Breach Yes Hackers attacked UCSD extension through two University computers 3,500 Potential for Identity theft January 18, 2005 Univerrsity of Northern Colorado University Stolen Hard Drives Names of current and former empl ees and their beneficiaries; SSNs, birthdates,add resses,bank account and routing numbers No Internal Breach Yes 30,000 Potential for Identity theft and CC fraud January 22, 2005 Universit of Notre Dame University Hackers SSNs, Credit Card Data, and Check Images of School Donors No External Breach Yes Unknown Potential for ID Theft January 23, 2005 University of WA Medical School University Stolen Laptops Names, SSNs, Maiden Names, DOBs, Medical Information No Internal Breach Yes 1,600 Potential for ID Theft January 24, 2005 Science Applications International Corp.<br><br> (San Diego, CA) Data Broker Stolen Computers Names, SSNs of past and current employees No External Yes On January 25, thieves broke into a SAIC facility and stole computers 45,000 Potential for ID Theft February 12, 2005 Choice Point (Alpharetta, GA) Data Broker Bogus Accounts Established by ID Thieves Credit Report Header Data and Other Identifying Information No External Breach Yes 145,000 Potential for ID Theft, (Update)- ChoicePoint settled with the FTC for $10 Million in Civil Penalties and $5 million for consumer redress (Update)-FTC announced reinbursement of victims of identity theft. February 15, 2005 Company Type GLBA Notice Requirements Apply? Chronological Data Breach List Bank of America Financial Baggage Handlers Lost or Stole Tape Retail Deposit Account Yes External Breach Unlikely (Would Need Mainframe) Data Transfer to Secondary Site 3 Not Encrypted 1.2 Million None Likely February 25, 2005 PayMaxx (Miramar, FL) Processor Exposed Online Yes External Breach 25,000 February 25, 2005 Discount Shoe Warehouse (DSW) (Columbus, OH) Firm Computer Breach Credit Card No Internal Breach Yes Violated Card Network Rules by Keeping Data 100,000 March 8, 2005 Lexis-Nexis (Dayton, OH) Data Broker Computer Breach Credit Report Header Data and Other Identifying Information No Internal Breach Yes As of 6/30/06, five men arrested in connection to breach In Excess of 300,000 Potential for ID Theft March 10, 2005 Boston College (MA) University Hacking No External Breach 120,000 March 11, 2005 Univ.<br><br> of CA, Berkeley University Stolen Laptop No Internal Breach 98,400 March 11, 2005 NV DMV (NV) Government Stolen Computer No Internal Breach 8,900 (not Included in total) Recovered March 12, 2005 Northwestern University (IL) University Hacking No External Breach 21,000 March 20, 2005 Univ. of NV (Las Vegas) University Hacking No External Breach 5,000 March 20, 2005 CA State Univ. (Chico) University Hacking No External Breach 59,000 March 22, 2005 Univ.<br><br> of CA (San Francisco) University Hacking No External Breach 7,000 March 23, 2005 Univ. of Chicago Hospital University Dishonest Insider No Internal Breach Unknown March 28, 2005 GA DMV (GA) Government Dishonest Insider No Internal Breach 465,000 April 1, 2005 MCI (Ashburn, VA) Firm Stolen Laptop No Internal Breach 16,500 April 5, 2005 Eastern National Firm Hacking No External Breach 15,000 April 8, 2005 San Jose Medical Group (San Jose, CA) Firm Stolen Computer No Internal Breach 185,000 April 8, 2005 Tufts University (Boston, MA) University Hacking No External Breach 106,000 April 11, 2005 LexisNexis (Dayton, OH) Data Broker Passwords Compromised No External Breach As of 6/30/06, five men arrested in connection to breach 280,000 April 12, 2005 California Fastrack (CA) Firm Dishonest Insider No Internal Breach 4,500 April 14, 2005 Polo Ralph Lauren/ HSBC (NYC, NY) Firm Computer Breach Credit Card No Internal Breach Yes Violated Card Network Rules by Keeping Data 180,000 HSBC Cardholders Notified Card Fraud 3 No Liability for Unauthorized Accounts or Transactions April 14, 2005 CA Dept. of Health Services (CA) Government Stolen Laptop No Internal Breach 21,600 April 15, 2005 Discount Shoe Warehouse (DSW) (Columbus, OH) Firm Computer Breach Credit Card No Internal Breach Yes Violated Card Network Rules by Keeping Data 1.3 Million Card Fraud 3 No Liability for Unauthorized Accounts or Transactions April 18, 2005 Ameritrade (Bellevue, NE) Firm Lost Backup Tape Yes External Breach 200,000 April 20, 2005 Carnegie Mellon University (PA) University Hacking No External Breach 19,000 April 21, 2005 Christus St.<br><br> Joseph's Hospital (Houston, TX) Firm Stolen Computer No Internal Breach 19,000 April 26, 2005 Michigan State University, Wharton Center University Hacking No External Breach 40,000 April 26, 2005 Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp Financial Sale of Data by bank Employees to Collection Company Retail Deposit Account/Credit Reports Yes Internal Breach Yes Internal Unauthorized Use 676,000 April 28, 2005 Georgia Southern University (GA) University Hacking No External Breach - April 28, 2005 Oklahoma State University (OK) University Missing Laptop No Internal Breach 37,000 April 29, 2005 Time Warner (NYC, NY) Firm Lost Backup Tapes No Internal Breach 600,000 May 2, 2005 CO Health Department (CO) Government Stolen Laptop No Internal Breach Families 1,600 (families) May 4, 2005 Purdue University (IN) University Hacking No External Breach 11,360 May 5, 2005 Department of Justice (DC) Government Stolen Laptop No Internal Breach 80,000 May 7, 2005 Stanford University (CA) University Hacking No External Breach 9,900 May 11, 2005 Hinsdale Central High School (Hinsdale, IL) Government Hacking No External Breach 2,400 May 12, 2005 Westborough Bank (Westborough, MA) Financial Dishonest Insider Yes Internal Breach 750 May 16, 2005 Jackson Community College (MI) University Hacking No External Breach 8,000 May 18, 2005 University of Iowa (IA) University Hacking No External Breach 30,000 May 18, 2005 Valdosta State University (GA) University Hacking No External Breach 40,000 May 19, 2005 Duke University (NC) University Hacking No External Breach 5,500 May 26, 2005 Cleveland State University (OH) University Stolen Laptop No Internal Breach 44,420 (Not included in total) Laptop Found 12/24/2005 May 27, 2005 Merlin Data Services (Kalispell, MT) Data Broker Bogus Account Set Up No External Breach 9,000 May 28, 2005 Motorola Firm Computers Stolen No Internal Breach Unknown May 30, 2005 Citi Financial Financial UPS Lost Data Tapes in Transit SSNs and Loan Pa ment Records Yes External Breach Unlikely (Would Need Mainframe) Data Transfer to Secondary Site 3 Not Encrypted 3.9 Million Potential for ID Theft June 6, 2005 FDIC Government Not Disclosed No External Breach 6,000 June 10, 2005 Card Systems Processor Computer Breach Credit Card Yes Internal Breach Yes Violated Card Network Rules in Keeping Data 40 Million, Approximatel y 200,000 Potentially at Greater Risk Card Fraud 3 No Liability for Unauthorized Accounts or Transactions June 16, 2005 Kent State University University Stolen Laptop No Internal Breach 1,400 June 17, 2005 University of Hawaii (HI) University Dishonest Insider No Internal Breach 150,000 June 18, 2005 Eastman Kodak Firm Stolen Laptop No Internal Breach 5,800 June 22, 2005 East Carolina University (NC) University Hacking No External Breach 250 June 22, 2005 University of CT (CT) University Hacking No External Breach 72,000 June 25, 2005 Lucas County Childrens Services (OH) Government Exposed by Mail No External Breach 900 June 28, 2005 Bank of America Financial Stolen Laptop Yes Internal Breach 18,000 June 29, 2005 OH State Universit , Medical Center (OH) University Stolen Laptop No Internal Breach 15,000 June 30, 2005 University of CA (San Diego) University Hacking No External Breach Yes 3,300 July 1, 2005 City National Bank Financial Lost Backup Tapes Yes External Breach Unknown July 6, 2005 Michigan State University (MI) University Hacking No External Breach Yes 27,000 July 7, 2005 University of Southern Calif. (CA) University Hacking No External Breach Yes 270,000 July 19, 2005 University of Colorado (Bolder) University Hacking No External Breach Yes Update(8/20/05)- estimate on number of students affected increased to 49,000 49,000 July 21, 2005 San Diego Co. Employees Retirement Assoc.<br><br> (CA) Government Hacking No External Breach Yes 33,000 July 30, 2005 Calif. State University (Dominquez Hills) University Hacking No External Breach Yes 9,613 July 30, 2005 Cal-Poly (Pomona, CA) University Hacking No External Breach Yes 31,077 July 31, 2005 University of Colorado University Hacking No External Breach Yes 36,000 August 2, 2005 Sonoma State University University Hacking No External Breach Yes 61,709 August 9, 2005 University of Utah University Hacking No External Breach Yes 100,000 August 9, 2005 University of North Texas University Hacking No External Breach Yes 39,000 August 10, 2005 Calif. State University (Stanisluas) University Hacking No External Breach Yes 900 August 17, 2005 University of Colorado University Hacking No External Breach Yes 49,000 August 19, 2005 Air Force Government Hacking No External Breach Yes 33,300 August 22, 2005 University of FL, Health Sciences Center University Stolen Laptop No Internal Breach Yes 3,851 August 27, 2005 J.P.<br><br> Morgan (Dallas, TX) Financial Stolen Laptop Yes Internal Breach Yes Unknown August 30, 2005 Calif. State University, Chancellor's Office University Hacking No External Breach Yes 154 August 30, 2005 Iowa Student Loan (W. Des Moines) Financial Lost Disk SSN, other personal info No External Yes Lost when shipped by a private courier 165,000 September 2, 2005 Kent State University University Stolen Computers No Internal Breach Yes 100,000 September 10, 2005 Miami University University Exposed Online No External Breach Yes 21,762 September 15, 2005 Choice Point (Alpharetta, GA) Data Broker ID Thieves Accessed Misuse of IDs & Passwords No External Breach 2nd Notice of breach, this total in addition to previous total 9,903 Potential for ID Theft September 16, 2005 North Fork Bank, (NY) Financial Stolen Laptop with Mortgage Data Yes Internal Breach Yes 9,000 September 17, 2005 Children's Health Council (San Jose, CA) Firm Stolen Backup Tape No Internal Breach 5,000 - 6,000 September 19, 2005 City University of New York (NY) University Exposed Online No External Breach Yes 350 September 22, 2005 Bank of America Financial Stolen Laptop with Information of Visa Buxx Users Yes Internal Breach Yes Debit Cards Not Disclosed September 23, 2005 RBC Dain Rauscher Firm Illegitimate Access to Customer Data by Former Employee No Internal Breach Yes 100+ Customer Records Compromised out of 300,000 100+ September 28, 2005 University of GA University Hacking No External Breach Yes At Least 1,600 September 29, 2005 OH State Medical Center (OH) University Exposed Online Appointment Information, SSNs, DOB, Addresses, Phone Numbers, Medical Information No External Breach Yes 2,800 Potential for ID Theft October 12, 2005 Montclair State University University Exposed Online No External Breach Yes 9,100 October 15, 2005 Wilcox Memorial Hospital, Hawaii Firm Lost Backup Tape No External Breach 130,000 October 21, 2005 University of TN Medical Center University Stolen Laptop No Internal Breach Yes 3,800 November 1, 2005 Keck School of Medicine, USC University Stolen Computer No Internal Breach Yes 50,000 November 4, 2005 Safeway, Hawaii Firm Stolen Laptop No Internal Breach Yes 1,400 November 5, 2005 Choice Point (Alpharetta, GA) Data Broker No Bogus Accounts Established by Thieves, Total Now 162,000 17,000 more November 8, 2005 TransUnion Data Broker Stolen Computer No Internal Breach Yes 3,623 November 9, 2005 Scottrade Troy Group Firm Hacking No Yes Unknown November 11, 2005 GA Tech Ofc.<br><br> Of Enrollment Services University Stolen Computer No Internal Breach Yes 13,000 November 11, 2005 Boeing Firm Stolen Laptop HR Data, SSNs, Bank Acct Numbers No Internal Breach Yes 161,000 Potential for ID Theft November 19, 2005 Firstrust Bank Financial Stolen Laptop Yes Internal Breach Yes 100,000 December 1, 2005 University of San Diego (CA) University Hacking Faculty, Students, and Employee Tax Forms With SSNs No External Breach Yes 7,800 Potential for ID Theft December 1, 2005 Cornell Universit (Ithaca, NY) University Hacking Names, Addresses, SSNs, Bank Names and Acct Numbers No External Breach Yes 900 Potential for ID Theft December 2, 2005 WA Employment Security Dept. Government Stolen Laptop Names, SSNs and Earnings of Former Employees No Internal Breach Yes 530 Potential for ID Theft December 6, 2005 Sam's Club/ Wal- Mart Firm Unknown. Exposed Credit Card Data at Gas Stations No Unknown Potential for ID Theft December 12, 2005 La Salle Bank, ABN AMRO Mortgage Group Financial Backup Tape SSNs and Account Information Yes External Breach Unlikely (Would Need Mainframe) Residential Mortgage Customers Lost in Shipment by DHL 2,000,000 (Not included in the total) DHL Found Tape 12/20/2005 December 16, 2005 Colorado Tech University University E-mail Erroneously Sent Names, Phone Numbers, E- mail Addresses, SSNs and Class Schedules No Internal Breach Yes 1,200 Potential for ID Theft December 16, 2005 Guidance Software, Inc.<br><br> Data Broker Hacking Customer Credit Card Numbers No External Breach Yes 3,800 Potential for ID Theft December 20, 2005 Ford Motor Company Firm Stolen Computer Names and SSNs of Current and Former Employees No Internal Breach Yes 70,000 Potential for ID Theft December 22, 2005 Iowa State University University Hacking Credit Card Information and SSNs No External Breach Yes 5,500 Potential for ID Theft December 25, 2005 Marriot International Firm Lost Backup Tape SSNs, Credit Card Data of Time-Share Owneres No External Breach 206,000 Potential for ID Theft December 28, 2005 Ameriprise Firm Stolen Laptop Names, SSNs, and for some Ameriprise Acct Information No Internal Breach Yes Update(8/06/06)- laptop recovered by law enforcement. Update(12/11/06)- company settled in Massachusetts regulator office and will pay $25,000 for cost of investigation 260,00 Potential for ID Theft December 30, 2005 University of Pittsburgh Medical Center University 6 Stolen Computers Names, SSNs, and Birthdates No Internal Breach Yes 700 Potential for ID Theft January 1, 2006 H&R Block Firm Exposed on Mailing Label SSNs No Internal Breach Yes Unknown Potential for ID Theft January 2, 2006 Alantis Hotel- Kerzner Int'l Firm Hacking Personal Information, SSNs, DLNs, Bank Account Data No External Breach Yes 55,000 Potential for ID Theft January 9, 2006 People's Bank Financial Lost Computer Tape Personal Information, SSNs, Bank Account Data Yes External Breach 90,000 Potential for ID Theft January 12, 2006 City of San Diego, Water & Sewer Dept. Government Dishonest Employee Customer Acct Files, SSNs No Internal Breach Yes Unknown ID Theft Commited January 17, 2006 Univ.<br><br> Place Conf. Center & Hotel, Indiana Univ. University Hacking Reservation Information and CC Numbers No - - Unknown Potential for ID Theft January 20, 2006 California Army National Guard Government Stolen Breifcase Personal Information, SSNs, DOBs No Internal Breach Yes Hundreds of Officiers Potential for ID Theft January 21, 2006 Univ.<br><br> of Notre Dame University Hacking SSNs, CCNs, and Check Images of School Donors No - Yes Unknown Potential for ID Theft January 23, 2006 Univ. of WA Medical Center University Laptops Stolen Names, SSNs, Maiden Names, DOBs, Medical Information No - Yes 1,600 Potential for ID Theft January 24, 2006 Providence Home Services (OR) Firm Stolen Backup Tapes SSNs, Clinial Information, Demographic Information, and some Financial Data No Internal Breach (9/26/05)-PHS and Oregon Attorney General have settled, PHS will offer free credit monitoring, restoration and reimbursement to vicitms 365,000 Potential for ID Theft January 25, 2006 State of RI Web Site Government Hackers Credit Card Information and Personal Information No External Breach Yes 4,117 Potential for ID Theft January 27, 2006 Boston Globe Firm Subscriber Data Delivered With Newspaper Subscriber Names and Credit Card Numbers No Internal Breach Yes Data Originally Compromised at Rhode Island State Website, but not reported. Data Slips were Recycled and used as Routing Slips 240,000 Potential for ID Theft January 31, 2006 Worcester Telegram & Gazette Firm Subscriber Data Delivered With Newspaper Subscriber Names, bank routing numbers, and Credit Card Numbers No Internal Breach Yes Data Originally Compromised at Rhode Island State Website, but not reported.<br><br> Data Slips were Recycled and used as Routing Slips 1,100 Potential for ID Theft January 31, 2006 Blue Cross and Blue Shield of North Carolina Firm Inadvertently exposed SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan. No Internal Breach 600 Potential for ID Theft February 1, 2006 FedEx Firm Inadvertently exposed W-2 forms included other workers' tax information such as SSNs and salaries. No External Breach 8,500 Potential for ID Theft February 4, 2006 Honeywell Firm Data Posted on Internet SSNs, Bank Acct Numbers, Personal Data No Internal Breach Yes 19,000 Current and Former Employees Potential for ID Theft February 9, 2006 Unknown (OfficeMax) Firm Hackin g.<br><br> Debit card accounts exposed. No External Breach 200,000 February 9, 2006 Ernst & Young (UK) Firm Laptop Stolen Customers' Personal Information, SSNs - External Breach Yes BP Employees in addition to Sun, Cisco, and IBM Employees 38,000 Potential for ID Theft February 13, 2006 Dept. of Agriculture (DC) Government Inadvertently exposed SS and tax Id numbers in FOIA request.<br><br> No Internal Breach 350,000 Potential for ID Theft February 15, 2006 Old Dominion University (VA) University Exposed online. Instructor posted a class roster containing names and social security numbers to a web site. No Internal Breach 601 Potential for ID Theft February 15, 2006 Blue Cross and Blue Shield of Florida Firm Inadvertently exposed Contractor sent names and SSNs of current and former employees, vendors and contractors to his home computer in violation of company policies.<br><br> No Internal Breach 27,000 Potential for ID Theft February 16, 2006 Mount St. Mary's Hospital (Lewiston, NY) Firm 2 Laptops Stolen in Armed Robbery DOB, SSNs, and Addresses No External Breach 17,000 Potential for ID Theft February 17, 2006 CA Dept. of Corrections (Pelican Bay) Government Inside Job Inmates gained access to files containing employees' SSNs, BDs, and pension account information stored in warehouse.<br><br> No Internal Breach Unknown Potential for ID Theft February 17, 2006 University of Northern Iowa University Hacking Computer holding W-2 forms of student employees and faculty was illegally accessed. No Internal Breach 6,000 Potential for ID Theft February 18, 2006 Deloitte and Touche (McAfee Employee Information) Firm Lost CD Names, SSNs, and stock holdings in McAfee of current and former McAfee empoyees Yes Internal Breach 9,290 Potential for ID Theft February 23, 2006 Medco Health Solutions (Columbus, OH) Firm Laptop Stolen SSNs and DOB No Unknown Yes 4,600 Potential for ID Theft March 1, 2006 OH Secretary of State's Office Government Exposed SSNs, DOBs, and other personal data posted on State website as part of standard business practice. No Internal Breach Yes Unknown Potential for ID Theft March 1, 2006 Los Angeles County Dept.<br><br> of Social Services (LA, CA) Government Neglect Names, Dependents, SSNs, Telephone Numbers, Medical Info, Employer Info, W-2 Forms, and DOB No Internal Breach Yes File boxes left unattended and unshredded 2000000 (Not included in the total) Potential for ID Theft March 2, 2006 Hamilton County Clerk of Courts (OH) Government Stolen from Website SSNs, Other Personal Data of State Residents No External Breach Yes 1300000 (Not included in the total) Identity Theft WAS committed March 2, 2006 Olympic Funding (Chicago, IL) Government Theft by Taking Client Names, SSNs, Addresses, and Phone Numbers. No External Breach Yes Data contained on 2 hard drives that were taken. Unknown March 2, 2006 Metropolitain State College (Denver, CO) University Stolen Laptop Names and SSNs of registered for courses between the 1996 Fall Semester and the 2005 Summer Semester No Unknown Yes 93,000 Potential for ID Theft March 3, 2006 Georgetown University (DC) University Hacking Personal Information including: SSNs, DOBs, Numbers of DC Seniors served by the Office on Aging.<br><br> No External Breach Yes 41,000 Potential for ID Theft March 5, 2006 Verizon Communications (NYC, NY) Firm 2 Laptops Stolen Employee's SSNs No Unknown Yes Significant Number Potential for ID Theft March 8, 2006 iBill (Deerfield Beach, FL) Processor Computer Breach Names, Phone Numbers, Addresses, E- mail Addresses, Logins and Passwords, Credit Card types and Purchase Amounts. Yes External Breach Credit Card Numbers, Expiration Dates, Security Codes, and SSNs were not included, but company states that social engineering could put affected individuals at risk. 17781462 (Not included in the total) Potential for ID Theft March 8, 2006 CA Dept.<br><br> of Consumer Affairs (DCA) (Sacramento, CA) Government Mail Theft Applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms included full or partial SSNs, DLs Numbers, and Payment Checks. No External Breach Yes A Small Number Potential for ID Theft March 11, 2006 General Motors (Detroit, MI) Firm Employee Information Stolen SSNs No Internal Yes 100 ID theft March 14, 2006 Buffalo Bisons and Choice One Online (Buffalo, NY) Firm Hacking Credit Card Numbers, Names, and Passwords No External Breach Yes Unknown Potential for ID Theft March 14, 2006 Ernst & Young (UK) Firm Laptop Stolen DOB, Family Sizes, SSNs, and Tax Id's for Previous IBM Employees Unknown Potential for ID Theft March 15, 2006 Bananas.com (San Rafael, CA) Firm Hacking Customer Names, Addresses, Phone Numbers, and Credit Card Numbers No External Breach Yes 274 Potential for ID Theft March 16, 2006 Fidelty Investments (Boston, MA) Financial Stolen Laptop Personal Information, SSNs, Bank Account Data No Unknown Yes Data was for HP, Compaq, and DEC Retirement Acct Customers 196,000 Potential for ID Theft March 23, 2006 CA State Employment Development Division (Sacramento, CA) Government Computer Glitch Employment Development Division 1099 Tax Forms containing SSNs and Income Information to the wrong addresses.<br><br> No Internal Breach Yes 64,000 Potential for ID Theft March 24, 2006 Vermont State Colleges (VT) University Laptop Stolen SSNs, Payroll Data of Students, Faculty and Staff assoc. with the 5- campus system from as far back as 2000 No External Breach Yes 14,000 Potential for ID Theft March 24, 2006 GA Technology Authority (Atlanta, GA) Firm Hacking SSNs, Bank Acct Numbers for State Pensioners No - Yes Security Flaw Exploited 573,000 Potential for ID Theft March 30, 2006 Marines (Montere , CA) Government Hardware Lost Personal Information No - - Device contained personal information used for research on re-enlistment bonuses 207,750 Potential for ID Theft March 30, 2006 CT Technical High School System (Middletown, CT) Government Employee Mishap SSNs No Internal Yes SSNs of Students and Faculty Mistakenly Distributed via e-mail 1,250 Potential for ID Theft March 30, 2006 Authorize.net Firm Hacking - No External Breach - Suspicious transactions, most for $500 or $700, were pushed through the merchant accounts of at least three companies including Sportbike Track Time (Delta, OH) 3,000 Merchant Fraud Appears to have Occurred and Potential for Identity Theft April 4, 2006 Progressice Casualty Insurance (Mayfield Village, OH) Firm Employee Accessed Confidential Information Names, SSNs, DOBs, Property Addresses - Internal Yes Emplo yee accessed data on foreclosure properties she was interested in buying. 13 April 6, 2006 DiscountDomain Registry.com (Brooklyn, NY) Firm Information was exposed and accessable online Usernames, Passwords, CCNs No External Breach Yes Domain registraints personal information exposed online thousands Potential for ID Theft April 7, 2006 University of Medicine and Denistry of New Jersey (Newark, NJ) University Hacking SSNs, Loan Information, and other confidential financial information No External Breach Yes Information accessed for students and alumni 1,850 Potential for ID Theft April 9, 2006 Ross-Simons (Providence, RI) Firm - Private label CCNs and other personal information of applicants No - - - Unknown Potential for ID Theft April 12, 2006 Univ.<br><br> of South Carolina (Columbia) University E-mail Erroneously Sent SSNs No Internal Yes SSNs of students were mistakenly sent to classmates 1,400 Potential for ID Theft April 14, 2006 Univ. of Alaska (Fairbanks) University Hacking SSNs, partial E-mail addresses No - Yes Information accessed was for current and former students, facult and staff. 38,941 Potential for ID Theft April 21, 2006 Ohio University Innovation Center (Athens, OH) University Compromised server emails, patent and intellectual property files and SSN No Yes Unknown Potential for ID Theft April 21, 2006 University of Texas' McCombs School University Hacking SSN, partial email addresses of current and former students, faculty and staff No - Yes Information contained names, biographical information, SSN, DOB 197,000 Potential for ID Theft April 24, 2006 Ohio University (Athens, OH) University Hacking Biographical Info and SSNs No Yes 300,000 Potential for ID Theft April 24, 2006 Aetna (Hartford, CT) Firm Laptop Stolen Health Records and Names, Addresses and SSNs - External Breach Yes Information for employees of 2 member companies: Omni Hotels and Dept.<br><br> of Defense 38,000 Potential for ID Theft April 26, 2006 Purdue University (IN) University Hacking Personal Information and SSNs No - Yes Information for current, former grad and prospective students, and applicants for undergrad scholarships 1,351 Potential for ID Theft April 26, 2006 MasterCard (Potentially UK only) Financial Not Disclosed Credit Card Details - - - - 2000 (Not included in total) Potential for ID Theft April 27, 2006 Long Island Rail Road (Jamaica, NY) Government Lost by Delivery Contractor Names, Addresses, SSNs, and Salary Figures No - - Lost by delivery contractor Iron Mountain while enroute* 17,000 - April 27, 2006 * US Dept. of Veterans Affairs Government - Waiting for more Info - - - Tapes may have been lost during the same delivery by Iron Mountain - - April 27, 2006 Ohio's Secretary of State (Cleveland) Government CDs Containing SSNs Erroneously Sent SSNs - Internal Yes Unknown how many CDs include the SSNs sent to 20 political campaign operations (9/15/06)- A news report said that some SSNs still remain on the agency's website Potentially 7.7 million Potential for ID Theft April 28, 2006 Dept. of Defense (DC) Government Hacking "Personal Information" - - Yes Accessed Tricare public server containing data on military employees Unknown Potential for ID Theft April 28, 2006 GA State Gov't (Atlanta) Government - CCNs, DOB and SSNs No Internal Yes Surplus computers that contained GA citizen data were sold before the hard drives were erased Unknown Potential for ID Theft May 2, 2006 Ohio University (Athens) University Hacking Biographical Info and SSNs No - Yes Data was for Alumni 300,000 Potential for ID Theft May 2, 2006 ID Power Co.<br><br> (Boise) Firm - Confidential Co Docs, Employee Names, SSNs and Confidential Co Docs to the Co's CEO No - Yes 4 company hard drives were sold on eBa containin this data - Co Docs estimated as hundreds of thousands Unknown Potential for ID Theft and Corporate Fraud May 4, 2006 Wells Far o (San Fransico, CA) Financial Computer ma have been stolen Names, Addresses, SSNs, Mort Ln Deposit #s Yes - - Data is on existing and prospective customers Unknown Potential for ID Theft May 5, 2006 Dept. of Veteran Affairs (DC) Government Lost data tape SSN, DOB, legal doc. No Internal Yes (10/11/06)-VA's Office of General Counsel is offering identity theft protection services to those affected by the missing tapes 16,500 May 5, 2006 Ohio University Hudson Health Center (Athens) University Hacking Names, DOB, SSN, Medical Information Accessed No - Yes - 60,000 Potential for ID Theft May 11, 2006 Mercantile Potomac Bank (Gaithersburg, MD) Financial Laptop Stolen SSN, Account Numbers Yes Internal Yes Employee removed laptop from premises and laptop was stolen 48,000 Potential for ID Theft May 12, 2006 American Institute of Certified Public Accountants (New York, NY) Firm Neglect when Shipped Unencrypted hard-drive with names, addresses and SSN No External Yes 330,000 Potential for ID Theft May 19, 2006 Unknown Retail Merchant Firm Hacking Credit card numbers stolen No External No No names, SSN, or other personal data was taken Unknown May 19, 2006 Dept.<br><br> of Veteran Affairs (DC) Government Lost Laptop Names, SSN, DOB, addresses, and phone numbers No Internal Yes Data for all American veterans who were discharged since 1975 (7/14/06)-FBI claims no data taken (8/5/06)-Two teens arrested in the theft (8/25/06)-Secretary Nicholson told veterans of decision to not to offer credit monitoring services 28,600,000 6/29/06 Laptops and external drives were recovered May 22, 2006 M&T Bank (Buffalo, NY) Financial Stolen laptop Client Names, SSNs, Addresses, and Phone Numbers. Yes Internal Yes Laptop stolen from Employee's car Unknown Potential for ID Theft May 23, 2006 University of Delaware (Newark) University Exposed data Names, SSN, Drivers License #s No Internal Yes Computer server exposed data 1,076 Potential for ID Theft May 23, 2006 American Red Cross, St. Louis Chapter Government Misuse of donor numbers Personal information No Internal Yes Dishonest employee misused at least three people's identities, but had access to 1 million 1,000,000 Potential for ID Theft May 24, 2006 Sacred Heart University (Fairfield, CT) University Hacking Personal information stolen from a computer No External Yes Unknown Potential for ID Theft May 24, 2006 Vystar Credit Union (Jacksonville, FL) Financial Hacking Personal Information Yes External Yes Approximatel y 34,400 May 25, 2006 Texas Guaranteed Student Loan Corp Processor Lost hard- drive Names and SSN No Internal Yes Texas Guaranteed was notified by subcontractor Hummingbird that an employee had lost information (6/16/06) TG says a total of 1.7 million people's information was compromised 1,700,000 May 30, 2006 Florida Int'l University (Miami) University Hacking Students names, applications and SSN No - Yes Unknown May 30, 2006 Ernst & Young (UK) Firm Laptop Stolen Names, Addresses, Credit card and debit card numbers of Hotel.com cusomters No External Yes 243,000 Potential for ID Theft June 1, 2006 Miami University (Ohio) University Lost PDA Sutdent personal information No Internal Yes Employee lost hand- held personal computer containin personal information of students 851 Potential for ID Theft June 1, 2006 University of Kentucky (Lexington) University Exposed Information Personal Information of current and former UK employees No - Yes Information inadvertantly accessible online for 19 days in May 1,300 Potential for ID Theft June 1, 2006 Buckeye Community Health Plan (Columbus, OH) Financial Stolen Laptop Names, SSN and Addresses No - Yes Four laptops were stolen 72,000 Potential for ID Theft June 2, 2006 Ahold USA (Landover, MD) via subcontractor Electronic Data Systems (Plano, TX) Firm Lost Laptop Pension data including SSN, DOB and Benefit amounts No - Yes Lost laptop on commerical flight Unknown Potential for ID Theft June 2, 2006 Humana (Louisville, KY) Firm Exposed Data SSN, DOB No External Yes Employee filed to delete exposed file on hotel computer 17,000 Potential for ID Theft June 2, 2006 YMCA (Providence, RI) Non-profit Stolen Laptop Credit card, debit card, checking account, SSN and names No Yes 65,000 Potential for ID Theft June 2, 2006 Internal Revenue Service (DC) Government Lost Laptop SSN, DOB, finger prints No External Yes Lost laptop on commerical flight 291 Potential for ID Theft June 5, 2006 Uni.<br><br> Of TX (El Paso, TX) University Hacking SSN No External Yes Students hacked to rig Student Government election 4,719 Potential for ID Theft June 6, 2006 U of MI Credit Union (Ann Arbor, MI) Financial Stolen paper documents SSN, DOB Yes Internal Yes Employee stole documents with personal information 5,000 Potential for ID Theft June 8, 2006 Denver Election Commission (Denver, CO) Government Lost documents SSN, addresses, DOB No - Yes Voter information lost 150,000 Potential for ID Theft June 11, 2006 U.S. Dept of Energy (DC) Government Hacking Name, SSN, Security Clearance Levels No External Yes 1,502 Potential for ID Theft June 12, 2006 Minn. State Auditor (St.<br><br> Paul, MN) Government Lost Laptop SSN, government info No - Yes Three Laptops with information from auditors is missing 493 June 13, 2006 OR Dept. of Revenue (Salem, OR) Government Trojan virus Tax payer info No External - Former employee downloaded trojan virus, which could have taken data back to the source 2,200 Potential for ID Theft June 13, 2006 Dept. of Energy (Richland, WA) Government Stolen data Personal employee data No External Yes Police found 1996 list of personal data on employees from facility, at a home in a unrelated investigation 4,000 Potential for ID Theft June 13, 2006 American Insurance Group (New York, NY) Financial Server stolen Medical records and personal info Yes - Yes 930,000 June 14, 2006 Western Illinois U.<br><br> (Macomb, IL) University Hacking CCNs, DOB and SSNs No External Yes (7/5/06)-Number of affected reduced from 240,000 180,000 7/5/06 Number of affected reduced from 240,000 June 14, 2006 ING (Miami, FL) Financial Laptop lost Names, DOB, SSN, Yes External Yes 8,500 June 16, 2006 Union Pacific (Omaha, NE) Firm Laptop stolen Names, SSN, DOB, addresses, and phone numbers No External Yes Stolen on April 29th 30,000 June 16, 2006 NY State Controller's Office (Albany, NY) Government Lost data cartridge Names,SSN, DOB, salaries No - 1,300 June 16, 2006 U. of KY (Lexington, KY) University Flash drive stolen Students names, and SSN No External Yes Professor's jump drive stolen 6,500 June 16, 2006 ING (DC) Financial Laptop Stolen Retirement plan info Yes External Yes 13,000 June 17, 2006 CA Dept of Health Services (Sacramento, CA) Healthcare Exposed data SSN, phone numbers, emails No External Yes Documents were not shredded when discarded 1,550 June 17, 2006 Automatic Data Processing (Roseland, NJ) Processor Mis-sent Fax Personal and payroll info No External Yes Information faxed to an unintended third party 80 June 17, 2006 Equifax (Atlanta, GA) Processor Stolen Laptop Names, SSN, No External Breach Yes Stolen from an employee 2,500 June 20, 2006 U of AL (Birmingham, AL) University Stolen Laptop Names, SSN, Medical Info No External Breach Yes Info on kidney donors 9,800 June 20, 2006 Cape Fear Valley Health System (Fayetteville, NC) Healthcare Stolen Laptop Personal Information No External Yes Computer stolen from ambulance of Cumberland Co Emergency Medical Services 24,350 June 21, 2006 Lancaster General Hospital (Lancaster, PA) Healthcare Computer stolen Personal Information No External Yes Stolen from a locked doctors office "Hundreds of local physicians" June 21, 2006 Depart. Of Ag (DC) Government Hacking Names, SSN, photos of employees No External Yes 26,000 June 22, 2006 Fed.<br><br> Trade Comm. (DC) Government Stolen laptops Names, address, DOB, financial accounts No External Yes Stolen from an employees vehicle 110 June 22, 2006 U.S. Navy (DC) Government Exposed Information Names, DOB, SSN No External Yes Exposed on a civilian website 30,000 June 23, 2006 King County Records, Election and Licensing Services Division (Seattle, WA) Government Exposed Information SSN, drivers license number, names No External Yes Posted data online Unknown June 23, 2006 Catawba County Schools (Newton, NC) Government Exposed Information SSN and test scores No External Yes Posted data online 619 Data has been removed June 23, 2006 CA Dept of Health Services (Sacramento, CA) Healthcare Exposed Information Names, DOB, SSN No Internal Yes Files found in employee cubicle 323 June 23, 2006 San Francisco State U.<br><br> (CA) University Stolen laptop Names, SSN, phone numbers No External Yes Faculty laptop with student info 3,000 June 23, 2006 Government Accountability Office (DC) Government Exposed Information Audit reports, Names, SSN, addresses No External Yes Posted data online 1,000 June 27, 2006 AAAAA Rent-A- Space (Colma, CA) Firm Exposed Information Names, address, CCN, SSN No External Yes Security Flaw Exploited 13,000 June 28, 2006 All-State Insurance (Huntsville, AL) Financial Computer stolen Images of Insurance policies, SSN Yes External Yes 2,700 June 29, 2006 Nebraska Treasurer's Office (Lincoln, NE) Government Hacking Names, SSN, tax ID#s No External Yes 309,000 June 29, 2006 Minnesota Dept. of Revenue (St. Paul, MN) Government Missing data tape Names, addresses, SSN No - - A package containing a data tape was lost during delivery (7/20/06)- Package was reported delivered 2 months later, temporarily lost by US Postal 50,400 June 29, 2006 Nat'l Institute of Health Federal Credit Union (Rockville, MD) Government - - No - - Law enforcement is investigating, little info was given 41000 (Not included in the total) Very few of the 41,000 were affected June 30, 2006 American Red Cross, (Dallas, TX) Government Stolen Laptop Names, DOB, SSN, donor info No External No The data was encrypted Unknown July 1, 2006 Bisys Group Inc.<br><br> (Roseland, NJ) Government Backup Tape SSN No External - Employee truck carrying data tapes was stolen 61,000 July 5, 2006 Automatic Data Processing (Roseland, NJ) Processor Provided information to scam-artist Names, addresses, number of shares held No External Yes Did not provide SSN or account numbers Unknown July 6, 2006 Nat'l Association of Securities Dealers (Boca Raton, FL) Financial Stolen laptops SSN of dealers, account number of consumers Yes External Yes Included SSNs of dealers who were subject to investigations involving misconduct 73 July 7, 2006 Naval Safety Center Government Exposed Information Personal information No External Yes Info of Naval and Marine aviators were exposed on Center website Unknown July 7, 2006 Montana Public Health and Human Services Dept. (Helena, MT) Government Stolen Computer Unknown No External - Computer stolen from the Drug Dependency Department Unknown July 7, 2006 City of Hattiesburg (Hattiesburg, MS) Government Stolen Hard Drives Personal Information No External Yes Surveillance cameras caught 2 intruders stealing hard drives "thousands of city workers and contractors" July 7, 2006 U. of TN University Hacking Names, addresses, SSN No External Yes 36,000 July 7, 2006 Moraine Park Technical College (Beaver Dam, Fond du Lac, & West Bend, WI) University Missing CD SSN, Phone numbers, and addresses No External Yes 1,500 July 13, 2006 Treasurer's computer in Circuit Court Clerk's Office (Hampton, VA) Government Exposed Information Tax payer info No External Yes (7/27/06)- Investigation concluded that the data was exposed due to software problems Over 100,000 records July 14, 2006 Northwestern University (IL) University Hacking Personal information No External Yes Files on 9 desktops were accessed "as many as 17,000 individual's records exposed" July 14, 2006 University of Iowa (IA) University Stolen Laptop SSN and Contact Info No External Yes 280 July 14, 2006 California Polytechnic State University University Stolen Laptop Names and SSN No External Yes 3,020 July 14, 2006 Mississippi Secretary of State (Jackson, MS) Government Exposed Information SSN No External Yes Thousands July 16, 2006 Vassar Brothers Medical Center (Poughkeepsie, NY) Healthcare Stolen Laptop SSN and DOB No External Yes (10/5/06)-Private investigators determined the laptop did not contain personally identifiable patient information 257,800 July 17, 2006 CS Stars, subsidiary of insurance company Marsh Inc.<br><br> (Chicago, IL) Financial Lost computer SSN and DOB Yes External Yes (7/26/06)-Computer was recovered 540,000 [computer recovered 7/26/06] Computer recovered July 18, 2006 NeInet Inc. (Lincoln, NE) Firm Lost data tape Personal Information No External Yes 188,000 July 18, 2006 U.S. Dept of Agriculture (Wellington, KS) Government Stolen Laptop Names, Addresses, SSN No External Yes 350 Recovered July 18, 2006 New York City Dept.<br><br> of Homeless Services Government Misdirected Email Names, SSN No External Yes Personal information of homeless individuals 8,400 July 24, 2006 Old Mutual Capital Inc., subsidiary of Old Mutual PLC Financial Stolen Laptop Names, addresses, account numbers and SSN No External Yes 6,500 July 25, 2006 Cablevision Systems Corp. Firm Lost data tape 401(k) info No External Yes Shipped b FedEx to Dallas, TX 13,700 July 25, 2006 Belhaven College (Jackson, MS) Government Stolen laptop Names, SSN No External Yes Employee carrying laptop robbed at un point Unknown July 25, 2006 Georgetown University Hospital (DC) Healthcare Exposed online Names, SSN, addresses, DOB No External Yes 23,000 July 25, 2006 U.S. Navy Recruitment Offices Government Stolen Laptop Recruiter information No External No Files were password protected 31,000 July 26, 2006 W.<br><br> Virginia Div. of Rehabilition Services (Beckley, WV) Government Stolen Laptop Names, Addresses, SSN, phone #s No External No Files were password protected Unknown July 26, 2006 Los Angeles County (CA) Government Stolen Laptop Personal Information No External Yes Unknown July 27, 2006 Los Angeles County, Adult Protective Services (Burbank, CA) Government 11 stolen laptops Personal Information No External Yes Unknown July 27, 2006 Kaiser Permanente Northern Calif. Office (Oakland, CA) Healthcare Stolen Laptop Names, phone #s and Kaiser #s No External Yes 160,000 July 27, 2006 Los Angeles Co., Community Development Commission (Monterey Park, CA) Non-profit Hacking Personal Information No External Yes 4,800 July 27, 2006 Matrix Bancorp Inc.<br><br> (Denver, CO) Financial 2 Laptops Stolen Account Information Yes External No Files were password protected Unknown July 28, 2006 Riverside, Calif., city employees Government Misdirected Email SSN and 401(k) info No External no Information accidentally emailed to 2,300 city employees nearly 2,000 July 28, 2006 Sentry Insurance (Stevens Point, WI) Financial Stolen data SSN Yes External Yes Programer/consultan t stole claimant's data and sold over the internet 112,270 72 claimant's data were sold July 29, 2006 U.S. Bank (Covington, KY) Financial Documents SSN, phone #s, names Yes External Yes Bank employee's briefcase stolen "very small number" August 1, 2006 Dollar Tree Firm Hacking- stolen money Bank account No External Yes Thief created counterfeit ATM card and made unathorized ATM withdrawls (10/5/06)- Parkev Krmoian was indicted by a federal grand jury for allegedly using phony ATM cards made from gift cards Total number unknown August 1, 2006 Wichita, State University (Wichita, KS) University Hacking Credit Card Info No External Yes unathorized access to 3 computers 2,000 August 1, 2006 Wichita, State University (Wichita, KS) University Hacking Personal Information No External Yes Information on 40 applicates for the Ps cholo doctoral department 40 August 1, 2006 Toyota Plant (San Antonio, TX) Firm Stolen Laptop Names and SSN No External Yes 1,500 August 4, 2006 PSA HealthCare (Norcross, GA) Healthcare Stolen Laptop Names, SSN and healthcare info No External Yes Stolen out of employee vehicle 51,000 August 4, 2006 America Online Firm Exposed Information SSN, credit card #, and other info No External Yes Posted on a public website (9/26/06)-3 individuals whose data were exposed have filed a lawsuit against AOL Unknown August 6, 2006 Veterans Affairs Dept. through Unisys Corp.<br><br> (Reston, VA) Government Stolen Computer Billing records No External Yes Update (9/15/06): Law enforcement recovered the computer and arrested an individual who had worked for a company that provides temporary labor to Unisys. 18,000 August 7, 2006 Linens N' Things (Sterling, Va) Firm Missing receipts Name and Credit/Debit card #s No External Yes 90 August 8, 2006 Virginia Bureau of Insurance Government Exposed Information Personal Information No External Yes Unknown August 8, 2006 U.S. Dept.<br><br> of Transportation Government Stolen laptop Personal Information No External Yes Stolen from a government vehicle Update(11/21/06)- Suspect was arrested in the same parkin lot where the theft occurred, no laptop was recovered 132,470 August 9, 2006 Madrona Medical Group (Bellingham, WA) Healthcare Hacking Name, address, SSN, DOB No External Yes Former employee accessed and downloaded patients files At Least 6,000 August 11, 2006 U.S. Dept. of Transportation (Orlando, FL) Government Stolen Laptop Personal Information No External Yes Employee laptop stolen from an Orlando hotel conference room Unknown August 15, 2006 University of Kentucky (Lexington) University Exposed Data Names and SSN No External Yes Posted on the Universit 's financial aid website 630 August 15, 2006 University of Kentucky (Lexington) University Exposed Data SSN No External Yes SSN were inadvertently listed on an email communication 80 August 15, 2006 Chevron (San Ramon, CA) Firm Stolen Laptop SSN and health plan info No External Yes Employee of independent public accounting firms' laptop was stolen Unknown August 16, 2006 Willams-Sonoma (San Fransisco, CA) Firm Stolen Laptop Payroll and SSN info No External Yes Stolen from Los Angeles home of Deloitte & Touche employee 1,200 current and former employee August 17, 2006 HCA, Inc.<br><br> Hospital Corp. of America (Nashville, TN) Healthcare Stolen computers Names, SSN No External Yes 10 computers containing Medicare and Medicaid billing information and record of emplo ees and physicians from 1996-2006 were stolen "thousands of files" August 17, 2006 Calif. Dept.<br><br> of Mental Health Government Missing computer tapes Names, Addresses, SSN No External Yes 9,468 August 18, 2006 U.S. Department of Ed. (DC) Government Laptops stolen from contractor Names, SSN No External Yes Personal information of 43 grant reviewers for the Teacher Incentive Fund 43 August 21, 2006 AFLAC (Greenville, SC) Financial Laptop Stolen Names, Addresses, SSN and DOB Yes External Yes Stolen from an agent's car 612 August 22, 2006 Beaverton School District (Beaverton, OR) Government Time-slips stolen Personal information No External Yes Presumed stolen because they were missing from an administrative shed 1,600 August 22, 2006 Beaumont Hospital (Troy, MI) Healthcare Laptop stolen from nurses car Names, addresses, SSN and insurance No External Yes Update:8/23/06 - laptop was returned by a woman who found the laptop in her yard 28,400 August 22, 2006 U.S.<br><br> Department of Ed., Direct Loan Servicing (Atlanta, GA) Government Exposed Information Names, DOB, SSNs, addresses, acount info, phone numbers No External Yes 21,000 August 23, 2006 Sovereign Bank (New Bedford, MA) Financial 3 Stolen Laptops Customer information Yes External Yes No account data "thousands of customers" August 25, 2006 Dominion Resources (Richmond, VA) Firm Two laptops stolen Not clear what information was on the computer No External No No customer records were on the computer Unknown August 25, 2006 U.S. Dept. of Transportation, Federal Motor Carrier Safety Administration (Baltimore, MD) Government Stolen Laptop Names, DOB, Commercial Drivers License number No External Yes The laptops may not contain any information 193 August 25, 2006 PortTix (Portland, ME) Firm Hacking Credit card info No External Yes 2,000 August 26, 2006 University of South Carolina (Columbia, SC) University Hacking Names, SSNs and DOB of former and current students No External Yes 6,000 August 26, 2006 New Mexico Administrative Office of the Courts (Santa Fe, NM) Government Exposed data Names, DOB, SSN, Addresses of employees No External Yes 1,500 August 27, 2006 Compass Health (Evertt, WA) Healthcare Stolen Laptop Personal Information No External Yes "A limited number of people" August 29, 2006 Valley Baptist Medical Center (Harlingen, TX) Healthcare Exposed data Names, DOB, SSN of employees No External Yes Unknown August 29, 2006 AT&T via vendor that operates an order processing computer (San Francisco, CA) Processor Hacking Credit card and personal information No External Yes Update: 9/1/06 - The breach was followed by a bogus phishing e-mail to those customers that attempted to trick them into revealing more info such as SSN and birth date - essential for crime of identity theft.<br><br> Fewer than 19,000 August 29, 2006 Labcorp (Monroe, NJ) Firm Stolen computer Names, SSN No External Yes No DOB or lab test results Unknown August 31, 2006 Diebold, Inc (Canton, OH) Firm Laptop stolen Employee information - name, SSN and corporate CC numbers No External Yes Unknown August 31, 2006 Wells Fargo via unnamed auditor (San Francisco, CA) Financial Laptop and Disk stolen Names, SSN, information about drug claim costs Yes External Yes Auditor hired to review employee health plans Unknown September 1, 2006 City of Chicago via contractor Nationwide Retirement Solutions, Inc., (Chicago, IL) Government Stolen laptop Names, addresses, phone numbers, DOB and SSN No External Yes Up to 38,443 city employees and retirees September 1, 2006 Virginia Commonwealth University (Richmond, VA) University Exposed Information SSN and email addresses No External Yes Personal information of freshmen and graduate engineering students 2,100 current and former students September 1, 2006 Lloyd's of London (Port St. Lucie, FL) Financial Stolen credit card numbers Credit card numbers Yes External Yes Unknown September 2, 2006 Transportation Security Administration (DC) Government Administrative error Former Employees' SSN, DOB, and salary info No External Yes Sent to the wrong addresses 1,195 September 5, 2006 Circuit City and Chase Card Services, a division of JP Morgan Chase (Wilmington, DE) Financial Mistakenly disgarded data tapes Personal Information No External Yes 2.6 million past and current Circuit City Credit cardholders September 7, 2006 Florida National Guard (Bradenton, FL) Government Stolen laptop SSN No External Yes 100 September 7, 2006 Linden Lab (San Francisco, CA) Firm Hacking Account Information No External Yes Unknown September 8, 2006 Berks Co. Sheriff's Office via contractor Canon Technology Solutions (Reading, PA) Government Exposed data Names, addresses and SSN No External Yes Count 's 25,000 un permit holders was exposed on the internet 25000 Update (10/6/06): The entire list of gun holders was greater than 25,000 September 8, 2006 University of Minnesota (Minneapolis, MN) University Two laptops stolen Names, DOB, Addresses, Phone numbers, academic info No External Yes 13,084 students including SSNs of 603 students September 8, 2006 Cleveland Clinic (Naples, FL) Healthcare Stolen personal info Names, SSN, DOB, Addresses No External Yes 1,100 September 9, 2006 Telesource via Vekstar (Indianapolis, IN) Firm Disgarded data Names, SSN, DOB, copy of Driver's liscenses No External Yes Employees discovered their personnel files in a dumpster, when office was bein shut down Unknown September 11, 2006 American Family Insurance (Madison, WI) Financial Laptop stolen Names, SSN, and driver's license numbers Yes External Yes Office of insurance agent broken into 2,089 September 13, 2006 Nikon Inc.<br><br> and Nikon World Magazine (Melville, NY) Firm Exposed data Names, addresses and Credit Card #s No External Yes Subscription information exposed on the Web for at least 9 hours 3,235 September 14, 2006 Illinois Dept. of Corrections (Springfield, IL) Government Exposed data Employee names, SSNs and Salaries No External Yes A document containing employees' personal information was found outside agency Unknown September 14, 2006 Whistle Junction Restaurant (Orlando, FL) Firm Expose data Names, SSN of former employees No External Yes Personnel files of employees of a now closed restaurant found in dumpster Unknown September 15, 2006 Mercy Medical Center (Merced, CA) Healthcare Lost flash drive Names, SSNs, DOB and medical records No External Yes Flash drive containing patient information was found on a local county fair ground 295 September 15, 2006 Michigan Dept. of Community Health (Detroit, MI) Healthcare Lost flash drive Names, addresses, phone numbers, DOB and SSN No External Yes 4,000 September 16, 2006 Beaumont Hospital (Royal Oak, MI) Healthcare Mistaken mailing Names, DOB, patient #, test results No External Yes Medical reports mailed to a retired dentist 3 September 16, 2006 Direct Loans part of the Dept.<br><br> of Education Government Exposed Information SSN No External Yes Exposed private information of student loan borrowers 21,000 September 17, 2006 Howard, Rice, Nemerovski, Canady, Falk & Rabkin law firm (San Francisco, CA) Firm Laptop stolen from auditor Names, SSNs, 401(k) and profit sharing info No External Yes 500 September 18, 2006 DePaul Medical Center Radiation Therapy Dept. (Norfolk, VA) Healthcare Two stolen computers Names, DOB, treatment info, SSNs No External Yes More than 100 patients September 18, 2006 Life is Good (Hudson, NH) Firm Hacking Customer's credit card #s No External Yes 9,250 September 19, 2006 City of Savannah, Georgia Government Hacking Names, address, Driver's License #, SSN, and Vehicle Reg # No External Yes 8,800 September 20, 2006 Berry College via consultant Financial Aid Service Inc, (Mount Berry, GA) University Misplaced information Names, SSNs, Famil income data No External Yes Misplaced information by the consultant 2,093 September 20, 2006 Dept. of Commerce and Census Bureau Government Stolen laptops 246 contained personal info.<br><br> No External Yes Agencies have lost 1,137 laptops since 2001 Unknown September 21, 2006 Pima Co. Health Dept. (Tucson, AZ) Healthcare Stolen from car Names, DOB, ZIP codes No External Yes Data recovered 2500 (not included in total) September 21, 2006 Several Indianapolis pharmacies (Indianapolis, IN) Healthcare Disposed customer records Unknown No External Yes WTHR reporter found that dozens of pharmacies disposed of customer information in unsecured sites Unknown September 22, 2006 Purdue University College of Science (West Lafayette, IN) University Exposed Data Names, SSNs, school, major and email addresses No External Yes File of Chemistry deparment illegitimately accessed 2,482 September 22, 2006 University of Colorado - Boulder, Leeds School of Business University Missing Computers Names, SSNs, grades No External Yes Two computers stolen from storage facitlity 1372 (Update 9/25/06: One computer recovered) September 22, 2006 An illegal dumping site (Northwest of Quinlan, TX) Healthcare Disposed customer records Patient Information No External Yes Investigators found boxes of private medical records containing names and personal information of patients of a doctor who practices in Greenville, TX.<br><br> His contractor dumped the documents while remodeling his house. Unknown September 23, 2006 Erlanger Health System (Chattanooga, TN) Healthcare Lost flash drive Names, SSNs No External Yes Records of hospital employees 4,150 September 23, 2006 General Electric (Fairfield, CT) Firm Stolen laptop Names, SSNs No External Yes Stolen from locked hotel room 50,000 September 25, 2006 North Carolina Dept. of Motor Vehicles (Louisville, NC) Government Stolen computer Names, addresses, driver's license #s, SSNs, and visa data No External Yes 16,000 September 28, 2006 Illinois Dept.<br><br> of Transportation (Springfield, IL) Government Exposed document Names, SSNs No External Yes Documents found by state auditor in recycling bins in a hallway 40 September 28, 2006 Stevens Hospital Emergency Room via Med Data (Edmonds, WA) Healthcare Stolen credit card numbers Credit cards #s No External Yes Manager of Med Data stole patients' credit card #s and gave them to her brother who purchased $30,000 worth of goods "about 30 patients" September 28, 2006 Kentucky Personnel Cabinet (Frankfort, KY) Government Exposed data SSNs No External Yes State employees received letters with SSNs visible throu h the envelope windows 146,000 September 29, 2006 University of Iowa Dept. of Psychology (Iowa City, IA) University Hacking SSNs No External Yes Department computer was ob ect of an automated attack designed to store pirated video files 14,500 September 29, 2006 Port of Seattle (Seattle, WA) Government Six data CDs missing Names, Addresses, SSNs and driver's licenses numbers No External Yes 6,939 October 2, 2006 Cumberland Country, PA Government Exposed Data Names, SSNs No External Yes Salary board minutes were posted on the web with SSNs of 1,200 employees 1,200 October 3, 2006 Williamette Educational Service District (Salem, OR) Government Stolen computers Students personal information No External Yes 4,500 (not included in total) October 3, 2006 Picatinny Arsenal (Rockaway Twp., NJ) Government Stolen computers Unknown No External Yes 28 computers are missing from the weapons research center. Unknown October 3, 2006 Orange County Controller (FL) Government Exposed data SSNs No External Yes Orange County Controller's website left person data exposed on website Unknown October 4, 2006 San Juan Capistrano Unified School District (CA) Government Stolen computers Names, SSNs, DOB No External Yes Unknown October 5, 2006 Cleveland Air Route Traffic Controll Center (Oberlin, OH) Government Stolen Hard Drives Names, SSNs No External Yes 400 October 6, 2006 Camp Pendleton Marine Corps base via Lincoln B.P.<br><br> Management (Oceanside, CA) Government Missing Laptop Personal Identification data No External Yes 2,400 October 6, 2006 Troy Athens High School (Troy, MI) Government Missing Hard Drive Transcripts, test scores, addresses, SSNs No External Yes 4,400 October 9, 2006 Florida Labor Department Government Exposed Data Names and SSN No External Yes Individual found data while Googling his own name 4,624 October 10, 2006 Republican National Committee (DC) Non-profit Exposed Data Names and SSN No External Yes Inadvertently email a list of donor's to a NY Sun reporter 76 October 11, 2006 U.S. Census Bureau (DC) Government Missing equipment Names, Addresses and DOB No External Yes Census data gathering equipment missing Unknown October 12, 2006 Congressional Budget Office (DC) Government Hacking and Phishing Personal data No External Yes Hackers broke into CBO office and obtained mailing list and sent a phishing email. Unknown October 12, 2006 University of Texas at Arlington University Stolen computers Names, SSN, grades, email addresses, and other info No External Yes Stolen from a faculty members home.<br><br> 2,500 October 12, 2006 Ohio Ethics Committee (Columbus, OH) Government Misplaced information State employee finances, SSN and financial statements No External Yes Papers found blowing in the wind, in an alley Unknown October 13, 2006 Orchard Family Practice (Englewood, CO) Healthcare Disgarded data Medical records and personal info No External Yes Bankrupt doctor was evicted from his office and all his documents were dumped in a parking lot Unknown October 13, 2006 T-Mobile USA Inc. (Bellvue, WA) Firm Laptop stolen Names, Addresses, SSN, DOB and Salary info No External Yes Laptop stolen from a T-Mobile's checked in luggage 43,000 October 14, 2006 Poulsbo Department of Licensing (Poulsbo, WA) Government Lost data storage device Names, addresses, Photographs, driver's license No External Yes 2,200 October 15, 2006 VISA/FIrstBank Financial Exposed database Visa checkcard numbers were exposed Yes External Yes Customers were sent new checkcards Unknown October 16, 2006 Germanton Elementar School (Germanton, NC) Government Stolen computer SSN No External Yes Student SSNs were encrypted Unknown October 16, 2006 Dr. Charles Kay of Orchard Family Practice (Englewood, CO) Healthcare Disgarded data Business information No External Yes Same case as the one reported on October 13th, Kay reported that the files were business and not patient oriented Unknown October 16, 2006 City of Visalia Recreation Division (Visalia, CA) Government Exposed Data Personal Info No External Yes Copies of city documents were found scattered on a city street.<br><br> 200 October 17, 2006 Allina Hospitals and Clinics (Minneapolis-St. Paul, MN) Healthcare Stolen Laptop Names, SSN No External Yes Stolen from a nurses car. 17,000 October 19, 2006 University of Minnesota/Spain University Stolen Laptop Personal Info No External Yes<br><br>

less