the TransUnion account held by the Kingman, AZ, court office, which apparently has a subscription to the bureau's services.
|
|
"more than 1,700 people" |
| Dec. 1, 2006 |
TD Ameritrade
(Bellevue, NE)
(201) 369-8373 |
Portable Unencrypted
Data Breach
According to a letter sent to employees, a laptop was removed (presumably stolen) from the office Oct. 18, 2006, that contained unencrypted information including names, addresses, birthdates, and SSNs.
|
|
about 300 current and former employees |
| Dec. 2, 2006 |
Gundersen Lutheran Medical Center
(LaCrosse, WI) |
A Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint..
|
HIPAA |
unknown |
| Dec. 3, 2006 |
City of Grand Prairie
(Grand Prairie, TX) |
Employees of the city of Grand Prairie were notified that personal records were exposed on the city's Web site for at least a year. Included were the names and SSNs of "hundreds of employees." The information has since been removed. The city had been working with a contractor on a proposal for workers' compensation insurance. Along with the proposal, names and SSNs were mistakenly listed.
|
|
"hundreds of employees" |
| Dec. 5, 2006 |
Army National Guard 130th Airlift Wing
(Charleston, WV) |
Portable Unencrypted
Data Breach
A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing.
|
|
Unknown |
| Dec. 5, 2006 |
Nassau Community College
(Garden City, NY) |
A printout is missing that
contains information about each of NCC's 21,000 students, including names, SSNs, addresses, and phone numbers. It disappeared from a desk in the Student Activities Office. |
|
21,000 students |
| Dec. 6, 2006 |
Premier Bank
(Columbia, MO, with HQ in Jefferson City, MO) |
A report was stolen the evening of Nov. 16 from the car of the bank's VP and CFO while employees were celebrating an award received by the bank. The document contained names and account numbers of customers, but reportedly no SSNs.
|
|
1,800 customers |
| Dec. 8, 2006 |
Segal Group of New York, via web site of Vermont state agency used to call for bids on state contracts
(Montpelier, VT) |
Names and SSNs of "several hundred" physicians, psychologists and other health care providers were mistakenly posted online by Segal Group, a contractor hired by the state to put its health management contract out for bid. The information was posted from May 12 to June 19. It was discovered when a doctor found her own SSN online.
|
|
"several hundred, likely more" health care providers |
| Dec. 9, 2006
|
Virginia Commonwealth University
(Richmond, VA) |
Personal information of 561 students was inadvertently sent as attachments on Nov. 20 in an e-mail, including names, SSNs, local and permanent addresses and grade-point averages. The e-mail was sent to 195 students to inform them of their eligibility for scholarships.
|
|
561 students |
| Dec. 12, 2006
|
University of California - Los Angeles
(Los Angeles, CA)
Affected individuals can call UCLA at (877) 533-8082.
www.identityalert.
ucla.edu |
Hacker(s) gained access to a UCLA database containing personal information on
current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants, including those who did not attend. Exposed records contained names, SSNs, birth dates, home addresses, and contact information. About 3,200 of those notified are current or former staff and faculty of UC Merced and current and former staff of UC's Oakland headquarters.
|
|
800,000 |
| Dec. 12, 2006 |
University of Texas - Dallas
(Dallas, TX)
Affected individuals can call (972) 883-4325
www.utdallas.edu/
datacompromise/
form.html |
The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names, SSNs, home addresses, phone numbers and e-mail addresses.
|
|
6,000 current and former students, faculty, staff, and others |
| Dec. 12, 2006 |
Aetna via Concentra Preferred Systems
(Dayton, OH) |
Portable Unencrypted
Data Breach
A lockbox holding personal information of health insurance customers was stolen Oct. 26. Thieves broke into an office building occupied by Aetna vendor, Concentra Preferred Systems. The lockbox contained computer backup tapes of medical claim data for Aetna and other Concentra health plan clients. Exposed data includes member names, hospital codes, and either SSNs or Aetna member ID numbers. SSNs of 750 medical professionals were also exposed. Officials downplay the risk by stating that the tapes cannot be used on a standard PC.
|
HIPAA |
130,000
|
| Dec. 13, 2006
|
Boeing
(Seattle, WA) |
Portable Unencrypted
Data Breach
In early December, a laptop was stolen from an employee's car. Files contained names, salary information, SSNs, home addresses, phone numbers and dates of birth of current and former employees.
|
|
382,000 current and former employees |
| Dec. 14, 2006
|
Geisinger Health System via Electronic Registry Systems
(Danville, PA) |
Police in suburban Springdale (Cincinnati, OH) reported that a computer was stolen from Electronic Registry Systems on Thanksgiving. It manages a cancer patient registry database for Geisinger. Patient data included names, addresses, birthdates, medical record numbers, and SSNs, dating back to 1980. Other businesses in the building were robbed that evening as well.
UPDATE (12/19/06): The computer contained records on cancer patients from five hospitals in Tennessee, Georgia, Pennsylvania, and Ohio.
|
HIPAA |
25,000 patients
|
| Dec. 14, 2006
|
Riverside High School
(Durham, NC) |
Two students discovered a breach in the security of a Durham Public Schools computer as part of a class assignment. They reported to school officials that they were able to access a database containing SSNs and other personal information of thousands of school employees. The home of one student was searched by Sheriff's deputies and the family computer was seized. |
|
"thousands of school employees"
|
| Dec. 14, 2006 |
St. Vrain Valley School District
(Longmont, CO) |
Paper records containing student information were stolen, along with a laptop, from a nurse's car Nov. 20. Personal information included students' names, dates of birth, names of their schools, what grade they are in, their Medicaid numbers (presumably SSNs), and their parents' names. The laptop contained no personal data.
|
|
600 students |
| Dec. 15, 2006
|
University of Colorado - Boulder, Academic Advising Center
(Boulder, CO)
www.colorado.edu |
A server in the Academic Advising Center was the subject of a hacking attack. Personal information exposed included names and SSNs for individuals who attended orientation sessions from 2002-2004. CU-Boulder has since ceased using SSNs as identifiers for students, faculty, staff, and administrators.
|
|
17,500 |
| Dec. 15, 2006
|
City of Wickliffe
(Wickliffe, OH) |
Hackers breached security in one of the city's three computer servers containing personal information on some city employees, including names and SSNs.
|
|
125 employees |
| Dec. 19, 2006
|
Mississippi State University
(Jackson, MS) |
SSNs and other personal information were "inadvertently" posted on a publicly accessible MSU Web site. The breach was discovered "last week" and the information has since been removed.
|
|
2,400 students and
employees |
| Dec. 20, 2006
|
Lakeland Library Cooperative - serving 80 libraries in 8 counties
(Grand Rapids, MI) |
Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed.
|
|
15,000 library users |
| Dec. 20, 2006 |
Big Foot High School
(Walworth, WI) |
Personal information was accidentally exposed on the High School's Web site for a short time, perhaps for about 36 minutes, according to a report. Information included last names, SSNs, and birthdates.
|
|
87 current and former employees
|
| Dec. 20, 2006 |
Lake County residents, plus Major League Baseball players
(Northbrook, IL) |
A Chicago man apparently removed documents from a trash bin outside SFX Baseball Inc., a sports agency that deals with Major League Baseball. He used information found on those documents to commit identity theft on at least 27 Lake County residents. Information found during a search of the thief's home included SSNs, birthdates, canceled paychecks, obituaries, and infant death records.
|
|
27 residents of Lake County plus about 90 current and retired Major League Baseball players for a total of 117 individuals
|
| |
|
|
|
100,214,930 |
View
Cart
