The Social Security numbers of tobacco farmers were accidentally released when the U.S. Department of Agriculture attempted to comply with the Freedom of Information Act. Those who received the information agreed to destroy any copies and return the original discs, which also contained tax identification numbers.
Between 7,000 and 8,000 homeowners had their Social Security numbers accidentally posted online. After realizing the mistake, County officials realized that they could not remove the information. People who pay to access the County's public records online will be able to see the Social Security numbers associated with people and addresses in the system that date back to 2001. The county could not alter public records in any way, but a new program will be implemented to block the Social Security numbers from newly recorded documents.
A laptop containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP employees was stolen from a locked car. While Ernst and Young waited until pressured to inform a majority of those affected about the breach, at least one CEO from the affected companies was contacted immediately.
Debit card accounts and pin numbers from bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo) were exposed. The crooks created counterfeit cards to make fraudulent purchases and withdrawals from card-holder accounts.
UPDATE (3/14/06) New Jersey law enforcement arrested 14 people connected to the crime spree.
A health insurer claims data were erroneously faxed to a company in Canada by doctors and clinics across the U.S.. Data included the patients' Social Security numbers, bank account details and health care information.
Eighty-five hundred W-2 forms including other workers' tax information such as Social Security numbers and salaries were sent out to employees. Fewer than 1,100 employees had their information exposed. The company suspects that their internal processing center may have misaligned the forms and caused them to be cut in the wrong place. Workers were asked not to open their W-2s, but many had already done so before the notification.
The theft of a computer may have exposed patient and physician information. Names, Social Security numbers, addresses, phone numbers and credit card numbers were on the computer. The computer may have been stolen for the purpose of committing identity theft.
Social Security numbers of members were printed on the mailing labels of envelopes with information about a new insurance plan. Those who were affected were contacted immediately.
Names, Social Security numbers, addresses and birth dates of current and former employees were accessed. A computer in the Personnel Department was hacked and infected with a virus. People employed by the University at anytime between the attack and 2004 are at risk. The virus infected other computers at the University and was part of a worldwide attack.
Personal information of current and former employees including Social Security numbers and bank account information was posted on an Internet Web site. It was not known whether this was the result of a malicious insider or an administrative error. Current and former employees whose information was compromised were informed immediately and offered free credit monitoring and identity theft insurance.
Recycled paper used in wrapping newspaper bundles for distribution turned out to contain credit and debit card information along with routing information for personal checks of subscribers.
Hackers obtained credit card information in conjunction with names and addresses. The credit card companies were notified of the breach, but not the customers.
A computer was stolen from a locked office in the College's information Technology Department on or around December 24. The computer had Social Security numbers and names of current and former students. The thief was caught and claims that none of the personal information was used.
Two separate breaches occurred on the campus during November and December. A computer from the School of Urban Affairs and Public policy was hacked and a back-up hard drive was stolen from the Department of Entomology and Wildlife Ecology. The hacking incident occurred between November 22 and 26 and exposed the Social Security numbers of 159 graduate students. The hard drive theft occurred between December 16 and 18 and the personal information of an unknown number of people was exposed.
Backup tapes, laptops and disks containing Social Security numbers, clinical and demographic information were stolen from the car of an employee. In a small number of cases, patient financial data was stolen.
UPDATE (9/26/06) Providence Health System and the Oregon Attorney General have filed a settlement agreement. Providence will provide affected patients with free credit monitoring, offer credit restoration to patients who are victims of identity fraud, and reimburse patients for direct losses that result from the data breach. The company must also enhance its security programs.
UPDATE (7/15/08) Providence Health will pay $100,000 and adhere to a compliance plan under the first ever Resolution Agreement negotiated by CMS (Centers for Medicare and Medicaid Services of the U.S. Dept. of Health and Human Services) under the HIPAA Privacy and Security Standards. The Corrective Action Plan requires Providence to revamp its security policies to include physical protections for portable devices and off-site transport and storage of backup media. Further, it must implement technical safeguards, such as encryption and password protection. And it must conduct random compliance audits and submit compliance reports to HHS for the next three years.
UPDATE (4/16/2012): The Oregon Supreme Court struck down a class-action suit against Providence Health Systems. The Oregon Supreme Court claimed that there was no evidence that any of the 365,000 patients who were affected by the breach suffered any financial loss or other adverse consequences.
Laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data were stolen from a UW office. The information was password protected and the affected patients were notified.
Hackers may have accessed Social Security numbers, credit card information and check images of people who donated to the University between November 22 of 2005 and January 12 of 2006.
A briefcase with personal information of National Guardsmen including a seniority roster, Social Security numbers and dates of birth was stolen from the car of an employee. A memo was sent to National Guard soldiers.
The computer housing the reservations data base was compromised. Data included credit card account numbers and names.
A computer file with sensitive personal information was accessible to the public. Students who applied and paid an application fee online between April 29, 2001 and December 16, 2005 had their names, Social Security numbers, birth dates, addresses, phone numbers and credit card numbers exposed.
A dishonest employee accessed customer account files, including Social Security numbers, and stole the identities of two individuals.
A dishonest employee and two others were arrested for their part in writing and cashing fraudulent checks. Police found fraudulent checks with the names of 19 pension members and beneficiaries in the apartment of the former employee. The employee was originally hired as a temp and had worked for the company for three years. He had access to the information of 5,800 pension members.
Two laptops, six desktops and a digital camera were stolen from the Illinois Education Association office sometime prior to the week of January 3. Some of the computers contained Social Security numbers of members. Many member organizations were affected. Over 2,400 members from the Elgin Area School District were affected.
A computer tape containing names, addresses, Social Security numbers, and checking account numbers was lost while being transported by UPS. The bank alerted the affected customers and provided them with a credit monitoring service for one year.
H&R Block included Social Security numbers in a 40-digit number string on mailing labels. Affected individuals were contacted.
Six computers containing names, Social Security numbers, and birth dates of patients were stolen from doctors' offices. A letter was sent notifying the affected patients.
It is unclear whether backup computer tapes with credit card account information and Social Security numbers were lost or stolen from headquarters during November. Employees and time-share owners and customers were affected.
A laptop was stolen from an employee's car on Christmas eve. It contained customers' names and Social Security numbers and in some cases, Ameriprise account information. Around 68,000 customers had their names and Social Security numbers exposed. Around 158,000 customers had their names and internal account numbers exposed.
UPDATE (08/01/06): The laptop was recovered by local law enforcement in the community where it was stolen.
UPDATE (12/11/06): The company settled with the Massachusetts securities regulator in the office of the Secretary of State. Ameriprise agreed to hire an independent consultant to review its policies and procedures for employees' and contractors' use of laptops containing personal information. Ameriprise will pay the state regulator $25,000 for the cost of the investigation.
A computer containing names and Social Security numbers of current and former employees was stolen. Ford alerted those who were affected and offered to pay for their credit monitoring services.
Many past and present customers received unsolicited copies of the program TaxCut that displayed their Social Security numbers on the outside, embedded in a lengthy string of code.
Bank credit applications with names, Social Security numbers, addresses, telephone numbers, employment information and signatures were obtained by unauthorized access between December 15 and 16.
A hacked database exposed credit card numbers of law enforcement officials and network security professionals. The company is a leading provider of software used to diagnose hacked attacks.
UPDATE (4/3/07): The FTC came to a settlement agreement and final consent order against Guidance Software.
An email was erroneously sent which contained names, phone numbers, email addresses, Social Security numbers and class schedules.
A backup tape with residential mortgage customers' information was lost in shipment by DHL. It contained Social Security numbers and account information.
UPDATE (12/20/05): DHL found the lost tape.
Customers who used credit cards at the wholesaler's gas stations discovered fraudulent activity on their credit accounts. Sam's Club is unaware of how the information was stolen. Visa alerted the affected financial institutions and asked them to provide fraud monitoring services for the affected customers.
At least one ISU computer was hacked. Social Security numbers and encrypted credit card numbers may have been obtained. Between 2,000 and 2,500 Social Security numbers are at risk and between 2,300 and 3,000 credit card numbers are at risk. Student, alumni, employee and volunteer information was put at risk.
A packet of insurance forms with names, Social Security numbers and addresses of around 200 Oregon Community Credit Union employees was inside of a stolen car. Someone tried to use the identity of an employee after the theft. The company is on alert and purchased extended identity theft insurance for those who were affected by the theft.
A laptop with personal information of more than a thousand teachers was stolen from an employee's unlocked car. The information included names, Social Security numbers and dates of birth.
The names, Social Security numbers and addresses of students taking non-credit classes from 2000 to 2003 were posted online for months. The information was compiled for a mailing list, but an employee posted it on the College's server. A student informed officials of the mistake after accessing the information online. The College began the process of removing the information from the web.
A courier truck dropped canceled personal and business checks on northbound Central Expressway near Woodall Rodgers Freeway around 4 a.m. The incident closed the freeway exit until 7 a.m. Employees from the Federal Reserve, the courier company and the Texas Department of Transportation removed many checks, though some disappeared. Some unaffiliated people also returned checks to the authorities. A very similar incident happened in August of 2005.