One in three Americans the potential victim of Identity Theft in 2006

One in three Americans the potential victim of Identity Theft in 2006. Now we are continuing to chronicle the breaches as they happen in 2007. Most all of these breaches involve the transport of portable unencrypted data being compromised through neglect, theft or outright stupidity on the part of the stewards of the data. Don't be a victim. Don't have to be the one that explains to your boss, your clients or worse even yet, a judge or jury that you did not take proper and adequate measures to protect valuable data with which you are entrusted.

Notification Date	Name / Type / Location of Entity	Type & Breach Description & Link to Release Data	Privacy Requirement Governing Law:	# of Individual Records
Jan. 1, 2007	University of NM State Agency Education	Unencrypted Private Data - Stolen Computer Breach At least three computers and four monitors were stolen from the associate provost's office overnight between Jan. 2 and 3, said Lt. Pat Davis, UNM Police spokesman. The computers may have contained faculty members' names and Social Security numbers, said Richard Holder, associate provost.		"Hundreds"
Jan. 2, 2007	First Interstate Mortgage Corporation Las Vegas, NV	Printing, Archiving & Secure Document Destruction & Improper Disposition of Private Information Documents containing people's names, social security numbers and other personal data were overflowing from a dumpster from a local Real Estate and Mortgage Company. First Interstate Realty and Mortgage were found to have hundreds of documents that should have been destroyed simply placed outside their dumpster.	GLBA Nevada SB347 FHA Guidelines FNMA Rules	Hundreds to Thousands of Records (Stacks of Boxes)
Jan. 3, 2007	Century Motors Business Austin Texas	Printing, Archiving & Secure Document Destruction & Improper Disposition of Private Information All types of personal information from bank accounts to Social Security numbers were scattered along a busy Austin intersection. That mess was found Wednesday morning along a stretch of Burnet Road in Central Austin. It all started at the Century Motor Car lot. Documents were strewn all across the road. The papers contained personal information like Social Security numbers, home addresses, phone numbers, references and job information. The owner of the car lot says they are in the process of moving from one building to another. The box of information was mistakenly put in the trash.	FCRA Texas State Statutes	"Hundreds"
Jan. 3, 2007	Academic Magnet High School State Agency Education N Charleston, SC	Portable Data Breach - Laptop Stolen w/ Unencrypted Data North Charleston police are trying to find out who stole a laptop computer from Academic Magnet High School. That computer contains personal information about hundreds of students. This theft is actually the third time someone has stolen computers from this school. November 17th-- someone stole a desktop computer from a guidance counselor’s office.		"Hundreds"
Jan 3, 2007	KeyCorp Banking Corporation Akron, OH	Portable Data Breach - Laptop Stolen w/ Unencrypted Data KeyCorp has notified customers in Ohio and other states that private information about them was taken when a laptop computer was stolen from an outside vendor. Officials say the information on 9,300 customers may include Social Security Numbers. Corporate communications for the Cleveland-based bank say affected customers were notified by mail.	GLBA	9,300
Jan. 3, 2007	Wisconsin State Dept of Revenue State Agency Milwaukee, WI	Printing & Distribution Error MILWAUKEE The State Department of Revenue today is urging taxpayers to contact credit bureaus to guard against identity theft after acknowledging late last week that Social Security numbers for 171-thousand taxpayers inadvertently ended up on mailing labels.	State Privacy Taxpayer	171,000
Jan 4, 2007	Emory Healthcare Geisinger HC Williamson Med Ctr Electronic Registry Systems, Inc. Health Care Corporations Multiple Locations 5 States	Unencrypted Private Data - Stolen Computer Breach The theft of a computer from the office of an Ohio-based health care contractor on Nov. 23 has exposed sensitive data belonging to tens of thousands of patients in five health care firms across five states. The compromised data includes the names, addresses, medical record numbers, diagnoses, treatment information and Social Security numbers of the patients. Among those affected are patients at Atlanta-based Emory Healthcare, Danville, Pa.-based Geisinger Health System and Franklin, Tenn.-based Williamson Medical Center. The names of two other health care providers affected by the burglary at Cincinnati-based Electronic Registry Systems Inc. (ERS) have not yet been released.	HIPAA State Statutes	50,000+
Jan. 5, 2007	Selma NC Fire Dept State Agency Selma, NC	Portable Data Breach - Laptop Stolen w/ Unencrypted Data SELMA, NC -- A stolen laptop in Johnston County has firemen on alert for identity theft. The computer contained the names and social security numbers of volunteer firemen in Selma.	North Carolina Identity Theft Protection Act	250+
Jan. 8, 2007	Notre Dame Educational South Bend, Indiana	Portable Data Breach - Laptop Stolen w/ Unencrypted Data Notre Dame employees recently received a letter in the mail that some of their personal information may have gotten into the wrong hands. A University Director's laptop was stolen before Christmas. On January 2nd university employees received the letter notifying them of the crime. They were told they may want to monitor activities on personal accounts because the computer was storing Social Security numbers and salary information.		"Hundreds"
Jan. 9, 2007	Phillip Morris Altria Towers Perrin Corporation New York, NY	Portable Data Breach - Laptop Stolen w/ Unencrypted Data Philip Morris is warning thousands of local workers their personal information may have been accessed. The company began alerting employees this week that laptop computers have been stolen that included names, salaries and social security numbers of employees. These laptops were taken from the offices of a New York City consulting firm that handles benefit programs for Philip Morris.		30,000+
Jan. 11, 2007	University of Idaho Educational Boise, Idaho	Unencrypted Private Data - Stolen Computer Breach Three desktop computers have disappeared from the University of Idaho’s Advancement Services office – and now school officials say the personal data of alumni, donors, employees and students may be in danger. UI says someone stole the computers – and an internal investigation shows that as many as 70,000 social security numbers, names and addresses may be stored on the hard drives.		70,000
Jan. 12, 2007	MoneyGram Corporation Minneapolis, MN	Network Computer Breach MoneyGram International Inc., a global payment services provider, announced Friday that a company server with consumer information for about 79,000 bill payment customers was unlawfully accessed over the Internet last month.		79,000
Jan. 13, 2007	NC Dept of Revenue State Agency Raleigh, NC	Portable Data Breach - Laptop Stolen w/ Unencrypted Data A laptop computer containing files on 30,000 taxpayers was stolen from the car of an N.C. Department of Revenue employee last month, and state officials are cautioning everyone on the list to keep an eye on their finances for potential fraud. The Revenue Department this week dispatched letters to all 30,000 people, apparently the first such episode since the enactment of an N.C. law last fall requiring government agencies to notify consumers when their data are lost or stolen.	North Carolina Identity Theft Protection Act	30,000
Jan. 17, 2007	Diablo Municipal Water District Government Agency San Marcos, CA	Unencrypted Private Data - Stolen Computer Breach The credit-card numbers of about 500 customers in the Rincon del Diablo Municipal Water District were stolen yesterday in an early-morning break-in, officials said. Thieves smashed a glass wall at the district's offices on North Iris Lane and stole two computers, one from the customer services department and the other from engineering, said Darlene Lynn, interim general manager. Customers' names and credit-card numbers were contained in software on the customer services computer, but their Social Security numbers and birth dates were not on either computer, Lynn said. She said the number of stolen credit-card numbers could increase because officials are still determining the extent of information that was taken. No instances of credit-card numbers being used illegally have been reported, the district said, and police are investigating the burglary.	California Senate Bill SB1386	500
Jan. 17, 2007	Fitchburg Savings Bank Business Boston, MA	Network Computer Breach About 1,300 debit-ATM cards issued by Fitchburg Savings Bank were deactivated yesterday after the bank was told by Visa USA that a “large-scale data compromise” may have included its check cards. None of the cards was used fraudulently and all are being replaced, said Martin F. Connors Jr., bank president and chief executive officer. “If someone has the person’s information, at this point they can’t do anything with it,” he said. Mr. Connors said he was aware of at least one other financial institution in Worcester County with far more cards affected by the security breach. A broader problem was confirmed by the Massachusetts Bankers Association yesterday. “It appears that Visa has notified a number of banks in Massachusetts that a large-scale retailer has had a problem with some of its customer data,” said Bruce E. Spitzer, an MBA spokesman. “Quite a few banks are replacing cards or notifying customers to be extra vigilant in monitoring their accounts. If a card needs to be reissued, the bank will do it.” Another source indicated that the breach may be broader than Visa cards. Mr. Connors said customers should receive new debit cards within a week. Cardholders may activate their new cards immediately by going to one of seven Fitchburg Savings Bank branches with proper personal identification and changing the PIN number on their new card. Or they can wait to receive a new pre-assigned PIN in the mail and follow the activation instructions, the bank said in a letter dated yesterday to customers.	GLBA	1300+
Jan. 17, 2007	TJX Companies TJ MAXX Marshalls HomeGoods AJ Wright Stores Business Framingham, MA	Network Computer Breach The TJX Companies, Inc. (NYSE:TJX) today announced that it has suffered an unauthorized intrusion into its computer systems that process and store information related to customer transactions. While TJX has specifically identified some customer information that has been stolen from its systems, the full extent of the theft and affected customers is not yet known. This intrusion involves the portion of TJX’s computer network that handles credit card, debit card, check, and merchandise return transactions for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada, and may involve customers of its T.K. Maxx stores in the U.K. and Ireland. The intrusion could also extend to TJX’s Bob’s Stores in the U.S. The Company immediately alerted law enforcement authorities of the crime and is working closely with them to help identify those responsible. TJX is also cooperating with credit and debit card issuers and providing them with information on the intrusion. UPDATE - January 30th - Lawsuit Filed against TJX - Company Director Resigns amid unlawful data collection, storage, and breach scandal. UPDATE - January 30th - Mass Attorney General is one of the victims. UPDATE - January 30th - Second Lawsuit Filed Against TJX	State Laws PCI-DSS Wire Fraud	20 Million Plus
Jan 20, 2007	Greenville, SC School District Government Agency - Education Greenville, SC	Unsecured Data Greenville, SC School District - 1000 Teachers and 100,000 Students Records Breached Announced January 20th, 2007 Greenville, SC School District 1000 Employees and 100,000 Students School district leaves personnel records behind during renovations GREENVILLE, S.C. - Boxes of personnel records - including the Social Security numbers of thousands of teachers - were accidentally left behind by the Greenville County school district when it vacated its office for renovations, officials say. The 10 boxes held lists of every teacher employed by the district between 1972 and 1990, as well as their Social Security numbers, district spokeswoman Oby Lyles said Friday. Several other boxes contained personnel records as recent as 1998, Lyles said.	State Laws	100,000 Students 1,000 Employees
Jan 23, 2007	Xerox Business Willsonville, OR	Portable Data Theft - Laptop WILSONVILLE -- Some employees at a local Xerox plant are worried about identity theft at a laptop was stolen from a manager’s car. The UniteHere Local 14Z Union said a computer containing employee’s personal information was stolen from a human resources manager’s car in August.	State Laws HIPAA	297 Employees
Jan 24, 2007	Salina Regional Health Center Medical Institution Santa Fe, NM	Portable Data Theft - Laptop A laptop computer containing the names, social security numbers and medical history of up to 1,100 patients is missing, putting them at risk for identity theft, and Salina Regional Health Center officials are offering a $2,000 reward for the laptop's return. The hospital's computer was stolen along with a docking station, printer, overhead projector and other computer equipment, plus a small amount of prescription drugs, from the office of Veridian Behavioral Health, 501 S. Santa Fe., Suite 300, earlier this month.	State Laws HIPAA	1,100 Patients
Jan 22, 2007	Veterans Health Administration Government Bremerton, WA	Unsecured Data Theft A locked car that had folders of veterans' identifying information was burglarized late Wednesday in downtown Bremerton, according to the Bremerton Police Department and the Seattle office of the federal Department of Veteran's Affairs.	State Laws HIPAA Federal Dept Policies	Undisclosed
Jan 26, 2007	Vanguard University Government Education (Costa Mesa, CA) (800) 920-7312	Computer Theft - Unencrypted Data Breach The announcement was made on January 26, 2007 and VUSC began notifying approximately 10,000 people whose names and certain personal information are in a database on a computer that was stolen from the Financial Aid office (see Notification Letter.) VUSC takes seriously its responsibility to safeguard personal information and regrets the inconvenience caused by this illegal and fraudulent activity.	State Laws GLBA	10,000
Jan 30, 2007	Vermont State Government Montpelier, VT	Network Data Breach A Microsoft security patch was downloaded but not installed on a state computer that hackers later broke into, gaining access to names, Social Security numbers and bank account information for nearly 70,000 people, an official confirmed Tuesday. An internal state report on the hacking incident says Microsoft, a national computer security institute and "even the Department of Homeland Security all gave special priority to the application of this patch in order to fix the vulnerabilities ... that unauthorized attackers could gain control of a system." (iQBio Commentary - "AN UNSECURED COMPUTER DIRECTLY ON THE INTERNET WITH SENSITIVE DATA?" This is the absolute pinnacle of stupidity. Anyone involved with this breach should be fired, prosecuted and promptly run out of town.)	State Laws	70,000
Jan 30, 2007	Mass Workmans Compensation Board Government Boston, MA	Network Data Breach A former state contractor allegedly accessed a workers' compensation database to steal personal information and fraudulently obtain credit, the Department of Industrial Accidents announced today. The agency said up to 1,200 people who had submitted workers' compensation claims to the state -- and their Social Security numbers -- may have been compromised, although officials have evidence that only three people had their personal information used improperly. The worker, who was not immediately identified, was fired, arrested and charged with identity fraud. Law enforcement officials notified the agency of the alleged breach.	State Laws HIPAA	1200
Feb 2nd, 2007	Veterans Health Administration Government Birmingham AL	Portable Data Theft - Portable Hard Drive WASHINGTON (Feb. 2, 2007) -- The Department of Veterans Affairs (VA) today announced that an employee reported a government-owned, portable hard drive used by the employee at a Department facility in Birmingham, Ala. and potentially containing personal information about some veterans is missing and may have been stolen.	State Laws HIPAA Federal Information Security Management Act of 2002, 44 U.S.C. §§ 3541-3549	48,000
Feb 2, 2007	Research Board Grant Application System Government Education (Columbia, MO)	Network Data Breach A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.	State Laws	3,799
Feb 3, 2007	CTS Tax Service Corporation (Cassopolis, MI)	Computer Theft - Unencrypted Data Breach The computer and hard drive of a tax preparation company were stolen. Data included names, bank account numbers, routing numbers, birthdates, SSNs, and addresses.	State Laws GLBA	800