32,842

A laptop that contained personal information was lost or stolen during an airport layover.  The Social Security numbers of people who were employed by companies that used TCS for tax help were on the laptop. The laptop did have a password and after it was lost its access to TCS's network was blocked.

Unknown

A transient was ordered to spend time in a men's diversion program after pleading guilty to stealing credit cards and electronics. One of the laptops he stole was a University-owned laptop. The man served 12 months in jail before being sentenced and slept in his car and in the University library during the time of the thefts.

hundreds of documents (At least 100)

Documents from the Joilet office were involved

A tipster led to the discovery of hundreds of personal and financial documents in a trash bin outside the attorney's office. The documents included Social Security numbers, names, addresses, driver's license numbers, and signed debit card authorizations from clients.

Over 30 customers

Linda Rowland pleaded guilty to wire fraud and identity theft. She used customer names and information to falsify loan agreements for over 10 years.

At least 135 accounts

A dishonest employee used a skimmer between September 14, 2009 and July 21, 2010 to commit identity theft and make fraudulent charges to customer credit accounts.

Unknown

A former employee was convicted of installing spyware on three company computers. The employee intended to capture the passwords of users who had access to a customer database and a billing system.

Unknown

Etters, PA is also mentioned as Rite Aid's headquarters

Rite Aid paid one million dollars to settle HIPAA privacy violations. Rite Aid also agreed to update corporate policies and procedures so that patient medical information would be properly disposed, employees would be properly trained in disposal of patient information, and employees would be held accountable if they did not dispose of patient information properly.

75

Attorney Naworski left legal files in a public dumpster. Naworski thought it was appropriate to dispose of the files in this way since the accounts were old and closed. The documents contained names, addresses, bank account information, Social Security numbers, driver's license numbers, and dates of birth.

Unknown

A flash drive with the personal information of graduate medical residents and fellows was reported missing on July 23rd.  The personal information included Social Security numbers, addresses, and phone numbers.

117,600 users with app (No incidents reported)

Citigroup's mobile banking application for Apple's iphone has a security flaw that saves user account numbers, bill payments and security access codes into a hidden file on the iphone and the user's computer.  An upgrade that will fix the problem is available.

Two employees reported

Improperly reusing office paper led to the mailing out of names and Social Security numbers of two post office employees. Two women reported receiving the personal information, which was probably from a timecard, on the back of a post office receipt.

Unknown

A police officer with the Natchez department fraudulently used and encouraged others to use stolen credit and debit cards.

27,000 (2,048 SSNs reported)

Student records dating from 2000 to June 21, 2010 were compromised on a University file server on four separate occasions within the last two years.  The server contained student health center prescription records.

Approximately 21,000

A password-protected laptop was stolen from the office of an employee on June 14th.  The computer should not have contained protected health information, but did.  It also contained patient name, birth date, gender, ethnicity, diagnosis, Social Security number, insurance information, and hospital account number.

Possibly hundreds

A former employee used the Social Security numbers of his colleagues to obtain vouchers for Amazon.com purchases. He secretly used the Social Security numbers to create hundreds of accounts and complete 382 online surveys in exchange for $100 online vouchers.

60 customers

Names, addresses, phone numbers, and credit card information from customers of The Loft and Comedy Club were discovered through a Google search. Customer data from 2004 to 2008 was posted. The Loft fixed the problem and is working on having the site removed.

105,470 (0 SSNs and financial information reported)

A hard drive containing personal information for clients enrolled in state-provided health insurance was stolen from the Colorado Office of Information Technology. The information included names, state ID number and the name of the client's program. The Agency is certain that contact information, financial information and Social Security numbers were not involved.

At least 4

A former employee is accused of using bank member information to run credit checks on victims and apply for credit in their names. The former employee was fired and arrested on identity theft charges.

3,404

A laptop containing personal information from Iowa residents was stolen from a locked state vehicle. The computer was encryption protected and contained names, addresses, phone numbers and Social Security numbers. Iowa residents who participate in the Iowa Horse and Dog Breeding Program were notified.

26,840

A vendor printed a user name and password for agents and authorized brokers in a brochure.  The brochure was also posted on an agent's public website.  The login information enable access to a website containing medical records and other personal information form individuals seeking life insurance.  Applicant name, Social Security number, address, policy number, driver's license number and credit information is also on the website. 

800 (0 reports of SSNs or financial information)

A computer device containing doctor reports was reported missing from a secured area at LICC on May 24th. Names, dates of birth, diagnostic information and treatment information of some patients may have been included on the device.

800,000 (unknown number of SSNs and financial information)

Computer files containing personal, health and financial information of volunteers, patients, vendors, business partners and employees from January 1996 through January 2010 may have been lost by a professional data management company. Depending on the person's association with the hospital, the information exposed could be full name, address, phone number, date of birth, Social Security number, driver's license number, medical record number, patient number, bank account information, credit card number, diagnoses and treatment.

3,000 clients

An employee posted Social Security numbers and other personal information of around 3,000 clients on an outside website. The organization provides food stamps and other benefits and aid to clients. The employee was placed on administrative leave.

Unknown

Dozens of boxes of files from medical offices that hired LV to collect unpaid bills were found in an Orlando public dumpster. The files contained names, addresses, Social Security numbers, driver's license copies and credit reports. The collection agency went out of business in 2005 and the location of the files prior to this incident is unknown.

1,097 (no SSNs or financial information reported)

Deere and Company is headquartered in Moline, Illinois

United Healthcare notified members of a Deere and Company employee benefits plan of a mistake that led to claims summary statements being sent to the wrong addresses. Dates of services, categories of service, cost of service, and physician names were included.

93,000

Someone gained unauthorized access to a BVU database. The database contained records of names, Social Security numbers, and driver's license numbers of BVU applicants, current and former students, parents, current and former faculty and staff, alumni and donors. These records go back as far as 1987.

5,000

A highly encrypted laptop was stolen from the office of the Connecticut Department of Labor. The laptop contained confidential information about unemployment insurance claims, wage discrepancy complaints and some Bridgeport area employers.

Hundreds of records

An anonymous tipster called the Sheriff's Department and reported unattended boxes of personal records outside the dental office. The boxes contained patient records from the early 1990's to the present. These records had personal information such as Social Security numbers, names, birth dates, credit card numbers, and addresses. The Sheriff's Department destroyed the records and warned patients of dentists Lee, Sang H. Yoon and Patricia Patterson.

669

On June 18th or 19th, a government-issued Blackberry was stolen from an employee's car. The Blackberry had personal information on patients enrolled in the program. The County notified residents that their Social Security numbers, names, addresses, dates of birth, phone numbers, and Medicaid numbers may have been accessed.

1,300 (Unknown number of SSNs)

A leak that allowed anti-immigration activists to post and circulate the names, Social Security numbers, medical information, addresses, workplaces, and phone numbers of alleged illegal immigrants in Utah has been linked to Utah's Department of Workforce Services. A large number of employees had access to this information.

Unknown (over one hundred from New Hampshire)

The May 17th theft of a computer resulted in the exposure of customer names, addresses, phone numbers, Social Security numbers and driver's license numbers. Affected customers were notified on June 30th.

Unknown

An email containing current and former employees' and plan participants' personal information was sent to the wrong recipient on June 15th. The information in the email included names, dates of birth, and Social Security numbers.

Unknown

An electronic folder containing personal information on current and former expatriates and others who received assistance from Alcoa's Global Mobility Group was shared as a public folder within its network.  The personal information included names, dates of birth, family members' names and dates of birth, salary compensation, Social Security numbers, and some people's medical information.

3,830

Residents of Arizona, Colorado, Montana, California, New Mexico, Oklahoma, Idaho, Washington, Wyoming and Utah affected

A laptop containing Social Security numbers, medical record numbers, dates of service, health insurance numbers and names was stolen in May. The laptop was password-protected.

34,000 current and former employees (unknown number of SSNs)

A University computer containing personal information of current and former employees was found to be infected by a virus. Employee records from 1999 to 2005 contained Social Security numbers.

Approximately 1,300 (no SSNs or financial information reported)

An impostor posing as a representative of the organization's recycling service removed several barrels of purged x-ray films and film jackets. The health information included patient names, dates of birth, gender, clinic medical numbers, internal accession numbers, site locations, physician or provider names, and internal provider numbers.

2,000 (number and type of financial account numbers and SSNs unknown)

A backup data tape and compact disc containing protected health information were never received. Individuals demographic, financial and clinical information were on the CD.

Approximately 15,000 (0 SSNs and financial information reported)

An error in the quarterly address update process resulted in the mailing of protected health information to incorrect addresses. The information in the letters included demographic information, explanation of benefits, clinical information, and diagnoses. The returned mail was collected and the organization verified whether or not it had been delivered.

Over 500 (0 SSNs and financial information involved)

A month's worth of client invoices went missing. It does not appear that they were mailed. The invoices contained health information such as names, dates of birth, and medical testing information.

8,000 (Not included because no specific type of financial information stated)

An employee dishonestly took documents containing names and financial information. The employee was fired.

600

A nurse used patient names and account numbers to illegally obtain narcotics. The nurse was fired.

Approximately 900

After a doctor left office cleaning to his sons, they mistakenly threw out hundreds of medical records. The medical records were left in a public recycling bin and included medical histories, pictures of patients and Social Security numbers.

Unknown

An encrypted flash drive containing 2007-2008 member annual statement data has been lost or stolen. It is unlikely that outside parties could read the pension and employment credit.

200

Within a two week period personal information of 200 people using the Department's services was accidentally posted online. The Social Security numbers, names, addresses, medical records, and treatment information were only available for viewing through the state computer network.

Unknown

A laptop containing payroll information for the village's employees was stolen from the car of the village's payroll provider in Milwaukee. Police have not recovered the laptop. The provider reported the theft and sent letters to employees to inform them their personal information was not secure. The provider recommended that employees contact a credit bureau that would place a 90-day alert on their information to prevent identity theft. 

Unknown

Someone hacked the list of attendees for the recent Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group who have dealings with the company. A vendor told Cisco that someone had made "an unexpected attempt to access attendee information through ciscolive2010.com," the event Web site. That lead to the general notification that Cisco sent to attendees and others who had been invited but did not attend. According to Cisco, details about less than 20% of those on the list were compromised. The breach was closed quickly, "but not before some conference listings were accessed." The compromised information consisted of Cisco Live badge numbers, names, titles, company addresses and e-mail addresses. "No other information was available or accessed," according to the warning Cisco Live's event team sent via e-mail.

17,000 hotel guests

Identity thieves obtained stacks of credit card receipts from one of the hotel's storage rooms in 2006.  Hundreds of thousands of dollars in fraudulent charges were then made in three different states.  Investigators first became aware of a large identity theft issue in the area during the beginning of 2009.

Unknown

A laptop was stolen from a payroll services provider of the county. It is unknown what types of Big Bend employee payroll information were contained on the laptop.

53,000

53,000 people may have had their personal information exposed after a breach to the University of Hawaii computer system was discovered. The university released statement  that more than 40,000 Social Security numbers and 200 credit card numbers were part of the exposed information that was housed on a computer server used by the Manoa campus parking office.

139,000

The Massachusetts Secretary of State's office accidentally released confidential personal information earlier this year on 139,000 investment advisers registered with the state. The data, including the advisers' Social Security numbers, were on a CD-ROM sent to IA Week, an investment industry publication that had requested public information from the Securities Division. Secretary of State IA Week had asked for a list of registered investment companies. The Securities Division responded by sending a list of individual investment professionals. In addition to their names and Social Security numbers, this list included their dates and locations of birth, height, weight, hair color, and eye color.

139,000 investment advisers

In an attempt to release public information from the Securities Division, the Massachusetts Secretary of State's office released the Social Security and driver's license information of 139,000 investment advisers registered with the state. The information was sent on a CD-ROM sent to IA Week, an investment industry publication.

2,047

Social Security numbers or Medicaid identification numbers were shared with a telephone survey company and included on address labels sent out to request research participation.  The letters were sent through the U.S. Postal Service on May 24th and the issue was discovered on June 6th. 

76,000

In a statement datelined out of Nashville, DentaQuest reported the laptop theft occurred March 20 in Chicago and was informed of the incident April. DentaQuest reported the laptop contained a database which held the personal information of approximately 76,000 clients. The contractor advised most of the data is not considered sensitive, but the device did contain the first names, last names and Social Security Numbers of about 21,000 individuals. Some 10,500 are Tennessee residents.

79,000

American Airlines parent company said Friday the personal information of about 79,000 retirees, former and current employees has been compromised after a hard drive was stolen from its Fort Worth headquarters. No customer data was affected. The data was held by the company's pension department.  The drive contained images of microfilm files, which included names, addresses, dates of birth, Social Security numbers and a "limited amount" of bank account information. Some health insurance information may have also been included -- mostly enrollment forms, but also details about coverage, treatment, and other administrative information. The data spans a period from 1960 to 1995. AMR also believes some of the employee files also contained information on beneficiaries, dependents and other employees from 1960 to 1995.

Unknown

Computer hackers have infiltrated the credit card processing system.

79,000

Retirees, current, and former employees who participated in AMR's pension plan may have had their names, Social Security numbers, addresses, dates of birth, and other personal information stolen by the theft of a hard drive containing microfilm files. Employees and beneficiaries of employees who were enrolled between 1960 and 1995 are at risk.

1,537 clients

According to Cornerstone: "During the weekend of April 30th, 2010, flood waters broke windows of our administrative office for School-Based Services... As a result of the unprecedented flooding that occurred, some clinical record information, along with name, Centerstone ID#, Social Security number, and date of birth, may have been removed from the building by flood waters."

2,563 (no SSNs or financial information reported)

An unencrypted portable USB was lost or stolen sometime around May 12th. It contained patient names, medical record numbers, sex, age, procedure, attending physician, time of arrival in recovery room and time of discharge from recovery room.

130,495 patient

Multiple CDs containing patient personal information were lost in transit by FedEx. Information included dates of birth, driver's license numbers, descriptions of medical procedures, addresses, and Social Security numbers. Siemens Medical Solutions USA, the Hospital's billing contractor, shipped the CDs around March 16th. They were never received.

Unknown

The university's Information Technology department noticed unusual Internet activity on a laptop computer associated with its network. It determined the computer belonged to an employee and was infected with a virus known as Zeus or Z-Bod. The employee's laptop had access to computer files that contain student names and Social Security numbers.

4,585

Hackers compromised the personal information of 4,585 students who received services from the school's counseling center. The center provides students with support and mental health services. The information on the servers included names, Social Security numbers and clinical information on every student who sought counseling services from the center between August 8, 2002 and June 21 of this year.

700 customers

Hackers have broken into the payment processing system of Destination Hotels & Resorts, a high-end chain best known for its resort hotels in destinations such as Vail, Colorado; Lake Tahoe, California; and Maui, Hawaii. Destination has uncovered a malicious software program inserted into its credit card processing system from a remote source. Destination Hotels is in the process of notifying victims but will not say how many people have had their credit card numbers stolen. The attackers appear to have hit only point-of-sale processing systems, where credit cards are swiped for purchases. Personal information such as guests' home addresses was not compromised.

UPDATE (7/2/2010): Around 700 customers were affected nationwide by the hack; including dozens of customers of the Driskill Hotel of Austin, Texas.

36 students

Information such as names and Social Security numbers was exposed to the public through a web server. The students affected were on the class roster for a computer science and engineering course. The files were discovered and removed on June 10th.

At least 200

Several vendor Social Security numbers and tax identification numbers were accidentally sent out via email to a local activist requesting information on Sparta Board of Education vendors. 

UPDATE (7/8/10): The activist mentioned is Jesse Wolosky and he has not returned the information because "they could get lost in cyberspace or go to the wrong inbox."  Wolosky also claims that state agencies are looking into the matter.  The number of Social Security numbers is still unknown since Wolosky claims 600-800 and the district claims 200-300.

2,416; 103 Social Security numbers

Hackers accessed PSAT information from the school and posted the names, home addresses, citizenship status, and Social Security numbers of students. The information was discovered on the school's website.

Unknown

Personal documents from Merrimack Mortgage were found in an unsecured public dumpster. The documents were not shredded and contained Social Security numbers, credit scores, bank information, and other personal information.

Around 400 (0 SSNs reported)

An ACLU lawsuit claims that police acted inappropriately during a raid of A Woman's Place clinic. The lawsuit claims that police not only confiscated medical records, but read them and revealed sensitive medical information about patients to outside parties.

Unknown (the students of a few teachers)

Two students were arrested for hacking into their school's computer system. Their goal appears to be changing their own grades; but they had access to the grades and personal information of other students.

Unknown

The Hospital is checking its database for accuracy after discovering that patient files have been faxed to the wrong location at least twice. Patient records were faxed to an auto shop in 2009, and the wrong doctor on a separate occasion.

3,178

Mercer, the firm's consulting group, provided a subcontractor with a file containing Pension Plan participant addresses and Social Security numbers. The Social Security numbers were exposed on the mailing label.

3,000,000 airmen and airwomen

An investigation into the Federal Aviation Administration found that the medical and personal information of airmen and airwomen is at risk.  Names, addresses, Social Security numbers, mental and physical health certification information and other personal information is vulnerable to unauthorized access from former staff and could be accessed through the installation of malicious codes.  The computer system was hacked in 2009.

13,000 patient records

Two backup tapes containing personal information have gone missing. The hospital does not suspect theft and does believe that there is a very low probability that the personal information on the tapes can be misused. However, credit monitoring services are being offered to those who were affected. The hospital gave up looking for the tapes on May 7th and began notifying patients in late June. 

Per phone interview with University Hospital, Social Security number were involved but they are unaware of any financial data involved in this breach.

470,000

More than 200,000 Anthem Blue Cross customers this week received letters informing them that their personal information might have been accessed during a security breach of the company's website. Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their application. Social Security and credit card numbers were potentially viewed.  Anthem Blue Cross merged with WellPoint in 2004.

UPDATE (6/29/10): Around 470,000 customers in 10 states were notified of the breach.  The original story states that only applicants were affected, but existing customers also received notification of a possible breach of their information.

UPDATE (7/12/10): 20,000 Louisville, Kentucky residents received notification that a security mistake online resulted in the exposure of their Social Security numbers and financial information.  It is unclear whether these residents are included in the original 470,000 customers.  Only customers who were self insured were affected. WellPoint is claiming that this and other recent breaches were committed by an attorney or attorneys attempting to gain information for a lawsuit against WellPoint.

19,495

Florida International University is in the process of sending notification letters to 19 407 students and 88 faculty members after the university’s IT Security Office discovered personal data may have been exposed over the internet via a database’s external search function. An announcement posted on the FIU website lists the personal data as GPAs, test scores, and Social Security numbers that were stored on the College of Education’s E-Folio software app. This database kept track of student data related to state mastery standards, grade tracking, assignments, and Social Security numbers for both students and faculty.

Over 3,500

A laptop belonging to an Oregon National Guard member was stolen and the military is contacting service members who might be affected by the theft. According to the Oregon National Guard, the laptop was stolen from a vehicle. The Guard member had been using the laptop to conduct work from home. Although this laptop is password protected, there is still potential for exposure of individual personal information.

UPDATE (7/1/10): The 3,500 National Guard members who were affected have been notified.

Unknown

Customers who placed orders through Sony Style Telesales Department between May 23rd and June 3rd 2010 may have had their credit card information illegitimately copied and sent to parties outside of the TeleTech network. TeleTech is a third party service provider of Sony.

Unknown

A former employee kept patient photographs, videos, memos, schedules, and forms. Some of the documents included patient Social Security numbers and other personal information. The employee is also being accused of voyeurism and possession of child pornography; though this is unrelated to these findings.

8,400

Saint Francis Federal Credit Union has notified 8,400 customers that a backup tape containing customer information was lost.  SFFCU believes the tape was accidentally destroyed and that no member information has been misused as a result of the loss.

7,526 patients

Some patient information from the University Health System may have been accessed after the theft of computer equipment at the Reno office on June 11th. Patient names, Social Security numbers, patient account numbers, medical information, birth dates and addresses may have been viewed.

8,000 (0 SSNs reported)

Operations in Clinton, Freeland, and Oak Harbor

A thief or thieves entered the physical therapy office on June 12th.  Cash, other items, and a laptop containing encrypted patient information such as names and account numbers were stolen.  It appears that a door was left unlocked.

Unknown

The owner used patient medical information to fraudulently obtain over $70,000 from Medicare and Medicaid.  The owner is also charged with buying patient information.

Over 11,388 students - calculated from the Virginia Beach City County Public Schools page of publicschoolreview.com

Schools that may have been accessed: Advanced Technology Center, Corporate Landing Middle School, Creeds Elementary School, Fairfield Elementary School, Indian Lakes Elementary School, Kellam High School, Kingston Elementary School, Landstown Middle School, Linkhorn Park Elementary School, Lynnhaven Middle School, New Castle Elementary School, Ocean Lakes Elementary School, Ocean Lakes High School, Red Mill Elementary School, Renaissance Academy, Rosemont Elementary School, Salem Elementary School, Technical & Career Education Center, Thalia Elementary School, Three Oaks Elementary School, Windsor Oaks Elementary School

Because of an incorrect security setting, an Ocean Lakes High School student was able to access a temporary file on a server that contained the names, addresses and Social Security numbers of students at 22 schools. The breach was discovered when the student tried to print some of the information in the school library. In addition to names, addresses and Social Security numbers, the student files also contain parent names, phone numbers, class schedules, birth dates and student ID numbers.

At least 4

Laptops were stolen on June 13th. One of the laptops was password protected and contained sensitive employee information such as Social Security numbers, addresses, and names.

Unknown

AT&T customers who were using their own usernames and passwords to log into their accounts reported being sent to the accounts of other AT&T customers.  The account information did not include Social Security numbers or credit card informaiton.

0

Although it has a newer and better protected website for paying property taxes, the Franklin County Treasurer's Office continues to allow taxpayers to use an older URL which was recently discovered to be vulnerable to hackers.  This may expose taxpayer credit card and checking account numbers. 

10,600

The Agency learned in 2008 that confidential records were being left in public dumpsters without being shredded.  Documents from Medicaid, Food Stamps, Ohio Works First, and child care programs included information such as Social Security number, name, address, phone number and pay stub.  The agency failed to notify those who were affected.

12

A Chase bank teller sold twelve customer account profiles to outside parties between 2008 and 2009. These customer accounts were then fraudulently charged over $60,000. The former employee and the outside parties were all caught.

Unknown

Personal information from Municipal Hall was found in a public dumpster. The information was not shredded and included police reports, Social Security numbers, home addresses, telephone numbers, names, and tax records. The improper disposal of information continued after the first dumpster discovery.

11

An employee used a skimming device to obtain customer credit card information. He made fraudulent purchases totaling nearly $11,000 and was charged with grand larceny, possession of a forged device, and identity theft.

8,700 employees

A group of people obtained a list of Durham employees which included Social Security numbers, birth dates, and employment information.  They then used their personal information to commit credit card fraud and identity theft.  Police report that more than 200 employees were victims.

Unknown

The city of Springfield put documents online that contained sensitive information such as Social Security numbers, driver’s license numbers, home and work telephone numbers, bank account numbers and the name of someone who called the state anonymously to report suspected child abuse. The documents were posted on the city’s website in response to Freedom of Information Act requests as part of an initiative to make public information available to anyone with a computer. But personal information such as home phone numbers, Social Security numbers and driver’s license numbers are exempt from disclosure under state law.

Unknown

A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking. The breach exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised. It doesn't stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed.

76,000 9,600 from New Mexico; over 10,000 from Tennessee

This theft affects people in Tennessee and New Mexico.

An employee from a subcontractor company called West Monroe Partners was robbed of a laptop containing information for a Medicaid billing company named DentaQuest. DentaQuest was responsible for dental benefits of the New Mexico Human Services Department and TennCare. Around 21,000 people had their full names and Social Security numbers on the stolen laptop. Approximately 55,000 others had some form of personal information on the laptop.

Unknown

Patient files were found outside the office of Dr. David Brown. Dr. Brown admitted to failing to shred the old papers and claimed that he ran out of space for the files.

Uknown

An employee in one of Bank of America's customer call centers has admitted he stole sensitive account information and tried to sell it for cash. The man met with two individuals whom he later learned were undercover FBI agents and offered to sell them names, dates of birth, telephonic passwords, and other details for Bank of America customers, according to court records. He was looking for accomplices who knew how to milk the accounts by establishing phony credit cards in the customers' names or through other means.

Unknown

Employees shared patient information on Facebook. Differing reports leave it unclear if these employees were nurses, and whether or not they were fired.

155

A dishonest employee used welfare beneficiary information to file for two million dollars worth of tax refunds. The employee was caught and charged with 11 counts of identity theft and 11 counts of making false claims to the United States.

117

Sam's Club and Wal-Mart stores in Connecticut, New Jersey, Massachusetts, Rhode Island, New Hampshire, New York, Pennsylvania, Maryland, Delaware, and Puerto Rico

During a credit card fraud scheme, a man obtained and misused customer information.  His scheme involved using customer information to impersonate customers and open new lines of store credit in their names.  Total loses amounted to $781,571.80.

Unknown

The New York City’s Special Commissioner Office revealed a hacker stole more than $640,000 from the Department of Education’s petty cash account at JP Morgan Chase and distributed the codes to others to use to pay for student loans, gas bills and other purchases. The hacker allowed individuals to pay personal bills through EFTs and, in turn, he was given cash. The scam was discovered when an unidentified woman informed Chase someone was trying to pay bills using the account.

At least 2,000

Thousands of patient records, surgery information, Social Security numbers and bank information were found dumped behind Nashville Center Point Church of the Nazarene. The documents came from the now defunct and bankrupt Nursing Visioned Medical Services group. Maryland-based Impulse Monitoring, Inc. bought the assets to NVMS last year when they filed bankruptcy. They said they are not responsible for the patient information because the services NVMS provided were one-time services. The old owners had shredded a bunch of old documents and the more recent ones had been passed on to the company (Impulse) that bought NVMS back in January. It is unclear where the documents came from.

600 patient files (0 reports of SSNs or financial information)

Confidential medical files were found in a dumpster near the medical office of the two doctors. The doctors were in the process of moving to a new location.

Unknown

A limited search of NHTSA's public complaint database uncovered Social Security numbers, names, birth dates, addresses, VINs, and drivers' license numbers. Public access to the database of 792,000 complaint cases was temporarily ended.

500

The encrypted Internet connection of a restaurant was breached by hackers outside of the organization. Customer credit and debit card information was lost and fraudulently used.

200,000

A massive data theft from the e-commerce company Digital River Inc. has led investigators to hackers in India and a 19-year-old in New York who allegedly tried to sell the information to a Colorado marketing firm for half a million dollars. The Eden Prairie company obtained a secret court order last month to block Eric Porat of Brooklyn from selling, destroying, altering or distributing purloined data on nearly 200,000 individuals. Digital River suspects that the information was stolen by hackers in New Delhi, India, possibly with help from a contractor working for Digital River.

15,806, 25,000 more later discovered

The Pennsylvania State University sent data breach notification letters to 15 806 individuals who at one time had their personal information, including Social Security numbers, stored in a university database. Penn State issued a press release statement on Wednesday informing the university community that a computer in its Outreach Market Research and Data office was found to be actively communicating with a botnet CNC. According to the statement, the database used by the office had previously contained Social Security numbers on individuals. The university, which discontinued use of SSNs for identification purposes in 2005, nevertheless found that an archived copy of the information went undetected in the computer’s cache.

UPDATE (6/8/2010): An additional 25,000 individuals may have been affected.

Unknown

Burglars stole client records, a suitcase and two bags of cookies from a medicinal marijuana referral office. Burglars also stole a computer hard drive that contained a client database, including Social Security numbers, ID numbers and other sensitive information. The burglars apparently cut power to the building — so the alarm didn't go off — and shattered a window to get into the office.

Unknown

Sensitive medical information was dumped outside of a DMV office. The medical information came from a eating disorder clinic that had recently closed. Patient information such as medical treatment and Social Security number was exposed. It is unknown how the information ended up in the dumpster.

Unknown

http://www.rainbowhospice.org/protection/

According to their website: "On April 12, 2010, one of our laptop computers, which contained personal information, was stolen during a patient visit.  The laptop had security measures in place, but there is a very small chance that protected information such as name, address, date of birth, Social Security number, insurance information, medications, treatment, and diagnoses may have been inappropriately accessed."

2000

Personal information of more than 2,000 Roanoke City Public Schools employees may be at risk. School officials said the hard drives of eight computers were not removed before the units were sold as surplus. "We believe that we have recovered all of the hard drives," said Superintendent Rita Bishop. The drives contained the names, school locations and Social Security numbers of the division's employees as of November 2006. The division will be setting up a hotline for employees to call with questions and concerns. Free credit monitoring service will be offered to affected employees.

709

A University of Louisville database of 708 names that included Social Security numbers and dialysis details was available on the Internet without password protection for nearly a year and a half. The Web site was disabled on May 17 when the university discovered the flaw. University officials said in a statement that accessing the database would not have been easy, and no direct links to the database were discovered. The information was available so long because the U of L doctor who set up the Web site thought the information was protected by a password and other precautions. U of L was finally notified when someone outside the university sent an e-mail about open access to the information. The Web site was shut down an hour later.

Over 30

Outdated and improperly managed software caused customer debit and credit cards to be exposed to fraudulent charges.  Between 20 and 30 customers of one bank had fraudulent charges from overseas added to their statements.  It is not known how many other customers were affected.

Around 5,000 from New Jersey and Pennsylvania (no specific numbers of SSNs or financial documents reported)

A cabinet full of documents with sensitive information was found sitting on the side of the road. A woman made the discovery about a month ago and gave the documents to investigators with Aetna Insurance Co. The woman said she saw a bureau on the side of the road in front of Admiral Storage in South Windsor with a sign that said "free." She brought it home and discovered the documents. There were eight bags of nothing but Social Security numbers, names, and death benefits. Information also included patient records and medications. Aetna responded by saying, "Aetna is committed to protecting the privacy of our members and we take this situation seriously. We have policies for properly safeguarding our members’ information, and we are investigating how this incident occurred, but it appears to be human error. The woman contacted us via e-mail on the evening of May 5, and we immediately responded the next morning. She has consistently declined to give us her name or phone number, or to make arrangements to allow us to retrieve the documents at a place convenient for her, or to return them to us. As of today, we now have the files, and will go through each of them to determine the contents and whether any member information has been breached. If it has been, we will notify those members and take steps to mitigate any potential harm." The woman attempted to arrange the hand-off, however, a short time after she got off the phone with the company, three men from Aetna showed up at her workplace, unannounced, and asked for the documents immediately. The woman said, "But when they sent the three guys to my work yesterday, it was an intimidation tactic and I didn't appreciate it. So that told me what I was going to do. That they were going to try and hide it." Aetna said someone from the company made a "serious human error," and it will now go through the files to make sure no sensitive information was lost. What's more troubling, the woman said, is that the bureau wasn't the only piece of furniture offered for free that day. "Out of the pieces that were up for grabs, whose to say that I've got the only piece that was full of Aetna papers." The woman has also contacted the state to investigate the situation. Aetna has clients across the country.

61,000 (0 SSNs and financial information reported)

A laptop containing the names, medical record numbers, and medical services provided of patients was stolen from an employee's car while it was parked at his or her home. As a precaution, no additional laptops will be allowed outside the hospital unless they are encrypted.

7,500 (0 SSNs reported)

A disc containing employee information was lost or stolen.  The Interior Department reported that it was encrypted and password-protected personally identifiable federal employee information.

Unknown

On May 4th a laptop containing employee information was stolen from an employee of GXS who was helping with their merger. A letter notified an unknown number of Inovis employees that their addresses, Social Security numbers, names and salary information were on the laptop.

1000 (0 SSNs reported)

http://www.childrenshospitaloakland.org/EnhancedPatientPrivacyProtection...

Approximately 1,000 patients were mailed information about themselves and other patients. According to the Hospital's website "equipment designed to generate, fold and stuff documents for mailing was programmed to fold and stuff two pages rather than one. This programming error caused guarantor billing statements prepared on May 25 and May 26 to be collated and mailed incorrectly."

500

(877) 558-6208

A thief has stolen personal information regarding more than 500 surgical patients of Loma Linda University Medical Center, according to hospital officials. A desktop computer containing the information disappeared April 5 from the department of surgery's administrative office on Campus Street. The missing information includes each patient's name, medical record number, diagnosis, surgery date, and the type of procedure.

Unknown

A woman got quite a surprise when she looked in her recycle bin. Someone had dumped hundreds of files of people's personal information. The manila folders that were found contained personal information of AT&T cell phone customers, including credit card numbers, driver's licenses and Social Security numbers. It appears the information was collected by another company called Ferrell Communication, which was located in a strip mall. It's no longer there, and the phone number listed isn't valid. The information is contracts for AT&T wireless service customers dating back to 1999 or 2000. The information is old, but could still be valid.

5,220

(888) 435-6031

The city of Charlotte says the personal information of 5,220 current and former city employees and elected officials has been lost. The loss affects individuals who received health insurance from the city in early 2002. Two DVDs containing the Social Security numbers of the affected individuals failed to arrive at the offices of Towers Watson & Co., the city’s benefits consulting firm, in Atlanta. The discs also contained prescription-drug information for five individuals.

Unknown

Hackers may have gained access to credit and debit card information by exploiting Aloha software weaknesses. After a purchase at Local Coffee, a customer's debit card was canceled. This prompted Local Coffee to temporarily stop using Aloha.  Another San Antonio eating establishment, Aldaco, also encountered hacking problems while using Aloha software.

1,286 (0 SSNs reported)

In 2002, 2008, and 2010 records of correspondence between agents and clients were misplaced. Technical errors caused the names, addresses, policies or contract numbers, account values, trade and transaction activities, and dates of birth of the clients to be accessible.

1,023

A former stock broker left the firm with the personal information of 1,023 clients. Names, addresses, Social Security numbers and brokerage account numbers were taken.

At least 5

A former Wells Fargo employee inappropriately held the personal information of clients. Law enforcement found documents containing names, dates of birth, Social Security numbers and mortgage loan account numbers when acting on a search warrant for the home of a former Wells Fargo team member.

Unknown

Three servers from the Cheesecake Factory at 5345 Wisconsin Avenue were charged with using skimming devices to make over $117,000 in fraudulent charges to customer credit card accounts.

Over 1,200 (0 SSNs reported)

A USB drive containing student names, identification numbers, phone numbers, and medical information was stolen from the unlocked car of a school administrator at the employee's home.

Unknown, at least two cases of SSN

Sales documents dating back 20 years were found in a dumpster. The personal financial information of customers included Social Security numbers and information on purchases. Staff Jennings went out of business in April of 2010.

Unknown

Aldaco's Mexican Cuisine at Stone Oak had a data security breach.  Customers were notified of fraudulent charges; some were from places outside of the U.S. Aldaco urged customers who had used their credit cards at the restaurant to cancel them.

"Thousands" of alumni records, at least 2,000

Campus computers with former student files were exposed to a virus.  Alumni may have had their Social Security numbers and other information exposed.

500

On March 3rd, at least one computer and one laptop containing personal information were stolen. Information such as names and Social Security numbers may have been compromised.

Around 1250 (0 SSNs and credit cards involved)

Around half of all patient medical bills were sent to the wrong address. The billing statements included patient names, name and address of the person responsible for paying the bill, description of services received and the dates of services, dollar amount owed, health insurance plan and subscriber number.

Unknown, "thousands of pages of sensitive information"

Personal documents including applicant names, Social Security numbers, and dates of birth were found in a dumpster. Customer checks with banking information and credit card receipts were also found.

Unknown

A fraud ring may have accessed customer information. The information included names, addresses, Social Security numbers, and other personal information. It is not known how the information was obtained or how many customers were affected. The information may have been accessed sometime between December of 2009 and February of 2010.

At least 210

Staff and prospective student names, Social Security numbers, driver's license numbers, and addresses were accessible to the public through a Google or Yahoo! search.  The cause was a  mistake in setting up software.

40,000

A computer and a plasma TV were stolen from the office on Friday April 2nd, 2010. The computer server contained patient names, addresses, phone numbers, email addresses, birth dates, family member names, medical insurance information, medical records, and in some cases, Social Security numbers.  The data were password protected.

Unknown

An extremely small percentage” of member files were “not properly moved” when the CU relocated from an old location. The data that could have been compromised included members names, addresses, phone numbers, account numbers, Social Security numbers and other identifiers. The CU sought to reassure members that it did not believe any of their information had been compromised and that the CU had “state of the art protocols” available to validate member identifies. The CU also arranged for CU members who chose to do so to be able to enroll in a credit monitoring service for the next two years at no cost to them.

2,000

Customers of the Mellow Mushroom eatery had their credit and debit card information hacked sometime around March 11th. Customers of other merchants have been affected, but a hack of Mellow Mushroom's processor is believed to be the source.

616

The Department of Veterans Affairs has suffered another possible breach of private data as a thief recently stole an unencrypted laptop that had held the Social Security numbers and other information of 616 veterans. Theft of the laptop was owned by a contractor and not the VA.

Unknown, at least two from New Hampshire

An unauthorized person using a valid employer password and user name accessed group contract number, member name, Social Security number, age and employment status of certain individuals with a connection to Principal Life Insurance.

207,000

A laptop containing the names, address and Social Security numbers of more than 207,000 Army reservists has been stolen from a government contractor in Georgia. A CD-Rom containing the personal identifiable information was in one of three laptops stolen from the Morrow, Ga., offices of Serco Inc., a government contractor based in Reston, Va. The other laptops did not contain sensitive personal information. Serco had a contract with the U.S. Army's Family and Morale, Welfare and Recreation Division, so some of the pilfered information also could belong to reservists' family members.

9,500

(877) 453-8424

A employee of a subcontractor for the company that processes claims and provides dental benefits for the State’s Medicaid program, filed a stolen car report for a vehicle whose trunk contained an ”unencrypted” laptop loaded with patient information. The patient information in the laptop included name, health plan identification number, which in some cases is the individual’s Social Security number, and a provider identification number but not the name of the provider. The agency sent out a message today saying that it was in the process of notifying 9,500 New Mexicans who use its Medicaid Salud plan of a possible security breach.

6 from Plantation and Monarch, 7 victims total

A former teacher of Monarch High School received six months of house arrest for opening or attempting to open 17 credit cards in other people's names.

300

The financial and personal details of about 300 property loan applicants were compromised when confidential documents were mistakenly tossed into an outdoor waste bin. The documents, which contained bank account and Social Security numbers, were found by employees at a neighboring store, who alerted FHG. The company padlocked the trash bin until the documents could be shredded.

Unknown

Hundreds, maybe thousands, of documents with personal information were dumped behind a shopping center. The documents scattered around a dumpster behind the business listing Social Security numbers, names, addresses, bank account numbers and signatures.

Unknown

Hackers have caused the Bureau of Engraving and Printing (BEP), a part of the US Department of the Treasury, to shut down a number of websites. The BEP confirmed to IT PRO that the hosting company it uses experienced an intrusion and as a result of the breach numerous websites were affected, including non-BEP sites. Those URLs are: bep.gov; bep.treas.gov; moneyfactory.gov and moneyfactory.com. BEP has since suspended the website. The chief research officer at IT security company AVG, indicated that the BEP websites had a line of code injected into them. Upon accessing the US Treasury website (treas.gov, bep.gov, or moneyfactory.gov), the iframe silently redirects victims through statistic servers and exploit packs which will carry the victim onto the second stage of the attack. The exploit kit determined that Java was the “best method” for infecting his test machine. Once infected, users' web browsers will start directing them to ads and “other nasty things” like rogueware.

180,111

Health records belonging to patients were stolen in a break-in. The records were on a portable hard drive and stolen from the Westmont office of Millennium Medical Management Resources. Millenium believes the hard drive contained personally identifiable information about EHP patients including name, address, phone, date of birth, and Social Security number.  In some cases other information such as diagnosis, procedure (and/or codes), medical record number, account number, drivers license number and health insurance info. It was NOT encrypted.

24,600

A flash drive containing personal information on 24,600 patients is missing from Our Lady of Peace psychiatric hospital. The drive contained the following information on patients admitted since 2002: patient names, room numbers, insurance company names and admission and discharge dates. It didn’t include diagnoses or treatments, Social Security numbers, dates of birth, telephone numbers or addresses for these patients. The drive also included the following information on patients assessed since 2009 but never admitted: name, date of assessment, date of birth and the time they left the hospital. For these patients, the information on the drive didn’t include diagnoses or treatments, Social Security numbers, telephone numbers, addresses or insurance information.

349

The online bill payment website was hacked. The credit card and debit card account information of customers who paid online was exposed.

20,000

(800) 627-8106

20,000 patients may have had their personal information stolen after a break-in at the St. Jude Heritage Healthcare Clinical Management Services building in Fullerton. The thieves stole five computers. The stolen patient data included Social Security numbers, dates of birth and in some cases, health related information.

5,418

The Medical Center at Bowling Green is notifying 5,418 patients whose medical information may have been breached when a computer hard drive was stolen. The computer hard drive was taken from the hospital's mammography suite and contained information from patients who underwent bone density testing between 1997 and 2009.

260

A Montana Tech employee mistakenly included the personal information of former students in an e-mail message sent to faculty, staff and students last week. The e-mail was an invitation to watch students present their research projects. But the file that this year's information was taken from included the names, addresses, Social Security numbers and in some cases birth dates of students whose research projects were done from 1998 through 2005.

At least 1,824 (0 SSNs and financial information reported)

Over 1,800 people's information was found in a dumpster. It is not known what kind of personal information was included in the documents.

3,097

ESB Financial officials announced that a data backup seven years ago had inadvertently been sent to an unauthorized storage source. Only checking and money-market account information was backed up to the incorrect outside data-storage company. A total of 3,097 customers could have been affected by the backup. Names, addresses, account numbers and, in some cases, Social Security numbers, would have been available to someone who found them on the Internet. However, the jumble of numbers would not have been easily recognizable and ESB was not identified as the source of the information.

Unknown

Blippy is a social Web service that lets users share with the world all their credit card transactions. One big problem though: Blippy appears to have inadvertently published some of its users' credit card numbers. Google search resulted in viewing of some of the credit card numbers.

1,700

Nearly two thousand students records from Chattanooga State are missing. The company hired to scan the documents, mishandled them. The school took the records to a company, United Imaging in Walker County, where the papers would be converted to computer discs. The school was contacted by individuals who said there was something awry going on at this scanning site. That's when the school found their records in disarray, and brought them back. The papers included students' names, Social Security numbers, addresses, phone numbers, some even contained high school transcripts. Chattanooga State went through each item, hand by hand, and found nearly 2000 missing documents from 2007.

Unknown

Officials have seized hundreds, perhaps thousands, of files containing Social Security numbers and other private patient information found dumped outside the shuttered office of DRC Physical Therapy Plus. The manila folders, dating back to at least 1998, include information sheets showing the names, addresses and birth dates of patients and, in some cases, Social Security numbers. Deputies impounded a dump truck loaded with patient files and about a dozen or so boxes stacked inside the bucket of a front-loader.

Unknown

Anyone who peered inside the mixed paper bin at the Dupont Recycling Center in May of 2009 got an eyeful. Files, in plain sight, which contained sensitive medical and identity information. Authorities don't know how those thousands of files got there. Some of the records came from Hutcheson and a plastic surgery office in the area. The information inside those files included graphic photos, and Social Security numbers.

Unknown

The company in Arkansas lost more than $110,000 this month when hackers stole the firm’s online banking credentials and drained its payroll account. On Wednesday, Apr. 7, Ft. Smith based JE Systems Inc. received a call from its bank stating that the company needed to move more money into its payroll account. Over the course of two days, someone had approved two batches of payroll payments — one for $45,000 and another for $67,000. A few days later, the First National Bank of Fort Smith sent JE Systems a letter saying the bank would not be responsible for the loss. It was their internet address that was used to process the payments, and their online banking user name and password.

3,526

On February 19, 2010, a laptop belonging to a physician affiliated with the Massachusetts Eye and Ear Infirmary was stolen while the physician was lecturing in South Korea. The laptop belonged to a neurologist with a particular focus on ringing in the ears, or tinnitus. The following types of information about affected individuals associated with Mass. Eye and Ear may have been present on laptop, Names, Addresses, Telephone numbers, E-mails, Date of birth and age, Sex, Medical record numbers, Dates of service, Medical information, including diagnoses, symptoms, test results, and prescriptions, Name and contact information for patient pharmacies, and Research participant status. In addition, four individuals’ information also included their pharmacy insurance account number.

12,000

The Army is warning about 12,000 military and civilian personnel once associated with a reserve command based at Fort Totten that they should check their credit records, after discovering that it cannot locate files containing information that could make them vulnerable to identity theft. The records cover reservists from Long Island, New York City and upstate who were assigned to the 77th Regional Readiness Command and its subordinate units from 2001 until the unit was absorbed by the 99th Regional Support Command in 2008. The files were discovered missing when the new command asked for an accounting of the old unit’s records. They could have been burned, shredded or stolen.

409,262

Affinity Health Plan, a New York managed care service, is notifying more than 400,000 current and former customers employees that their personal data might have been leaked through the loss of an unerased digital copier hard drive. Some personal records were found on the hard drive of a copier found in a New Jersey warehouse. The copier had previously been leased by Affinity and was then returned to the leasing company. Affinity Health Plan says it has not had a chance to review the data found on the copier. The figure of 409,262 notifications includes former and current employees, providers, applicants for jobs, members, and applicants for coverage.

1,272

An Army three-ring binder that may have included detailed information on soldiers and families being treated at Brooke Army Medical Center was stolen on Oct. 16 from a car belonging to a case manager. Names, phone numbers and health information of 1,272 patients being treated at hospitals may have been breached by the car break-in.

77 patients (0 SSNs reported)

A hard drive was stolen from a locked area. Medical information such as biopsy images, patient names, and medical exams were on the stolen hard drive.

Dozens

Dozens of legible tax documents were found among ashes in a dumpster outside of a tax return business.  Social Security numbers may have been on the documents.  This appears to be the result of a failure to burn all of the documents.

Approximately 12,000

A filing cabinet containing survey information from approximately 12,000 BlueCHIP for Medicare members was donated to a local nonprofit organization.  The surveys were from 2001 to early 2004 and contained information such as names, Social Security numbers, telephone numbers, addresses and Medicare Identification numbers.

1,433

A "process error" may have lead to Social Security numbers and last names going through Internet servers outside of HESC's control.  Those who may have been affected received letters and free credit monitoring services.

Unknown

The Tatum division of SFN (Strategic Workforce Solutions) notified employees that a portable electronic device was stolen from the trunk of a car.  The device contained unencrypted files with names, addresses and Social Security numbers.

Unknown

A laptop containing the information of people regularly employed at Lam Research Corp. on or after January 1, 2009 was stolen from an employee's car.  Temporary employees and contractors from August 1, 2007 and beyond may have also been affected.  The information included names and Social Security number; however, it was protected by passwords and fingerprints checks.

Nearly 800 (unknown number of SSNs)

Up to 800 police files were left in an area where the general public could easily access them.  Some of the files contained Social Security numbers, patient addresses, and treatment information.

Unknown

At least eight human services employees, including supervisors, have been fired or disciplined in the past year for wrongfully accessing confidential and personal information about former employees, family members and clients. The violations include a boss who forced her employees to gather information from a state database about her husband's child and a worker who checked on the status of a dead client's Medicaid benefits to help the client's family. Most of the cases stemmed from the agency's financial assistance department, which handles food stamps, Medicaid assistance, grants for the disabled and emergency relief for needy families. As part of their jobs, the 330 employees in the department who provide social services have varying degrees of access to secured databases. They need the information to determine whether a client qualifies for financial help.

Unknown

An East Greenbush man who worked as a medical records clerk at St. Peter's Hospital is accused of stealing personal information from patient's files to open credit card accounts. The man allegedly stole Social Security numbers and other personal information from patient's records, then used the data to open credit card accounts for making personal purchases online. The man was charged April 12 with five counts of felony second-degree forgery, three counts of felony second-degree identity theft and three counts of misdemeanor second-degree criminal impersonation.

At least 1,874

Two unencrypted DVDs containing employee information were lost in transit by a benefits consulting firm. Multiple organizations were involved.  Benefits consulting firm Towers Watson notified Lorillard and the General Council on Finance and Administration, which administers the General Agencies Welfare Benefits Program, of the loss in February.  The DVDs contained names, addresses, dates of birth, and Social Security numbers of current and former employees and their family members.

UPDATE (6/22/2010): National Gypsum notified the New Hampshire Attorney General Office of the possible exposure of employee data related to this incident in June.

Unknown

A Maryland man found his own credit application lying on the ground near a dumpster.  The dumpster contained thousands of old credit applications and some newer ones.  The information included Social Security numbers, driver's licence numbers, names, addresses, and phone numbers.  Room Store employees were doing a massive cleanup and unknowingly dumped the bag of documents without shredding them.

1000

While attending a seminar on security, Atlanta police officers were astonished to discover that personal information from city firefighters was being used as an example of what could be found on the Internet. The information included Social Security numbers, names and addresses. It is believed that the information was hacked and/or uploaded to a file sharing website from a city employee's off-site laptop.

37,000

A former employee was convicted of using the Social Security number of a member to create a false identity. The county employee opened a line of credit and had committed felonies before being hired at KCERA in a position with access to retirees' personal information.

Unknown

This Hollywood Video like many others has closed. Hundreds, perhaps thousands of pieces of paper, receipts, records and worst of all membership forms, were exposed.  It appears they were not even placed in the dumpster, but left out in the open and scattered everywhere by the wind. On these forms were names, addresses, birth dates, I-D numbers, credit card numbers and signatures.

200

Police have received about 80 complaints of victims' whose credit cards have been compromised. The police have connected the scam to cards used at the Mad Capper Saloon & Eatery. The owner of the Mad Capper Saloon & Eatery has been cooperating with police, he is frustrated that somehow his 30-year-old business is linked to identity theft. The restaurant's owner, has taken steps to make sure his customers are protected. "We've looked into our credit card processing. We've looked into our software program -- our routers in the building, We've scanned everything -- combed it with a fine tooth comb and we can't find anything off of it, so its frustrating."

UPDATE (4/10/10): The number of people affected is now nearing 200.

Unknown

At least three

A USB containing client names, Social Security numbers, addresses, and dates of birth went missing. The data was unencrypted.  Woodbury is a broker with The Hartford.

60

A Sand Springs woman has been indicted on allegations that she used personal identifying information she copied from her then-employer's computer system as part of a scheme involving fraudulent credit cards and stolen mail. The indictment, released Wednesday in federal court in Tulsa, a 45 year old woman, exceeded her computer-access authority at St. Francis Hospital to obtain information such as Social Security numbers and dates of birth of at least 60 people.

At least 20

Police are investigating whether former H&R Block employees received fraudulent tax refunds by using customer information. At least customers 20 have come forward, but there could be many more customers who were affected.

Unknown

A security breach resulted in the possibility that hackers accessed customer names, addresses, credit card information, email addresses and phone numbers. Customers who used the site between December 1, 2009 and February 10th, 2010 may have been affected.

Unknown

Montgomery County's Department of Health and Human Services is looking into how numerous Wheaton nursing home papers containing sensitive patient information have made their way into nearby neighbors' yards over the past few months. The county sent a nursing home inspector to investigate complaints from residents in the Wheaton Regional Park Civic Association who said they have found internal documents from the nearby ManorCare Health Services that contain patient conditions, names and Social Security numbers. The inspector cited ManorCare for inappropriate conduct.

Unknown

An IT staff member of Bank of America plead guilty to installing illegal software on Bank of America ATMs. The software caused the ATMs to erroneously dispense money; some of it may have affected customer accounts.

At least four

An employee made a deal with an outside party to allow a skimmer device to collect customer credit card information. Four people reported identity theft to the police, but it is unknown how many were affected.

955

A laptop was stolen from an employee on February 10. The theft occurred off-site.  The laptop contained names, addresses, phone numbers, dates of birth, medical information and Social Security numbers.

12

The hospital has sent letters alerting patients that a hard drive used for backing up data has been "lost or stolen from a locked office suite. The hospital explained that the data included patient names, medical record numbers and/or clinical information, addresses and phone numbers of some employees, and what the hospital called proprietary businesses information. The hospital would not comment on how many patients may be affected, but said only 12 patients' Social Security numbers were on the hard drive.

5,450

John Muir Health, the Walnut Creek-based hospital system, has begun notifying 5,450 patients by mail of a potential breach of their personal and health information. Two months ago two laptop computers at the John Muir Physician Network Perinatal office in Walnut Creek were stolen. The laptops were password protected and contained data in a format that would not be readily accessible. External vendors and internal experts discovered that the missing laptops contained personal and health information going back more than three years.

Unknown

A mound of city documents containing Social Security numbers, phone numbers and carbon copies of checks filled a Dumpster at Smith Park, where they were accessible to anyone. Countless junked records containing personal information for Middletown residents, along with blueprints, contracts and tax papers were found. Most appear to have originated in the city’s public works and utilities department, with a few from the police and finance departments. Somebody made a mistake and threw something away that should have been shredded.

Unknown

Personal documents that originated from the city building were left in a dumpster. The documents contained Social Security numbers, phone numbers, and carbon copies of checks.

244

More than 200 employees were notified that a non-government entity may have seen their personal information. The non-government entity were lawyers for two of three workers who fought a security access suspension against them. It take the Navy 17 months to inform employees at the Naval Facilities Engineering Service Center in Port Hueneme, Calif., that their Social Security numbers had been inadvertently released.

Unknown

Three Rivers Community College may have suffered a security breach due to unauthorized access to its computer network. Data made vulnerable in the breach included names and Social Security numbers. Those affected would have been involved in the following programs during these years:
1997-2009: Participants in the Real Estate programs
2004-2009: Participants in the Life Long Learners programs
2003-2006: Participants in the Patient Care Technicians programs
2004-2006: Participants in the Certified Nursing Assistant programs
2004-2005: Participants in the Electric Boat academic programs
2007-2008: Participants in the Bridges to Health Care Careers programs
2006-2008: Participants in the Photons for Educators programs
2004-2009: Faculty or staff members of the Three Rivers Continuing Education office.

At least 14

Anonymous letters were sent to at least 14 patients of the Family Medical Associates clinic in Lafayette.  The letters contained Social Security numbers, medical records, dates of birth and names.  The sender claimed that the clinic was improperly disposing patient personal information.

Unknown

In November the firm discovered that several backup tapes were missing from its office. The tapes contained customer information such as names, e-mail addresses, addresses, phone numbers, Social Security numbers, bank account information, passport numbers and sometimes scans of passports. The firm ceased operations in mid-2009.

Unknown

In Fort Lauderdale and Tamarac Florida

A former employee of these organizations was involved in a identity theft scheme involving at least three other partners.  The woman had access to patient records such as names, dates of birth, Social Security numbers, Medicare numbers, and addresses.  The stolen information was used to obtain Care Credit accounts and Chevron Visa credit cards.  Victims lost a total of approximately $162,000.

957 (0 SSNs and financial documents reported)

A former employee appears to have continued accessing patient names, medical information, dates of birth and medical record numbers.  Patients received soliciting phone calls from a physician at another hospital.

Thousands

Thousands of medical documents fell out of a truck bed while in transit.  The scattered documents contained billing information and possibly medical records from 1993 or later.

3,300,000

ECMC, a guarantor of federal student loans, said that a theft has occurred from its headquarters involving portable media with personally identifiable information. The data was in two stolen safes and contained information on approximately 3.3 million individuals and included names, addresses, dates of birth and Social Security numbers. No bank account or other financial account information was included in the data.

UPDATE (4/16/10): The information was recovered shortly after the theft and discovered weeks later in a police evidence room.

5,000

A 21-year-old former Evergreen Public Schools student has pleaded guilty to criminal charges in connection with a computerized payroll security breach that put more than 5,000 past and current Vancouver district school employees at risk of identity theft. The man had "shoulder-surfed" a password from an Evergreen school employee while still a student there.

At least 245

(877) 705-5544
legalinquiry@nmff.org

The Cook County Sheriff’s Department has uncovered an identity theft ring, a limited part of which may involve an employee of Millard Cleaning Service, the service contracted to clean the Foundation’s offices. The suspect may have stolen information from paper records, including names, dates of birth, Social Security numbers, and addresses. NMFF has reviewed the Sheriff’s Department’s list of identity theft victims in Illinois and other states. It has identified approximately 65 people who were recent patients of NMFF, and it is contacting those who are known identity theft victims and offering assistance. While the Sheriff’s Department has identified hundreds of other identity theft victims, the majority of them have no connection to NMFF and their personal information was not stolen from NMFF.

UPDATE (3/25/10): At least seven individuals linked to the Millard Cleaning Service janitor have been connected to the theft ring.

Over 200 (0 reports of SSNs or financial information)

Two employees from the New York City office

Seven people, including two former New York State DMV employees from New York City, were indicted in a theft ring. The identify fraud ring involved New York State driver's licenses, learner's permits, and identification cards. The information was then sold to felons.  Fifteen other people were charged with buying the stolen information.

Unknown

A student gained access to the entire district of Hart's system, but only went into his high school's portion. The student claimed he changed some things and then returned them. The student most likely used a password, but it is not known whether he used a district computer or a personal one. The district is providing one year of free credit monitoring services.

700

A home computer that contained personnel data may have picked up a virus from the Internet. This breach puts employee names and Social Security numbers at risk.

Unknown

A file containing student enrollment information was accessible online.  Student names, races, genders, Social Security numbers, identification numbers and dates of birth were accessible for at least one month.

Unknown

A skimming device was spotted outside a Wachovia branch in Alexandria, Washington. It is estimated that over $60,000 in fraudulent charges was stolen from ATM customers of the Wachovia King Street branch.

60

After Highland, Ind., police pulled over a driver for suspicion of driving under the influence. A search of the car uncovered a treasure-trove of evidence: a file box full of H&R Block client information, numerous blank W-2 forms, more than 100 debit cards and yellow legal pads with columns of Social Security numbers, PIN numbers, dates of tax filings and whether the returns had been accepted or rejected. The two women stole the identities of more than 60 H&R Block customers from the East Chicago branch. Fraudulent tax returns were then filed in their names since January, and refunds went to bank accounts set up by the two, the complaint alleged. IRS agents have found 17 bank accounts with deposits totaling almost $290,000.

11,000

Police are investigating the theft of personal information — including Social Security numbers, names and addresses — from as many as 11,000 people who had applied for furnace rebate programs with the state. The investigation by Hartford and state police has led them to a woman who worked at the state Office of Policy and Management from May 2008 until May 2009. There have been no arrests. The state collected Social Security numbers because the refunds are federally taxable and the state was required to send a 1099 tax form to the recipients.

Unknown

It appears that the owner of a bail bonds business accessed criminal, family, and financial background information by misusing a police password. The Arkansas Crime Information Center database was fraudulently accessed 1,200 times in less than one year.

700

The personal information of more than 700 Yuma Proving Ground employees may be at risk of identity theft because a home computer that contained their data may have been compromised. According to YPG spokesman, personnel information from 2005-2007, which included the names and Social Security numbers of the employees at that time, was being stored on the personal home computer of an employee of the installation's Resource Management Division. That information, which was being maintained by the Department of the Army, could have been compromised and possibly accessed during that time because the employee's computer may have picked up a virus from the Internet.

Unknown

PNC Financial Services Group is investigating a possible security breach involving some debit cards issued by the former National City Corp., which it acquired in December 2008. The problem surfaced when former National City customers began reporting unauthorized charges on their accounts. The breach involves a small number of cards in the Cincinnati area, and it appears to have been committed by someone outside PNC or National City prior to the merger. It doesn’t involve any PNC-branded cards or longtime PNC customers. PNC has shut down National City debit cards in the Cincinnati area and asks that customers who have not yet done so activate their PNC debit cards. PNC is working one-on-one with customers to refund accounts, and has been returning funds within 24 hours.

Unknown

Certain consumer information was accessed without proper authorization on March 9, 2010. Names and addresses were accessed, as well as additional information that may have included Social Security numbers, dates of birth and/or account numbers.

Unknown

In February, it was discovered that a database containing customer names, addresses, e-mails, telephone numbers, and credit card information had been hacked. Some customers received phony charges to their accounts as a result of this hack.

232

Cal State Los Angeles has notified 232 former students that a computer stolen from the mathematics department office last month may have contained personal information such as their Social Security numbers and grades.

50

The Plaza location of Mary's Pizza Shack has been identified as the target of Internet hackers who penetrated the restaurant's computer system with a "logger" virus that captured credit card numbers at the transaction terminal. Only credit card numbers were taken by the virus, Albano emphasized, no personal identification information, such as Social Security numbers or bank account records were exposed, although VISA and MasterCard debit accounts were apparently raided. Trustwave identified and removed the virus doing the damage.

Unknown

Police were looking for evidence of another crime when they found personal documents in the dumpster outside of a doctor's office. The doctor specializes in treating the ear, nose, and throat and claims there was nothing about patients in the documents. The doctor agreed to shred the documents while the police investigated whether or not patient information was compromised.

Unknown

Sensitive city documents were found near a garbage can in an alley. The documents may have contained Social Security numbers. It is believed that officers failed to shred the documents and dispose of them properly.

5

Littleton Colorado Pizza Hut employee information was left in an envelope in a trash can. The envelope contained employment applications, Social Security numbers, and tax information. It also contained invoices.

24

24 people may have had their personal information compromised following the cyber attack of one computer in the St. Louis Metropolitan Police Department. The attack came through an e-mail. The department’s website was not attacked. The names, addresses and Social Security numbers of the 24 people may have been viewed.

At least 1,085

A CD that contained customer names, Social Security numbers, and dates of birth went missing. The CD was password protected and encrypted and credit monitoring services were offered to customers who may have been affected.

35,000 (0 complete credit card numbers reported)

Personal information may have been accessed during a breach of Beer and Wine Hobby's computer system. The personal information included partial credit card numbers.

Unknown

A former TD Bank employee provided information to outside accomplices who stole over $200,000 from customer accounts. The insider passed along driver's license numbers and bank account numbers.

Unknown

A credit card thief and his partner used skimming devices to obtain credit card account information. The thief provided his partner with a skimming device while she worked at a California Pizza Kitchen in Plymouth Meeting, Pa. from 2008 to 2009. Around 26 customer credit cards were fraudulently charged.

1,012

Two laptops were stolen from employees attending an off-site company meeting in January. The laptops contained names and Social Security numbers for employees of Beecher Carlson’s clients, including 1,012 people who live in Massachusetts.

1,191

Nuance Communications Inc., a Burlington speech technology company, reported a laptop stolen from a locked car in Burlington may have contained personal information such as names and Social Security numbers of 1,191 Massachusetts residents.The company notified its employees, installed security and encryption software on laptops, and purchased credit monitoring services for those workers whose information was on the laptop.

At least 1,012

Two laptops were stolen from employees while they were off-site. The laptops contained employee names and Social Security numbers. Many more people may have been affected since the total number of Massachusetts residents affected is 1,012.

Unknown

The company took their web site offline, after it received e-mails and phone calls from several customers complaining about fraudulent charges on their debit and credit cards that they had used on monoprice.com.

Unknown

A former employee sold customer information which led to the theft of at least $53,000 from customer accounts.

1,100

A payroll computer was breached. Names, Social Security numbers, birth dates, pay rates, and bank transit numbers were exposed.

Unknown

An assistant allegedly recorded two sets of patient data on to a personal laptop for research purposes. One set included three years' worth of patient data and another held 18 years of medical information. The physician assistant's laptop was never connected to the VA network and any data she recorded on her laptop was hand entered. The department has not disclosed the number of patients involved in the incident, what kind of personal data was copied, or whether it plans to notify the veterans whose records were downloaded.

Unknown

Thrivent Financial for Lutherans, Minneapolis, experienced a break-in at one of its offices in Pennsylvania. A laptop computer was among the items stolen. The laptop had safeguards to protect sensitive information, including strong password protection and encryption. But Thrivent Financial says the information stored on the laptop may be at risk. The information on the laptop included personal information, including names, addresses, Social Security numbers and health information.

1,438

State auditors found that the District's network was accessible to unauthorized users.  Backup servers were kept in an easily accessible room.  Names, Social Security numbers, addresses and birth dates of students were left exposed.

Unknown

An unencrypted portable hard drive was stolen from a car of an LPL representative. As a result of the theft, private client information, including names, addresses, dates of birth and Social Security numbers may have been breached.

4,004

A laptop containing current and former employee personal information was stolen. The information included names, Social Security numbers, addresses, telephone numbers, and some corporate and personal credit cards.

Unknown

Personal documents were found in the abandoned nursing home. The documents included names, Social Security numbers, medical records and dates of birth of patients.

9,000

A computer server with patient personal information was stolen.

4,004

The theft of a laptop from the office of Arrow Electronics has resulted in the company notifying 4,004 current and former employees that their personal information was on the laptop. The laptop was stolen during a break-in on February 18. Personal information on the laptop included names, addresses, telephone numbers, and for some of those who used company Blackberry, wireless AirCard and calling card services, their Social Security numbers, some credit card information such as last four digits, security code, and expiration date.

Unknown

A man and his wife who were previously charged with selling patient information in 2009, were charged with stealing personal informaiton of individuals transported by Randle Eastern Amubulance Service inc. (American Medical Response).  The information was then sold to South Florida personal injury attorneys and clinics.  The stolen information included names, telephone numbers, medical diagnoses, and addresses.  They used the help of a former AMR employee.

Unknown

Westin Bonaventure Hotel & Suites four restaurants in Lake View Bistro, Lobby Court Bar, Bonavista Lounge and L.A. Prime., along with its valet parking operation, may have been hacked at some time between April and December, disclosing names, credit card numbers and expiration dates printed on customers' debit and credit cards.

35,000

An external hard drive has gone missing. Approximately 35,000 current and former members of the Arkansas Army National Guard are affected by the loss. The drive included names, Social Security numbers and other personal information which potentially places the affected soldiers at risk for identity theft.

UPDATE (5/18/10): The external hard drive containing personal information on over 32,000 current and former Arkansas Guardsmen that was reported missing on February 22 has now been recovered and destroyed. The drive was reported missing by an Arkansas Soldier who used the device as a personal backup of his work related information. This included a copy of the Guard's personnel database which contained personal information on all Soldiers who have served in the Arkansas Army National Guard since 1991.

200

UT Southwestern recently sent out a mass mailing to 10,000 of its patients, claiming that a former employee disclosed patients' information to a third party that intended to use it for credit, loans and open bank accounts. UT Southwestern representatives claim 200 patients were actually affected.

At least 200

A former employee was arrested on patient information and identity theft.  The stolen patient information includes names, Social Security numbers, birth dates, addresses, phone numbers and financial data.  The employee allegedly sold patient information to an outside party for the purpose of creating bank accounts and misusing credit and loans.

Unknown

Employee documents were found near a dumpster behind the Huntsville, Alabama store. The documents were not shredded and contained payroll records dating back to 2005 with Social Security numbers, names, and pay rates.

554

A bag containing a document with the names and Social Security numbers of 554 patients was stolen from an employee's locked car.

Unknown

The owner of the business used patient Medicaid information to fraudulently claim $968,583 from Medicaid between January of 2003 and September of 2006.

At least 32

A dishonest business owner filed fraudulent tax returns by using his clients' information. He also created fictitious identities by using the Social Security numbers of his clients' children.

3,000

After Small Dog began collecting and matching customer donations for Haiti relief efforts, a hacker breached the website and began stealing customer credit card information. The breach lasted from December of 2009 to January of 2010.

12,500

Shands at UF sent notification letters to about 12,500 people Monday warning them that a laptop containing their personal and medical information was stolen. An employee had uploaded the information onto his home laptop for work-related purposes. The laptop held information about patients referred to the gastroenterology clinical services department. Included were names, addresses, medical record numbers, and in the case of 650 patients, Social Security numbers.

260

According to a lawsuit, the clinic stores patient information, including Social Security numbers, addresses, telephone numbers, insurance information and medical history on a file-sharing network. That network is accessible to employees’ personal laptops and home computers. A spreadsheet with information of about 260 of its patients was leaked as a result of the installation and use of file sharing software on computers containing patients’ personally identifiable information.

Unknown

Boxes containing patient information ended up in a dump.  The easily accessible information included health history, surgeries performed, test results, pictures, insurance cards, bank account information and addresses.  The boxes were traced back to Family Health Center on Town Center Parkway.

Unknown

A former employee is accused of stealing patient information to commit identity theft. The former employee also had multiple driver's licenses and was able to open utility, bank and credit accounts.

Unknown

A laptop was stolen from the desk of a financial adviser. The laptop contained personal information about bank customers.  This occurred at the 5154 Wilson Mills branch in Cleveland, Ohio.

Unknown

International hotel group Wyndham Hotels and Resorts (WHR) has suffered yet another serious data breach after hackers broke into its computer systems, stealing customer names and payment card information.

UPDATE (5/18/10): An open letter from Wyndham to its customers: www.wyndhamworldwide.com/customer_care/data-claim.cfm

Unknown

A former employee of an unknown service provided for AT&T removed documents that contained customer credit card information.  The information may have also included Social Security numbers, driver's license numbers, names and addresses.

1,501

Eight laptops were stolen from an office. They most likely contained unencrypted employee information such as Social Security numbers and bank account information.

8,861

A former employee accessed unencrypted files between December of 2006 and March of 2008. The files contained patient Social Security numbers, names, addresses, and dates of birth.

Unknown

A laptop containing sensitive information was stolen from an employee. The data included names, Social Security numbers, and addresses for patients, employees, or both.

9,000

The personal information of about 9,000 children in the state's children's health insurance program could have been exposed on the Internet. The error resulted in the names, birthdays, Social Security numbers, addresses and phone numbers of Kid Care CHIP participants being accessible on an unsecured Web page for months.

Unknown

The owner and operator of Logic World Medical used the names, addresses, and account numbers of Medicaid beneficiaries to file false claims for payment of services and goods that he never provided.  Approximately $1,101,865.37 was fraudulently claimed between April of 2004 and August of 2006.

600,000

About 600,000 Citigroup customers got a shock earlier this month when they received their annual tax documents with their Social Security numbers printed on the outside of the envelope. The digits were not identified as a Social Security number, and they were printed at the lower edge of the mailing envelope with other numbers and letters that together resembled a mail routing number.

Unknown

A skimming device monitored transactions at a gas station pump in Sandy, Utah. The device could have been active for 60 days before being discovered and was used to steal over $11,000.

Well over 200

Throughout the summer of 2009, four men put skimming devices on SunTrust Bank ATMs in the Florida counties of Hillsborough and Pinellas.

3,900

An electronic error caused information such as Social Security numbers for about 3,900 enrollees to be sent to incorrect addresses. The error was the result of a modification to the system that pulls addresses into an electronic file for TennCare, the state's expanded Medicaid program. Letters and cards that contained one or more pieces of personal information were sent to incorrect addresses.

170,000

http://www.valdosta.edu/notify/

A Valdosta State server that was reported as being breached could have exposed the information of up to 170,000 students and faculty. Valdosta State officials reported the discovery of a breach on Dec. 11 and estimated it began on Nov. 11. The university said the grades and Social Security numbers of up to 170,000 students and faculty were exposed in the breach.

8,000 Not included in total because Social Security numbers and financial information not involved.

Cardiology Consultants Inc. today reported that a laptop used to process ultrasound images was stolen from one of its Pensacola offices. The computer did not contain patient financial information or Social Security numbers. The stolen computer did contain the first and last names, dates of birth, medical record numbers, exam dates and in some cases, the reason for the ultrasound.

900

A computer security breach at Southern Illinois University may have put hundreds of alumni at risk of identity theft. A faculty member's computer in the Mathematics Department was found to be infected with malicious software. When the computer files were searched, university officials discovered there were Social Security numbers for approximately 900 students who took introductory math classes at SIU in 2004 and 2005 stored on the hard drive.

Unknown

Hanceville police are cautioning residents to be on guard against a sophisticated debit card wire scam that has leached hundreds of thousands of dollars from customers whose card numbers have been stolen remotely from pay terminals at one or more local businesses. The primary target in the theft so far has been the Dairy Queen restaurant. It's unsure whether this is ultimately involving other businesses. At the Dairy Queen location, somebody has apparently tapped into the Internet server and hacked into the debit card system. They are printing the customers’ debit card numbers and using them all over California and Georgia.

At least 5

A former employee used a skimming device to gain credit card information from customers of the Coon Rapids T.G.I. Friday's. The dishonest employee was involved with a partner who used skimming devices in a variety of locations throughout Minnesota.

969

A computer disc containing detailed personal information about 969 New Yorkers was lost by a Social Security Administration employee traveling to Queens from the Bronx. The disc was lost as the employee was going to the Queens Social Security hearing office, and the information on it included administrative decisions, medical evidence and internal agency documents containing people’s names and Social Security numbers.

Unknown

A St. Petersburg man has been charged with stealing customers' credit card numbers from a marketing company he worked for to buy nearly $30,000 in dinners, limos and other luxuries. The man and another employee, listened from their cubicles as co-workers repeated customer credit card information aloud to confirm accounts.

Unknown

FBI is investigating, after the security of the West Memphis Police Department's computer network was apparently compromised. The FBI had information that somebody had used a computer that shouldn't have used it. The suspect in the breach was a detective in the police department. Files containing the names and Social Security numbers of police department employees were stored on the computer network, making the employees vulnerable to identity theft.

At least 89

The Gloves Inc. website for Galeton was hacked. Customer names, addresses, credit card numbers and expiration dates were exposed.

At least 1,285

A hacker accessed a database with customer information.  The information included names, addresses, and credit card numbers from people who made orders between August 25, 2009 and November 23, 2009.

106

Customer information was accessible through a web search from August of 2008 through January of 2010.  The information included names, Social Security numbers, addresses, and account numbers of shareholders in New Hampshire and other locations.

Unknown

An unknown number of current and former employees of credit reporting firm Equifax received W-2 forms in the mail with their Social Security numbers visible through a window on the envelope. Some of the tax forms mailed by Equifax's payroll vendor through the U.S. Postal Service had the Social Security number in a Control Number field, which was partially or fully viewable through the return address window.

2,400

The University of Texas Medical Branch has mailed letters notifying 1,200 patients that sensitive information about them had been available to a woman charged with identity theft in an unrelated case. Officials sent out the letters this week after MedAssets, which the medical branch hired to assist with billing from third-party payers, warned of a security breach by one of its employees. Law enforcement officials notified MedAssets that a former employee had been arrested and charged with identity theft. The person also was alleged to have used a stolen identity to misrepresent herself and gain employment at Georgia-based MedAssets and had been involved in other instances of identity theft. That employee is implicated in a widespread identity theft investigation involving cases from Texas to Wisconsin and losses upward of $1 million.

Update (3/9/10): 1,200 more letters were sent out to people who's financial information may have been exposed.

1,427

After its security system was disabled, customer credit and debit card information was exposed. The exposure of the information led to some unauthorized transactions.

Unknown

An employee used customer credit card information to purchase $200,000 worth of Wal-Mart shopping cards.

Unknown

A former employee accessed health care professionals' Social Security numbers, names, dates of birth, and home addresses. Between 2007 and 2010, the employee created fictitious identities and created e-mail addresses, opened bank accounts and credit card accounts.

50,000

The personal security of nearly 50,000 people may have been breached by the California Department of Health Care Services. Social Security numbers were printed on the address labels of letters that were mailed by the department. State employees mistakenly included the numbers in a list of patient addresses. The list was sent to an outside contractor, who printed and mailed the envelopes.

6,000

Personal banking information for 6,000 state employees was inadvertently included in a e-mail distributed to dozens of payroll officers of state agencies. The e-mail from an unnamed administrative-services employee included an attached spreadsheet listing 6,000 state employees whose bank accounts are to be moved from National City Bank, which was bought by PNC Bank.

145

About 145 employees at the Kansas City Art Institute have been notified of potential identity theft in connection with the disappearance of a computer from the campus. An Apple computer that contained Social Security numbers, dates of birth and other personal information about the school's professors and staff employees was stolen from the human resource office.

15,000

University of Texas at El Paso is notifing students that their Social Security number were visible when their tax form was sent out. The University notified 15,000 students but they don't know exactly how many students were affected. UTEP blames a glitch in a machine used to fold letters when student’s forms were sent out. Some of the forms were folded in such a way that the document shifted on the envelope and allowed for the Social Security numbers to be visible through the mailing window on the envelope.

208,000

Additional 860,000 added June 3rd

AvMed Health Plans announced that personal information of some current and former subscribers may have been compromised by the theft of two company laptops from its corporate offices in Gainesville. The information included names, addresses, phone numbers, Social Security numbers and protected health information. The theft was immediately reported to local authorities but attempts to locate the laptops have been unsuccessful. AvMed determined that the data on one of the laptops may not have been protected properly, and approximately 80,000 of AvMed's current subscribers and their dependents may be affected. An additional approximate 128,000 former subscribers and their dependents, dating back to April 2003, may also have been affected.

UPDATE (6/3/2010): The theft of the laptops compromised the identity data of 860,000 more Avmed members than originally thought.  The total now nears 1.1 million.

250

The organization printed two 1099 forms on one piece of paper. They were supposed to separate them and send each to the rightful owner. Instead one person got both. The mistake sent tax forms and Social Security numbers to strangers. More than 500 landlords work with OACAC. On January 28, 2010, half of those landlords didn't receive tax forms. The other half got their forms and someone else's private information.

Unknown

The owner of the business used Medicare client information to obtain approximately $1.6 million worth of fraudulent claims.

At least one

A former employee stole a document that contained the name, Social Security number, date of birth, and address from a deceased patient's medical records.

80,000

The Iowa Racing and Gaming Commission says someone gained access to a computer server that holds more than 80,000 records containing casino employee information. The person who hacked into the system had used a computer with an external account. The server contains records including names, birth dates and Social Security numbers.

100

A man working for Ameriquest Mortgage Company as a mortgage associate for only six weeks. Turned out to be a pretty fruitful month and a half for him -- and a pretty costly one to nearly 100 people and several financial institutions. Using personal information he lifted from the mortgage applications of nearly 100 people -- as well as mail and even items taken from gym lockers of a couple of hundred more. The man eventually stole more than $150,000 from at least eight banks. The man used stolen personal information to create fraudulent identification documents and checks, which he then used to obtain cash, pay for services and buy items. For example, he used one victim's identification to obtain a credit card through U.S. Bank. With that card, he wound up withdrawing $30,529.63 in cash from ATMs throughout Minnesota. Those withdrawals were charged to the victim

77,000

The names, birth dates and Social Security numbers of 77,000 people were lost in their Chicago office. The people at risk for identify theft are those who were in the PERS and TRS system in 2003-04 as active or inactive employees or retirees. PricewaterhouseCoopers has agreed in a settlement to pay for credit monitoring and other security measures and cover any losses to individuals caused by its mishandling of the information.

3,500

A Humboldt State University computer infected with a virus may have exposed the personal information of 3,500 people employed by the school between 2002 and 2006. The computer was found to have a sophisticated virus that is used to steal login information.

Unknown

Files containing Social Security numbers, phone numbers, patient names, and addresses were found in a trash bin outside of the clinic. A woman found the files and notified police after receiving an anonymous tip.

Unknown

A Department of Commerce employee inadvertently transmitted over the Internet a file containing the Personally Identifiable Information (PII) of Commerce employees to other Department employees. Although the Department employees were authorized to send and receive the PII, the transmission of the PII over the Internet in unencrypted form may have compromised their name and Social Security numbers.

7,300 Not included in the total because information did not contain any Social Security numbers or other financial data

A laptop containing files with information on 4,400 patients was stolen from a UCSF School of Medicine employee. Information “potentially exposed” included name, medical record number, age and clinical information, but the stolen laptop did not contain any Social Security numbers or other financial data. The same laptop also contained data for approximately 2,900 patients at Beth Israel Deaconess Medical Center in Boston

Unknown

A former customer service representative sold the names and credit card information of court customers to ID thieves who then used the information to make fake credit cards in the victims' names.

689

Methodist Hospital notified people that someone stole a laptop from an office at the Smith Tower in the Texas Medical Center. A thief took the laptop on January 18. The computer was attached to a medical device that tests pulmonary function and contained private health information and Social Security numbers.

20

A man used a skimming device to obtain the credit card information of customers while working as a waiter at Brio Tuscan Grille of Kansas City, Missouri.

UPDATE (7/26/10): The former employee was sentenced to three years of federal prison time for credit card fraud and mail fraud.  He originally gained access to the customer information during July and August of 2008. His fraudulent purchases totalled thousands of dollars.

An investigation is under way after hundreds of city health workers’ personal information was stolen. Investigators have identified a person of interest in connection with the stolen information. The person of interest was an employee within the department over the past three years. Current employees and those who previously worked at the department within the last three years may be affected

Unknown

CHASE customer information that was sold to another business was accidentally posted on a website.  The information included names, addresses and bank account numbers.

Unknown

A man broke into a Goodwill store and stole a safe, but instead of money that thief got the names, addresses, dates of birth, and Social Security numbers from thousands of people.

18,000 Not added to total No Social Security numbers or financial information was on the statements

Pay statements containing names and sensitive information about the finances of about 18,000 recipients of a special pay for disabled retirees were sent to wrong addressees. The statements, a page of which contained information about annual increases in Concurrent Retirement and Disability Pay, mistakenly listed data including at least a portion of another recipient’s name, their bank or insurance company name, the amount of their allotment and the allotment type. There is “no indication” that any Social Security numbers, bank account numbers or phone numbers were listed on the erroneously mailed pages.