Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization: all
Date Made Public:
May 12, 2006
Company: Annibell Mortgage Inc.
Location: Sayville, New York
Type of breach:
STAT
Type of organization:
BSF
Records Breached:
300

Four computers with the personal information of clients were stolen during an early April burglary. The information did not include credit files, but did have other forms of private customer data.

Information Source:
Dataloss DB
Date Made Public:
May 11, 2006
Company: Merrill Lynch
Location: New York, New York
Type of breach:
PORT
Type of organization:
BSF
Records Breached:
10,500

An employee's laptop computer was stolen during a burglary.  The computer contained limited personal information of some current and former Merrill Lynch clients and prospects.  The information included names, addresses, account and loan numbers, account and loan balances and the name of clients' financial advisors.

Information Source:
Dataloss DB
Date Made Public:
May 11, 2006
Company: Healthcare Business Resources (HBR)
Location: Durham, North Carolina
Type of breach:
DISC
Type of organization:
MED
Records Breached:
0

Google accessed confidential information on the HBR website and made the information available on the internet. Socail Security numbers, names, phone numbers, dates of birth, addresses and diagnostic information were accessible through Google. Access to the information is now restricted to authorized users with secure identification and passwords. The information was available between August 2005 and January of 2006.

Information Source:
Dataloss DB
Date Made Public:
May 11, 2006
Company: Ohio University Hudson Health Center
Location: Athens, Ohio
Type of breach:
HACK
Type of organization:
MED
Records Breached:
70,000

Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students.

Information Source:
Dataloss DB
Date Made Public:
May 5, 2006
Company: Wells Fargo
Location: San Francisco, California
Type of breach:
STAT
Type of organization:
BSF
Records Breached:
0

A computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another.

Information Source:
Dataloss DB
Date Made Public:
May 5, 2006
Company: New York State Department of Taxation and Finance
Location: Albany, New York
Type of breach:
PORT
Type of organization:
GOV
Records Breached:
38

A sales tax field auditor reported a laptop missing. Contents of the laptop were unknown at the time of the report. The data exposed may have included sales tax audit reports and supporting documentation from closed sales tax audits on 38 businesses. Some of this information would include Social Security number, business and/or home address and bank account information.

Information Source:
Dataloss DB
Date Made Public:
May 4, 2006
Company: Idaho Power Company
Location: Boise, Idaho
Type of breach:
PORT
Type of organization:
BSO
Records Breached:
0

Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO.

Information Source:
Dataloss DB
Date Made Public:
May 2, 2006
Company: Ohio University Innovation Center
Location: Athens, Ohio
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
35

A server containing data including e-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes was compromised.

Information Source:
Dataloss DB
Date Made Public:
May 2, 2006
Company: Georgia State Government
Location: Atlanta, Georgia
Type of breach:
STAT
Type of organization:
GOV
Records Breached:
0

Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens.  The State stopped selling the computers after being notified by a buyer.  Thousands of patient records from a psychiatric hospital in Rome, Georgia were found on one computer's hard drive.

Information Source:
Dataloss DB
Date Made Public:
May 2, 2006
Company: Ohio University
Location: Athens, Ohio
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
30,000

Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum.

UPDATE (8/30/07) : An Ohio judge has granted a motion to dismiss a case against Ohio University (OU) regarding security breaches of the school's computer systems that compromised alumni data. The two alumni who filed the lawsuit wanted OU to pay for credit monitoring services for everyone whose data were compromised. The judge said the pair had not proven that they had suffered damages for which they could be compensated.

Information Source:
Dataloss DB
Date Made Public:
May 2, 2006
Company: Countrywide Home Loans
Location: Plano, Texas
Type of breach:
INSD
Type of organization:
BSF
Records Breached:
90

A former employee is suspected of ordering customer credit reports and providing some of those reports to a third party.

Information Source:
Dataloss DB
Date Made Public:
May 1, 2006
Company: CBCInnovis Bank Inc., Great Florida Bank
Location: Miami, Florida
Type of breach:
UNKN
Type of organization:
BSF
Records Breached:
518

CBCInnovis, Inc. learned that Great Florida Bank had consumer information accessed without proper authorization. The information may have included names, addresses, Social Security numbers, names of creditors, account numbers, payment histories and financial public records.

Information Source:
Dataloss DB
Date Made Public:
April 28, 2006
Company: Ohio Secretary of State
Location: Cleveland, Ohio
Type of breach:
DISC
Type of organization:
GOV
Records Breached:
0

The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained Social Security numbers, which were not supposed to have been included on the CDs.

UPDATE (9/15/06): A news report said that some Social Security numbers still remain on the agency's Web site.

Information Source:
Dataloss DB
Date Made Public:
April 28, 2006
Company: U.S. Department of Defense
Location: Washington, District Of Columbia
Type of breach:
HACK
Type of organization:
GOV
Records Breached:
14,000

A hacker accessed a Tricare Management Activity (TMA) public server containing personal information about military employees. TMA is used to provide health care services to military personnel and their families.

Information Source:
Dataloss DB
Date Made Public:
April 28, 2006
Company: Sears, Roebuck, Company Contractor Compliance
Location: Winter Park, Florida
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
196

A spreadsheet with the business or individual names, identification or Social Security numbers, business addresses and business phone numbers of Sears contractors was accidentally included in an email sent to 373 contractors on April 13. The contractors were instructed to delete the email on April 24 and were also required to send written confirmation that they had done so.

Information Source:
Dataloss DB
Date Made Public:
April 27, 2006
Company: Long Island Railrad via contractor Iron Mountain
Location: Jamaica, New York
Type of breach:
PORT
Type of organization:
GOV
Records Breached:
17,000

Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of virtually everyone who worked for or currently works for the agency were lost.  The lost occurred during delivery by contractor Iron Mountain. Data tapes belonging to the U.S. Department of Veteran's Affairs may also have been affected.

Information Source:
Dataloss DB
Date Made Public:
April 26, 2006
Company: Purdue University
Location: West Lafayette, Indiana
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
1,351

A hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships.  The information compromised goes back three years prior to the incident.  Those who were affected were contacted.

Information Source:
Dataloss DB
Date Made Public:
April 26, 2006
Company: Aetna, Omni Hotels and the Department of Defense NAF
Location: Hartford, Connecticut
Type of breach:
PORT
Type of organization:
MED
Records Breached:
38,253

A laptop containing personal information including names, addresses and Social Security numbers of Department of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car.  Members were notified and Aetna offered to pay for the credit monitoring services of those who were affected.

Information Source:
Dataloss DB
Date Made Public:
April 26, 2006
Company: Pershing LLC
Location: Jersey City, New Jersey
Type of breach:
PORT
Type of organization:
BSF
Records Breached:
92,541

A Pershing employee lost a laptop computer. Personal information of clients may have been stored on the laptop. Names, Social Security numbers, addresses, brokerage account numbers and account holdings may have been exposed.

Information Source:
Dataloss DB
Date Made Public:
April 26, 2006
Company: Amica Mutual Insurance
Location: Lincoln, Rhode Island
Type of breach:
PORT
Type of organization:
BSF
Records Breached:
751

An Amica computer tape with personal information regarding insurance claims was lost in transit. Amica believes the tape was also destroyed or badly damaged in transit.

Information Source:
Dataloss DB
Date Made Public:
April 26, 2006
Company: Sterling Renaissance Festival
Location: Syracuse, New York
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

Someone was able to access online orders of Brandywine Limited multiple times between 4/18/06 and 4/20/06. The online order forms include customer names, addresses, credit card numbers and credit card information. Some customers may have also had their telephone numbers and email addresses exposed.

Information Source:
Dataloss DB
Date Made Public:
April 24, 2006
Company: University of Virginia
Location: Charlottesville, Virginia
Type of breach:
STAT
Type of organization:
EDU
Records Breached:
0

A stolen computer contained the information of students who took engineering classes. The information included names, grades and student identification numbers. Hundreds of students are at risk of identity theft since Social Security numbers were used as student identification numbers.

Information Source:
Dataloss DB
Date Made Public:
April 24, 2006
Company: College of New Paltz
Location: New Paltz, New York
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
0

A hacker accessed the Campus' primary web server and set up a file sharing system. The server involved also contained access databases that had names and Social Security numbers.

Information Source:
Dataloss DB
Date Made Public:
April 23, 2006
Company: University of Texas McCombs School of Business
Location: Austin, Texas
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
197,000

Foreign hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members.

Information Source:
Dataloss DB
Date Made Public:
April 21, 2006
Company: Boeing
Location: Seattle, Washington
Type of breach:
PORT
Type of organization:
BSO
Records Breached:
3,600

A laptop was taken from a Boeing human resources employee at Sea-Tac airport. It contained Social Security numbers and other personal information, including personnel information from the 2000 acquisition of Hughes Space and Communications.

Information Source:
Dataloss DB
Date Made Public:
April 21, 2006
Company: University of Alaska, Fairbanks
Location: Fairbanks, Alaska
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
38,941

A hacker had access to names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff.  The University reported that it would not contact those affected after a first and second notification.  Anyone claiming to be from the University after these notifications should be viewed with suspicion.

Information Source:
Dataloss DB
Date Made Public:
April 21, 2006
Company: Impac Funding Corporation
Location: Newport Beach, California
Type of breach:
PORT
Type of organization:
BSF
Records Breached:
4,600

Several laptops were stolen.  Saved emails with the names and Social Security numbers of customers may have been on one of the stolen laptops.

Information Source:
Dataloss DB
Date Made Public:
April 20, 2006
Company: Bear Stearns & Company Inc.
Location: New York, New York
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
0

Bear Stearn's realized that unauthorized users could access customer accounts. Former customers could still log into on-line accounts if their account numbers had been recycled and given to new users. Such information included account holdings and activities, account statements and IRS Forms 1099-DIV and 1099-INT (which included name, address, account number and Social Security number).

Information Source:
Dataloss DB
Date Made Public:
April 19, 2006
Company: Aflac
Location: Columbus, Georgia
Type of breach:
PORT
Type of organization:
BSF
Records Breached:
0

A laptop used to submit insurance applications was stolen from a field associate's home during a burglary.  It may have contained the names and Social Security numbers of policyholders and certificate holders.

Information Source:
Dataloss DB
Date Made Public:
April 17, 2006
Company: Visiting Nurse Service of New York (VNSNY)
Location: New York, New York
Type of breach:
PORT
Type of organization:
MED
Records Breached:
92

Three separate thefts resulted in the loss of three tablet computers.  The computers were used by therapists who were making therapy treatment visits to patients.  The personal information on the computers included Social Security numbers. VNSNY warned that unauthorized persons might use the stolen tablets to pose as therapists and enter patient homes.

Information Source:
Dataloss DB
Date Made Public:
April 14, 2006
Company: NewTech Imaging
Location: Honolulu, Hawaii
Type of breach:
INSD
Type of organization:
BSO
Records Breached:
40,000

Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaii were illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation.  Those who were on the list and Hawaii Government Employees Association and United Public Workers members who were enrolled in union-sponsored health and group life insurance plans between July and December 1999 were warned.  Investigators were only able to speculate that the theft may have occurred in February of 2005.

Information Source:
Dataloss DB
Date Made Public:
April 14, 2006
Company: University of South Carolina
Location: Columbia, South Carolina
Type of breach:
DISC
Type of organization:
EDU
Records Breached:
1,400

A department chair distributing information about summer courses sent an email containing sensitive information.  A database containing Social Security numbers of students was mistakenly added as an attachment and e-mailed to classmates.

Information Source:
Dataloss DB
Date Made Public:
April 13, 2006
Company: Fifth Third Bank
Location: Evansville, Indiana
Type of breach:
INSD
Type of organization:
BSF
Records Breached:
1,000

An employee was able to gain access to around 1,000 customer accounts.  He used this information to stalk and harass female news celebrities.  He now faces two felony counts of attempting to defraud using personal information and two misdemeanor counts of stalking and repeated harassment.

Information Source:
Dataloss DB
Date Made Public:
April 12, 2006
Company: Ross-Simons
Location: Providence, Rhode Island
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
32,000

A security breach exposed account and personal information of those who applied for Ross-Simons' private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants.

Information Source:
Dataloss DB
Date Made Public:
April 12, 2006
Company: Greenpoint Mortgage Funding Inc., KPMG International
Location: Novato, California
Type of breach:
PORT
Type of organization:
BSF
Records Breached:
0

Laptop computers were stolen from two employees of KPMG who were working with data from Greenpoint. The laptops are believed to have contained customer names, Social Security numbers and FICO scores. At least 32 people from New York alone were affected by the early March theft. Customers were notified during the middle of April.

Information Source:
Dataloss DB
Date Made Public:
April 10, 2006
Company: Broward County Records Division
Location: Fort Lauderdale, Florida
Type of breach:
DISC
Type of organization:
GOV
Records Breached:
0

Broward County public records with Social Security numbers, driver's license information and bank account details were made available online.  The information has been available online for several years.  A new statute that will require county recorders to remove Social Security numbers and financial information from public documents before posting documents online will take effect in 2007.  The sensitive information that has already been posted will eventually be removed. Individuals can speed up the process of having their specific information removed by submitting a written request.

Information Source:
Dataloss DB
Date Made Public:
April 9, 2006
Company: University of Medicine and Dentistry of New Jersey
Location: Newark, New Jersey
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
1,850

Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni.

Information Source:
Dataloss DB
Date Made Public:
April 7, 2006
Company: DiscountDomainRegistry.com
Location: Brooklyn, New York
Type of breach:
DISC
Type of organization:
BSO
Records Breached:
1,000

Domain name registrants' personal information including user names, passwords and credit card numbers was accessible online.  The information may have been exposed online for four months.

Information Source:
Dataloss DB
Date Made Public:
April 6, 2006
Company: Progressive Casualty Insurance
Location: Mayfield Village, Ohio
Type of breach:
INSD
Type of organization:
BSF
Records Breached:
13

A dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure properties she was interested in buying.

Information Source:
Dataloss DB
Date Made Public:
April 1, 2006
Company: Con Edison
Location: New York, New York
Type of breach:
PORT
Type of organization:
BSO
Records Breached:
15,000

Con Edison shipped two cartridge tapes to JPMorgan Chase in upstate Binghamton so it could input data on behalf of the NY Dept. of Taxation and Finance. One tape was apparently lost and contained employees' W-2 data, including names, addresses, Social Security numbers, taxes paid and salaries.

Information Source:
Dataloss DB
CSV