Hackers accessed several computers containing personal information such as names and Social Security numbers. The students who were affected were emailed.
Two computers that contained personal information for current and retired San Diego County employees were hacked. The information included names, addresses, Social Security numbers, and dates of birth. The San Diego Retirement Association mailed warnings to members.
The University removed student Social Security numbers, grade point averages and names that were accidentally posted. A student alerted the University to the problem after searching his name and finding the information on the website. A school employee put the internal documents on the website to email other staff members the information, but forgot to remove the information from the website.
Prospective students, current students, staff, faculty and University health care service recipients may have had their data exposed in a campus server breach. The information included names, Social Security numbers, addresses, student ID numbers, birth dates, and lab test information. The University mailed letters and sent emails to the individuals affected.
UPDATE (08/20/2005) The number of students affected was increased from an estimate of 42,000 to 49,000.
A safe with computer backup tapes containing financial, personal and medical records was stolen from Arizona Biodyne. Policyholders' addresses, phone numbers, dates of birth and Social Security numbers were among the personal information lost. Partial treatment histories and doctor information for some patients was also lost.
A reporter contacted USC based on an individual's claim to be able to access personal information on college applicants online. USC removed the site pending investigation and sent letters to affected individuals.
Student information was compromised during an attack on the College of Education server. The information included Social Security numbers, names, addresses, student courses, and personal identification numbers. The breach occurred in April and students were emailed in July.
Two tapes containing Social Security numbers, account numbers, and other customer information were lost or stolen during transportation. The tapes have been missing since April. City National Bank notified its customers.
A University server was hacked in April. The server contained Social Security numbers, driver's license numbers, and credit card numbers from people who attended or worked at UCSD Extension between the time of the incident and 2000. UCSD contacted those who were affected two months after the incident.
A laptop containing patient information was stolen from a financial consultant. MTE Consulting notified OSU medical center a month after the laptop was stolen and OSU sent a brief letter to the affected clients.
A laptop containing the names, Social Security numbers, and addresses of customers was stolen from a consultant's car.
It was discovered that two employees had engaged in unauthorized activities for an extended period of time. The computer administrators were fired for sabotaging the company's computers and downloading data. Sensitive information for 1.2 million Medica members may have been accessed. The former employees prolonged their activities and avoided heavier punishment by hiding and destroying evidence of their activities.
Data from around 500 former and 400 current employees from as far back as 1991 were sent outside the organization via e-mail. The data included names, Social Security numbers, and telephone numbers. Current employees were contacted immediately and letters were sent to former employees.
A laptop being stored in the trunk of a car was stolen in Minneapolis, Minnesota. Two people later reported identity fraud problems.
University officials became aware of an October 26, 2003 hacking incident. The personal information included Social Security numbers and addresses for students, faculty, and staff. The University began contacting those affected in June of 2005.
A password-protected laptop containing former employee names, Social Security numbers, birth dates, and benefits information was stolen from a consultant's car trunk. The consulting company has been identified as Hewitt Associates. Kodak sent letters and offered one-year of credit monitoring services and identity theft insurance covering up to $50,000 in fraud.
CASPIAN, a consumer privacy group, notified CVS of a security hole that allowed people to access information about purchases made by customers who used a CVS Corp. loyalty card. Anyone with someone's card number, zip code and the first three letters of the customer's last name could have a list of recent purchases sent to an email account. The company removed Internet access to the information. Fifty million loyalty cards have been issued.
A former librarian with access to the personal information of students, faculty, staff and patrons was convicted of Social Security fraud. The former librarian used Social Security information to obtain fraudulent loans. The University used Social Security numbers to track who checked out library materials. At the time of the press release it was unclear whether any information had been stolen from the University.
A laptop containing the names, Social Security numbers, and in some cases birthdays of current and former University employees was stolen from a human resources administrator's car.
Over 40 million card accounts were exposed to potential fraud due to a security breach that occurred at a third-party processor of payment card transactions. Of the more than 40 million accounts exposed, information on 68,000 Mastercard accounts, 100,000 Visa accounts and 30,000 accounts from other card brands are known to have been exported by the hackers. The data exported included names, card numbers and card security codes.
UPDATE (2/23/2006) CardSystems agreed to settle Federal Trade Commission charges that it failed to take appropriate security measures to protect sensitive personal information. The company must implement a comprehensive security program and obtain audits every 2 years for 20 years.
UPDATE (5/12/2006) CardSystems filed for bankruptcy.
UPDATE (5/28/2009) Merrick Bank has launched a multi-million dollar lawsuit against Savvis, accusing the vendor of erroneously telling it that CardSystems Solutions complied with Visa and MasterCard security regulations less than a year before the payment processor's systems were hacked, compromising up to 40 million credit card accounts. Less than a year later the security breach occurred. Hackers were able to get hold of the data because CardSystems kept unencrypted card information on its servers - in contravention of the regulations for which Savvis certified it.
Personal information including the names, birthdays, salaries, and Social Security numbers of former Federal Deposit Insurance Corporation employees was stolen. Some of the information was used for fraudulent purposes. Affected employees from as far back as July 2002 were notified.
Customers are being notified that backup tapes containing their account information were lost or stolen while being shipped by UPS.
A hacker broke into the computer system, stealing thousands of passwords and fragments of Social Security numbers. Fourteen thousand affected people were notified, including 10,000 employees of Duke University Medical Center.
Two computers were stolen from third party vendor Affiliated Computer Services (ACS). They had security safeguards and contained names and Social Security numbers of Motorola employees. Motorola notified affected staff by email and offered fraud insurance coverage.
An individual fraudulently obtained personal information about thousands of victims from Merlin Information Services and used that information to commit identity theft by opening up credit card accounts. He posed as a private investigator, thus giving Merlin the impression that he was a legitimate user of their services. He conducted at least 1,873 queries through the Merlin system to obtain information on approximately 5,875 people.
A laptop containing personal information from applicants, current students, and former students was stolen from the University's admissions office. The information included Social Security numbers and addresses from as far back as 2001. Letters were sent to those affected.
UPDATE (12/24/05):CSU found the stolen laptop
A computer server containing campus ID card information and Social Security numbers was hacked. The cards were designed to be used as debit cards by students and employees.
A computer containing credit card numbers and campus ID numbers for University Book Store customers was breached by a hacker.
A hacker may have downloaded the passwords and Social Security numbers of employees and students. The College sent new, high security passwords to students and employees.
A former employee who ran an investment program from 1998 to 2001 may have given Social Security numbers and account information to a convicted felon known for defrauding senior citizens. The bank mailed warning letters.
A former computer programmer for Georgia Technology Authority downloaded state driver's license information which contained names, addresses, driver's license numbers, and in some cases Social Security numbers.
Two students were accused of hacking into the School's computer system and stealing student and staff Social Security numbers. The students had the information for months before being caught. Letters were sent to affected families. The Social Security Administration and the Federal Trade Commission were also notified.
The University's Career Development Center was hacked. This exposed the names, Social Security numbers, and other personal information of users. Names and credit card information for some employers that registered with the site were also in the database.
A laptop containing password protected names and travel account credit card information was stolen sometime between May 7 and May 9.
Hackers accessed a program which contained University credit card information and the Social Security numbers of current and former employees. Letters were sent to employees and former employees.
A customer discovered that he could view the Registry of Motor Vehicles database by visiting a website printed on the bottom of his insurance paperwork. He was able to look up people by name and then obtain their address, date of birth, license number, driving history and even their Social Security number most times. The company corrected the problem quickly. The company believes the error was temporary and that few outsiders were able to access the information.
A laptop containing Social Security numbers, medical records, family medical history, and addresses was stolen from an employee's car. The State Health Department is not monitoring the affected group and has only contacted some of the families involved.
Backup tapes containing the personal information of current and former employees from as far back as 1986 was lost or stolen during shipping. An 800 number was set up to answer questions and provide free credit monitoring for one year.
UPDATE (5/3/2005): A contractor named Iron Mountain Inc. lost the tapes during shipping.
A laptop used for student job placement seminars was lost or stolen. It contained the Social Security numbers of current and former students.
Bank employees illegally sold account information to someone posing as a collection agency. Customers affected were notified and received one year of free credit monitoring services.