Listagem das falhas colhidas nos EUA

DATE MADE PUB­LIC

NAME (Loca­tion)

TYPE OF BREACH

NUM­BER

Feb. 15, 2005

Choi­ce­Point
(Alpharetta, GA)

Bogus accounts established by ID thieves

145,000

Feb. 25 , 2005

Bank of Amer­ica
(Char­lotte, NC)

Lost backup tape

1,200,000

Feb. 25, 2005

Pay­Maxx
(Mira­mar, FL)

Exposed online

25,000

March 8, 2005

DSW/​Retail Ven­tures
(Colum­bus, OH)

Hack­ing

100,000

March 10, 2005

Lex­is­Nexis
(Day­ton, OH)

Pass­words com­pro­mised UPDATE (06.30.06): Last week, five men were arrested in con­nec­tion with this breach.

32,000

March 11, 2005

Univ. of CA, Berke­ley
(Berke­ley, CA)

Stolen lap­top

98,400

March 11, 2005

Boston Col­lege
(Boston, MA)

Hack­ing

120,000

March 12, 2005

NV Dept. of Motor Vehi­cle

Stolen com­puter, later recov­ered.

[8,900]
Not included
in total below

March 20, 2005

North­west­ern Univ.
(Evanston, IL)

Hack­ing

21,000

March 20, 2005

Univ. of NV., Las Vegas
(Las Vegas, NV)

Hack­ing

5,000

March 22, 2005

Calif. State Univ.
(Chico, CA)

Hack­ing

59,000

March 23, 2005

Univ. of CA.
(San Fran­cisco, CA)

Hack­ing

7,000

March 28, 2005

Univ. of Chicago Hos­pi­tal
(Chicago, IL)

Dis­hon­est insider

Unknown

April ?, 2005

Geor­gia DMV

Dis­hon­est insider

465,000

April 5, 2005

MCI
(Ash­burn, VA)

Stolen lap­top

16,500

April 8, 2005

East­ern National

Hacker

15,000

April 8, 2005

San Jose Med. Group
(San Jose, CA)

Stolen com­puter

185,000

April 11, 2005

Tufts Uni­ver­sity
(Boston, MA)

Hack­ing

106,000

April 12, 2005

Lex­is­Nexis
(Day­ton, OH)

Pass­words com­pro­mised
UPDATE (06.30.06): Last week, five men were arrested in con­nec­tion with this breach.

Addi­tional
280,000

April 14, 2005

Polo Ralph Lauren/​HSBC
(New York, NY)

Hack­ing

180,000

April 14, 2005

Calif. Fas­track

Dis­hon­est Insider

4,500

April 15, 2005

CA Dept. of Health Ser­vices

Stolen lap­top

21,600

April 18, 2005

DSW/​Retail Ven­tures
(Colum­bus, OH)

Hack­ing

Addi­tional
1,300,000

April 20, 2005

Amer­i­trade
(Belle­vue, NE)

Lost backup tape

200,000

April 21, 2005

Carnegie Mel­lon Univ.
(Pitts­burg, PA)

Hack­ing

19,000

April 26, 2005

Mich. State Univ’s Whar­ton Cen­ter

Hack­ing

40,000

April 26, 2005

Chris­tus St. Joseph’s Hos­pi­tal
(Hous­ton, TX)

Stolen com­puter

19,000

April 28, 2005

Geor­gia South­ern Univ.

Hack­ing

“tens of
thou­sands”

April 28, 2005

Wachovia,
Bank of Amer­ica,
PNC Finan­cial Ser­vices Group and
Com­merce Ban­corp

Dis­hon­est insid­ers

676,000

April 29, 2005

Okla­homa State Univ.

Miss­ing lap­top

37,000

May 2, 2005

Time Warner
(New York, NY)

Lost backup tapes

600,000

May 4, 2005

CO. Health Dept.

Stolen lap­top

1,600
(fam­i­lies)

May 5, 2005

Pur­due Univ.
(West Lafayette, IN)

Hack­ing

11,360

May 7, 2005

Dept. of Jus­tice
(Wash­ing­ton, D.C.)

Stolen lap­top

80,000

May 11, 2005

Stan­ford Univ.
(Stan­ford, CA)

Hack­ing

9,900

May 12, 2005

Hins­dale Cen­tral High School
(Hins­dale, IL)

Hack­ing

2,400

May 16, 2005

West­bor­ough Bank
(West­bor­ough, MA)

Dis­hon­est insider

750

May 18, 2005

Jack­son Comm. Col­lege
(MI)

Hack­ing

8,000

May 18, 2005

Univ. of Iowa

Hack­ing

30,000

May 19, 2005

Val­dosta State Univ.
(GA)

Hack­ing

40,000

May 26, 2005

Duke Univ.
(Durham, NC)

Hack­ing

5,500

May 27, 2005

Cleve­land State Univ.
(Cleve­land, OH).

Stolen lap­top
Update ¹²⁄₂₄: CSU found the stolen lap­top

[44,420]
Not included
in total below

May 28, 2005

Mer­lin Data Ser­vices
(Kalispell, MT)

Bogus acct. set up

9,000

May 30, 2005

Motorola

Com­put­ers stolen

Unknown

June 6, 2005

Citi­Fi­nan­cial

Lost backup tapes

3,900,000

June 10, 2005

Fed. Deposit Insur­ance Corp. (FDIC)

Not dis­closed

6,000

June 16, 2005

CardSys­tems

Hack­ing

40,000,000

June 17, 2005

Kent State Univ.

Stolen lap­top

1,400

June 18, 2005

Univ. of Hawaii

Dis­hon­est Insider

150,000

June 22, 2005

East­man Kodak

Stolen lap­top

5,800

June 22, 2005

East Car­olina Univ.

Hack­ing

250

June 25, 2005

Univ. of CT (UCONN)

Hack­ing

72,000

June 28, 2005

Lucas Cty. Chil­dren Ser­vices (OH)

Exposed by email

900

June 29, 2005

Bank of Amer­ica

Stolen lap­top

18,000

June 30, 2005

Ohio State Univ. Med. Ctr.

Stolen lap­top

15,000

July 1, 2005

Univ. of CA, San Diego

Hack­ing

3,300

July 6, 2005

City National Bank

Lost backup tapes

Unknown

July 7, 2005

Mich. State Univ.

Hack­ing

27,000

July 19, 2005

Univ. of South­ern Calif. (USC)

Hack­ing

270,000
pos­si­bly accessed; “dozens“exposed

July 21, 2005

Univ. of Colorado-​Boulder

Hack­ing

42,000

July 30, 2005

San Diego Co. Employ­ees Retire­ment Assoc.

Hack­ing

33,000

July 30, 2005

Calif. State Univ., Dominguez Hills

Hack­ing

9,613

July 31, 2005

Cal Poly-​Pomona

Hack­ing

31,077

Aug. 2, 2005

Univ. of Col­orado

Hack­ing

36,000

Aug. 9, 2005

Sonoma State Univ.

Hack­ing

61,709

Aug. 9, 2005

Univ. of Utah

Hack­ing

100,000

Aug. 10, 2005

Univ. of North Texas

Hack­ing

39,000

Aug. 17, 2005

Calif. State Uni­ver­sity, Stanis­laus

Hack­ing

900

Aug. 19, 2005

Univ. of Col­orado

Hack­ing

49,000

Aug. 22, 2005

Air Force

Hack­ing

33,300

Aug. 27, 2005

Univ. of Florida, Health Sci­ences Center/​ChartOne

Stolen Lap­top

3,851

Aug. 30, 2005

J.P. Mor­gan, Dal­las

Stolen Lap­top

Unknown

Aug. 30, 2005

Calif. State Uni­ver­sity, Chancellor’s Office

Hack­ing

154

Sept. 10, 2005

Kent State Univ.

Stolen com­put­ers

100,000

Sept. 15, 2005

Miami Univ.

Exposed online

21,762

Sept. 16, 2005

Choi­ce­Point 
(2^nd notice, see 2/​15/​05 for 145,000)
(Alpharetta, GA)

ID thieves accessed; also mis­use of IDs & pass­words.

9,903

Sept. 17, 2005

North Fork Bank, NY

Stolen lap­top (7/​24/​05) with mort­gage data

9,000

Sept. 19, 2005

Children’s Health Coun­cil, San Jose CA

Stolen backup tape

5,000 — 6,000

Sept. 22, 2005

City Uni­ver­sity of New York

Exposed online

350

Sept. 23,
2005

Bank of Amer­ica

Stolen lap­top with info of Visa Buxx users (debit cards)

Not dis­closed

Sept. 28, 2005

RBC Dain Rauscher

Ille­git­i­mate access to cus­tomer data by for­mer employee

100+ cus­tomers’ records com­pro­mised out of 300,000

Sept. 29, 2005

Univ. of Geor­gia

Hack­ing

At least 1,600

Oct. 12, 2005

Ohio State Univ. Med­ical Cen­ter

Exposed online. Appoint­ment infor­ma­tion includ­ing SSN, DOB, address, phone no., med­ical no., appoint­ment rea­son, physi­cian.

2,800 

Oct. 15, 2005

Mont­clair State Univ.

Exposed online

9,100

Oct. 21, 2005

Wilcox Memo­r­ial Hos­pi­tal, Hawaii

Lost backup tape

130,000

Nov. 1, 2005

Univ. of Tenn. Med­ical Cen­ter

Stolen lap­top

3,800

Nov. 4, 2005

Keck School of Med­i­cine, USC

Stolen com­puter

50,000

Nov. 5, 2005

Safe­way, Hawaii

Stolen lap­top

1,400 in Hawaii, per­haps more else­where

Nov. 8, 2005

Choi­ce­Point
(Alpharetta, GA)

Bogus accounts estab­lished by ID thieves. Total affected now reaches 162,000
(See Feb. 15 & Sept. 16)

17,000 more

Nov. 9, 2005

Tran­sUnion

Stolen com­puter

3,623

Nov. 11, 2005

Geor­gia Tech
Ofc. of Enroll­ment Ser­vices

Stolen com­puter,
Theft 10/​16/​05

13,000

Nov. 11, 2005

Scot­trade Troy Group

Hack­ing

Unknown

Nov. 19, 2005

Boe­ing

Stolen lap­top with HR data incl. SSNs and bank account info.

161,000

Dec. 1, 2005

Firstrust Bank

Stolen lap­top

100,000

Dec. 1, 2005

Univ. of San Diego
(San Diego, CA)

Hack­ing. Fac­ulty, stu­dents and employee tax forms con­tain­ing SSNs

7,800

Dec. 2, 2005

Cor­nell Univ.

Hack­ing. Names, addresses, SSNs, bank names and acct. num­bers.

900

Dec. 6, 2005

WA Employ­ment Secu­rity Dept.

Stolen lap­top. Names, SSNs and earn­ings of for­mer employ­ees.

530

Dec. 12, 2005

Sam’s Club/​Wal-​Mart

Exposed credit card data at gas sta­tions.

Unknown

Dec. 16, 2005

La Salle Bank, ABN AMRO Mort­gage Group

Backup tape with res­i­den­tial mort­gage cus­tomers lost in ship­ment by DHL, con­tain­ing SSNs and account infor­ma­tion.
Update ¹²⁄₂₀: DHL found the lost tape

[2,000,000]
Not included in total below.

Dec. 16, 2005

Col­orado Tech. Univ.

Email erro­neously sent con­tain­ing names, phone num­bers, email addresses, Social Secu­rity num­bers and
class sched­ules.

1,200

Dec. 20, 2005

Guid­ance Soft­ware, Inc.

Hack­ing. Cus­tomer credit card num­bers

3,800

Dec. 22, 2005

Ford Motor Co.

Stolen com­puter. Names and SSNs of cur­rent and for­mer employ­ees.

70,000

Dec. 25, 2005

Iowa State Univ.

Hack­ing. Credit card infor­ma­tion and Social Secu­rity num­bers.

5,500

Dec. 28, 2005

Mar­riot Inter­na­tional

Lost backup tape. SSNs, credit card data of time-​share own­ers

206,000

Late Dec.

Ameriprise

Stolen lap­top con­tain­ing names and Social Secu­rity num­bers and in some cases, Ameriprise account infor­ma­tion.

Unknown

2005
[Exact Date Unknown]

Dept. of Vet­er­ans Affairs
(Wash­ing­ton, D.C.)

A lap­top being stored in the trunk of a car was stolen in Min­neapo­lis, Min­nesota. 2 peo­ple later reported iden­tity fraud prob­lems.

66

Jan. 1, 2006

Uni­ver­sity of Pitts­burgh Med­ical Cen­ter, Squir­rel Hill Fam­ily Med­i­cine

6 Stolen com­put­ers. Names, Social Secu­rity num­bers, birth­dates

700

Jan. 2, 2006

H&R Block

SSNs exposed in 40-​digit num­ber string on mail­ing label

Unknown

Jan. 9, 2006

Atlantis Hotel – Kerzner Int’l

Dis­hon­est insider or hack­ing. Names, addresses, credit card details, Social Secu­rity num­bers, driver’s licence num­bers and/​or bank account data.

55,000

Jan. 12, 2006

People’s Bank

Lost com­puter tape con­tain­ing names, addresses, Social Secu­rity num­bers, and check­ing account num­bers.

90,000

Jan. 17, 2006

City of San Diego, Water & Sewer Dept.
(San Diego, CA)

Dis­hon­est employee accessed cus­tomer account files, includ­ing SSNs, and com­mit­ted iden­tity theft on some indi­vid­u­als.

Unknown

Jan. 20, 2006

Univ. Place Con­fer­ence Cen­ter & Hotel, Indi­ana Univ.

Hack­ing. Reser­va­tion infor­ma­tion includ­ing credit card account num­ber com­pro­mised.

Unknown

Jan. 21, 2006

Cal­i­for­nia Army National Guard

Stolen brief­case with per­sonal infor­ma­tion of National Guards­men includ­ing a “senior­ity ros­ter,” Social Secu­rity num­bers and dates of birth.

“hun­dreds of offi­cers”

Jan. 23, 2006

Univ. of Notre Dame

Hack­ers accessed Social Secu­rity num­bers, credit card infor­ma­tion and check images of school donors.

Unknown

Jan. 24, 2006

Univ. of WA Med­ical Cen­ter

Stolen lap­tops con­tain­ing names, Social Secu­rity num­bers, maiden names, birth dates, diag­noses and other per­sonal data.

1,600

Jan. 25, 2006

Prov­i­dence Home Ser­vices (OR)

Stolen backup tapes and disks con­tain­ing Social Secu­rity num­bers, clin­i­cal and demo­graphic infor­ma­tion. In a small num­ber of cases, patient finan­cial data was stolen.

365,000

Jan. 27, 2006

State of RI web site (www​.RI​.gov)

Hack­ers obtained credit card infor­ma­tion in con­junc­tion with names and addresses.

4,117

Jan. 31, 2006

Boston Globe and The Worces­ter Telegram & Gazette

Inad­ver­tently exposed. Credit and debit card infor­ma­tion along with rout­ing infor­ma­tion for per­sonal checks printed on recy­cled paper used in wrap­ping news­pa­per bun­dles for dis­tri­b­u­tion.

240,000 poten­tially exposed

Feb. 1, 2006

Blue Cross and Blue Shield of North Car­olina

Inad­ver­tently exposed. SSNs of mem­bers printed on the mail­ing labels of envelopes with infor­ma­tion about a new insur­ance plan.

600

Feb. 4, 2006

FedEx

Inad­ver­tently exposed. W-​2 forms included other work­ers’ tax infor­ma­tion such as SSNs and salaries.

8,500

Feb. 9, 2006

Unknown retail mer­chants, appar­ently Office­Max and per­haps oth­ers.

Hack­ing. Debit card accounts exposed involv­ing bank and credit union accounts nation­wide (includ­ing CitiBank, BofA, WaMu, Wells Fargo).
[3/​13/​06 Crime ring arrested.]

200,000, although total num­ber is unknown.

Feb. 9, 2006

Hon­ey­well Inter­na­tional

Exposed online. Per­sonal infor­ma­tion of cur­rent and for­mer employ­ees includ­ing Social Secu­rity num­bers and bank account infor­ma­tion posted on an Inter­net Web site.

19,000

Feb. 13, 2006

Ernst & Young
(UK)

Lap­top stolen from employee’s car with cus­tomers’ per­sonal infor­ma­tion includ­ing Social Secu­rity num­bers.

38,000 BP employ­ees in addi­tion to Sun, Cisco and IBM employ­ees.

Feb. 15, 2006

Dept. of Agri­cul­ture

Inad­ver­tently exposed Social Secu­rity and tax iden­ti­fi­ca­tion num­bers in FOIA request.

350,000

Feb. 15, 2006

Old Domin­ion Univ.

Exposed online. Instruc­tor posted a class ros­ter con­tain­ing names and Social Secu­rity num­bers to a web site.

601

Feb. 16, 2006

Blue Cross and Blue Shield of Florida

Con­trac­tor sent names and Social Secu­rity num­bers of cur­rent and for­mer employ­ees, ven­dors and con­trac­tors to his home com­puter in vio­la­tion of com­pany poli­cies.

27,000

Feb. 17, 2006

Calif. Dept. of Cor­rec­tions, Pel­i­can Bay
(Sacra­mento, CA)

Inmates gained access to files con­tain­ing employ­ees’ Social Secu­rity num­bers, birth dates and pen­sion account infor­ma­tion stored in ware­house.

Unknown

Feb. 17, 2006

Mount St. Mary’s Hos­pi­tal (1 of 10 hos­pi­tals with patient info. stolen)
(Lewis­ton, NY)

Two lap­tops con­tain­ing date of birth, address and Social Secu­rity num­bers of patients was stolen in an armed rob­bery in the New Jer­sey.

17,000

Feb. 18, 2006

Univ. of North­ern Iowa

Hack­ing. Lap­top com­puter hold­ing W-​2 forms of stu­dent employ­ees and fac­ulty was ille­gally accessed.

6,000

Feb. 23, 2006

Deloitte & Touché (McAfee employee infor­ma­tion)

Exter­nal audi­tor lost a CD with names, Social Secu­rity num­bers and stock hold­ings in McAfee of cur­rent and for­mer McAfee employ­ees.

9,290

Mar. 1, 2006

Medco Health Solu­tions
(Colum­bus, OH)

Stolen lap­top con­tain­ing Social Secu­rity num­bers for State of Ohio employ­ees and their depen­dents, as well as their birth dates and, in some cases, pre­scrip­tion drug his­to­ries.

4,600

Mar. 1, 2006

OH Sec­re­tary of State’s Office

SSNs, dates of birth, and other per­sonal data of cit­i­zens rou­tinely posted on a State web site as part of stan­dard busi­ness prac­tice.

Unknown

Mar. 2, 2006

Olympic Fund­ing
(Chicago, IL)

3 hard dri­ves con­tain­ing clients names, Social Secu­rity num­bers, addresses and phone num­bers stolen dur­ing break in.

Unknown

Mar. 2, 2006

Los Ange­les Cty. Dept. of Social Ser­vices
(Los Ange­les, CA)

File boxes con­tain­ing names, depen­dents, Social Secu­rity num­bers, tele­phone num­bers, med­ical infor­ma­tion, employer, W-​2, and date of birth were left unat­tended and unshred­ded.

[Poten­tially 2,000,000, but num­ber unknown]
Not included in num­ber below.

Mar. 2, 2006

Hamil­ton County Clerk of Courts
(OH)

SSNs, other per­sonal data of res­i­dents posted on county web site, were stolen and used to com­mit iden­tity theft.

[1,300,000]
Not included in num­ber below.

Mar. 3, 2006

Met­ro­pol­i­tan State Col­lege
(Den­ver, CO)

Stolen lap­top con­tain­ing names and Social Secu­rity num­bers of stu­dents who reg­is­tered for Met­ro­pol­i­tan State courses between the 1996 fall semes­ter and the 2005 sum­mer semes­ter.

93,000

Mar. 5, 2006

George­town Univ.
(Wash­ing­ton, D.C.)

Hack­ing. Per­sonal infor­ma­tion includ­ing names, birth­dates and Social Secu­rity num­bers of Dis­trict seniors served by the Office on Aging.

41,000

Mar. 8, 2006

Ver­i­zon Com­mu­ni­ca­tions
(New York, NY)

2 stolen lap­tops con­tain­ing employ­ees’ per­sonal infor­ma­tion includ­ing Social Secu­rity num­bers.

“Sig­nif­i­cant num­ber”

Mar. 8, 2006

iBill
(Deer­field Beach, FL)

Dis­hon­est insider or pos­si­bly mali­cious soft­ware linked to iBill used to post names, phone num­bers, addresses, e-​mail addresses, Inter­net IP addresses, logins and pass­words, credit card types and pur­chase amount online. Credit card account num­bers, expi­ra­tion dates, secu­rity codes, and SSNs were NOT included, but in our opin­ion the affected indi­vid­u­als could be vul­ner­a­ble to social engi­neer­ing to obtain such infor­ma­tion.

[17,781,462]
Not included in total below.

Mar. 11, 2006

CA Dept. of Con­sumer Affairs (DCA)
(Sacra­mento, CA)

Mail theft. Appli­ca­tions of DCA licensees or prospec­tive licensees for CA state boards and com­mis­sions were stolen. The forms include full or par­tial Social Secu­rity num­bers, driver’s license num­bers, and poten­tially pay­ment checks.

“A small num­ber”

Mar. 14, 2006

Gen­eral Motors
(Detroit, MI)

Dis­hon­est insider keep Social Secu­rity num­bers of co-​workers to per­pe­trate iden­tity theft.

100

Mar. 14
2006

Buf­falo Bisons and Choice One Online
(Buf­falo, NY)

Hacker accessed sen­si­tive finan­cial infor­ma­tion includ­ing credit card num­bers names, pass­words of cus­tomers who ordered items online.

Unknown

Mar. 15,
2006

Ernst & Young
(UK)

Lap­top lost con­tain­ing the names, dates of birth, gen­ders, fam­ily sizes, Social Secu­rity num­bers and tax iden­ti­fiers for cur­rent and pre­vi­ous IBM, Sun Microsys­tems, Cisco, Nokia and BP employ­ees exposed.

Unknown

Mar. 16,
2006

Bananas​.com
(San Rafael, CA)

Hacker accessed names, addresses, phone num­bers and credit card num­bers of cus­tomers.

274

Mar. 23,
2006

Fidelity Invest­ments
(Boston, MA)

Stolen lap­top con­tain­ing names, addresses, birth dates, Social Secu­rity num­bers and other infor­ma­tion of 196,000 Hewlett Packard, Com­paq and DEC retire­ment account cus­tomers was stolen.

196,000

Mar. 24,
2006

CA State Employ­ment Devel­op­ment Divi­sion
(Sacra­mento, CA)

Com­puter glitch sends state Employ­ment Devel­op­ment Divi­sion 1099 tax forms con­tain­ing Social Secu­rity num­bers and income infor­ma­tion to the wrong addresses, poten­tially expos­ing those tax­pay­ers to iden­tity theft.

64,000

Mar. 24,
2006

Ver­mont State Col­leges (VT)

Lap­top stolen con­tain­ing Social Secu­rity num­bers and pay­roll data of stu­dents, fac­ulty and staff asso­ci­ated with the five-​college sys­tem from as long ago as 2000.

14,000

Mar. 30,
2006

Marines
(Mon­terey, CA)

Portable drive lost that con­tains per­sonal infor­ma­tion used for research on re-​enlistment bonuses.

207,750

Mar. 30,
2006

Geor­gia Tech­nol­ogy Author­ity
(Atlanta, GA)

Hacker exploited secu­rity flaw to gain access to con­fi­den­tial infor­ma­tion includ­ing Social Secu­rity num­bers and bank-​account details of state pen­sion­ers.

573,000

Mar. 30,
2006

Conn. Tech­ni­cal High School Sys­tem
(Mid­dle­town, CT)

Social Secu­rity num­bers of stu­dents and fac­ulty mis­tak­enly dis­trib­uted via email.

1,250

April 6,
2006

Pro­gres­sive Casu­alty Insur­ance
(May­field Vil­lage, OH)

Dis­hon­est insider accessed con­fi­den­tial infor­ma­tion, includ­ing names, Social Secu­rity num­bers, birth dates and prop­erty addresses on fore­clo­sure prop­er­ties she was inter­ested in buy­ing.

13

April 7,
2006

Dis­count­Do­main
Reg​istry​.com
(Brook­lyn, NY)

Exposed online. Domain reg­is­trants’ per­sonal infor­ma­tion includ­ing user­names, pass­words and credit card num­bers were acces­si­ble online.

“thou­sands of domain name reg­is­tra­tions”

April 9,
2006

Uni­ver­sity of Med­i­cine and Den­tistry of New Jer­sey
(Newark, NJ)

Hack­ers accessed Social Secu­rity num­bers, loan infor­ma­tion, and other con­fi­den­tial finan­cial infor­ma­tion of stu­dents and alumni.

1,850

April 12,
2006

Ross-​Simons
(Prov­i­dence, RI)

Secu­rity breach exposed account and per­sonal infor­ma­tion of those who applied for its pri­vate label credit card. Infor­ma­tion exposed includes pri­vate label credit card num­bers and other per­sonal infor­ma­tion of appli­cants.

Unknown

April 14,
2006

Univ. of South Car­olina
(Colum­bia, SC)

Social Secu­rity num­bers of stu­dents were mis­tak­enly e-​mailed to class­mates.

1,400

April 21,
2006

Uni­ver­sity of Alaska, Fair­banks
(Fair­banks, AK)

Hacker accessed names, Social Secu­rity num­bers and par­tial e-​mail addresses of cur­rent and for­mer stu­dents, fac­ulty and staff.

38,941

April 21,
2006

Ohio Uni­ver­sity
Inno­va­tion Cen­ter
(Athens, OH)

a server con­tain­ing data includ­ing e-​mails, patent and intel­lec­tual prop­erty files, and 35 Social Secu­rity num­bers asso­ci­ated with park­ing passes was com­pro­mised.

Unknown

April 24,
2006

Uni­ver­sity of Texas’ McCombs School of Busi­ness
(Austin, TX)

Hack­ers accessed records con­tain­ing names, bio­graph­i­cal infor­ma­tion and, in some cases, Social Secu­rity num­bers and dates of birth of cur­rent and prospec­tive stu­dents, alumni, fac­ulty mem­bers, cor­po­rate recruiters and staff mem­bers.

197,000

April 24,
2006

Ohio Uni­ver­sity
(Athens, OH)

Hack­ers accessed a com­puter sys­tem of the school’s alumni rela­tions depart­ment that included bio­graph­i­cal infor­ma­tion and 137,000 Social Secu­rity num­bers of alum.

300,000

April 26,
2006

Pur­due Uni­ver­sity
(West Lafayette, IN)

Hacker accessed per­sonal infor­ma­tion includ­ing Social Secu­rity num­bers of cur­rent and for­mer grad­u­ate stu­dents, appli­cants to grad­u­ate school, and a small num­ber of appli­cants for under­grad­u­ate schol­ar­ships.

1,351

April 26,
2006

Aetna — health insur­ance records for employ­ees of 2 mem­bers, includ­ing Omni Hotels and the Dept. of Defense NAF
(Hart­ford, CT)

Lap­top con­tain­ing per­sonal infor­ma­tion includ­ing names, addresses and Social Secu­rity num­bers of Dept. of Defense (35,253) and Omni Hotel employ­ees (3,000) was stolen from an Aetna employee’s car.

38,000

April 27,
2006

Mas­ter­Card
(Poten­tially UK only)

Though Mas­ter­Card refused to say how the breach occurred, fraud­sters stole the credit card details of hold­ers in a major secu­rity breach.

[2,000]
Not included in total below.

April 27,
2006

Long Island Rail
Road
(Jamaica, NY)

Data tapes con­tain­ing per­sonal infor­ma­tion includ­ing names, addresses, Social Secu­rity num­bers and salary fig­ures of “vir­tu­ally every­one” who worked for the agency was lost by deliv­ery con­trac­tor Iron Moun­tain while enroute. Data tapes belong­ing to the U.S. Depart­ment of Vet­er­ans Affairs may also have been affected.

17,000

April 28,
2006

Ohio’s Sec­re­tary of State
(Cleve­land, OH)

The names, addresses, and Social Secu­rity num­bers of poten­tially mil­lions of reg­is­tered vot­ers in Ohio were included on CD-​ROMs dis­trib­uted to 20 polit­i­cal cam­paign oper­a­tions for spring pri­mary elec­tion races. The records of about 7.7 mil­lion reg­is­tered vot­ers are listed on the CDs, but it’s unknown how many records con­tained SSNs, which were not sup­posed to have been included on the CDs.

“Poten­tially mil­lions of reg­is­tered vot­ers”

April 28,
2006

Dept. of Defense
(Wash­ing­ton, DC)

Hacker accessed a Tri­care
Man­age­ment Activ­ity (TMA) pub­lic server con­tain­ing per­sonal infor­ma­tion about mil­i­tary employ­ees.

Unknown

May 2,
2006

Geor­gia State Gov­ern­ment
(Atlanta, GA)

Gov­ern­ment sur­plus com­put­ers that sold before their hard dri­ves were erased con­tained credit card num­bers, birth dates, and Social Secu­rity num­bers of Geor­gia cit­i­zens.

Unknown

May 4,
2006

Idaho Power Co.
(Boise, ID)

Four com­pany hard dri­ves were sold on eBay con­tain­ing hun­dreds of thou­sands of con­fi­den­tial com­pany doc­u­ments, employee names and Social Secu­rity num­bers, and con­fi­den­tial memos to the company’s CEO.

Unknown

May 4,
2006

Ohio Uni­ver­sity
Hud­son Health Cen­ter
(Athens, OH)

Names, birth dates, Social Secu­rity num­bers and med­ical infor­ma­tion were accessed in records of stu­dents dat­ing back to 2001, plus fac­ulty, work­ers and regional cam­pus stu­dents.

60,000

May 2006

Ohio Uni­ver­sity
(Athens, OH)

A breach was dis­cov­ered on a com­puter that housed IRS 1099 forms for ven­dors and inde­pen­dent con­trac­tors for cal­en­dar years 2004 and 2005.

2,480

May 2006

Ohio Uni­ver­sity
(Athens, OH)

A breach of a com­puter that hosted a vari­ety of Web-​based forms, includ­ing some that processed on-​line busi­ness trans­ac­tions. Although this com­puter was not set up to store per­sonal infor­ma­tion, inves­ti­ga­tors did dis­cover files that con­tained frag­ments of per­sonal infor­ma­tion, includ­ing Social Secu­rity num­bers. The data is frag­men­tary and it is not cer­tain if the com­pro­mised infor­ma­tion can be traced to indi­vid­u­als. Also found on the com­puter were 12 credit card num­bers that were used for event reg­is­tra­tion.

Unknown

May 5,
2006

Dept. of Vet­eran Affairs
(Wash­ing­ton, D.C.)

A data tape dis­ap­peared from a VA facil­ity in Indi­anapo­lis, IN that con­tained infor­ma­tion on legal cases involv­ing U.S. vet­er­ans and included vet­er­ans’ Social Secu­rity num­bers, dates of birth and legal doc­u­ments.

16,500

May 5,
2006

Wells Fargo
(San Fran­cisco, CA)

Com­puter con­tain­ing names, addresses, Social Secu­rity num­bers and mort­gage loan deposit num­bers of exist­ing and prospec­tive cus­tomers may have been stolen while being deliv­ered from one bank facil­ity to another.

Unknown

May 12,
2006

Mer­can­tile Potomac Bank
(Gaithers­burg, MD)

Lap­top con­tain­ing con­fi­den­tial infor­ma­tion about cus­tomers, includ­ing Social Secu­rity num­bers and account num­bers was stolen when a bank employee removed it from the premises, in vio­la­tion of the bank’s poli­cies. The com­puter did not con­tain cus­tomer pass­words, per­sonal iden­ti­fi­ca­tion num­bers (PIN num­bers) or account expi­ra­tion dates.

48,000

May 19,
2006

Amer­i­can Insti­tute of Cer­ti­fied Pub­lic Accoun­tants (AICPA)
(New York, NY)

An unen­crypted hard drive con­tain­ing names, addresses and Social Secu­rity num­bers of AICPA mem­bers was lost when it was shipped back to the orga­ni­za­tion by a com­puter repair com­pany.

330,000
[Updated 6/​16/​06]

May 19,
2006

Unknown retail mer­chant

Visa, Mas­ter­Card, and other debit and credit card num­bers from banks across the coun­try were stolen when a national retailer’s data­base was breached. No names, Social Secu­rity num­bers or other per­sonal iden­ti­fi­ca­tion were taken.

Unknown

May 22,
2006

Dept. of Vet­er­ans Affairs
(Wash­ing­ton, DC)

On May 3, data of all Amer­i­can vet­er­ans who were dis­charged since 1975 includ­ing names, Social Secu­rity num­bers, dates of birth and in many cases phone num­bers and addresses, were stolen from a VA employee’s home. Theft of the lap­top and com­puter stor­age device included data of 26.5 mil­li­ion vet­er­ans. The employee was not autho­rized to take the files home to work on a data col­la­tion project. The data did not con­tain med­ical or finan­cial infor­ma­tion, but may have dis­abil­ity numer­i­cal rank­ings.
UPDATE: An addi­tional 2.1 mil­lion active and reserve ser­vice mem­bers were added to the total num­ber of affected indi­vid­u­als June 1^st.
UPDATE (06.29.06): The stolen lap­top com­puter and the exter­nal hard drive were recov­ered.

28,600,000

May 23,
2006

Univ. of Delaware
(Newark, DE)

Secu­rity breach of a Depart­ment of Pub­lic Safety com­puter server poten­tialy exposes names, Social Secu­rity num­bers and driver’s license num­bers.

1,076

May 23,
2006

M&T Bank
(Buf­falo, NY)

Lap­top com­puter, owned by PFPC, a third party com­pany that pro­vides record keep­ing ser­vices for M & T’s Port­fo­lio Archi­tect accounts was stolen from a vehi­cle. The lap­top con­tained clients’ account num­bers, Social Secu­rity num­bers, last name and the first two let­ters of their first name.

Unknown

May 24,
2006

Sacred Heart Univ.
(Fair­field, CT)

It was dis­cov­ered on May 8^th that a com­puter con­tain­ing per­sonal infor­ma­tion includ­ing names, addresses and Social Secu­rity num­bers was breached.

Unknown

May 24,
2006

Amer­i­can Red Cross, St. Louis Chap­ter
(St. Louis,

Dis­hon­est employee had access to Social Secu­rity num­bers of donors to call urg­ing them to give blood again. The employee mis­used the per­soal infor­ma­tion of at least 3 peo­ple to per­pe­trate iden­tity theft and had access to the per­sonal infor­ma­tion of 1 mil­lion donors.

1,000,000

May 30,
2006

Texas Guar­an­teed Stu­dent Loan Corp.
(Round Rock, TX)
via sub­con­trac­tor, Hum­ming­bird
(Toronto, Canada)

Texas Guar­an­teed (TG) was noti­fied by sub­con­trac­tor Hum­ming­bird that an employee had lost a piece of equip­ment con­tain­ing names and Social Secu­rity num­bers of TG bor­row­ers.

1,300,000

May 30,
2006

Florida Int’l Univ.
(Miami, FL)

Hacker accessed a data­base that con­tained per­sonal infor­ma­tion, such as stu­dent and appli­cant names and Social Secu­rity num­bers.

“thou­sands”

June 1,
2006

Miami Uni­ver­sity
(Oxford, OH)

An employee lost a hand-​held per­sonal com­puter con­tain­ing per­sonal infor­ma­tion of stu­dents who were enrolled between July 2001 and May 2006.

851

June 1,
2006

Ernst & Young
(UK)

A lap­top con­tain­ing names, addresses and credit or debit card infor­ma­tion of Hotels​.com cus­tomers was stolen from an employee’s car in Texas.

243,000

June 1,
2006

Univ. of Ken­tucky
(Lex­ing­ton, KY)

Per­sonal infor­ma­tion of cur­rent and for­mer Uni­ver­sity of Ken­tucky employ­ees includ­ing Social Secu­rity num­bers was inad­ver­tently acces­si­ble online for 19 days last month.

1,300

June 2,
2006

Buck­eye Com­mu­nity Health Plan
(Colum­bus, OH)

Four lap­top com­put­ers con­tain­ing cus­tomer names, Social Secu­rity num­bers, and addresses were stolen from the Med­ic­aid insur­ance provider.

72,000

June 2,
2006

Ahold USA
(Lan­dover, MD)
Par­ent com­pany of Stop & Shop, Giant stores and Tops stores via sub­con­trac­tor Elec­tronic Data Sys­tems
(Plano, TX)

An EDS employee lost a lap­top com­puter dur­ing a com­mer­cial flight that con­tained pen­sion data of for­mer employ­ees of Ahold’s super­mar­ket chains includ­ing Social Secu­rity num­bers, birth dates and ben­e­fit amounts.

Unknown

June 2,
2006

YMCA
(Prov­i­dence, RI)

Lap­top com­puter con­tain­ing per­sonal infor­ma­tion of mem­bers was stolen. The infor­ma­tion included credit card and debit card num­bers, check­ing account infor­ma­tion, Social Secu­rity num­bers, the names and addresses of chil­dren in day­care pro­grams and med­ical infor­ma­tion about the chil­dren, such as aller­gies and the med­i­cine they take, though the type of stolen infor­ma­tion about each per­son varies.

65,000

June 2,
2006

Humana
(Louisville, KY)

Per­sonal infor­ma­tion of Humana cus­tomers enrolled in the company’s Medicare pre­scrip­tion drug plans could have been com­pro­mised when an insur­ance com­pany employee called up the data through a hotel com­puter and then failed to delete the file.

17,000

June 5,
2006

Inter­nal Rev­enue Ser­vice
(Wash­ing­ton, DC)

A lap­top com­puter con­tain­ing per­sonal infor­ma­tion of employ­ees and job appli­cants, includ­ing fin­ger­prints, names, Social Secu­rity num­bers, and dates of birth, was lost dur­ing tran­sit on an air­line flight

291

June 6,
2006

Univ. of Texas
(El Paso, TX)

Stu­dents demon­strated that stu­dent body and fac­ulty elec­tions could be rigged by hack­ing into stu­dent infor­ma­tion includ­ing Social Secu­rity num­bers.

4,719

June 8,
2006

Univ. of Michi­gan Credit Union
(Ann Arbor, MI)

Paper doc­u­ments con­tain­ing per­sonal infor­ma­tion of credit union mem­bers were stolen from a stor­age rooms. The doc­u­ments were sup­posed to have been dig­i­tally imaged and then shred­ded. Instead, they were stolen and used to per­pe­trate iden­tity theft.

5,000

June 11,
2006

Den­ver Elec­tion Com­mis­sion
(Den­ver, CO)

Records con­tain­ing per­sonal infor­ma­tion on more than 150,000 vot­ers are miss­ing at city elec­tion offices. The micro­filmed voter reg­is­tra­tion files from 1989 to 1998 were in a 500-​pound cab­i­net that dis­ap­peared when the com­mis­sion moved to new offices in Feb­ru­ary. The files con­tain vot­ers’ Social Secu­rity num­bers, addresses and other per­sonal infor­ma­tion.

150,000

June 12,
2006

U.S. Dept. of Energy
(Wash­ing­ton, D.C.)

Names, Social Secu­rity num­bers, secu­rity clear­ance lev­els and place of employ­ment for mostly con­tract employ­ees who worked for National Nuclear Secu­rity Admin­is­tra­tion may have been com­pro­mised when a hacker gained entry to a com­puter sys­tem at a ser­vice cen­ter in Albu­querque, N.M. eight months ago.

1,502

June 13,
2006

Minn. State Audi­tor
(St. Paul, MN)

Three lap­tops pos­si­bly con­tain­ing Social Secu­rity num­bers of employ­ees and recip­i­ents of hous­ing and wel­fare ben­e­fits along with other per­sonal infor­ma­tion of local gov­ern­ments the audi­tor over­sees have gone miss­ing.

493

June 13,
2006

Ore­gon Dept. of Rev­enue
(Salem, OR)

Elec­tronic files con­tain­ing per­sonal data of Ore­gon tax­pay­ers may have been com­pro­mised by an ex-employee’s down­loaded a con­t­a­m­i­nated file from a porn site. The “tro­jan” attached to the file may have sent tax­payer infor­ma­tion back to the source when the com­puter was turned on.

2,200

June 13,
2006

U.S. Dept of Energy, Han­ford Nucear Reser­va­tion
(Rich­land, WA)

Cur­rent and for­mer work­ers at the Han­ford Nuclear Reser­va­tion that their per­sonal infor­ma­tion may have been com­pro­mised, after police found a 1996 list with work­ers’ names and other infor­ma­tion in a home dur­ing an unre­lated inves­ti­ga­tion.

4,000

June 14,
2006

Amer­i­can Insur­ance Group (AIG), Mid­west Office
(New York, NY)

The com­puter server was stolen on March 31 con­tain­ing per­sonal infor­ma­tion includ­ing names, Social Secu­rity num­bers and tens of thou­sands of med­ical records.

930,000

June 14,
2006

West­ern Illinios Univ.
(Macomb, IL)

On June 5^th, a hacker com­pro­mised a Uni­ver­sity server that con­tained names, addresses, credit card num­bers and Social Secu­rity num­bers of peo­ple con­nected to the Uni­ver­sity.
[UPDATE 7/​5/​06. Num­ber affected reduced from 240,000.]

180,000

June 16,
2006

Union Pacific
(Omaha, NE)

On April 29^th, an employee’s lap­top was stolen that con­tained data for cur­rent and for­mer Union Pacific employ­ees, includ­ing names, birth dates and Social Secu­rity num­bers.

30,000

June 16,
2006

NY State Controller’s Office
(Albany, NY)

State con­troller data car­tridge con­tain­ing pay­roll data of employ­ees who work for a vari­ety of state agen­cies was lost dur­ing ship­ment. The data con­tained names, salaries, Social Secu­rity num­bers and home addresses.

1,300

June 16,
2006

ING
(Miami, FL)

Two ING lap­tops that car­ried sen­si­tive data affect­ing of Jack­son Health Sys­tem hos­pi­tal work­ers were stolen in Decem­ber 2005. The com­put­ers, belong­ing to finan­cial ser­vices provider ING, con­tained infor­ma­tion gath­ered dur­ing a vol­un­tary life insur­ance enroll­ment drive in Decem­ber and included names, birth dates and Social Secu­rity num­bers.

8,500

June 16,
2006

Univ. of Ken­tucky
(Lex­ing­ton, KY)

The per­sonal data of cur­rent and for­mer stu­dents includ­ing class­room ros­ters names, grades and Social Secu­rity num­bers was reported stolen on May 26 fol­low­ing the theft of a professor’s flash drive..

6,500

June 17,
2006

ING
(Wash­ing­ton, D.C.)

Lap­top stolen from employee’s home con­tain­ing retire­ment plan infor­ma­tion includ­ing Social Secu­rity num­bers of D.C. city employ­ees.

13,000

June 17,
2006

Auto­matic Data Pro­cess­ing (ADP)
(Rose­land, NJ)

Per­sonal and pay­roll infor­ma­tion of work­ers were intended to be faxed between ADP offices and were mis­tak­enly sent to a third party.

80

June 17,
2006

CA Dept. of Health Ser­vices (CDHS)
(Sacra­mento, CA)

CDHS doc­u­ments were inap­pro­pri­ately emp­tied from an employee’s cubi­cle on June 5 and 9 rather than shred­ded.
The doc­u­ments con­tained state employ­ees and other indi­vid­u­als apply­ing for employ­ment with the state includ­ing names, addresses, Social Secu­rity num­bers and home and work tele­phone num­bers. They were mostly expired state employ­ment cer­ti­fi­ca­tion lists, but also included requests for per­son­nel action, copies of e-​mail mes­sages and hand­writ­ten notes.

1,550

June 20,
2006

Equifax
(Atlanta, GA)

On May 29, a com­pany lap­top con­tain­ing employee names and par­tial and full Social Secu­rity num­bers was stolen from an employee.

2,500

June 20,
2006

Univ. of Alabama
(Birm­ing­ham, AL)

In Feb­ru­ary a com­puter was stolen from a locked office of the kid­ney trans­plant pro­gram at the Uni­ver­sity of Alabama at Birm­ing­ham that con­tained con­fi­den­tial infor­ma­tion of donors, organ recip­i­ents and poten­tial recip­i­ents includ­ing names, Social Secu­rity num­bers and med­ical infor­ma­tion.

9,800

June 21,
2006

U.S. Dept. of Agri­cul­ture (USDA)
(Wash­ing­ton, D.C.)

Dur­ing the first week in June, a hacker broke into the Department’s com­puter sys­tem and may have obtained names, Social Secu­rity num­bers and pho­tos of cur­rent and for­mer employ­ees and con­trac­tors.

26,000

June 22,
2006

Fed. Trade Comm. (FTC)
(Wash­ing­ton, D.C.)

Two lap­top com­put­ers con­tain­ing per­sonal and finan­cial data were stolen from an employee’s vehi­cle. The data included names, addresses, Social Secu­rity num­bers, dates of birth, and in some instances, finan­cial account num­bers gath­ered in law enforce­ment inves­ti­ga­tions.

110

June 23,
2006

San Fran­cisco State Univ.
(San Fran­cisco, CA)

a fac­ulty member’s lap­top was stolen from a car on June 1 that con­tained per­sonal infor­ma­tion of for­mer and cur­rent stu­dents includ­ing Social Secu­rity num­bers, and names and ins some instance, phone num­bers and grade point aver­ages.

3,000

June 23,
2006

U.S. Navy
(Wash­ing­ton, D.C.)

Navy per­son­nel were noti­fied on June 22 that a civil­ian web site con­tained files with per­sonal infor­ma­tion of Navy mem­bers and depen­dents includ­ing names, birth dates and Social Secu­rity num­bers.

30,000

June 23,
2006

CA Dept. of Health Ser­vices (CDHS)
(Sacra­mento, CA)

On June 12, a box of Medi-​Cal forms from Decem­ber 2005 were found in the cubi­cle of a CDHS employee. The claim forms con­tained the names, addresses, Social Secu­rity num­bers and pre­scrip­tions for ben­e­fi­cia­ries or their fam­ily mem­bers.

323

June 23,
2006

Catawba County Schools
(New­ton, NC)

On June 22, it was dis­cov­ered that a web site posted names, Social Secu­rity num­bers, and test scores of stu­dents who had taken a key­board­ing and com­puter appli­ca­tions place­ment test dur­ing the 2001-​02 school year.
UPDATE: The web site con­tain­ing the data has been removed.

619

June 23,
2006

King County Records, Elec­tions, and Licens­ing Ser­vices Divi­sion
(Seat­tle, WA)

Social Secu­rity num­bers for poten­tially thou­sands of cur­rent and for­mer county res­i­dents may be exposed on the agency’s web site. Res­i­dents can request that the image of any doc­u­ment that con­tains a Social Secu­rity num­ber, Mother’s Maiden Name or Dri­vers License be removed. Offi­cials state that they are unable to alter orig­i­nal pub­lic doc­u­ments and can­not choose to not record doc­u­ments pre­sented for record­ing. 

Unknown

June 27,
2006

Gov’t Account­abil­ity Office (GAO)
(Wash­ing­ton, D.C.)

Data from audit reports on Defense Depart­ment travel vouch­ers from the 1970s were inad­ver­tently posted online and included some ser­vice mem­bers’ names, Social Secu­rity num­bers and addresses. The agency has sub­se­quently removed the infor­ma­tion.

“Fewer than 1,000″
[1,000 used in total]

June 28,
2006

AAAAA Rent-​A-​Space
(Colma, CA)

Customer’s account infor­ma­tion includ­ing name, address, credit card, and Social Secu­rity num­ber was eas­ily acces­si­ble due to a secu­rity gap in its online pay­ment sys­tem.

13,000

June 29,
2006

All­State Insur­ance
Huntsville branch
(Huntsville, AL)

Over Memo­r­ial Day week­end, a com­puter con­tain­ing per­sonal data includ­ing images of insur­ance poli­cies, cor­re­spon­dence and Social Secu­rity num­bers was stolen.

2,700

June 29,
2006

Nebraska Treasurer’s Office
(Lin­coln, NE)

A hacker broke into a child-​support com­puter sys­tem and may have obtained names, Social Secu­rity num­bers and other infor­ma­tion such as tax iden­ti­fi­ca­tion num­bers for 9,000 busi­nesses.

309,000

June 29, 2006

Min­nesota Dept. of Rev­enue
(St. Paul, MN)

On May 16, a pack­age con­tain­ing a data tape used to back up the regional office’s com­put­ers went miss­ing dur­ing deliv­ery. The tape con­tained per­sonal infor­ma­tion includ­ing indi­vid­u­als’ names, addresses, and Social Secu­rity num­bers.

50,400

June 30, 2006

Nat’l Insti­tutes of Health Fed­eral Credit Union
(Rockville, MD)

NIH­FCU is inves­ti­gat­ing with law enforce­ment the iden­tity theft of some of its 41,000 mem­bers. No details given on type of infor­ma­tion stolen, or how it was stolen.

“Very few” of 41,000 mem­bers affected
[not included in total]

July 1, 2006

Amer­i­can Red Cross, Farm­ers Branch
(Dal­las, TX)

Some­time in May, 3 lap­tops were stolen, one of them con­tain­ing encrypted per­sonal infor­ma­tion includ­ing names, SSNs, dates of birth, and med­ical infor­ma­tion of all regional donors. They also report los­ing a lap­top with encrypted donor infor­ma­tion in June 2005.

Unknown

July 5, 2006

Bisys Group Inc.
(Rose­land, NJ)

Per­sonal details about 61,000 hedge fund investors were lost when an employee’s truck car­ry­ing backup tapes was stolen. The data included SSNs of 35,000 indi­vid­u­als. The tapes were being moved from one Bisys facil­ity to another on June 8 when the theft occurred.

61,000

July 6, 2006

Auto­mated Data Pro­cess­ing (ADP)
(Rose­land, NJ)

Pay­roll ser­vice com­pany ADP gave scam-​artist names, addresses, and num­ber of shares held of investors, although appar­ently not SSNs or account num­bers. The leak occurred from Nov. ’05 to Feb. ’06 and involved indi­vid­ual investors with 60 com­pa­nies includ­ing Fidelity, UBS, Mor­gan Stan­ley , Bear Stearns, Cit­i­group, Mer­rill Lynch.

“Hun­dreds of thou­sands”
[not included in total]

July 7, 2006

Uni­ver­sity of Ten­nessee
(866) 748‑1680

Hacker broke into UT com­puter con­tain­ing names, addresses and SSNs of about 36,000 past and cur­rent employ­ees. Intruder appar­ently used com­puter from Aug. ’05 to May ’06 to store and trans­mit movies.

36,000

July 7, 2006

Nat’l Asso­ci­a­tion of Secu­ri­ties Deal­ers (NASD)
(Boca Raton, FL)

Ten lap­tops were stolen on Feb. 25 ’06 from NASD inves­ti­ga­tors. They included SSNs of secu­ri­ties deal­ers who were the sub­ject of inves­ti­ga­tions involv­ing pos­si­ble mis­con­duct. Inac­tive account num­bers of about 1,000 con­sumers were also con­tained on lap­tops.

73

July 7, 2006

Naval Safety Cen­ter

SSNs and other per­sonal infor­ma­tion of naval and Marine Corps avi­a­tors and air crew, both active and reserve, were exposed on Cen­ter web site and on 1,100 com­puter discs mailed to naval com­mands.

“more than 100,000″