October 30, 2017 | Author: Anonymous | Category: N/A
A telemarketing sales agents kept her sales contacts on a Google notebook including A data security incident at the Wy&n...
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 1 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20081231-17
Vonage
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A telemarketing sales agents kept her sales contacts on a Google notebook including names, credit card numbers, bank account info and CCV's
Attribution 1
Publication:
notice to NH AG
Article Title:
Vonage
Author: Brendan Kasper
Date Published:
12/23/2008
Article URL: http://doj.nh.gov/consumer/pdf/vonage.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-16
Wyndham Hotel Group
US
10/1/2008
Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A data security incident at the Wyndham Hotels may have caused customers' ames, credit or debit card information to be exposed. This might have occurred in October. Notices are being sent out.
Attribution 1
Publication:
notice to NH AG
Article Title:
Wyndham Hotels
Author: Kristen Hotchkiss
Date Published:
12/23/2008
Article URL: http://doj.nh.gov/consumer/pdf/wyndham.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-14
Pepsi
US
12/8/2008
Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Udring the week of Dec. 8, the payroll dept. of Pepsi reported that it could not account for a portable storage device that held the names and SSN of Pepsi Bottling Group employees in the US.
Attribution 1
Publication:
notice to NH AG
Article Title:
Pepsi
Author: David Yawman
Date Published:
12/30/2008
Article URL: http://doj.nh.gov/consumer/pdf/pepsi.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-13
Merrill Lynch
WA
11/26/2008
Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
A laptop was stolen from the WA Lynch office and included client account numbers, SSNs but not PINS. One NH resident was affected.
Attribution 1
Publication:
notice to NH AG
Article Title:
Merrill Lynch- 11/26/2008
Author: J David Nontague
Article URL: http://doj.nh.gov/consumer/pdf/merrill3.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
12/16/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 2 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-12
Merrill Lynch
NY
12/19/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
On Dec 19, a third party consulting firm employee had items stolen from his home including a computer which had the names and SSNs of current and former Merrill Lynch employee and applicants including some in NH.
Attribution 1
Publication:
notice to NH AG
Article Title:
Merrill Lynch Dec 19, 2008
Author: J David Montague
Date Published:
12/29/2008
Article URL: http://doj.nh.gov/consumer/pdf/merrill4.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-11
DJO
US
11/14/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
68,857
DJO, a provider of orthopedic products, had a laptop computer stolen from a locked home in the Bahamas where a Creditek employee (subcontractor) was staying. The computer included billing data including names SSN, medical info, insurance id numbers and the insurance company. 68.857 individuals in the US and Puerto Rico are potentially affected. Attribution 1
Publication:
notice to NH AG
Article Title:
DJO
Author: Dale Hammer, VP
Date Published:
12/12/2008
Article URL: http://doj.nh.gov/consumer/pdf/djo.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-10
North Pacific Group
OR
12/1/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
2,249
In a letter to the New Hampshire Attorney General dated December 23, North Pacific Group had 2 computers stolen which included stored files containing names, addresses, Social Security numbers, and dates of birth for current and certain former employees (”Employees”). "Our records indicate that the stolen computers contained such records for a total of 2,249 Employees" Attribution 1
Publication:
notice to NH AG
Article Title:
North Pacific
Author: Tacy Lind
Date Published:
12/23/2008
Article URL: http://doj.nh.gov/consumer/pdf/northpacific.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-09
TD Bank
NJ
10/27/2008
Electronic
Records Exposed? Yes Published #
Business
On November 26th, TD Bank, N.A. notified the New Hampshire Attorney General that on October 27, computer equipment containing names, addresses, dates of birth, social security numbers, bank account numbers and balances was removed without authorization from two TD Banknorth branches that were being consolidated into TD Bank Stores in Hillsdale and Park Ridge, New Jersey. An estimated 3,235 customers were affected by the incident. Attribution 1
Publication:
notice to NH AG
Author: Michael O'Conner
Article Title: TD Bank Article URL: http://doj.nh.gov/consumer/pdf/tdbanknorth.pdf Copyright 2008 Identity Theft Resource Center
Date Published:
11/26/2008
Exposed # of Records Rptd
3,235
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 3 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-08
SAIC
CA
10/28/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Science Applications International Corporation (”SAIC”), recipient of a number of large government contracts, notified the New Hampshire Attorney General on December 9th of a security breach involving malware. The specific malware was not named, but was described as “designed to provide backdoor access.” The breach was detected on October 28th. In its letter to an unspecified number of affected individuals, SAIC wrote: This letter is to notify you of a potential compromise of your personal information, including your name and social security number, date of birth, home address, home phone number and clearance level and possibly other personal information necessary to complete government security clearance questionnaires (e.g., SF-8SP or SF-86). Attribution 1
Publication:
notice to NH AG
Article Title:
SAIC
Author: Amy Carlson
Date Published:
12/9/2008
Article URL: http://doj.nh.gov/consumer/pdf/SAIC2.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-07
Emergency Medical Associates
NJ
7/15/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
27
On November 4th, lawyers for Emergency Medical Associates of New Jersey (”EMA”) notified the New Hampshire Attorney General’s office that in mid-July, the Secret Service had notified them that during the course of an independent investigation, the Secret Service had identified a total 27 American Express credit cards that were possibly the subject of identity theft. The Secret Service contacted EMA because the 27 affected American Express cardholders had all used their American Express credit card to pay a legitimate bill of EMA Attribution 1
Publication:
notice to NH AG
Article Title:
Emergency Medical Associates of NJ
Author:
Date Published:
11/4/2008
Article URL: http://doj.nh.gov/consumer/pdf/emergency.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081231-05
NH Lake's Region General Hospital
NH
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Yes Published #
Medical/Healthcare
A package containing personnel medical information on 1,500 patients at New Hampshire's Lakes Region General Hospital is missing. Henry Lipman, executive vice president and chief financial officer at LRGHeath Care, said UPS recently shipped the parcel from a Woburn, Mass. central processing agent to the hospital, but the package never arrived. Information contained in the package includes patient names, dates of service and diagnosis code numbers for different diagnosis or medical procedures. No bank account or credit card information is included. What information is included varies from insurer to insurer, Lipman said, noting that workers' compensation claims use social security numbers. Attribution 1
Publication: Article Title:
Citizen.com Author: Bea Lewis Date Published: Lakes Region General Hospital package containing patient medical information still missing
12/26/2008
Article URL: http://www.citizen.com/apps/pbcs.dll/article?AID=/20081226/GJNEWS02/712269929/-1/CITNEWS Attribution 2
Publication:
Fox 44
Article Title:
NH hospital package missing, contains patient info
Author: AP
Article URL: http://www.fox44.net/Global/story.asp?S=9581593
Copyright 2008 Identity Theft Resource Center
Date Published:
12/26/2008
Exposed # of Records Rptd
1,500
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 4 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20081231-04
Illinois State Police Credit Union, Chicago Patrolmen's
IL
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
140
Police have arrested eight people in a two-month-long investigation of at least $150,000 in credit card fraud against members of two police credit unions, officials announced late Tuesday. The fraud ring, which involved seven employees of Chicago-area retail stores, hit 140 accounts at Illinois State Police Credit Union and the Chicago Patrolmen's Credit Union, according to Illinois State Police. The ring operated out of Crestwood, although most of those arrested were from Chicago, according to a police press release. The investigation involved state police, the U.S. Secret Service, the Illinois attorney general's office and the Chicago Police Department, according to police Attribution 1
Publication: Article Title:
CLTV, WGN 9, Chicago Tribune Author: 8 arrested in ring targeting police credit unions
Date Published:
12/31/2008
Article URL: http://www.chicagobreakingnews.com/2008/12/arrests-in-credit-card-fraud-against-police-credit-union-members.ht
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081231-03
Dr Anjali Pathak
FL
12/30/2008
Paper Data
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
37
Stacks of health records including some SSNs were found outside a counseling office unshredded. In the stack of paperwork, there are also several prescription documents, listing names alongside drugs and doses. One insurance form has a woman's name, her social security number, her address, phone number, birth date and coverage details. Attribution 1
Publication: Article Title:
First Coast News Author: Erich Spivey Private Medical Records Found In Garbage
Date Published:
12/31/2008
Article URL: http://www.firstcoastnews.com/news/local/news-article.aspx?storyid=126998&catid=3
ITRC Breach ID
Company or Agency
Location
ITRC20081231-02
Bank of America
CA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
Anyone who used Bank of America automated teller machines in Newbury Park or Thousand Oaks in December should double-check their bank statements for possible fraudulent charges, Detective Eric Buschow said. Police have discovered card skimmers- - devices that cover the slots where bank cards are inserted into ATMs—at some banks. Attribution 1
Publication:
The Acorn
Article Title:
Crooks strike again, using bogus ATM devices
Author: Nancy Needham
Date Published:
12/31/2008
Article URL: http://www.toacorn.com/news/2009/0101/community/006.html
ITRC Breach ID
Company or Agency
Location
ITRC20081231-01
Ohio State University
OH
Est. Date
Breach Type Breach Category Electronic
Educational
Ohio State University has notified 18,000 current and former students that their names and Social Security numbers were mistakenly stored on a computer server exposed to the Internet. A vendor doing work for Ohio State's student health insurance plan made the mistake. Only students enrolled in the school's insurance program from fall 2005 to summer 2006 are affected.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
18,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 5 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Columbus Dispatch
Article Title:
OSU students told that private information was on Internet
Author: Encarnacion Pyle
Date Published:
12/31/2008
Article URL: http://www.columbusdispatch.com/live/content/local_news/stories/2008/12/31/osu_data.html?sid=101 Attribution 2
Publication: Article Title:
Office of Student Life OSU Website- breach
Author: OSU
Date Published:
Article URL: http://www.studentlife.osu.edu/dataexposure/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081229-01
Pulte Homes Las Vegas
NV
11/13/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
16,000
Computer tapes holding private customer information including names, addresses, driver's license numbers and financial account numbers were stolen from a Pulte Homes office in Las Vegas last month, and the developer is cautioning home buyers to take precautions to protect their identity. In a letter dated Dec. 19, Pulte Homes Las Vegas Division told 16,000 customers of the Nov. 13 theft of a box containing computer backup tapes. Attribution 1
Publication:
Las Vegas Sun
Article Title:
Identities of 16,000 Pulte Homes customers compromised
Author: Jean Norman
Date Published:
12/25/2008
Article URL: http://www.lasvegassun.com/news/2008/dec/25/identities-16000-pulte-homes-customers-compromised/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081224-02
Ohio University Chillicothe Health and Wellness Center
OH
12/23/2008
Electronic
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
None Other Protection
0
Thirty-eight current and former members of the Ohio University-Chillicothe Health & Wellness Center had some personal information stored on a computer hard drive stolen from the university, officials reported Tuesday. The information was maintained on a single, stand-alone computer utilizing specialized software. Without this specialized software, it would be difficult to read the information, university officials said. OU-C has attempted to contact the individuals whose information was on the drive, including Social Security numbers, to inform them of the theft. Attribution 1
Publication:
Chillicothe Gazette
Article Title:
Thief nabs Social Security info from OU-C
Author: staff
Date Published:
12/24/2008
Article URL: http://www.chillicothegazette.com/article/20081224/NEWS01/812240313
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081224-01
RBS WorldPay
US
11/10/2008
Electronic
Banking/Credit/Financial
RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, today announced that its computer system had been improperly accessed by an unauthorized party. Pre-paid cardholders and other individuals were affected and identified on November 10. RBS WorldPay's internal security professionals and outside experts are working with federal and state law enforcement authorities in an investigation of this event. The affected pre-paid cards include payroll cards and open-loop gift cards. The fraud that has been identified to-date is associated with RBS WorldPay's computer system supporting its U.S. prepaid and open-loop gift card issuing business. Actual fraud has been committed on approximately 100 cards. Cardholders will not be responsible for unauthorized activity associated with this event. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
1,500,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 6 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Atlanta Business Chronicle
Article Title:
Payment processor RBS WorldPay breached
Author: staff
Date Published:
12/23/2008
Article URL: http://www.bizjournals.com/atlanta/stories/2008/12/22/daily24.html Attribution 2
Publication: Article Title:
Sun Herald Author: PR News Date Published: 12:23:00 PM RBS WorldPay Announces Compromise of Data Security and Outlines Steps to Mitigate Risk
Article URL: http://www.sunherald.com/prnewswire/story/1033361.html
ITRC Breach ID
Company or Agency
Location
ITRC20081223-04
Stewart Title
OK
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Exposed # of Records Rptd
Yes Unknown #
Business
0
Paperwork from Stewart Title was discovered by a fence. The business handles home loans, and the manager says that they always shred their documents, and she's not sure how they ended up out of the dumpster on the street. Only some of the documents contained account information. Attribution 1
Publication: Article Title:
KSWO Author: staff Unshredded paperwork from Lawton business found lining fence
Date Published:
12/22/2008
Article URL: http://www.kswo.com/Global/story.asp?S=9567506
ITRC Breach ID
Company or Agency
Location
ITRC20081223-03
BP Gas Station
GA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Business
0
Alpharetta police cracked the largest identity theft ring in the city's history, they announced Dec. 22. Four people used fake card readers to skim information at a BP Gas Station, one of which was an employee there. Also seized were hundreds of fake credit and debit cards, skimmer reading devices, remote cameras and card reader clones. Additionally, hundreds of documents from illegal purchases including "coded" books containing victim's card numbers with attached PIN numbers were confiscated. Attribution 1
Publication:
Appen Newspapers
Article Title:
Alpharetta PD arrests three for alleged ID theft ring
Author: Jason Wright
Date Published:
12/22/2008
Article URL: http://www.northfulton.com/Articles-i-2008-12-18-176181.114126_APD_arrests_three_for_alleged_ID_theft_ring.html
ITRC Breach ID
Company or Agency
Location
ITRC20081223-02
Cedar Sinai Medical Center
CA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,000
More than 1,000 patients of Cedars-Sinai Medical Center may have had personal information taken by a former employee, who allegedly used their identities to defraud insurance companies. A search of the home of James Allen Wilson, 44, turned up the patients’ information, the hospital’s chief financial officer said in a letter to the affected persons last week. Wilson had worked in the hospital’s billing department. Attribution 1
Publication:
La Times
Article Title:
Former Cedars-Sinai employee held in identity theft, fraud
Author: Alexandra Zavis
Date Published:
12/23/2008
Article URL: http://www.latimes.com/news/local/la-me-cedars-sinai23-2008dec23,0,6381180.story Attribution 2
Publication:
KTLA
Article Title:
SoCal Hospital Employee Accused of ID Theft, Insurance Fraud
Author: staff
Date Published:
12/23/2008
Article URL: http://www.ktla.com/landing_news/?SoCal-Hospital-Employee-Accused-of-ID-Th=1&blockID=169309&feedID=171
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 7 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081223-01
FEMA- Katrina
LA
12/15/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
17,000
FEMA says 16 thousand, 857 names, Social Security & telephone numbers and other private information were publicly posted on 2 websites last week. The names belonged to applicants from Hurricane Katrina who'd evacuated to Texas, but now live all across the Gulf Coast. FEMA's Acting press secretary Terry Monrad says when the agency found out, the names were immediately removed. Attribution 1
Publication: Article Title:
KERA News Author: Bill Zeeble Katrina Applicant Identities Posted On Web
Date Published:
12/22/2008
Article URL: http://publicbroadcasting.net/kera/news.newsmain?action=article&ARTICLE_ID=1445791§ionID=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081222-11
New Hampshire Dept. of Health
NH
12/1/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
9,300
The New Hampshire health department mistakenly released 9,300 names and Social Security numbers of Medicare recipients. The department is urging clients to initiate credit fraud alerts or freezes on their accounts. The information was mistakenly attached to an e-mail to service providers on Dec. 1. Attribution 1
Publication: Article Title:
WCAX Author: AP AP NewsBreak: NH agency breaches client data
Date Published:
12/17/2008
Article URL: http://www.wcax.com/Global/story.asp?S=9537530&nav=menu183_7_10 Attribution 2
Publication:
San Francisco Examiner
Article Title:
AP NewsBreak: NH agency releases client data
Author: AP
Date Published:
12/17/2008
Article URL: http://www.examiner.com/a-1749220~AP_NewsBreak__NH_agency_releases_client_data.html Attribution 3
Publication: Article Title:
NH Public Radio Author: Elaine Grant HHS Mistakenly Leaks Medicare Recipients' Private Information
Date Published:
12/17/2008
Article URL: http://www.nhpr.org/node/19784
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081222-10
Ted's Café
OK
11/4/2008
Electronic
Business
Records Exposed? Yes Unknown #
Federal agents are investigating an ongoing case of credit card fraud that may cover multiple states. The trail seems to start at Ted's Café Escondido on Nov. 4.
Attribution 1
Publication: Article Title:
News OK Credit card fraud involves Edmond café
Author: Diana Baldwin
Article URL: http://newsok.com/credit-card-fraud...article/3330404
Copyright 2008 Identity Theft Resource Center
Date Published:
12/16/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 8 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20081222-09
Ensign United States Drilling Inc.
CO
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
The Denver District Attorney's office says 34-year-old Jennifer Elaine Bundy stole the money from a large oil and gas drilling company over the course of seven years. The payroll manager created nonexistent employees on the payroll and had their wages directly deposited to accounts set up and controlled by her and also used the identities of former employees between 2001 and 2008 to steal more than $3 million from the company. Attribution 1
Publication:
Denver Business Journal
Article Title:
Payroll chief accused of $3M theft from energy firm
Author: Mark Harden
Date Published:
12/17/2008
Date Published:
12/17/2008
Article URL: http://www.bizjournals.com/denver/stories/2008/12/15/daily37.html Attribution 2
Publication:
KUSA Channel 9
Article Title:
Payroll manager accused of stealing $3 million from company
Author: Jeffery Wolf
Article URL: http://www.9news.com/news/article.aspx?storyid=106116
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081222-08
Regions Bank
GA
12/10/2008
Paper Data
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
Regions Bank officials are looking for four stolen bags containing, among other things, customer information. “There were transaction documents in the courier bags, and there could be personal information,” Regions spokesman Mel Campbell said. The bags were stolen Dec. 10 from the vehicle of a hired courier parked in Dallas, Campbell said. The bags contained information from four bank branches in Dallas, Hiram and east Marietta. Attribution 1
Publication:
Atlanta Journal Constitution
Article Title:
Reward posted for stolen bank bags containing customer info
Author: Marcus Garner
Date Published:
12/17/2008
Article URL: http://www.ajc.com/metro/content/metro/cobb/stories/2008/12/17/bank_bags_stolen.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081222-07
New Smyrna
FL
12/8/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
New Smyrna Beach Police Detective Tony Ford said his agency has been alerted that a gang of card counterfeiters had stolen data from a Bank of America ATM at 1880 State Road 44 last month. The gang also compromised several bank ATM/Debit machines throughout the state, Ford said. Sometime between Nov. 15 and 16, a skimmer was placed on the New Smyrna Beach machine to record card information, Ford said. That was then used to make counterfeit cards which were used in the Orlando, Tampa and Panhandle regions of the state last week. Investigators believe the counterfeit cards were used on December 8-10. Attribution 1
Publication:
Breaking News News Journal Online
Article Title:
New Smyrna police warn of ATM card ID theft
Author: Mark Johnson
Date Published:
12/18/2008
Article URL: http://www.news-journalonline.com/NewsJournalOnline/breakingnews/atmtheft121808.htm
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 9 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081222-06
University of NC School of Arts
NC
12/13/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
2,700
Officials at the UNC School of the Arts say they are notifying current and former students that their names and Social Security numbers "may have been accidentally exposed" in a security breach involving a university computer server. The server in question went online in July 2003. The security breach occurred in May of 2006 and affected about 2,700 students who were enrolled between 2003 and 2006. Attribution 1
Publication:
Winston Salem Journal
Author: Paul Garber
Date Published:
12/20/2008
Article Title: UNCSA tells its students to monitor credit Article URL: http://www2.journalnow.com/content/2008/dec/20/uncsa-tells-its-students-to-monitor-credit/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081222-05
ILWU Credit Union
CA
12/13/2008
Paper Data
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
50
Old credit union documents containing her Social Security number and other personal information were found in an alley near the International Longshore and Warehouse Union Credit Union office at 1135 N. Avalon Blvd., apparently dumped. "It involved less than 50 people and all the files were dated in the mid-1990s, before any of us were (working) here," said Kim Thomas, vice president of member services. Attribution 1
Publication:
Contra Costa Times
Author: Donna Littlejohn
Date Published:
12/20/2008
Article Title: Sensitive ILWU credit union forms discovered in alley Article URL: http://www.contracostatimes.com/california/ci_11275841
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081222-04
Lorain County Community Schools
OH
11/28/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
22,000
A sophisticated computer hacker was able to breach the security system of two Lorain County Community College servers in an attack during the Thanksgiving holiday break. One of the servers contained the records of approximately 22,000 students, community users, and employees and their Social Security numbers. That server hosted the college’s library card system. Attribution 1
Publication:
Chronicle Telegram
Author: Lisa Roberson
Date Published:
12/22/2008
Article Title: Hackers strikes LCCC system Article URL: http://www.chroniclet.com/2008/12/20/hackers-strikes-lccc-system_122/
ITRC Breach ID
Company or Agency
Location
ITRC20081222-03
Pierce County gas stations
WA
Est. Date
Breach Type Breach Category Electronic
Business
Police still haven’t caught up with the scam artists who made off with half a million dollars this summer from debit card information stolen at two Pierce County gas stations. Local agencies are coordinating with police in California and federal agents to stop what they believe is a crime spree that spans the West Coast. The patient and wily thieves are believed to have left a wake of at least 675 victims and $800,000 in losses, according to police and news accounts. The FBI is involved and it appears to be a skimming case using cardreading devices placed on payment machines.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 10 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
The News Tribune
Article Title:
Debit-card thieves still on the loo
Author: Ian Demsky
Date Published:
12/21/2008
Article URL: http://www.thenewstribune.com/front/topstories/story/574693.html
ITRC Breach ID
Company or Agency
Location
ITRC20081222-02
Austin Peay State University
TN
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed?
Exposed # of Records Rptd
Yes Published #
750
Hundreds of letters are being sent out to Austin Peay State University students after someone stole two computers containing Social Security numbers and names of hundreds of students.
Attribution 1
Publication:
MSNBC Naashville
Article Title:
2 Austin Peay Computers Stolen - 1 computer contained Students' Names, SSNs
Author: Cynthia Williams
Date Published:
12/19/2008
Article URL: http://www.msnbc.msn.com/id/28303684/
ITRC Breach ID
Company or Agency
Location
ITRC20081222-01
Brooklyn Police
NY
Est. Date
Breach Type Breach Category Paper Data
Government/Military
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
Two identity thieves ripped off cops at a Brooklyn station house after they got hold of a 15-year-old personnel roster and used the information for a $60,000 cellphone-buying spree, police sources said yesterday. Mohammed Belches, 27, allegedly paid a paltry $50 for the roster list compiled in the 67th Precinct in East Flatbush sometime between 1993 and '94. The list was in the personal effects of a civilian aide who since has died. It contained names and SSns, including some still on duty Attribution 1
Publication:
NY Post
Article Title:
'ID-THEFT CELL SCAM' HITS COPS IN B'KLYN
Author: Murray Weiss and Ja
Date Published:
12/22/2008
Article URL: http://www.nypost.com/seven/12222008/news/regionalnews/id_theft_cell_scam_hits_cops_in_bklyn_145381.htm
ITRC Breach ID
Company or Agency
Location
ITRC20081216-01
Louisiana Dept of Revenue
LA
Est. Date
Breach Type Breach Category Paper Data
Government/Military
Records Exposed? Yes Published #
In a press release Monday, the department says letters mailed to taxpayers who owe money also listed the name, address, Social Security number and debt for a different taxpayer on the other side of the paper. The department says it is notifying the 299 taxpayers about the printing error and is helping protect them from possible identity theft. Attribution 1
Publication:
LDR
Article Title:
Press Release
Author: LDR
Date Published:
12/15/2008
Article URL: http://www.rev.state.la.us/sections/publications/viewrelease.aspx?id=233 Attribution 2
Publication:
KTBS 3
Article Title:
Louisiana taxpayers accidentally exposed
Author: AP
Date Published:
Article URL: http://www.ktbs.com/news/Louisiana-taxpayers-accidentally-exposed-21732/
Copyright 2008 Identity Theft Resource Center
12/15/2008
Exposed # of Records Rptd
299
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 11 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081215-02
Innisbrook
NC
8/2/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A Greensboro company, Innisbrook, has notified thousands of parents across the country that their credit card information may have been compromised if they paid online. Some parents in the Triangle have found fraudulent charges on their accounts. Innisbrook works with thousands of schools nationwide and sells things like school supplies and wrapping paper to raise money for the schools. The security breach happened in August, when many customers were placing orders for bundles of back-to-school supplies. Attribution 1
Publication:
News & Observer
Author: Sue Stock
Date Published:
12/13/2008
Article Title: Credit-card data leak in online buys Article URL: http://www.newsobserver.com/business/story/1332238.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081215-01
University of NC Greensboro
NC
12/11/2008
Electronic
Records Exposed? Yes Unknown #
Educational
Exposed # of Records Rptd
0
A virus allowed a workstation's information to be compromised. The workstation contained a significant amount of data, including names, social security numbers, and bank account information. Employees at The University of North Carolina at Greensboro have been notified about a security breach, with potential data loss from a computer which contained personal information used to process the institution’s payroll. Notification was sent on Monday to UNCG’s faculty, staff and student employees, including former UNCG employees, who have received payment from UNCG since April of this year. All regular UNCG employees have direct deposit for their paychecks. Attribution 1
Publication:
UNCG
Article Title:
UNCG Discovers Security Breach; Employees Being Notified
Author: Steve Gilliam, Univers
Date Published:
12/15/2008
Date Published:
12/15/2008
Article URL: http://www.uncg.edu/ure/news/stories/2008/dec/Security121508.htm Attribution 2
Publication:
college website FAQ
Article Title:
University of North Carolina Greensboro breach
Author: Financial Services
Article URL: http://fsv.uncg.edu/incident/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081211-06
TPC Las Vegas
NV
5/23/2008
Electronic
Business
Records Exposed? Yes Unknown #
A point of service server which contained credit card information was stolen on May 23, 2008 from a Tournament Players Club golfing facility, former known as TPC Canyons.
Attribution 1
Publication:
notice to VT AG
Article Title:
TPC Las Vegas, TPC Canyons
Author: Neera Shetty, PGA T
Date Published:
10/9/2008
Article URL: http://www.atg.state.vt.us/upload/1224165345_TPC_Las_Vegas_Golfing_Facility_Security_Breach.pdf
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 12 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081211-05
Burlington Housing Authority
VT
10/1/2008
Electronic
Government/Military
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
A back-up tape was lost when taken home by an employee as part of a regular security process, since changed. It included the personal information of BHA employees and program participants. It was protected by various security systems including encryption. Attribution 1
Publication:
notice to VT AG
Article Title:
Burlington Housing Authority
Author: Paul Dettman
Date Published:
10/21/2008
Article URL: http://www.atg.state.vt.us/upload/1224706613_BHA_Security_breach_Notice_October_21_2008.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081211-04
Zyacorp Entertainment Cinemagic Stadium
NH
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
Hackers broke into a Merrimack movie theater's servers and stole customers' credit card information, police said Wednesday. Investigators said that after receiving numerous reports of fraudulent use of credit cards, police determined that a majority of the victims used their credit cards over the summer and early fall at a Zyacorp Entertainment Cinemagic Stadium movie theater in Merrimack. Attribution 1
Publication:
WMUR
Article Title:
Credit Card Numbers Stolen From Movie Theater Computer
Author: staff
Date Published:
12/10/2008
Article URL: http://www.wmur.com/news/18247613/detail.html - -
ITRC Breach ID
Company or Agency
Location
ITRC20081211-03
unknown CPA, Siuslaw Bank affected
OR
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes (Password) Unknown#
Business
Exposed # of Records Rptd
0
An outsourced accountant's laptop containing Siuslaw Bank customer information was stolen earlier this month, according to bank officials. UPDATE: The news article is incomplete: Upon talking with a senior executive at the bank, ITRC confirmed the bank's computer was not stolen from the bank but from an outsourced CPA. Some SSNs were potentially compromised with the rest being bank account information. The bank has taken action to notify and assist all involved. Attribution 1
Publication:
KVAL
Author: staff
Date Published:
12/11/2008
Article Title: Stolen laptop contained bank customer info Article URL: http://www.kval.com/news/local/35935924.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081211-02
Bill Dube Ford/Toyota
MA
8/5/2008
Electronic
Business
A single data tape was stolen from a secure storage room at the Dover dealership on Dover Point Road in August, Silverman said. He said few people knew of the storage room and whoever stole the tape accessed the room via a staircase in the back of the dealership. Personal information from thousands of people in New Hampshire and Massachusetts has been compromised after a data backup tape from Bill Dube Ford/Toyota was stolen this summer. Customers who purchased vehicles and those who had their vehicles serviced at the dealerships are affected. The pilfered data include names, addresses, Social Security numbers and driver's license information, but no financial data such as credit card information, from customers at Bill Dube's dealerships in Dover and Wilmington, Mass. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 13 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Union Leader
Article Title:
Thousands affected in dealership data theft
Author: Clynton Namuo
Date Published:
12/11/2008
Article URL: http://www.unionleader.com/article.aspx?headline=Thousands+affected+in+dealership+data+theft&articleId=7e6f13
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081211-01
Library of Congress
DC
4/1/2008
Electronic
Records Exposed? Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
A former Library of Congress employee who worked in the HR department and a relative have been charged with stealing the names and SSNs of federal workers and using them to open bogus credit accounts. The accomplice has been indicted by a federal grand jury. Attribution 1
Publication:
News Channel 8
Article Title:
Pair Charged in Identity Theft Targeting Federal Employees
Author: staff
Date Published:
12/11/2008
Article URL: http://www.news8.net/news/stories/1208/576973.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081209-03
1st Metropolitan Mortgage, Empire Equity
FL
12/8/2008
Paper Data
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
200
Someone saw about 200 files from 1st Metropolitan Mortgage and Empire Equity in a recycling site that had SSNs. The applications were from 2002-2004.
Attribution 1
Publication:
CBS12
Article Title:
Social Security Numbers Discarded in Dumpster
Author: Chuck Weber
Date Published:
12/8/2008
Article URL: http://www.cbs12.com/news/mata_4711365___article.html/numbers_deputies.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081209-02
North Cascades Bank
OR
11/15/2008
Electronic
Records Exposed? Yes (Password) Published#
Banking/Credit/Financial
Exposed # of Records Rptd
500
A laptop computer stolen from a car in Portland, Ore., last month contained the names and account numbers of many North Cascades National Bank customers. Bank president Scott Anderson said the computer also included the Social Security numbers of about 500 customers, but authorities believe it’s unlikely that thieves will access the password-protected information. Attribution 1
Publication:
Wenatchee News
Article Title:
North Cascades bank customers notified of security breach
Author: KC Mehaffey
Date Published:
12/9/2008
Article URL: http://wenatcheeworld.com/apps/pbcs.dll/article?AID=/20081209/NEWS04/712099967
ITRC Breach ID
Company or Agency
Location
ITRC20081209-01
Hewlett Packard
US
Est. Date
Breach Type Breach Category Electronic
Business
A laptop was stolen several months ago from a Houston employee that had names and SSNs of some current and former employees that participated in the HP benefits program. The laptop had several thousand records in it. 626 MD residents were affected. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 14 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
IT World
Article Title:
HP, Symantec warn employees after laptop thefts
Author: Robert McMillan
Date Published:
12/11/2008
Article URL: http://www.itworld.com/security/59163/hp-symantec-warn-employees-after-laptop-thefts Attribution 2
Publication: Article Title:
notice to MD AG Hewlett Packard
Author: Paul Henrion
Date Published:
12/3/2008
Date Published:
12/3/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-162144.pdf Attribution 3
Publication:
notice to MD AG
Article Title:
Hewlett Packard Company
Author: Paul Henrion
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-162144.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081208-16
Capstone Companies
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
1,400
An employee accessed a company file in an unsecure way and exposed the names, SSNs and other information of some of the residents living in resident halls managed by Capstone Company, based in AL. 1400 MD residents will be notified. Capstone did not state what facilities were involved and has halls throughout the US. Attribution 1
Publication:
notice to MD AG
Article Title:
Capstone
Author: Tonia Christensen
Date Published:
11/20/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-162135.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-15
TierraNet Support
US
11/11/2008
Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Credit card or debit card information submitted to TierraNet Support via a live chat support session between Aug 14, 2003 and Nov. 11, 2008 may have been obtained by unauthorized persons.
Attribution 1
Publication:
notice to MD AG
Article Title:
TierraNet
Author: Robert Peddycord
Date Published:
11/24/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-162138.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-14
Highmark
US
9/27/2008
Electronic
Business
Records Exposed? Yes Unknown #
An encrypted Excel file was sent to the wrong Highmark Inc. customer and then told to delete the file and destroy any paper copies of the same. It contained names, SSNS, and group billing information.
Attribution 1
Publication:
notice to MD AG
Article Title:
Highmark
Author: Kimberly Gray
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161327.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
10/6/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 15 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-13
CIGNA
US
6/20/2008
Electronic
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
On October 10th, Joyce Musante, Privacy Office Lead for CIGNA, notified the Maryland Attorney General’s Office that a disk sent to a governmental agency by a certified courier on June 20th had been lost. The unnamed courier notified CIGNA on September 9th that the package had been damaged and the contents were missing. Despite an investigation, the disk has not been located. The disk contained medical claims data on an unspecified number of CIGNA members or their dependents, including their names, addresses, Social Security numbers, and medical information. Attribution 1
Publication:
notice to MD AG
Author: Joyce Musante
Date Published:
10/10/2008
Article Title: CIGNA data lost by courier Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161337.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-12
Davita
FL
10/2/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Medical/Healthcare
Exposed # of Records Rptd
0
In the most recent incident, a DaVita facility in Florida was burglarized and desktop computers were stolen. Although the computers were reportedly password-protected, there was no assertion that the data were encrypted. By letter to the Maryland Attorney General’s Office dated November 7th, the company reported that on October 2, the company was able to confirm that patients’ Social Security numbers were on the stolen computers. Although the total number of patients affected was not divulged in the notification, 354 Maryland residents were affected. In its draft notification letter to affected patients, the company writes: The documents may have contained your name, social security number, medical insurance coverage information, and/or other personal and health-related information. Attribution 1
Publication:
notice to MD AG
Article Title:
Davita breach #2
Author: Saliha Greff
Date Published:
11/7/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161396.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-11
Usmp
MD
9/9/2008
Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
873
Marketing agency Usmp reports that personnel files which were on an employee's home computer were inadvertently made available to the public. The company was alerted to the breach on September 9th. Young Lee, Director of Human Resources, noted that the files "likely contained" names, addresses, and Social Security numbers and that 873 individuals could have been affected. Attribution 1
Publication:
notice to MD AG
Article Title:
Usmp breach
Author: Young Lee
Date Published:
10/1/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161328.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-10
National Assoc. of Chain Drug Stores (NACDS)
US
10/7/2008
Electronic
Business
On Oct. 7, 2008, NACDS's scholarship applicant database became publicly accessible through a email link. The information included SSNS.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
160
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 16 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
notice to MD AG
Article Title:
NACDS breach
Author: Phillip Schneider
Date Published:
11/3/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161383.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-09
Wells Real Estate Funds
US
10/6/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
0
Wells Real Estate Funds notified customers that their personal information was on a laptop stolen from an employee's vehicle. By letter dated November 5th to the Maryland Attorney General's Office, Kirk Montgomery, Legal Counsel for Wells, reported that the theft occurred in Suwanee, Georgia on October 6th. Information on the laptop may have included customers' Wells account numbers, third party account numbers, tax identification numbers, Social Security numbers, and specific investment information. 704 customers in Maryland were affected, but the total number of customers with information on the laptop was not indicated in the report. Attribution 1
Publication:
notice to MD AG
Author: Kirk Montgomery
Date Published:
11/5/2008
Article Title: Wells Real Estate Funds Article URL: Wells Real Estate Funds joined the ranks of those notifying customers that their personal information was on a lapt
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-08
Nielsen Mobile
NY
10/20/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Business
Exposed # of Records Rptd
0
On 10/20 Nielsen Mobile learned that a laptop with names, dates of birth and SSNs and other info related to their Flexible spending accounts was stolen from their offices.
Attribution 1
Publication:
notice to MD AG
Author: Brendon Tavelli
Date Published:
11/12/2008
Article Title: Nielsen Mobile Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161389.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-07
Severn School
MD
4/1/2008
Electronic
Records Exposed? Yes Published #
Educational
One or more students accessed the Severn School IT system and downloaded a file with names and SSNS of about 104 students. The flash drive has been since recovered.
Attribution 1
Publication:
notice to MD AG
Author: W Warren Hamel
Article Title: Severn School Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161398.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
11/17/2008
Exposed # of Records Rptd
104
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 17 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-06
Symantec
US
10/18/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
100
Symantec recently notified the Maryland Attorney General's Office that a laptop stolen from an employee's home contained some employees' names, addresses, and social security numbers
Attribution 1
Publication:
IT World
Article Title:
HP, Symantec warn employees after laptop thefts
Author: Robert McMillian
Date Published:
12/11/2008
Article URL: http://www.itworld.com/security/59163/hp-symantec-warn-employees-after-laptop-thefts Attribution 2
Publication:
notice to MD AG
Article Title:
Symantec breach
Author: James Williams
Date Published:
11/13/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161402.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-05
Fed Ex, Howland Capital Mgmt
US
7/25/2008
Electronic
Business
Records Exposed?
Exposed # of Records Rptd
None Other Protection
0
Howland Capital Management has notified the Maryland Attorney General's Office that FedEx notified it at the end of July that a package it had shipped on July 24th containing backup media had not arrived at its intended destination. As of its October 30th letter to the state, the missing backup media had still not been located. Information on clients included names, addresses, driver's license numbers, social security numbers, and account numbers. The missing backup media is password-protected, and according to the notification to the state, "cannot be accessed without a proprietary Sungard Series 7 Trust accounting platform." Attribution 1
Publication:
MD AG notice
Article Title:
Howland Capital breach
Author: Weston Howland
Date Published:
10/30/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161386.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-04
SGS
US
7/10/2008
Electronic
Business
Records Exposed? Yes (Password) Unknown#
On July 10, 2008, a thief stole a briefcase with a company issued laptop from a SGS employee's car. It had names, date of birth and SSNS of employees and subsidiaries who worked for one of those companies as of June 2008. Attribution 1
Publication:
notice to MD AG
Article Title:
SGS breach
Author: Benjamin Rodriguez
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161339.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
10/8/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 18 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-03
Blackbaud, St Margaret Episcopal School
SC
9/19/2008
Electronic
Educational
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
St. Margaret's Episcopal School in San Juan Capistrano reports that personal information on a laptop belonging to their software provider, Blackbaud, was stolen from a Blackbaud employee's vehicle in Charleston, South Carolina. The theft occurred on September 19th when a Blackbaud employee transferred the school's data without permission to a laptop to take home to work on and left the laptop in her car while she went to dinner. It included SSNs, names, credit card numbers and some medical information. The SSNs and credit card numbers were encrypted. 73 MD residents were impacted. Attribution 1
Publication:
notice to MD AG
Author: David Bush
Date Published:
11/12/2008
Article Title: Blackbaud and St. Margaret Episcopal School Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161400.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-02
MasTec
US
9/11/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
MasTec North America discovered that an employee disclosed an HR report to third parties. Both the employee and the third parties have been arrested. The information included names, dates of birth, SSNs, and employee identification numbers. MasTec found out about it on Oct 29. 95 people in MD were affected. Attribution 1
Publication:
notice to MD AG
Author: Virginia Pagliery
Date Published:
11/24/2008
Article Title: MasTec breach Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-162136.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081208-01
World Bank #2
US
11/21/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
On Nov. 21, 2008 a payment record file containing names and bank account numbers of bank employees and individual contractors was mistakenly posted to a public site. A notice was sent to the MD AG's office about the breach. Attribution 1
Publication:
Notice to MD AG
Author: Therese Ballard
Date Published:
12/2/2008
Article Title: World Bank Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-162140.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081205-01
Cal Poly Pomona
CA
11/17/2008
Electronic
Records Exposed? Yes Published #
Educational
A former Cal Poly Pomona student inadvertently accessed personal information of 675 former students including himself in an Internet Google search, officials said. The information includes names, addresses, phone numbers and Social Security numbers for students in 2001, according to Spokeswoman Uyen Mai. Attribution 1
Publication:
Pasadena Star-News
Author: staff
Article Title: Students' data leaked from Cal Poly Pomona Article URL: http://www.pasadenastarnews.com/news/ci_11139423 Copyright 2008 Identity Theft Resource Center
Date Published:
12/4/2008
Exposed # of Records Rptd
675
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 19 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
ITRC20081204-06
Central CA Appellate Program CA
Location
Est. Date
Breach Type Breach Category
11/14/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Unknown#
Business
0
Lawyers who work on indigent appeals for the Central California Appellate Program have been warned that their Social Security numbers and personal information have been stolen. The information was on a backup computer disk in a safe taken by thieves who broke into a storage facility last month, the Recorder reports. The disk was password protected. Attribution 1
Publication: Article Title:
ABA Journal Author: Debra Weiss Stolen Disk Contained Calif. Appellate Lawyers’ Social Security Numbers
Date Published:
12/3/2008
Article URL: http://www.abajournal.com/news/stolen_disk_contained_calif._appellate_lawyers_social_security_numbers/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081204-05
US Army in Germany
US
10/4/2008
Electronic
Government/Military
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
U.S. Army medical officials in southeast Germany waited nearly two months before notifying more than 6,000 beneficiaries of a possible security breach regarding their SSNs and health information which was stored on a lost laptop computer, according to a news release sent Monday from the U.S. Army Medical Department Activity, Bavaria. Officials said similar information on approximately 6,000 other patients also may have been on the missing computer, though they don’t know for sure. The laptop was in a backpack and is encrypted. Attribution 1
Publication:
Stars and Stripes
Article Title:
Army waited to tell of possible security breach
Author: Kevin Doughterty
Date Published:
12/2/2008
Article URL: http://www.stripes.com/article.asp?section=104&article=59159
ITRC Breach ID
Company or Agency
ITRC20081204-04
Golden Chick/First State Bank TX
Location
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
400
Record breaking identity theft numbers have hit Texoma, and the city of Gainesville has seen a drastic increase of debit card fraud, where bank officials say one restaurant has over 400 people left without debit cards. Both Golden Chick Restaurant, where some of the debit cards were used and First State Bank are investigating the cause of the breach. Attribution 1
Publication:
KXII
Article Title:
Bank links multiple identity theft cases to Gainesville restaurant
Author: Rashi Vats
Date Published:
12/2/2008
Article URL: http://www.kxii.com/home/headlines/35421434.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081204-03
Walz, Deihm, Geisenberger, Bucklen & Tennis
PA
11/5/2008
Electronic
Government/Military
Computer hard drives and backup tapes containing the payroll records of more than 20,000 people and businesses were stolen from a car belonging to an employee of a Manheim Township accounting firm, police said. A Walz, Deihm, Geisenberger, Bucklen & Tennis official said Tuesday that the equipment contains the names, tax information, Social Security numbers and other information of its clients' employees and workers at the firm. Bank account info of people who do direct deposit may also be affected.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
20,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 20 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Lancaster Online
Article Title:
Payroll records stolen, firm says
Author: Patrick Burns
Date Published:
12/3/2008
Article URL: http://articles.lancasteronline.com/local/4/230926
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081204-02
Agency for Workforce Innovation
FL
10/30/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
250,000
The state Agency for Workforce Innovation blamed a "security breach" Wednesday for why it accidentally placed the names and Social Security numbers of 250,000 job-seekers on a "test server" that could have been accessed online for 19 days. The only common denominator among the names placed online was that they all got services over the last six years from one of the 81 Florida "career centers" that provide job-training and resources around the state. Attribution 1
Publication:
Orlando Sentinel
Article Title:
State agency put Social Security numbers of 250,000 job seekers online
Author: Aaron Deslatte
Date Published:
12/3/2008
Article URL: http://blogs.orlandosentinel.com/news_politics/2008/12/state-agency-pu.html Attribution 2
Publication:
WFTV
Article Title:
Agency Accidentally Posts 250,000 S.S. Numbers Online
Author: staff
Date Published:
12/2/2008
Article URL: http://www.wftv.com/news/18190154/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081204-01
Economic Research Institute
VA
11/21/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
341
Hundreds of Social Security numbers of former students from all over the northern Adirondacks, including Lake Placid, were released onto the Internet, potentially compromising those people’s credit and financial status, and opening the door to identity theft. Until the numbers were blacked out on Tuesday, the whole world had had access to the Social Security numbers of 341 recipients of the Lake Placid-based Deo B. Colburn Foundation Scholarship for the 2003-04 academic year through the Virginia-based Economic Research Institute’s Web site. The information had possibly been there for years and scholarship recipients information was part of the 2002 foundation's tax return, a public document. Attribution 1
Publication:
Lake Placid News
Article Title:
Personal info on the Web raises identity theft concerns
Author: Heather Sackett
Date Published:
12/4/2008
Article URL: http://www.lakeplacidnews.com/page/content.detail/id/500708.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081201-01
Spicy Pickle in Portage
MI
11/17/2008
Electronic
Records Exposed? Yes Unknown #
Business
Spicy Pickle in Portage is the subject of an investigation of a possible security breach. It appears a hacker may have breached the credit card system. Several dozen cases of credit card fraud have been tracked back to the restaurant so far. Attribution 1
Publication:
WWMT Channel 3
Article Title:
Credit card info stolen from Portage restaurant
Author:
Date Published:
Article URL: http://www.wwmt.com/articles/restaurant_1356370___article.html/portage_michigan.html
Copyright 2008 Identity Theft Resource Center
12/1/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 21 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20081128-01
Longmont restaurants
CO
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
133
Longmont police say thieves may have used up to 100 stolen credit or debit card numbers to rack up more than $100,000 in fraudulent charges. Between 80 and 100 people have reported their account numbers were stolen after they used their cards at up to five local restaurants. It is unclear if the numbers were stolen by someone in the restaurants or if hacking is the cause. Update: Longmont Police Cmdr. Tim Lewis said detectives have analyzed 90 of the 133 reports and that 85 percent of the victims used their credit cards at East Moon Bistro before unauthorized charges started to hit accounts. Attribution 1
Publication:
TimesCall
Author: Pierrette Shields
Date Published:
12/3/2008
Date Published:
11/27/2008
Article Title: Similar ID thefts in other cities Article URL: http://www.timescall.com/news_story.asp?ID=12584 Attribution 2
Publication:
Colorado Wire- CBS Denver
Article Title:
Longmont ID theft case may have 100 victims
Author: AP
Article URL: http://cbs4denver.com/coloradowire/22.0.html?type=local&state=CO&category=n&filename=CO--IdentityTheft.xml Attribution 3
Publication:
TimesCall
Author: Pierrette Shields
Date Published:
11/24/2008
Article Title: Longmont police studying series of ID thefts Article URL: http://www.timescall.com/news_story.asp?ID=12378
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081126-01
Weber State University
UT
11/20/2008
Paper Data
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
69
Police have arrested a man they believe is connected to a break-in at the Shepherd Union Building's mail center between 2 p.m. Thursday and 9 a.m. the following day. Thieves made off with approximately $1,600 in cash, three computers and a postal scale, said WSU spokesman John Kowalewski. Hard-copy records of post office box rental information was also taken from the center. Some of the stolen rental cards contained names, addresses and Social Security numbers for members of the campus community who rented post office boxes in the union building during the past eight years. Attribution 1
Publication:
Deseret News
Article Title:
Man arrested in WSU break-in
Author: Wendy Leonard
Date Published:
11/26/2008
Article URL: http://deseretnews.com/article/1,5143,705265877,00.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081125-03
Starbucks Corp
US
10/29/2008
Electronic
Business
Records Exposed? Yes Published #
Starbucks Corp. confirmed Monday that a laptop containing private information on 97,000 employees was stolen Oct. 29. The information included names, addresses and Social Security numbers, according to an undated memo addressed to affected employees. "The private information of approximately 97,000 U.S. Partners, including yours, was stored on this laptop. At present, we have no indication that the private information has been misused," the memo said. Attribution 1
Publication:
Seattle PI
Article Title:
Missing laptop puts Starbucks workers' data at risk
Author: Dan Richman
Article URL: http://seattlepi.nwsource.com/business/389259_starbucks25.html
Copyright 2008 Identity Theft Resource Center
Date Published:
11/24/2008
Exposed # of Records Rptd
97,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 22 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20081125-02
Children's Hospital Denver, Aurora Revenue Enterprises
CO
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,000
The Children's Hospital and a third-party billing contractor will warn as many as 1,000 families that their credit card information may have been compromised by a former employee. Aurora-based Revenue Enterprises recently terminated an employee that handled billing for The Children's Hospital after it was discovered she used a family's credit card to pay for a vacation in Las Vegas. CEO Tim Brainerd estimated 500 to 1,000 families gave payment information to the employee in question. Attribution 1
Publication:
9 News.com
Author: Colleen Locke
Date Published:
11/23/2008
Article Title: Identity theft traced back to hospital bill Article URL: http://www.9news.com/news/article.aspx?storyid=104477&catid=339
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081125-01
Maryland Department of the Environment
MD
11/12/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
1,367
Police are investigating the theft of two laptop computers containing the names and Social Security numbers of more than 1,300 people who worked at the environmental agency from January 2000 through October 2006. The laptops were reported stolen from the state office building at 300 W. Preston St. in Baltimore on Nov. 12, a spokesman for the MDE, Robert Ballinger, said in a statement yesterday. Attribution 1
Publication:
Chicago Tribune, Baltimore Sun
Author: Nick Madigan
Date Published:
11/22/2008
Article Title: Stolen laptops held data of 1,300 state employees Article URL: http://www.chicagotribune.com/news/local/bal-md.laptop22nov22,0,7434366.story Attribution 2
Publication:
Dept. of Information Technology, State o
Article Title:
Media Advisory, State of Maryland
Author: Robert Ballinger
Date Published:
11/21/2008
Article URL: http://doit.maryland.gov/support/Documents/mde_alert/DOIT_laptop_release.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081124-02
BJ Accessories and Tax Preparation
NC
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
70
New Bern police say a computer stolen from a tax-preparation business in the city this week contains identity information of about 70 people.
Attribution 1
Publication:
ECN Today
Article Title:
Personal information of 70 people stolen from tax office
Author:
Date Published:
11/21/2008
Article URL: http://www.enctoday.com/news/information_42974_nbsj__article.html/tax_police.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081124-01
Wawa Convenience Store
PA
11/18/2008
Electronic
Business
A township gas station attendant has been charged with identity theft for allegedly using a scanning device to steal credit card information from about 40 customers at the Wawa convenience store at Route 130 and Cedar Lane. The Secret Service is involved in the investigation.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
40
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 23 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Burlington County Times
Article Title:
Florence gas attendant charged with identity theft
Author: Danielle Camilli
Date Published:
11/24/2008
Article URL: http://www.phillyburbs.com/pb-dyn/news/112-11232008-1626374.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081121-03
Sundown Mountain Resort
IA
11/9/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
On Tuesday, Sundown Mountain alerted its online customers that their credit card information might have been compromised. General Manager Mark Dietz said the leak appears to have occurred between Nov. 5 and Nov. 9, in the days leading up to the resort's open house when prices for season passes increase by $100. "All we know is something happened through our Web site or Web host," Dietz said. He declined to comment on how many customers were affected but said purchases made over the phone or in person were safe. Attribution 1
Publication:
Th Online
Article Title:
ID thieves hit local Web site
Author: Courtney Blanchard
Date Published:
11/20/2008
Article URL: http://www.thonline.com/article.cfm?id=223447
ITRC Breach ID
Company or Agency
Location
ITRC20081121-02
Jackson Madison CountyEast Intermediate Schools
TN
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
200
A computer disk with the names and SSN of 200 East Intermediate students in the Jackson Madison County school system was stolen from a principal's car. The principal said that it was last year's 6th grade students that may be affected. Attribution 1
Publication:
Jackson Sun
Article Title:
Student SSNs stolen
Author: Tajuana Cheshier
Date Published:
11/21/2008
Article URL: http://www.jacksonsun.com/article/20081121/NEWS01/811210317
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081121-01
Aaron Pena Law Firm
TX
11/20/2008
Electronic
Records Exposed? Yes Published #
Business
A computer and used jump drive from the former law offices of Aaron Pena was found in a pawn shop. On the computer were 627 names and many of their SSN of former Haggar Manufacturing Plant employees that may have been involved in a lawsuit I the late 90's. Attribution 1
Publication:
Channel 5 KRGV, ABC News
Article Title:
NEWSCHANNEL 5 Investigation: Personal Information Found on Pawn Shop Computers
Author: staff
Article URL: http://www.newschannel5.tv/2008/11/20/1001545/Pawn-Shop
Copyright 2008 Identity Theft Resource Center
Date Published:
11/20/2008
Exposed # of Records Rptd
672
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 24 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081120-03
Downeast Community Hospital, Machias
ME
11/11/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Medical/Healthcare
0
Police are trying to figure out how someone stole files from the Downeast Community Hospital in Machias. They washed ashore in a river in Pembroke last week. Hospital officials say they had no idea the files were even missing, until they were contacted by a police officer. Attribution 1
Publication:
WABI TV 5, The CW
Article Title:
Stolen Medical Files
Author: staff
Date Published:
11/18/2008
Article URL: http://www.wabi.tv/index.php?cat_id=4006&url_news4006=http%3A%2F%2Fwww.wabi.tv%2Fmodules%2FNews%2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081120-02
Palo Pinto General Hospital
TX
10/29/2008
Paper Data
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
250
While serving warrants on a Mineral Wells resident, law enforcement officers recently recovered identifying information on more than 200 people apparently stolen from a medical records storage facility. Authorities believe they recovered the material before any identity theft occurred. The papers on about 240-250 included banking and checking account info written to a Gordon clinic in 2004. As to the source of the documents, law enforcement said they believe it came from the recent burglary of Palo Pinto General Hospital’s off-site storage facility. Attribution 1
Publication:
Mineral Wells Index
Author: Lacie Morrison
Date Published:
11/20/2008
Article Title: Wanted man found with stolen personal information Article URL: http://www.mineralwellsindex.com/local/local_story_325095907.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081120-01
Gilbert home developer, Randall Martin
AZ
11/17/2008
Paper Data
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Boxes containing loan applications, Social Security numbers and bank account information for residents of a Gilbert neighborhood dating back to 2005 were discovered in a ransacked model home abandoned by a bankrupt developer. Several Higley Park model homes have been broken into since builder Randall Martin ceased operations. One home even had its garage door stolen, residents say. Attribution 1
Publication:
Arizona Central
Author: Chelsea Schneider
Date Published:
11/18/2008
Article Title: Personal data of Gilbert residents found in model home Article URL: http://www.azcentral.com/community/gilbert/articles/2008/11/18/20081118gr-higleypark1119.html
ITRC Breach ID
Company or Agency
Location
ITRC20081114-02
Tulsa Courts
OK
Est. Date
Breach Type Breach Category Electronic
Government/Military
Records Exposed? Yes Unknown #
A court reporter took her computer home with addresses, SSNs, medical information and other information from documents she was working on. It was stolen from her house. The court reporter is offering a reward for her dog which was also taken. Attribution 1
Publication:
Fox 23
Author: Abbie Alford
Date Published:
11/13/2008
Article Title: Tulsa Court Reporter's Computer Stolen Article URL: http://www.fox23.com/news/local/story.aspx?content_id=ffe4847e-8623-43b7-9f18-29c66c776f3a Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 25 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20081114-01
Naval Reserve Base Ft. Worth
TX
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
8,000
Four suspects are in jail, accused in a complicated scheme to steal money from those serving this country. Euless police say they were part of an identity theft ring in North Texas which targeted thousands of U.S. military troops. A US Petty Officer who worked as an intelligence officer was the group's inside source. She had access to personnel records and all bank information. Attribution 1
Publication: Article Title:
NBC Author: Scott Gordon Military ID Theft Ring Steals More Than $1 Million, Police Say
Date Published:
11/13/2008
Article URL: http://www.nbcdfw.com/news/local/US-Military-Targeted-in-North-Texas-ID-Theft-Ring.html Attribution 2
Publication:
CBS 11
Article Title:
Euless PD: Identity Theft Ring Targeted Troops
Author: staff
Date Published:
11/13/2008
Article URL: http://cbs11tv.com/local/Identity.Theft.Ring.2.863826.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081112-02
Texas A&M #2
TX
11/10/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
46
Texas A&M University-Corpus Christi current and former students' Social Security numbers were exposed for the second time in two weeks Monday, and officials spent several hours scanning university servers for additional privacy leaks. A student notified the university Monday that he saw his name and Social Security number in a list of 46 students who had registered for the online version of an English class taught during the spring 2005 semester. Attribution 1
Publication:
Caller Times
Article Title:
More student data exposed at A&M-CC
Author: Elvia Aguilar
Date Published:
11/11/2008
Article URL: http://www.caller.com/news/2008/nov/11/student-data-accessed-texas-m-cc/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081112-01
University of FL College of Dentisty
FL
10/3/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
university of Florida officials have notified about 330,000 current and former dental patients that an unauthorized intruder recently accessed a College of Dentistry computer server storing their personal information. The breach was discovered October third while college information technology staff members were upgrading the server and found software had been installed on it remotely. Information stored on the server included names, addresses, birth dates, Social Security numbers and, in some cases, dental procedure information for patients dating back to 1990. The FBI is investigating. Attribution 1
Publication:
AM 850
Author: staff
Date Published:
Article Title: Dental School Security Breach Article URL: http://www.am850.com/news/archives/2008/11/dental_school_security_breach.asp Attribution 2
Publication:
UF webstie
Article Title:
University of FL breach- College of Dentistry
Author: website
Article URL: http://privacy.ufl.edu/
Copyright 2008 Identity Theft Resource Center
Date Published:
11/12/2008
Exposed # of Records Rptd
330,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 26 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081111-02
AIG, Medical Excell LLC
US
7/23/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Medical/Healthcare
900,000
A special agent for the FBI and other law enforcement officials announced the arrest of a person who stole a computer server with the personal identifying and health care sensitive information for over 900,000 policy holders and then trying to extort AIG for its return. Attribution 1
Publication:
Wall St. Journal
Article Title:
Express Scripts Data Breach Leads to Extortion Attempt
Author: Sarah Rubenstein
Date Published:
11/7/2008
Article URL: http://blogs.wsj.com/health/2008/11/07/express-scripts-data-breach-leads-to-extortion-attempt/ Attribution 2
Publication:
press office
Article Title:
Law Enforcement unravels extortion scheme and prevents large scale identity theft fraud
Author: US DOJ, FBI
Date Published:
10/1/2008
Article URL: http://indianapolis.fbi.gov/dojpressrel/pressrel08/extortion100108.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081111-01
Sinclair Community College
OH
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Published #
Educational
1,000
Officials at a community college in Dayton say the names and Social Security numbers of almost 1,000 employees who worked at the college in 2000 and 2001 were inadvertently made visible to Web search engines for about a year. It was placed in a computer folder by an employee. Attribution 1
Publication:
Herald Dispatch
Article Title:
Ohio college says employee data posted on Web
Author: AP
Date Published:
11/11/2008
Article URL: http://www.herald-dispatch.com/news/briefs/x2077108845/Ohio-college-says-employee-data-posted-on-Web
ITRC Breach ID
Company or Agency
Location
ITRC20081110-04
Rick Case Acura in Plantation
FL
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
A former employee of a Plantation car dealership pleaded guilty today to mail fraud conspiracy, admitting he supplied personal data from 75 customers to an identity theft ring including names and SSNs. The computers were shipped to victims' home addresses. Knowing the approximate date and time of deliveries, members of the identity theft ring would wait for delivery and claim the computers by presenting fake drivers licenses , prosecutors said. Attribution 1
Publication:
Sun Sentinel
Article Title:
Man admits supplying customers' personal data to ID theft ring
Author: Vanessa Blum
Date Published:
11/10/2008
Article URL: http://www.sun-sentinel.com/community/news/plantation/sfl-1110idtheftring,0,310891.story
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
75
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 27 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081110-03
OnPoint Community Credit Union
MI
10/29/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
A laptop belonging to a Michigan-based auditing firm for OnPoint CCU was stolen on Oct. 29 after the auditors had left OnPoint's offices for the day. The auditors cannot confirm that their employees deleted all OnPoint information from the laptop before leaving the credit union's offices, as required by OnPoint policy. Because of this uncertainty, we are taking a number of precautions, including proactively notifying our members. .. The laptop may have contained member account information, including names, account numbers and balances for certain types of deposit accounts. The information in question did not include any credit card information, debit card information or account passwords. It also did not include Social Security numbers, taxpayer ID numbers, birthdates or other types of information typically used for identity theft. Attribution 1
Publication:
website
Article Title:
On Point Community Credit Union breach notice
Author: Robert Stuart CEO
Date Published:
11/4/2008
Article URL: http://bojack.org/images/onpointletter.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081110-02
Christus Health Care
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
2 computer backup tapes were stolen from an associate's car in a parking lot. They held perhaps thousands of patients in the Christus Health Care system which covers multiple states. The spokeswoman says the tapes contain about four percent of the names of patients from the past couple of years who pay by installment or who owe money. That includes Christus patients here (Beaumont) as well as in Houston, Louisiana, Utah, Arkansas and Mexico, and some patients outside the Christus System. The information includes patient names, social security numbers, demographic information, and in some cases, diagnosis codes. Attribution 1
Publication:
KFDM News
Article Title:
Computer Back Up Tapes Containing Personal Information Stolen
Author: Scott Lawrence
Date Published:
11/7/2008
Article URL: http://www.kfdm.com/news/information_28690___article.html/tapes_patients.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081110-01
Texas A&M Corpus Christi
TX
11/3/2008
Electronic
Educational
Records Exposed? Yes Published #
For the fourth time in two years and the second time in three months, a security breach at Texas A&M University-Corpus Christi has exposed students' or former students' Social Security numbers, university officials said Friday. Through an Internet search on the university's Web site Monday, a student viewed a document that listed admissions applicants from 2005, A&M-Corpus Christi spokesman Marshall Collins said. The page listed 1,430 names and Social Security numbers. Attribution 1
Publication:
Caller Times, caller.com
Article Title:
A&M-CC student data exposed
Author: Stuart Duncan
Date Published:
Article URL: http://www.caller.com/news/2008/nov/07/identity-compromise-m-corpus-christi-again/
Copyright 2008 Identity Theft Resource Center
11/7/2008
Exposed # of Records Rptd
1,430
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 28 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081107-05
North Carolina Division of Health and Human Services
NC
10/25/2008
Electronic
Records Exposed? Yes (Password) Published#
Government/Military
Exposed # of Records Rptd
85,045
A state-owned laptop computer with personal information about 85,045 North Carolina residents was stolen last month in Atlanta, state officials announced today. The information included the full Social Security numbers of 52,391 clients of the state Division of Aging and Adult Services, said Lori Walston, spokeswoman for the state Department of Health and Human Services. It also included personal data about 32,645 additional clients, including the last four digits of their Social Security numbers. The laptop disappeared Saturday, Oct. 25, when a state employee returning from a training conference was unloading luggage from a rental car shuttle at the airport in Atlanta. Attribution 1
Publication: Article Title:
News Observer State failed to encrypt private data
Author: Lynn Bonner
Date Published:
11/14/2008
Date Published:
11/5/2008
Article URL: http://www.newsobserver.com/news/story/1294350.html Attribution 2
Publication:
News & Observer
Article Title:
Personal data of some N.C. residents stolen
Author: staff
Article URL: http://www.newsobserver.com/news/story/1283248.html Attribution 3
Publication: Article Title:
Author:
Date Published:
Article URL:
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081107-04
Bank of America
CA
9/21/2008
Electronic
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
100
Authorities are asking for the public's help in finding a group of suspected "ATM skimmers" who have schemed more than 100 people out of thousands of dollars. The group of three men and a woman are suspected of illegally obtaining ATM card numbers by using card skimmer devices that were attached to about 10 Bank of America branches in Fullerton and Huntington Beach, said Fullerton Police Sgt. Mike MacDonald. Attribution 1
Publication:
Orange County Register
Article Title:
ATM skimmers victimize more than 100 people
Author: Denisse Salazar
Date Published:
11/6/2008
Article URL: http://www.ocregister.com/articles/macdonald-card-atm-2220254-fullerton-numbers
ITRC Breach ID
Company or Agency
Location
ITRC20081107-03
Plymouth County
MA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
A former Plymouth County former inmate is accused of hacking into the prison's computer network and stealing personal information including Social Security numbers for hundreds of former and current prison workers. Between October 2006 and February 2007 he allegedly set up access for himself and other inmates to records for more than a thousand current and former prison employees. Attribution 1
Publication:
Boston Globe
Article Title:
Former Mass. inmate accused of ID theft
Author: AP
Article URL: http://www.wten.com/Global/story.asp?S=9308537
Copyright 2008 Identity Theft Resource Center
Date Published:
11/6/2008
Exposed # of Records Rptd
1,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 29 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081107-02
Henry Brown Buick-PontiacGMC
AZ
10/10/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Business
121
A felon who is a former employee of a Gilbert car dealership is accused of stealing the identities of 121 customers, according to court records. The case in under investigation and may be part of a ring.
Attribution 1
Publication:
AZ Central Republic
Article Title:
Felon accused in ID thefts of car dealership customers
Author: Astrid Galvan
Date Published:
11/7/2008
Article URL: http://www.azcentral.com/news/articles/2008/11/07/20081107idring1107.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081107-01
Pinellas County
FL
2/1/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Government/Military
0
Hundreds of confidential government documents have turned up in trash bags and garbage bins instead of being shredded as required by law, according to a Pinellas County audit. The documents included juvenile and crime victim records, medical information, child abuse records and Ems patient care info from the county court houses, emergency medical services, the sheriff's office, health and human services, the supervisor of elections office and other county agencies contained personal information not intended to be released to the public, Bob Melton, director of the county's Internal Audit Division, said today. Melton said his auditors found the records by searching through outdoor trash receptacles outside 13 county buildings nine months ago. Most of them were in unsecured areas accessible to the public, Melton said. Attribution 1
Publication:
Tampa Tribune
Article Title:
Pinellas Audit Reveals Confidential Files That Missed Shredder
Author: Steven Girardi
Date Published:
11/7/2008
Article URL: http://suncoastpinellas.tbo.com/content/2008/nov/07/pinellas-officials-chided-after-confidential-files/news/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081106-05
Jefferson County
WV
10/30/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
1,600,000
Late last week, Jefferson County Clerk Jennifer Maghan said she unveiled a new online search tool that enabled residents and business professionals to access nearly 1.6 million documents that are stored in her office via their home computers. Attribution 1
Publication: Article Title:
Journal News Web error fallout ongoing
Author: Naomi Smoot
Date Published:
10/31/2008
Article URL: http://www.journal-news.net/page/content.detail/id/511806.html?nav=5006
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081106-04
Express Scripts
US
10/5/2008
Electronic
Medical/Healthcare
Express Scripts (Nasdaq:ESRX), one of the largest pharmacy benefit management companies in North America, today announced that it has received a letter from an unknown person or persons trying to extort money from the company by threatening to expose millions of the company's patients' records. The letter included personal information of 75 members, including their names, dates of birth, social security numbers, and in some cases, their prescription information. The FBI is investigating. Update: Express Scripts announced that a small number of clients have received extortion letters also. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 30 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
SteelGuru
Article Title:
FBI to investigate US Steel pensioners records theft
Author:
Date Published:
12/23/2008
Article URL: http://steelguru.com/news/index/2008/12/21/NzYwNTI%3D/FBI_to_investigate_US_Steel_pensioners_records_theft. Attribution 2
Publication: Article Title:
Trading Markets Author: Globe Newswire Express Scripts Reports New Threats Tied to Data Security Breach
Date Published:
11/11/2008
Date Published:
11/6/2008
Article URL: http://www.tradingmarkets.com/.site/news/Stock%20News/2014820/ Attribution 3
Publication:
CNN Money
Article Title:
Express Scripts Warns of Potential Large Data Breach Tied to Threat
Author:
Article URL: http://money.cnn.com/news/newsfeeds/articles/globenewswire/154067.htm Attribution 4
Publication: Article Title:
Express Scripts website Express Scripts website
Author:
Date Published:
Article URL: http://www.esisupports.com/
ITRC Breach ID
Company or Agency
Location
ITRC20081106-03
GarCo, Garfield County DHS
CO
Est. Date
Breach Type Breach Category Electronic
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
7,000
Garfield County mailed notices to 7,000 people after a Department of Human Services employee took a disk with sensitive data home and then lost it. Those notified are past Human Services program applicants and recipients, and the data included about 267 Social Security numbers. The disk couldn’t be found after an extensive search. Human Services director Lynn Renick said it apparently was thrown away or shredded. Attribution 1
Publication:
GJ Sentinel
Article Title:
GarCo loses data disk
Author: Dennis Webb
Date Published:
11/5/2008
Article URL: http://www.gjsentinel.com/hp/content/news/stories/2008/11/05/110608_3A_personal_data_breach.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081106-02
Sweetwaters on the River
OR
10/3/2008
Electronic
Business
Records Exposed? Yes Unknown #
The computer system of Sweetwaters on the River restaurant in Valley River Inn in Eugene was hacked between June 19 and Oct. 3, the restaurant said Wednesday. The restaurant advises customers who used their credit card at the restaurant between June 19 and Oct. 3 to check all statements for the card used at Sweetwaters to identify unauthorized transactions Attribution 1
Publication:
Portland Business Journal
Article Title:
Restaurant’s computer hacked
Author: staff
Date Published:
Article URL: http://www.bizjournals.com/portland/stories/2008/11/03/daily39.html?t=printable
Copyright 2008 Identity Theft Resource Center
11/5/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 31 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081106-01
Wilmer-Hale Legal Services Center, Harvard
MA
9/23/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
21,000
Over 21,000 clients of the Wilmer-Hale Legal Services Center who sought help in Jamaica Plain have had their personal data-ranging from addresses and social security numbers to sensitive legal intake informationpotentially exposed, the Record learned late last night from Robb London, Associate Director of Communications. The Center is part of the Harvard Law School. The school sent out letters to 21,000 people who may be impacted. A backup tape with 10 years of client intake data was lost on Sept 23. "Each week, IT sends an employee to LSC to take out the data tapes and to transport them to campus for back up. When IT went to back up the tapes two days after they were delivered from LSC, they noticed that only 5 of the 6 tapes were there." Attribution 1
Publication:
Boston Globe
Article Title:
Clients' data missing, Harvard Law warns
Author: Tracy Jan
Date Published:
11/6/2008
Article URL: http://www.boston.com/news/local/articles/2008/11/06/clients_data_missing_harvard_law_warns/ Attribution 2
Publication:
Harvard Law Record
Article Title:
HLS loses sensitive data of 20,000 legal services center clients
Author: Andrew Kalloch
Date Published:
11/6/2008
Article URL: http://media.www.hlrecord.org/media/storage/paper609/news/2008/11/06/News/Hls-Loses.Sensitive.Data.Of.20000.L
ITRC Breach ID
Company or Agency
Location
ITRC20081105-02
AZ Dept. of Economic Security
AZ
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes (Password) Published#
Government/Military
Exposed # of Records Rptd
40,000
The DES has sent a letter to parents telling them 5 password protected backup hard drives for the DES Arizona Early Intervention Program was stolen. DES says the hard drive contains family information, including children's names, insurance info, child disability, date of birth, and social security numbers. The DES reported an October break-in at a public storage unit. Attribution 1
Publication:
Times of the Internet
Article Title:
Info of 40,000 kids on stolen hard drives
Author: UPI
Date Published:
11/4/2008
Date Published:
11/4/2008
Article URL: http://www.timesoftheinternet.com/16932.html Attribution 2
Publication:
KOLD channel 13 Tucson
Article Title:
DES family information stolen
Author: Barbara Grijalva
Article URL: http://www.kold.com/Global/story.asp?S=9291700&nav=menu86_2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081105-01
Baylor Health Care
TX
9/18/2008
Electronic
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
100,000
The Dallas-based company is notifying up to 100,000 patients that their names and other limited information was stored in a laptop computer taken in September from an employees car where it was left overnight. That includes about 7,400 Medicare beneficiaries whose Social Security numbers were on the laptop. Attribution 1
Publication:
Star Telegram
Article Title:
Baylor Health Care System warns some patients of possible identity theft
Author: Maria Perotin
Date Published:
11/5/2008
Date Published:
11/4/2008
Article URL: http://www.star-telegram.com/health/story/1018771.html Attribution 2
Publication:
Dallas Morning News
Article Title:
Baylor Health Care says laptop with patient data stolen
Author: Jason Roberson
Article URL: http://www.dallasnews.com/sharedcontent/dws/dn/latestnews/stories/110508dnbusbaylordatatheft.91bf7e.html
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 32 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20081103-02
Portland VA Hospital
OR
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
1,600
Personal information, including some Social Security numbers, of about 1,600 patients at the Veterans Affairs Medical Center in Portland was inadvertently posted on a public Web site, Portland VA officials said Saturday. The breach also involved patient information from other VA hospitals around the country, but Portland VA spokesman Mike McAleer did not know how many patients were affected nationally. Attribution 1
Publication: Article Title:
The Oregonian Author: Michael Milstein Portland VA hospital mistakenly posts vets' personal data online
Date Published:
11/1/2008
Article URL: http://www.oregonlive.com/news/index.ssf/2008/11/portland_va_hospital_mistakenl.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081103-01
Seattle School District
WA
2/1/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
5,000
The Seattle School District has offered to foot the bill for identity-theft protection for up to 5,000 district employees after the district acknowledged personal information, including Social Security numbers, was inadvertently released to a local union representing some district workers. Included were about 700 members of International Union of Operating Engineers Local 609, which represents custodial, nutritional services, security- and alarm-monitoring workers. The district released the information in an e-mail in February, after the union requested medical-benefit information. Attribution 1
Publication:
Seattle Times
Article Title:
Employee data released by mistake
Author: Charles Brown
Date Published:
11/1/2008
Article URL: http://seattletimes.nwsource.com/html/localnews/2008337468_schoolnames01m.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081031-01
US State Dept
US
3/25/2008
Electronic
Records Exposed? Yes Published #
Government/Military
The State Department has notified approximately 400 passport applicants in the D.C. area of a breach in its database security that allowed a ring of thieves to obtain confidential information so they could fraudulently use credit cards stolen from the mail, officials said. The crime was discovered due to a traffic stop in the DC area. Upon his arrest, the driver, told police that he worked with a co-conspirator who was employed by the State Department and another co-conspirator who worked for the U.S. Postal Service, court documents said. Officers on the scene called American Express about some of the cards in the driver's possession, and were told that they had recently been used and that a fraud alert had been placed on them. The case is still under investigation. Attribution 1
Publication:
Washington Post
Article Title:
State Warns Passport Applicants Of Danger of Credit Card Fraud
Author: Glenn Kessler
Date Published:
10/31/2008
Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/10/30/AR2008103004716_pf.html Attribution 2
Publication:
Assoc Press Google
Article Title:
State Department warns of possible identity theft
Author: Matthew Lee
Date Published:
Article URL: http://ap.google.com/article/ALeqM5i9UJOG_0PXJjxLwKQwYfG1KOBFnQD945K7AO4
Copyright 2008 Identity Theft Resource Center
10/31/2008
Exposed # of Records Rptd
400
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 33 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081029-01
Carneiro, Chumney & Co
TX
8/8/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A laptop stolen from an auditor's residence resulted in the theft of names and SSNs for some people who were in the pension plan managed by Carneiro, Chumney & Co, L.C., an accounting firm in Texas.
Attribution 1
Publication:
notice to MD AG
Article Title:
Carneiro, Chumney & Co, L.C.
Author: Christine Arevalo, ID
Date Published:
9/18/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU159152.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081028-01
Former Oakland Mayor intern
CA
10/12/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
100
A former intern in Oakland Mayor Ron Dellums' office is under investigation for identity theft. Phelicia Williams, 26, of Oakland, allegedly stole bank account information from more than 100 donors to a city-run holiday toy drive, including a dozen high-ranking police officers, police said Monday. Attribution 1
Publication:
San Francisco Chronicle
Article Title:
Ex-Dellums-office intern probed in ID theft
Author: Christopher Heredia
Date Published:
10/28/2008
Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/10/28/BAKN13OSV3.DTL&type=politics Attribution 2
Publication:
San Francisco Chronicle
Author:
Date Published:
Article Title: Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/10/28/BAKN13OSV3.DTL&type=politics
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081027-01
Direct Mortgage
ID
10/26/2008
Paper Data
Banking/Credit/Financial
Records Exposed? Yes Published #
Forty boxes from Direct Mortgage filled with files containing Social Security numbers, bank account numbers, address histories and credit histories of at least 100 people sat unprotected outside a Boise recycling center Saturday. Someone dropped off two pallets stacked with the boxes that contained mortgage and other files. Attribution 1
Publication:
Idaho Statesman
Article Title:
State takes legal action for mortgage files left in the open
Author: Cynthia Sewell
Date Published:
11/12/2008
Date Published:
10/26/2008
Article URL: http://www.idahostatesman.com/business/story/568757.html Attribution 2
Publication:
Idaho Statesman
Article Title:
Boxes full of personal information found unattended in Boise
Author: Cynthia Sewell
Article URL: http://www.idahostatesman.com/164/story/549988.html
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
100
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 34 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
ITRC20081024-01
Aspen Dental office in Nashua NH
Location
Est. Date
Breach Type Breach Category
10/21/2008
Paper Data
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
60
Papers from an Aspen Dental office in Nashua were placed near a trash car for pick up by a local trash hauler but ended up scattered in the streets. The information included confidential and financial records including at least part of the SSN. Attribution 1
Publication:
Nashua Telegraph
Article Title:
Trashed documents raise ID-theft issues
Author:
Date Published:
10/23/2008
Article URL: http://www.nashuatelegraph.com/apps/pbcs.dll/article?AID=/20081023/OPINION01/310239967/-1/opinion
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081022-02
KRM, City of Fresno
CA
10/15/2008
Electronic
Records Exposed? Yes (Password) Published#
Government/Military
Exposed # of Records Rptd
5,700
Fresno police say everything from electronics to personal items was taken from the KRM Fresno office including a computer with confidential information on more than five thousand city employees The Fresno police department is working to catch the people who broke into this business and stole two dozen computers, on one of those hard drives ... Social security numbers, birthdates and addresses of thousands of employees. KRM manages the city's compensation claims. Attribution 1
Publication:
ABC
Author: Sontaya Rose
Date Published:
10/22/2008
Article Title: Security Breach at KRM Management Article URL: http://abclocal.go.com/kfsn/story?section=news/local&id=6462368
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081022-01
Things Remembered, Cole National Group, Luxottica
US
4/1/2008
Electronic
Records Exposed? Yes Published #
Business
Individuals who were employed by Things Remembered from 1998- March, 2005 were notified last week by Cole National Group, Inc. (a Luxottica Group company who also own LensCrafters) that a server containing payroll information from that period had been accessed in April 2008 by an unknown and unauthorized individual. Employees' names, addresses, dates of birth, and Social Security numbers and other data were on the server. Cole has nearly 10,000 employees but the number of affected people was not listed. Update: as of 11/24/08 the Warren County Cyber Crimes Task Force said that the hacker got inside the mainframe and downloaded information of more than 59,000 former workers in potentially all 50 states. The FBI will soon be investigating also. Attribution 1
Publication:
WLWT
Article Title:
Thousands At Risk After Hacker Breaches Computer Mainframe
Author: Eric Flack
Date Published:
11/24/2008
Date Published:
10/14/2008
Article URL: http://www.wlwt.com/news/18055756/detail.html Attribution 2
Publication:
notice to Wisconsin Office of Privacy Pr
Author: Cole National Group I
Article Title: Things Remembered, Cole National Group Article URL: http://privacy.wi.gov/databreaches/pdf/ColeNationalGroup102008.pdf
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
59,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 35 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20081021-10
CIGNA
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
On September 23rd, CIGNA HealthCare informed the Maryland Attorney General’s Office that it had been notified by law enforcement that an individual had stolen some residents’ personal information and used it to file fraudulent tax returns in another state. The individual, who was arrested and charged, is the brother of a former CIGNA employee who stopped working for the company in 2006. The company suspects that the former employee misappropriated personal information including names, addresses, and Social Security numbers of an unspecified number of CIGNA members during his employment. Affected CIGNA members were notified by mail on September 10th and offered free credit monitoring services and ID theft insurance. Attribution 1
Publication: Article Title:
notice to MD AG CIGNA breach
Author: Joyxce Musante
Date Published:
9/23/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU159155.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-09
Mary Washington Hospital
VA
10/17/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
803
A security breach in an online computer system at Mary Washington Hospital exposed the private medical information of some of its maternity patients. A man who tried to use the Fredericksburg hospital's online registration system for his expectant wife said the files for 803 patients were publicly available on the site. On Friday, a hospital official described the breach as an "anomaly." She said the man was the only person to see the files, that he opened only two of them and that he did not print or download any data. Attribution 1
Publication:
Fredericksburg Free Lance Star
Article Title:
Hospital patient data revealed
Author: Jim Hall
Date Published:
10/19/2008
Article URL: http://www.fredericksburg.com/News/FLS/2008/102008/10192008/418223
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-08
Albany Police Dept.
GA
10/17/2008
Paper Data
Government/Military
Records Exposed? Yes Unknown #
A business owner found police records with names and SSNs dumped in the dumpster behind an Albany business. Several officer's names were found on the documents and so the internal investigation continues to determine how this important information was handled improperly. As a matter of practice, police reports include the social security numbers of anyone who gives them information whether it be an auto accident or criminal case. Albany Police believe the report and information found in the dumpster was not from active investigation, but rather cases that have been cleared. Attribution 1
Publication:
WALB
Article Title:
Why weren't documents shredded?
Author: Jennifer Emert
Article URL: http://www.walb.com/Global/story.asp?S=9197424&nav=menu37_2
Copyright 2008 Identity Theft Resource Center
Date Published:
10/17/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 36 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-07
Regal Entertainment Group
US
8/29/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
On September 17, ID Experts notified the New Hampshire Attorney General's Office that a backup tape belonging to Regal Entertainment Group that contained personal data was lost on August 29, 2008. In its notification to those affected, the company writes: We recently learned that individual employees violated established procedures during a routine exercise and lost some supplier's and other individual's data which was contained on a system backup tape. Our investigation indicates that some of your personal information, including your Social Security number, name, and address may have been included in the lost backup tape. However, it is important to note that absolutely no customer or guest data was exposed. Attribution 1
Publication:
notice to NH AG
Article Title:
Regal Entertainment Group
Author:
Date Published:
9/17/2008
Article URL: http://doj.nh.gov/consumer/pdf/regal.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-06
Goodyear AZ
AZ
10/15/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
570
Goodyear is offering identity-theft protection to nearly 570 city employees after a list of their Social Security numbers was stolen from the car of a staffer who had taken the data home. Burglars reportedly took the list late Wednesday while the employee's car was parked at her Glendale home. Attribution 1
Publication:
Arizona Republic
Article Title:
Goodyear to offer ID theft protection after personal data stolen
Author: Elias Arnold
Date Published:
10/17/2008
Article URL: http://www.azcentral.com/news/articles/2008/10/17/20081017swv-idtheft1017-ON.html
ITRC Breach ID
Company or Agency
Location
ITRC20081021-05
FEMA
TX
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
1,000
As many as 1,000 hurricane victims may have had their personal information exposed to a stranger. FEMA says an error by its mailing subcontractor placed one person's aid application under a cover page addressed to another person and each subsequent envelope in the batch was improperly stuffed. FEMA plans to offer monitoring to anyone whose most private data, including social security numbers, bank account numbers, insurance policy numbers and even annual income, was mistakenly sent to another applicant . Attribution 1
Publication:
My Fox Houston
Article Title:
FEMA May Have Exposed Up to 1,000 People's Information
Author: staff
Date Published:
10/16/2008
Article URL: http://www.myfoxhouston.com/myfox/pages/News/Detail?contentId=7662819&version=1&locale=EN-US&layoutCod
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-04
Abstractors Title Company
FL
10/19/2008
Paper Data
Business
A man called Channel 9 after he found a dumpster filled with files that contained people’s name’s, addresses, and social security numbers. The file cabinet apparently was removed the day after the television station filmed the discovery. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 37 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
WFTV Channel 9
Article Title:
Files Containing Personal Records Found In Dumpster
Author: staff
Date Published:
10/19/2008
Article URL: http://www.wftv.com/news/17757815/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-03
Community Bank of the Ozarks
MO
10/17/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
Thieves broke into the main files coded to the bank and allowed them to access hundreds of debit card customers of the Community Bank of the Ozarks.
Attribution 1
Publication:
West Side Star
Article Title:
Local bank contains security breach
Author: Gary Young
Date Published:
10/20/2008
Article URL: http://www.westsidestar.net/homepage/x635403869/Local-bank-contains-security-breach
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-02
Howard University and Hospital
MD
8/25/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
4,122
An employee laptop that was stolen in late August contained names and Social Security numbers of over 4,100 current and former Howard University and Hospital employees in Maryland. This may not be the total number since the school is in Washington, D.C. Attribution 1
Publication:
notice to MD AG
Article Title:
Howard Uni versity and Hospital
Author: Christine Arevalo
Date Published:
9/10/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU159151.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081021-01
CollegeNet - NFLPA
US
9/23/2008
Electronic
Business
Records Exposed? Yes (Password) Unknown#
On September 23, a laptop containing unencrypted personal information was stolen from a CollegeNet employee's locked vehicle in Portland, Oregon. The information contained names, addresses, Social Security numbers, phone numbers, email addresses, dates of birth, and driver's license numbers on 23 Maryland residents who were NFLPA Contract Advisors. CollegeNet processes applications for certification and is a subcontractor for NFLPA Attribution 1
Publication:
notice to MD AG
Article Title:
CollegeNet - NFLPA
Author: Tiffany Sousa
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU159173.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
9/29/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 38 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081017-05
Somerset County - Crisfield Schools
MD
10/7/2008
Paper Data
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
400
Crisfield High School pulled more than 400 IDs citing a situation in which the Social Security numbers of some of students were printed on the cards. The cards were originally distributed Oct. 7.
Attribution 1
Publication:
Delmarva Now
Article Title:
Social Security numbers accidentally printed on school IDs
Author: Earl Holland
Date Published:
10/13/2008
Article URL: http://www.delmarvanow.com/apps/pbcs.dll/article?AID=/20081013/NEWS01/810130301/-1/newsfront2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081017-04
Binghamton University
NY
10/13/2008
Paper Data
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
56
Heading by a dumpster on the campus of Binghamton University a news team inadvertently stumbled upon a pile of official Binghamton university documents containing personal information. All of the files contained Social Security numbers and full names, for fifty-six different people. The ninety-one documents (totaling almost a hundred and fifty pages) were office files from the German Department in the mid-seventies detailing classes, grades, assistant stipends and other personal information including birthdays and addresses. Attribution 1
Publication:
WHRW
Author: Robert Glass
Date Published:
10/14/2008
Article Title: Social Insecurity; Binghamton University puts Private Information in Jeopardy Again Article URL: http://news.whrwfm.org/?q=node/135
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081017-03
Indianapolis Marion County Information Services
IN
10/7/2008
Electronic
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
3,000
The Information Services Agency "inadvertently" disclosed personal information on about 3000 people on the Indianapolis/Marion County website, including full names, birth dates and social security numbers. The individuals involved were charged with minor offenses during 2006 and 2007. Attribution 1
Publication:
WIBC
Article Title:
Agency Admits Posting Personal Information
Author: Stan Lehr
Date Published:
10/15/2008
Article URL: http://www.wibc.com/News/Story.aspx?ID=101162
ITRC Breach ID
Company or Agency
Location
ITRC20081017-02
Leesburg Auto Shop - Tuffy's Auto
FL
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Two men were arrested this week on identity theft charges after state authorities said they stole customers' credit card numbers from a Leesburg auto shop. Investigators are also looking into one of the two men's activities while he was employed at Casselberry's Just Brakes. Attribution 1
Publication:
Orlando Sentinel
Article Title:
Two men arrested for identity theft
Author: Helen Eckinger
Date Published:
10/15/2008
Article URL: http://www.orlandosentinel.com/news/local/lake/orl-lake-county-idtheft-101508,0,7873691.story
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 39 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081017-01
Memphis City Schools
TN
10/7/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Educational
0
Memphis City Schools students will be bringing home letters this week informing parents of a possible security breach at the district office. A school spokesperson says several computers were stolen from the city school's main office on Tuesday, October 7, 2008. Parent Emma Taylor says, "This is the one place that has most of her information medical records, all personal information, government information and someone can use this to start a credit file on her." MCS spokesperson Quintin Taylor tells Eyewitness News the computers were in an area that was not easily accessible. Taylor says,” someone could not just walk in off the street and grab them." When asked if this computer heist was an inside job, Taylor said, "Everything is on the table in this investigation." Attribution 1
Publication:
My Eyewitness News- ABC 24
Article Title:
Computers Stolen from Memphis City Schools Main Office
Author: Tenikka Smith
Date Published:
10/16/2008
Article URL: http://www.myeyewitnessnews.com/news/local/story.aspx?content_id=83bf5410-e29a-4069-a791-08349baf488e
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081010-02
Southwest Mississippi Community College
MS
9/30/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
7,000
More than 1,000 former Southwest Mississippi Community College students’ personal identities have been compromised because of a security breach at the Summit-based school, according to the state Attorney General’s office. According to school officials it was due to an accidental exposure when a computer crashed. Attribution 1
Publication:
WAPT
Article Title:
Web leak entangles 7K SMCC records
Author: staff
Date Published:
10/14/2008
Date Published:
10/10/2008
Article URL: http://www.wapt.com/education/17714137/detail.html Attribution 2
Publication:
Clarian Ledger
Author: Elizabeth Crisp
Article Title: Southwest CC reports security breach Article URL: http://www.clarionledger.com/article/20081010/NEWS/81010010
ITRC Breach ID
Company or Agency
Location
ITRC20081010-01
World Bank Group
US
Est. Date
Breach Type Breach Category Electronic
Banking/Credit/Financial
From Fox News: The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned. It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July. In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month... While it remains unclear how much data has been pilfered from the bank, it's a lot. According to internal memos, "a minimum of 18 servers have been compromised," including some of the bank's most sensitive systems — ranging from the bank's security and password server to a Human Resources server "that contains scanned images of staff documents." ITRC does not know what information was taken and will be watching for updates. UPDATE: World Bank denies breach.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 40 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
IT World
Article Title:
World Bank denies report of massive data breaches
Author: Tim Greene
Date Published:
10/13/2008
Article URL: http://www.itworld.com/security/56024/world-bank-denies-report-massive-data-breaches Attribution 2
Publication: Article Title:
Fox News Author: Richard Behar World Bank Under Cyber Siege in 'Unprecedented Crisis'
Date Published:
10/10/2008
Article URL: http://www.foxnews.com/story/0,2933,435681,00.html
ITRC Breach ID
Company or Agency
Location
ITRC20081009-04
AmeriCredit
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
On September 25, AmeriCredit notified the New Hampshire Attorney General's office that a customer service employee at an unspecified facility had removed and misused the personal information of a "small number of customers" to purchase items on credit. Other customers' data were accessed, but may not have been misused. Also see notice to MD AG at http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU159171.pdf Attribution 1
Publication: Article Title:
notice to NH AG AmeriCredit
Author: Douglass Johnson
Date Published:
9/25/2008
Article URL: http://doj.nh.gov/consumer/pdf/americredit.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081009-03
City of Coral Springs, FL
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
12,120
Upon discovery of unusual account activity on its account with the data services provider, the City of Coral Springs contacted the data services provider and law enforcement. The City of Coral Springs discovered one of its identification numbers and passwords to access the database of the data services provider had been compromised. A notice will be sent out nationwide to affected individuals. The data services provider had names, SSNs, driver's license numbers and dates of birth in its database. They did not disclose the breach date. UPDATE: Notice to Wisconsin OPP reveals that 12,120 consumers were affected Attribution 1
Publication: Article Title:
Author: James Young
Date Published:
9/25/2008
Date Published:
9/24/2008
Coral Springs FL
Article URL: http://doj.nh.gov/consumer/pdf/citycoral.pdf Attribution 2
Publication:
Wisconsin data base
Author: letter to Wisconsin O
Article Title: Coral Springs breach Article URL: http://privacy.wi.gov/databreaches/pdf/CityOfCoralSprings102008.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20081009-02
The Image Group
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
From January to August of this year, hackers were able to access name, credit card/debit card number, expiration date, address and the CVV codes of The Image Group's ONLINE customers via a SQL injection. Over three dozen New Hampshire residents were affected and 258 in MD, but the total number of affected customers was not revealed. Attribution 1
Publication:
notice to NH AG
Author: Lisa Hoverson, CPA/
Article Title: Image Group Article URL: http://doj.nh.gov/consumer/pdf/imagegroup.pdf Copyright 2008 Identity Theft Resource Center
Date Published:
9/29/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 41 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081009-01
University of North Dakota
ND
9/7/2008
Electronic
Educational
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
A laptop computer containing sensitive personal and financial information on more than 84,000 UND alumni, donors and others was stolen last month from a vehicle belonging to a software vendor retained by the UND Alumni Association. The laptop has not been recovered, but the sensitive information, including individuals’ credit card and Social Security numbers, was protected by a data encryption system and other security controls, according to the Alumni Association. Attribution 1
Publication:
Grand Fork Herald
Article Title:
Laptop stolen containing UND Alumni info of 84,000-plus alums, donors, others
Author: Chuck Haga
Date Published:
10/7/2008
Article URL: http://www.grandforksherald.com/articles/index.cfm?id=88793§ion=News&freebie_check&CFID=98764958&CF
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081007-03
Shell Oil
US
9/6/2008
Electronic
Business
Records Exposed?
Exposed # of Records Rptd
Yes Published #
0
Shell Oil noticed early last month that someone had used Shell employee data to file fake unemployment compensation claims with the Texas Workforce Commission (TWC). After investigating, the company determined that an employee of a third-party contractor had misused information from a corporate database, Lebovitz said. "The database included SSNs and records for the majority of Shell United States current and former employees," she said. So far, the thief used employee Social Security numbers to file four false claims. Attribution 1
Publication:
Tech.blorge
Article Title:
Security is a problem with outsourcing as Shell found out
Author: Susan Wilson
Date Published:
10/6/2008
Article URL: http://tech.blorge.com/Structure:%20/2008/10/06/security-is-a-problem-with-outsourcing-as-shell-found-out/ Attribution 2
Publication:
Network World
Author: Robert McMillion, IDG
Date Published:
10/6/2008
Article Title: Shell blames IT contractor for benefits fraud Article URL: http://www.networkworld.com/news/2008/100608-shell-blames-it-contractor-for.html?hpg1=bn Attribution 3
Publication:
notice to MD AG
Article Title:
Shell breach
Author: Julian Dalzell
Date Published:
10/3/2008
Date Published:
10/3/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161329.pdf Attribution 4
Publication:
Shell Oil
Author: staff
Article Title: Shell Oil Staff Alert Article URL: http://www.shell.us/home/content/usa/aboutshell/media_center/hurricane_center/help_site/hr_info/security_notice_
ITRC Breach ID
Company or Agency
Location
ITRC20081007-02
WVA Dept of Administration
WV
Est. Date
Breach Type Breach Category Electronic
Government/Military
Records Exposed? Yes (Password) Published#
Department of Administration spokeswoman Diane Holley says the password protected laptop was taken from an auditor's vehicle in downtown Charleston. It contains payroll and benefits information including names and SSNs for 425 employees of the state Insurance Commission and 110 employees of the Department of Health and Human Resources' Bureau of Medical Services and Child Support Enforcement Division. Attribution 1
Publication:
WOWK TV
Author: Gil McClanahan
Article Title: Stolen Laptop Causes Headaches In State Government Article URL: http://wowktv.com/story.cfm?func=viewstory&storyid=45147 Copyright 2008 Identity Theft Resource Center
Date Published:
10/7/2008
Exposed # of Records Rptd
535
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 42 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
Herald Dispatch
Article Title:
Stolen laptop contains info on 535 WVa workers
Author: AP
Date Published:
10/7/2008
Article URL: http://www.herald-dispatch.com/news/briefs/x487575812/Stolen-laptop-contains-info-on-535-WVa-workers
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081007-01
Hollywood Video - Liberty MO
MO
10/5/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A man who was looking for cardboard boxes discovered piles of papers and personal information that had been left behind in the Dumpster outside the store. It included application papers with names, SSNs and credit card information. Attribution 1
Publication:
WCTV5
Article Title:
Personal ID Info Tossed In Dumpster
Author: staff
Date Published:
10/6/2008
Article URL: http://www.kctv5.com/money/17638057/detail.html - -
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081002-05
Blue Cross/Blue Shield of LA
LA
9/25/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
1,700
The names, addresses, telephone numbers, birth dates and Social Security numbers of more than 1,700 independent agents for Blue Cross and Blue Shield of Louisiana were accidentally included in an e-mail sent to the insurer's agents last week. An e-mail about plans to update an internal operating system contained a spreadsheet attachment that listed personal information for more than 1,700 Blue Cross providers. The independent agents, called producers, whose information was revealed are the same agents who received the message. Instead of pulling only the recipients' e-mail addresses for the mass mailing, the sender included a file with e-mail addresses and other personal data. Attribution 1
Publication:
Times Picayune
Author: Jaqueta White
Date Published:
9/30/2008
Article Title: Insurer leaks personal data to agents Article URL: http://www.nola.com/business/t-p/index.ssf?/base//money-1/1222752071238710.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081002-04
Local Houston Hospital
TX
10/1/2008
Electronic
Records Exposed? Yes Unknown #
Medical/Healthcare
Two laptops containing confidential medical information about Houston-area patients were stolen from a consultant's car parked at a Galleria-area store today and authorities are asking for the public's help find them.
Attribution 1
Publication:
Houston Chronicle
Author:
Article Title: Thieves take laptops with data about Houston patients Article URL: http://www.chron.com/disp/story.mpl/headline/metro/6034789.html
Copyright 2008 Identity Theft Resource Center
Date Published:
10/1/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 43 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081002-03
University of Indianapolis
IN
9/8/2008
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
11,000
A hacker attacked the University of Indianapolis' computer system and gained access to personal information and Social Security numbers for 11,000 students, faculty and staff, the school said. The 4,300-student university's information technology staff and outside computer security experts are investigating the breach, which was discovered Sept. 18 when another institution warned the school. The FBI also was notified. It was not clear whether any data was stolen in the Sept. 8 attack. The records were at least 2 years old. Attribution 1
Publication:
Chicago Tribune
Author: AP
Date Published:
9/30/2008
Article Title: Hacker compromises data on 11,000 at U. of Indy Article URL: http://www.chicagotribune.com/news/chi-ap-in-college-computerb,0,1712225.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20081002-02
Foothills Park and Recreation District
CO
9/29/2008
Electronic
Government/Military
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
The Foothills Parks and Recreation District is contacting customers who may have had their personal information stolen by someone who illegally accessed the district's computer network. Executive Director Ronald Hopp says the access happened sometime in the past week and on Monday they determined that some customer information, including credit card information, may have been compromised. The district noticed unusual activity last week which they believe was caused by a virus introduced to cover up the actions of the intruder. Attribution 1
Publication: Article Title:
9 News- KUSA Author: Jonathan Ashford Parks Web site hacked; personal information may be compromised
Date Published:
10/1/2008
Article URL: http://www.9news.com/news/local/article.aspx?storyid=100894&catid=346
ITRC Breach ID
Company or Agency
Location
ITRC20081002-01
Bank of the West
WA
Est. Date
Breach Type Breach Category Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A real estate agent and her daughter, a VP of Business Development, used personal information from Bank of the West customers to allegedly commit identity theft.
Attribution 1
Publication: Article Title:
TriCity Herald Author: Paula Horton ID THEFT: Kennewick real estate agent pleads guilty
Date Published:
10/1/2008
Article URL: http://www.tri-cityherald.com/945/story/336637.html
ITRC Breach ID
Company or Agency
Location
ITRC20080930-01
VA Hospital Boston
MA
Est. Date
Breach Type Breach Category Electronic
Government/Military
Authorities have arrested three people accused of stealing the identities of disabled veterans living at the Veterans Administration Hospital in Bedford and using the data to make purchases. They allegedly stole checks, credit card and bank account numbers from combat veterans living there and shared the information.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 44 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Boston Herald
Article Title:
3 Lowell residents charged with veterans’ ID theft
Author: AP
Date Published:
9/29/2008
Article URL: http://news.bostonherald.com/news/regional/general/view/2008_09_29_3_Lowell_residents_charged_with_veterans
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080929-01
Virginia State Board of Elections
VA
9/27/2008
Paper Data
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
400
A voter registration person opened an envelope sent by the Virginia State Board of Elections and found hundreds of absentee ballets and voter applications already filled out. The information included SSNs, bank statements, copies of drivers licenses, and passport information from voters in Richmond to Arlington to Chesapeake. The State Board has not yet returned her phone calls. Attribution 1
Publication:
WRIC
Article Title:
Hundreds Of Voter Applications Misplaced
Author: staff
Date Published:
9/28/2008
Article URL: http://www.wric.com/Global/story.asp?S=9086768
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080926-07
Sonoma State University
CA
9/2/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
600
About 600 former Sonoma State University computer science students have had their Social Security numbers exposed to the public through an internal department Web server. A former student accessed the roster of names and Social Security numbers through a networking site opened about six months earlier for people previously enrolled in computer science classes, SSU spokeswoman Susan Kashak said. The Web site was closed to anyone but certain students, and the roster, though stored on the department server, was not directly linked to the site, university officials said. The student apparently found the data using a Web crawler to search for odds and ends, they said. Attribution 1
Publication:
San Francisco Gate/ San Francisco Chr
Author: AP
Date Published:
9/27/2008
Article Title: Computer data breach at Sonoma State University Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/09/27/state/n113151D22.DTL Attribution 2
Publication:
Press Democrat
Article Title:
Former SSU students Social Security numbers exposed
Author: Mary Callahan
Date Published:
9/26/2008
Article URL: http://www.pressdemocrat.com/article/20080926/NEWS/809260290&title=Former_SSU_students_Social_Security_n
ITRC Breach ID
Company or Agency
Location
ITRC20080926-06
Rite Aid
CA
Est. Date
Breach Type Breach Category Paper Data
Business
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Old job applications of hundreds of people who sought employment at a former Rite-Aid drugstore were found tossed into an open dumpster Wednesday behind the now-shuttered store, revealing sensitive information of applicants that included Social Security numbers, phone numbers and addresses. Some of the applications date back to 1996 and 1997, when it was a Thrifty’s drugstore Attribution 1
Publication:
Pasadena Star News
Article Title:
Job applications found in trash
Author: Tracy Garcia
Date Published:
9/24/2008
Article URL: http://www.pasadenastarnews.com/rds_search/ci_10552449?IADID=Search-www.pasadenastarnews.com-www.pas
Copyright 2008 Identity Theft Resource Center
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 45 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080926-05
Heyman Hospice Care
GA
9/26/2008
Paper Data
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
Heyman Hospice Care patient records were found scattered over the streets in West Rome on 9/26,
Attribution 1
Publication:
Rome Newswire.com
Article Title:
Hospice Records All Over Shorter Avenue
Author: staff
Date Published:
9/26/2008
Article URL: http://www.romenewswire.com/index.php/2008/09/26/hospice-records-all-over-shorter-avenue/
ITRC Breach ID
Company or Agency
Location
ITRC20080926-04
PSS World Medical
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
PSS World Medical recently became aware of an unauthorized access to its career board website which may have resulted in the exposure of names, addresses, dates of birth, driver's license numbers and SSNs to posted to that board. 116 NH residents may be affected. They did not list the total number of affected individuals. Attribution 1
Publication:
notice to NH AG
Article Title:
PSS World Medical
Author: Josua De Rienzis, VP
Date Published:
9/15/2008
Article URL: http://doj.nh.gov/consumer/pdf/pss_world_medical.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080926-03
Orbitz Worldwide
US
9/9/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Business
Exposed # of Records Rptd
0
Orbitz Worldwide reported the theft of a password protected laptop from a car of an employee in Chicago. The files may have contained names and SSNs of some of the US based employees.
Attribution 1
Publication:
notice to NH AG
Article Title:
Orbitz Worldwide breach
Author: Alice Geene- VP Lega
Date Published:
9/24/2008
Article URL: http://doj.nh.gov/consumer/pdf/orbitz.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080926-02
TWIC - Transportation Worker Identification
CT
9/20/2008
Electronic
Government/Military
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
Two encrypted laptops containing personal information for the TWIC Program were stolen from an office in New Haven. Homeland Security also said that the data is suppose to be deleted after it is transmitted to Washington. Whoever was responsible obviously broke in the front door but the office door for TWIC has no sign of forced entry. Blood was found, most likely from the break-in. The office manager believes that might mean someone had a key to get in. Neither the FBI or Homeland Security are commenting on the details of the investigation. Attribution 1
Publication:
WTNH- Channel 8 Investigation
Author: Alan Cohn
Article Title: Possible security breach in New Haven Article URL: http://www.wtnh.com/Global/story.asp?S=9067858&nav=menu29_2 Copyright 2008 Identity Theft Resource Center
Date Published:
9/24/2008
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 46 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080926-01
Gloria Jean Coffee
US
9/4/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
511
Gloria Jean's Coffee has notified over 500 customers who placed orders on their web site earlier this month that their credit card information was acquired. In a letter dated September 17th to New Hampshire Attorney General Kelly Ayotte, the California company's CEO, Russ Phillips, wrote: Gloria Jeans Coffee (Gloria Jean's) recently experienced a data security breach in its e-commerce site server hosted by Smith Micro. The intruder was able to access and screen capture the person transaction information and dump the information to an external server and log file. The website was taken down as soon as the intrusion was discovered. No SSNs were involved. Attribution 1
Publication:
notice to NH AG
Article Title:
Gloria Jean Coffee breach
Author: Russ Phillips
Date Published:
9/17/2008
Article URL: http://doj.nh.gov/consumer/pdf/gloria_jean_coffee.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080924-02
Delaware Psychiatric Center
DE
9/4/2008
Electronic
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
Patients who were depositing Social Security checks may have been victims of a breach when their checks and deposit slips were stolen from the trunk of a state vehicle during a deposit run. “We have matching deposit slips and bank deposit receipts for every transaction prior to [and since] this incident,” Jay Lynch, spokesperson, wrote. “Because this is an open investigation by Delaware State Police, it would be inappropriate for us to comment further or offer any facts relating to the incident.” The theft comes just weeks after a special investigation by Delaware Auditor of Accounts R. Thomas Wagner Jr. revealed that DPC staff may have misappropriated money from patient trust funds, spending hundreds of thousands of dollars of patient money with little scrutiny. Each patient at the hospital has a trust fund account, which receives deposits from a variety of sources, including Social Security, veterans benefits, retirement funds, inheritance money and donations from family and friends. Attribution 1
Publication: Article Title:
Delaware Online DPC patients' cash and checks stolen
Article URL:
http://www.delawareonline.com/apps/pbcs.dll/article?AID=/20080923/NEWS/80923023
ITRC Breach ID
Company or Agency
Location
ITRC20080924-01
NV Dept of Information Technology
NV
Author: Lee Williams
Est. Date
Date Published:
Breach Type Breach Category Electronic
Government/Military
9/23/2008
Records Exposed? Yes Unknown #
A Nevada Dept. of Information Technology has been arrested on suspicion of multiple security breaches involving personal identifying information. The state AG said that he used state property for personal benefit. ITRC confirmed this with the state AG and has published the press release from the AG's office. Attribution 1
Publication: Article Title:
Reno Gazette Journal Author: AP State employee accused of security breaches in Carson City
Date Published:
9/24/2008
Article URL: http://www.rgj.com/apps/pbcs.dll/article?AID=/20080924/NEWS01/809240455/1321/NEWS Attribution 2
Publication:
Nevada AG's office. Carson
Article Title:
Press Release from NV AG
Author: Keith Munro, Asst AG
Article URL:
Copyright 2008 Identity Theft Resource Center
Date Published:
9/23/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 47 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080923-02
Antonio Stone, First Convenience Bank
TX
Est. Date
Breach Type Breach Category Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Antonio Stone has been sentenced for organizing and running a counterfeit check and identity theft operation. He recruited bank insiders to steal consumer information that was then used to create checks and phony IDs. One of the people involved worked at First Convenience Bank Attribution 1
Publication:
Dallas Business Journal
Article Title:
Dallas man sentenced to eight years for I.D. theft & bank fraud
Author:
Date Published:
9/19/2008
Article URL: http://www.bizjournals.com/dallas/stories/2008/09/15/daily73.html
ITRC Breach ID
Company or Agency
Location
ITRC20080923-01
BetOnSports.com
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
150
An employee of the offshore Internet gambling website BetOnSports.com has pleaded guilty to charges stemming from his role in a large Internet-based identity theft ring. He was employed in the credit dept. and stole the PII of at least `50 victims including names, mother's maiden names, SSNs, credit card numbers and the 3 digit security codes. The information was used by other ring members. Attribution 1
Publication:
North County Gazette
Article Title:
Cops: Internet Gambling Employee Stole IDs
Author: staff
Date Published:
9/19/2008
Date Published:
9/18/2008
Article URL: http://www.northcountrygazette.org/2008/09/19/internet_id/ Attribution 2
Publication:
Press Release
Article Title:
DOJ Press Release
Author: USDOJ
Article URL: http://www.usdoj.gov/usao/nys/pressreleases/September08/kalonjipleapr.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080922-01
Texas A&M
TX
9/10/2008
Electronic
Educational
Records Exposed? Yes Published #
Texas A&M University officials reported on Friday that Social Security numbers of more than two dozen A&M Corpus Christi students have been compromised. A news release from the University reported a class roster was among some documents located on a computer server that was hacked last week. The class roster was for Economics-2301 held during the first summer session of 2004. Officials don't think the information was accessed by anyone outside the university. Attribution 1
Publication:
KIII TV South Texas
Article Title:
A&M CC Reports a Hacker Has Been at Work
Author: Richard Longoria
Article URL: http://www.kiiitv.com/news/local/28671789.html
Copyright 2008 Identity Theft Resource Center
Date Published:
9/19/2008
Exposed # of Records Rptd
31
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 48 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080918-03
Dream Academy, Benton Harbor
IN
9/14/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
200
Vandals broke into Dream Academy over the weekend. It's a new charter school that opened last week. They stole personal information belonging to both students and parents. The records contain the personal information of both students and parents. "They took close to 200 plus student records that include the enrollment packet itself in addition to Social Security cards, birth certificates, shot records, and parent IDs like driver's licenses," said a school official Attribution 1
Publication:
WSBT
Author: Sarah Rice
Date Published:
9/17/2008
Article Title: Vandals break into Benton Harbor school and steal student records Article URL: http://www.wsbt.com/news/local/28551409.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080918-02
Oklahoma Dept. Of Human Services
OK
9/11/2008
Paper Data
Records Exposed? Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
Officials with the Oklahoma Department of Human Services are blaming human error for allowing some confidential records to get into the hands of the general public. The owner of an Oklahoma City check-cashing establishment discovered the records late last week, stuffed into the back of a file cabinet which the state had sold as surplus. Found among the files were such items as names and Social Security numbers for children as young as two, as well as payroll information on the worker to whom the case files belonged. Attribution 1
Publication:
Talk Radio 1520 KOKC
Author:
Date Published:
9/18/2008
Article Title: DHS loses some files Article URL: http://www.1520kokc.com/localnews/Channels/Story.aspx?ID=1027154
ITRC Breach ID
Company or Agency
Location
ITRC20080918-01
ATF -Alcohol, Tobacco, Firearms
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Government/Military
Over a five-year period, the Bureau of Alcohol, Tobacco, Firearms and Explosives lost dozens of weapons and hundreds of laptops that contained sensitive information, according to a scathing report issued yesterday by the Justice Department. Of the 20 missing laptops for which information was available, ATF indicated that seven -35 percent -- held sensitive information. One missing laptop, for example, held "300-500 names with dates of birth and Social Security numbers of targets of criminal investigations, including their bank records with financial transactions." Attribution 1
Publication:
Washington Post
Article Title:
ATF Lost Guns, Computers, 418 Computers Vanished in 5 Years, Contents Largely Unknown
Author: Holly Watt
Date Published:
9/18/2008
Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/09/17/AR2008091703662_pf.html
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 49 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080917-03
Bon Secours DePaul Medical Center
VA
4/1/2008
Electronic
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
Authorities say they stopped a local identity theft ring involving an emergency room clerk who stole patient data, a civic league official who is accused of using his neighbors’ personal information and two car salesmen accused of orchestrating the scam. The FBI said six people have been charged, including one suspect arrested this week, in a scam that was stopped within weeks of its discovery. One of the six – the hospital clerk – has since pleaded guilty. She stole patent records as a registrar from Bon Secours DePaul Medical Center between Oct 2007 and April 2008. Attribution 1
Publication:
Virginia Pilot
Author: Tim McGlone
Date Published:
9/16/2008
Article Title: Six charged in local identity theft ring, 1 pleads guilty Article URL: http://hamptonroads.com/2008/09/six-charged-local-identitytheft-ring-1-pleads-guilty?t=1221679554
ITRC Breach ID
Company or Agency
Location
ITRC20080917-02
Texas Lottery
TX
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
89,000
The TX Lottery Commission said the employee had gained access to information about "certain TLC employees, certain licensed retailers, and certain prize winners." Update: A computer analyst has been arrested for copying the personal data of more than 27,075 lottery winners. Also included were the names, Social Security numbers and, in some cases, bank routing and account numbers of 639 current and former commission employees and 534 lottery retailers. Update: 10/31-- They discovered sensitive data on 27,000 individuals, the majority of them winners. Subsequent searches turned up data on 78,000 additional individuals, including 62,000 winners. Attribution 1
Publication:
Houston Chronicle Austin
Article Title:
Data on lottery winners copied
Author: Lisa Sandberg
Date Published:
10/31/2008
Date Published:
9/23/2008
Date Published:
9/11/2008
Article URL: http://www.chron.com/disp/story.mpl/headline/metro/6089177.html Attribution 2
Publication:
KTEN 10 Texas
Author: AP
Article Title: Ex-Lottery employee arrested for copying data Article URL: http://www.kten.com/Global/story.asp?S=9055968 Attribution 3
Publication:
Houston Chronicle
Article Title:
Criminal probe of ex-Lottery employee launched
Author: Jay Root, AP
Article URL: http://www.chron.com/disp/story.mpl/ap/tx/5996169.html
ITRC Breach ID
Company or Agency
Location
ITRC20080917-01
Forever 21
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Law enforcement recently informed Forever 21 that its systems may have been illegally accessed to obtain customer payment card information. They have determined that this incident may have affected a subset of customers who shopped at stores on the following nine dates: March 25, 2004; March 26, 2004; June 23, 2004; July 2, 2004; July 3, 2004; August 4, 2007; August 5, 2007; August 13, 2007; and August 14, 2007. In addition, the incident may have affected customers who shopped at the Fresno, California store located at 567 E. Shaw Ave. between November 26, 2003 and October 24, 2005. Attribution 1
Publication:
StoreFrontBackTalk.com
Article Title:
Forever 21: Assessor Missed 5-Year-Old Transaction Data
Author: Evan Schuman
Article URL: http://storefrontbacktalk.com/story/100208foreever
Copyright 2008 Identity Theft Resource Center
Date Published:
10/2/2008
Exposed # of Records Rptd
98,930
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 50 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
The Consumerist
Article Title:
98,930 Affected In Forever 21 Data Breach
Author: Ben Popken
Date Published:
9/15/2008
Article URL: http://consumerist.com/5050173/98930-affected-in-forever-21-data-breach Attribution 3
Publication: Article Title:
Market Watch Forever 21 Press Release
Author: Forever 21
Date Published:
9/12/2008
Article URL: http://www.marketwatch.com/news/story/forever-21-provides-notice-customers/story.aspx?guid={AB848540-2C15-4
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080915-03
Marshall University
WV
8/22/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
200
The names and Social Security numbers of nearly 200 Marshall University students were openly available on the Internet, according to school officials. On Aug. 22, the university discovered that the information of 198 students "associated with the College of Education in 2004" had been available on a student's personal Web page. Attribution 1
Publication: Article Title:
Charleston Daily Mail Marshall students' info revealed online
Author: staff
Date Published:
9/11/2008
Article URL: http://dailymail.com/News/200809110226
ITRC Breach ID
Company or Agency
Location
ITRC20080915-02
Rockwood School District
MO
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Educational
0
Anyone who applied online for some positions with the Rockwood School District from 2005 through this year may have had their personal information, including Social Security number, made accessible on the Internet.
Attribution 1
Publication: Article Title:
St Louis Today- St Louis Post Dispatch Author: Valerie Schremp Hah Jobseekers' data compromised, Rockwood schools report
Date Published:
9/13/2008
Article URL: http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycounty/story/DC111A3086110713862574C3000D5DC6?
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080915-01
Tennessee State University
TN
9/9/2008
Electronic
Records Exposed? Yes Published #
Educational
A flash drive containing financial information and Social Security numbers of more than 9,000 students was reported missing from the Tennessee State University campus on Sept. 9. The flash, which contained financial records of TSU students dating back to 2002, was last seen the previous evening. Attribution 1
Publication: Article Title:
Black College Wire Author: staff Tennessee State Univ. Loses 9,000 Students' Social Security Numbers
Date Published:
9/14/2008
Article URL: http://www.blackcollegewire.org/index.php?option=com_ywp_blog&task=view&id=5590&Itemid=28
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
9,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 51 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080912-01
University of Iowa
IA
8/11/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
500
The names and Social Security numbers of about 500 University of Iowa engineering students may have been stolen around Aug. 11 by hackers looking to use the machine as a server from which other users could access music and movies. Names and SSNs were involved. Attribution 1
Publication:
Des Moines Register
Article Title:
U of I students' information was on breached computer
Author: Ben Fornell
Date Published:
9/12/2008
Article URL: http://www.desmoinesregister.com/apps/pbcs.dll/article?AID=/20080912/NEWS/809120370/-1/ENT06 Attribution 2
Publication:
College
Article Title:
Notice of UI site
Author: staff
Date Published:
9/11/2008
Article URL: http://www.me.engineering.uiowa.edu/news/newsDetail.php?newsID=214
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080911-01
Franklin Savings Security Bank
OH
8/15/2008
Electronic
Banking/Credit/Financial
Records Exposed? Yes Published #
Exposed # of Records Rptd
25,000
Letters are going out to customers of Franklin Savings and Loan, one of Cincinnati's oldest banks. The Blue Ash-based Franklin Savings has eight branches: are in Anderson and Delhi Township, Blue Ash, Obryonville, Roselawn, Forest Park, Sharonville, and Western Hills. Franklin said hat 25,000 customers may have had info accessed by a hacker. Customer records included name, address, telephone number, bank account number and balance, as well as Social Security number. Attribution 1
Publication:
Franklin Savings website
Article Title:
web info
Author: Gretchen Schmidt, Pr
Date Published:
9/10/2008
Article URL: Customer records included name, address, telephone number, bank account number and balance, as well as Socia Attribution 2
Publication:
WCPO
Author: John Matarese
Date Published:
9/10/2008
Article Title: Countrywide, Franklin Savings Security Breach Article URL: http://www.wcpo.com/content/news/localshows/dontwasteyourmoney/story.aspx?content_id=af377e35-f032-4259-a
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080910-12
United Bancorp of WYParent Company
US
7/30/2008
Electronic
Banking/Credit/Financial
Records Exposed?
Exposed # of Records Rptd
None Other Protection
0
Various banks from the parent company of United Bankcorp of WY had data tapes lost in transit to a storage facility. They need specialized equipment to read but had names, SSNs and account numbers on them. Included on the list are United Bank of Idaho, First Bank of Pinedale, Sheridan State Bank and Jackson State Bank and Trust. This data has been reported to the MD AG. Attribution 1
Publication:
notice to MD AG
Author: Amy Lovell
Article Title: Sheridan State Bank plus others Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157553.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
8/20/2008
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 52 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080910-11
University of Pittsburgh
PA
8/11/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Educational
0
University of Pittsburgh and city police are investigating the theft of a laptop computer with the Social Security numbers of alumni from the College of Business Administration.
Attribution 1
Publication:
Pittsburgh Tribune Review
Article Title:
Police: Pitt laptop stolen with Social Security numbers
Author: Bill Zlatos
Date Published:
9/9/2008
Article URL: http://www.pittsburghlive.com/x/valleyindependent/teenscene/s_587340.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080910-10
CareFirst Blue Cross/Blue Shield
US
7/18/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
289
On July 18, 2008, the Privacy Office of CareFirst BlueCross BlueShield (CareFirst) was advised of a security breach by the Blue Cross and Blue Shield Association. The Blue Cross Blue Shield Association (BCBSA) shipped, via UPS, three compact disks containing the personal health information of 289 CareFirst members to an agent of the U.S. Office of Personnel Management. This information was not received by the agent. Attribution 1
Publication:
notice to MD AG
Article Title:
Care First, Blue Cross/Blue Shield
Author: Elizabeth Shughrue,
Date Published:
7/25/2008
Article URL: According to a letter [pdf] sent to the Maryland Attorney General's office by Elizabeth Shughrue, Privacy and Compl
ITRC Breach ID
Company or Agency
Location
ITRC20080910-09
COIL, Communities Organized to Improve Life
MD
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
47
Communities Organized to Improve Life (COIL) discovered in July that some employee payroll information wound up on the internet after it had terminated an employee who had access to the payroll information in May. According to its notification letter to the Maryland Attorney General's office, after terminating three employees in May, COIL discovered that some payroll files an employee had access to were missing from the administrative area and that remaining files were in disarray. Attribution 1
Publication:
notice to MD AG
Author: Monte Fried
Date Published:
7/31/2008
Article Title: COIL Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157411.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080910-08
Bear, Stearns Corp, JP Morgan Chase
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
J. P. Morgan Chase's Executive Director, Stephen I. Winer, has notified the Maryland Attorney General's office that Bear, Stearns Security Corp. inadvertently disclosed some client data to two other broker/dealer firms who should not have had access to the data. The information included the clients' names, account numbers, and addresses, but not their social security numbers or date of birth. Attribution 1
Publication:
notice to MD AG
Author: Stephen Winer, Esq
Article Title: Bear, Stearns Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157551.pdf Copyright 2008 Identity Theft Resource Center
Date Published:
8/29/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 53 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20080910-07
Union Insurance Company
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed?
Exposed # of Records Rptd
None Other Protection
0
Property and casualty insurance company Union Insurance Company has notified the Maryland Attorney General's office that electronically stored data on customers was stolen from its office in Irving, Texas. The data, which included names, social security numbers, and/or driver's license numbers, were secured with user id/password protection as well as being stored in a format that presumably would not be easily readable by anyone without specialized knowledge of how the files could be read. 3 people in MD were affected. Attribution 1
Publication:
notice to MD AG
Article Title:
Union Insurance Co
Author: Edmund Hemmerick
Date Published:
8/18/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157544.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080910-06
Rotenberg Meril Solomon Bertiga & Guttilla -College
MD
7/31/2008
Electronic
Records Exposed? Yes Unknown #
Educational
Exposed # of Records Rptd
0
On August 22, the College Board notified the Maryland Attorney General's office that a laptop under the control of an employee of its auditing firm, Rotenberg Meril Solomon Bertiga & Guttilla was stolen from the employee's vehicle on July 31. The laptop contained names, addresses, and social security numbers of 174 employees of College Board who had 401(a) retirement plans. There was no indication in the report whether the data were encrypted. Attribution 1
Publication:
notice to MD AG
Article Title:
Rotenberg Meril Solomon Bertiga & Guttilla -College Board
Author: Latifa Stephens
Date Published:
8/21/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157543.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080910-05
CPA in Baltimore, Larry Strauss
MD
4/23/2008
Electronic
Records Exposed? Yes Published #
Business
A CPA had a laptop stolen from his car in San Francisco on April 23, 2008. It had about 100 clients information on it. The information was in the form of completed tax returns from previous years and 2007 and was not encrypted. It included names, SSN, EINs and the financial information found on returns. Attribution 1
Publication:
notice to MD AG
Article Title:
CPA has laptop stolen
Author: Larry Strauss
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157538.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
8/21/2008
Exposed # of Records Rptd
100
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 54 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080910-04
State Farm Insurance #2Surprise Insurance Agency
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
State Farm reported a second breach related to an Arizona agent hiring an individual who fraudulently used customer information to apply for State Farm Bank Visa credit cards. All customers of that particular State Farm agent in Surprise, Arizona are being alerted to the potential problem. They have notified 45 State AG's of the problem. Customers' Social Security numbers, driver's license numbers, addresses and possibly financial account numbers could have been accessed. Attribution 1
Publication:
Az Central
Author: Erin Ziomek
Date Published:
9/13/2008
Article Title: Security breach at State Farm in Surprise exposes customers to ID fraud Article URL: http://www.azcentral.com/community/westvalley/articles/2008/09/13/20080913gl-nwvstatefarm0913.html Attribution 2
Publication:
notice to MD AG
Article Title:
2nd State Farm Breach
Author: Debra Vesey, CPO
Date Published:
8/21/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157542.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080910-03
State Farm Insurance
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
State Farm Insurance recently reported two security breaches to the Maryland Attorney General's office. The first breach involved a problem with its online employment application system at statefarm.com that may have led to the acquisition of personal information of applicants. Information included current address, social security number, driver's license number, and any previous names the applicant provided (but not their current name). The precise nature of the problem was not described. Attribution 1
Publication:
notice to MD AG
Article Title:
first State Farm breach
Author: Debra Vasey, VP Ope
Date Published:
8/21/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157542.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080910-02
HSBC Auto Finances
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
HSBC Auto Finances files may have been taken in an unauthorized manner by a former employee prior to separation from the company. The information includes name, account number for loan and in some cases the SSN. Attribution 1
Publication:
notice to MD AG
Article Title:
HSBC Auto Finances internal theft
Author: Paula Ferguson
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157431.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
7/28/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 55 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080910-01
Macro International
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
Macro International is a marketing and research company. They recently notified the Maryland Attorney General's office that an individual or individuals used credentials (e.g., user/pass) assigned to Macro International employees to access a database that "contains information on most people in the United States. The database is compiled and maintained by one of our business partners, and is used by many companies nationwide." The information they collect include names, SSNs, and other PII. Guy Garnett, Macro's VicePresident. reported that the company had detected an unusual pattern of search activity and that its investigation revealed that the unauthorized access occurred between December 2007 and March 2008. Attribution 1
Publication: Article Title:
Macro notice to MD AG Macro International notification letter
Author: Guy Garnett, VP
Date Published:
7/23/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157422.pdf
ITRC Breach ID
Company or Agency
ITRC20080909-03
Perry's Liquor Store in Athens GA
Location
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
Local and federal authorities say they have cracked an identity-theft ring that cloned the credit cards of people in the Athens area, allowing thieves to go on a multistate shopping spree. He stole the information while working at an Athens Liquor store. Attribution 1
Publication: Article Title:
WSB Radio Author: Liquor Store Clerk Busted for Huge ID Theft Operation
Date Published:
9/10/2008
Date Published:
9/9/2008
Article URL: http://wsbradio.com/news/091008idthefts.html Attribution 2
Publication:
Augusta Chronicle
Article Title:
Police arrest Athens man in identity theft
Author: staff
Article URL: http://chronicle.augusta.com/stories/090908/met_472505.shtml
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080909-02
Univ. of Texas MD Anderson Cancer Center
TX
3/29/2008
Electronic
Medical/Healthcare
Records Exposed? Yes Unknown #
A 26-year-old former clerk at the University of Texas M.D. Anderson Cancer Center is being sought on charges that she stole identities of hospital patients, prosecutors said Monday.
Attribution 1
Publication:
Houston Chronicle
Article Title:
M.D. Anderson clerk accused of ID theft
Author: Brian Rogers
Date Published:
Article URL: http://www.chron.com/disp/story.mpl/metropolitan/5990835.html Attribution 2
Publication: Article Title:
KTRK
Author:
Article URL: http://abclocal.go.com/ktrk/story?section=news/local&id=6377731
Copyright 2008 Identity Theft Resource Center
Date Published:
9/8/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 56 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080909-01
Sears National Bank
FL
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A fraud prevention specialist for Sears National Bank in Florida used her position to obtain person information and commit identity theft.
Attribution 1
Publication:
Phoenix Business Journal
Article Title:
ID theft case nets 6-year sentence, $11,180 payment
Author: staff
Date Published:
9/8/2008
Article URL: http://www.bizjournals.com/phoenix/stories/2008/09/08/daily15.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080908-07
Southwest Medical Association
NV
8/29/2008
Paper Data
Medical/Healthcare
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A man bought the contents of an abandoned storage unit and found thousand of medical charts listed to Southwest Medical. The Association's phone number is out of service.
Attribution 1
Publication:
Las Vegas Now
Article Title:
Man Finds Thousands of Medical Records in Storage Unit
Author: staff
Date Published:
8/29/2008
Article URL: http://www.lasvegasnow.com/Global/story.asp?S=8925605&nav=menu102_2
ITRC Breach ID
Company or Agency
Location
ITRC20080908-06
Boulder Community Hospital
CO
Est. Date
Breach Type Breach Category Paper Data
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
178
Boulder Community Hospital cannot locate copies of patient-intake forms from people who visited the Occupational Health and Therapy Services Department in April, May and June.
Attribution 1
Publication:
Daily Camera
Article Title:
Patient information missing from Boulder Community Hospital
Author: Heath Urie
Date Published:
9/4/2008
Article URL: http://www.dailycamera.com/news/2008/sep/04/patient-information-reported-stolen-boulder-commun/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080908-05
Erie County Health Facility
NY
8/29/2008
Electronic
Government/Military
Records Exposed? Yes Unknown #
The Erie County Executive's office issued a statement Friday announcing a county laptop computer was reported stolen from a county health facility at 608 William Street. The county says the theft appears to have occurred on or about August 28th. Personal private information was on the laptops. Attribution 1
Publication:
WBEN
Article Title:
County Owned Laptop Stolen
Author: staff
Article URL: http://www.wben.com/news/fullstory.php?newsid=10751
Copyright 2008 Identity Theft Resource Center
Date Published:
9/5/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 57 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080908-04
St Joseph's Academy
LA
7/21/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
7,000
Thousands of personal records were briefly at risk this summer when an intruder placed a malicious link on the Web site of St. Joseph’s Academy in Baton Rouge. Earlier this week, the all-girl Catholic high school sent out about 7,000 letters to anyone who might have been affected, including students, parents, teachers, staff as well as alumnae going back to the class of 1985. As for alumnae, the school notified by mail only those alumnae for whom the school had Social Security numbers, she said. Attribution 1
Publication:
2 the Advocate
Author: Charles Lussier
Date Published:
8/30/2008
Article Title: Malicious link leaves St. Joseph’s site exposed Article URL: http://www.2theadvocate.com/news/27686959.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080908-03
National Technical Institute for the Deaf - RIT
NY
8/25/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
13,800
RIT officials say that a laptop with personal information was recently stolen from the National Technical Institute for the Deaf. According to a notice posted on the RIT website, it was stolen on August 25th, and the information includes names, dates of birth and Social Security numbers. Officials say it does NOT affect the entire RIT community, but it does include about 12,700 people who have applied to enroll at NTID since 1968. Another 1,100 members of the RIT community have also been impacted. RIT says that letters were mailed to all of those affected. RIT- Rochester Institute of Technology Attribution 1
Publication: Article Title:
WHAM Author: Laptop With Personal Data Stolen From NTID
Date Published:
9/8/2008
Article URL: http://www.wham1180.com/cc-common/news/sections/newsarticle.html?feed=&article=4172099 Attribution 2
Publication:
Rochester Institute of Technology
Article Title:
RIT Press Release
Author:
Date Published:
9/5/2008
Article URL: http://www.rit.edu/news/?v=46283
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080908-02
Local Government Center
NH
8/6/2008
Electronic
Government/Military
Records Exposed?
Exposed # of Records Rptd
None Other Protection
0
The Concord police arrested a former Local Government Center employee yesterday, accusing her of removing computer backup tapes and manipulating computer information at the organization. The Local Government Center - which administers benefit plans for public employees - maintains databases that include personal information for public employees throughout the state, including Social Security numbers and medical information, according to the police. The data in question had the potential to affect an estimated 190,000 current and former public employees, the police said. The police said that "specialized equipment" was necessary to read the tapes. Attribution 1
Publication:
Concord Monitor
Author: Sarah Liebowitz
Date Published:
9/6/2008
Article Title: LGC employee arrested over missing data Article URL: http://www.concordmonitor.com/apps/pbcs.dll/article?AID=/20080906/FRONTPAGE/809060436
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 58 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080908-01
Puyallup Service Station
WA
9/1/2007
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
83
The debit accounts of at least 80 people have been compromised in a skimming scheme at a Puyallup service station that has netted the thieves at least $83,000. Police say victims are still coming forward. Puyallup police, the Pierce County Sheriff's Department and several banks are working to identify those who stole the debit-card information last summer and cashed in only during this past Labor Day weekend. They believe someone set up a "skimmer" at an Arco gas-pump debit machine in August and September 2007, said Puyallup police Sgt. Ryan Portmann. More calls are coming from another nearby Arco station. It is unclear if the cases are connected. Attribution 1
Publication: Article Title:
Seattle Times Author: Noelene Clark Puyallup debit-card scam nets at least 80 victims
Date Published:
9/6/2008
Article URL: http://seattletimes.nwsource.com/html/localnews/2008162169_gasstation06m.html
ITRC Breach ID
Company or Agency
Location
ITRC20080907-03
Keizer Lowe's
OR
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
Police has discovered 2 Lowe's employee lists in another employee's home including names, SSNs and hire dates of current and former employees. He has been arrested
Attribution 1
Publication: Article Title:
Statesman Journal Author: Tracy Loew Man accused of identity theft involving store
Date Published:
9/2/2008
Article URL: http://www.statesmanjournal.com/apps/pbcs.dll/article?AID=/20080902/NEWS/809020338/1001/NEWS
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080907-02
Ivy Tech Community College
IN
7/31/2008
Electronic
Records Exposed? Yes Published #
Educational
On July 31, 2008, we learned of an internal data disclosure of students who were enrolled in distance education courses in the Spring 2008 semester. Ivy Tech Community College is notifying the affected individuals so that they may carefully monitor their records for any possible fraudulent activity, in case someone accessed the data with malicious intent. SSNs were involved. An update by the Indy Channel indicates that 23,000 students were involved in an inadvertent posting via email. Attribution 1
Publication:
Indy Channel
Article Title:
Personal Information Of 23,000 Ivy Tech Students Sent Out Over E-Mail
Author:
Date Published:
9/11/2008
Date Published:
9/2/2008
Article URL: http://www.theindychannel.com/news/17450825/detail.html Attribution 2
Publication:
press release
Article Title:
Ivy Tech breach
Author: web site
Article URL: http://www.ivytech.edu/about/security/
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
23,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 59 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080907-01
East Burke High School
NC
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Published #
Educational
163
For the past five years, East Burke High School's website exposed 163 staff members' Social Security numbers and other personal information on the Internet. Burke County Public Schools Superintendent David Burleson said it seemed likely the school uploaded the file to the web in 2003 when posting the 2003-2004 East Burke High School student directory. Attribution 1
Publication:
News Herald
Article Title:
East Burke High School staff members' personal information found on the web
Author: Julie Chang
Date Published:
9/5/2008
Article URL: http://www2.morganton.com/content/2008/sep/05/east-burke-high-school-posted-163-staff-members-so/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080905-03
Clarkson University
NY
8/26/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Educational
245
On Tuesday, August 26, a non-malicious student intruder gained access to a restricted server and promptly reported the vulnerability to campus authorities. Approximately 245 employees and former employees had personal information, including name, social security number, and date of birth, compromised during the security breach. The file containing personal information was a record of employees that had university credit cards known as purchase cards (or p-cards). Any university member requesting a p-card must provide their social security number and date of birth on the application form. Following the incident on Tuesday, all affected individuals were contacted and briefed on the situation. Attribution 1
Publication: Article Title:
Clarkson Integrator Security Breach on S:/
Author: Jason Holloway
Date Published:
9/2/2008
Article URL: http://media.www.clarksonintegrator.com/media/storage/paper280/news/2008/09/02/News/Security.Breach.On.S-341
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080905-02
Oakland School District
CA
9/2/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Educational
100
Thieves broke into the Oakland school district's human resources offices overnight and stole up to 12 computers containing the personal information of an estimated 100 new hires including SSNs, school district officials reported today. Attribution 1
Publication: Article Title:
Mercury News Author: AP Ten computers stolen from Oakland schools
Date Published:
9/4/2008
Article URL: http://www.mercurynews.com/ci_10378851?IADID=Search-www.mercurynews.com-www.mercurynews.com
ITRC Breach ID
Company or Agency
Location
ITRC20080905-01
UAE US Embassy - HSBC
US
Est. Date
Breach Type Breach Category Electronic
Government/Military
An international investigation is under way to find hackers believed to have stolen information from financial servers in the UAE to make fraudulent credit and debit card purchases in the US. The scheme came to light after a number of employees at the US Embassy – and a handful of other US citizens – had unauthorized purchases show up on their credit and debit cards in recent months, prompting the embassy to issue a warning on its website. VISA and Mastercard are working with investigators. UPDATE: HSBC is warning customers to change PINS used to withdraw cash at teller machines.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 60 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
The National
Article Title:
HSBC warns of major security breach
Author: Tom Gara
Date Published:
9/9/2008
Date Published:
9/5/2008
Article URL: http://www.thenational.ae/article/20080909/BUSINESS/247640263/1042 Attribution 2
Publication: Article Title:
The National Author: H Naylor Hackers break into UAE credit network to fund US purchases
Article URL: http://www.thenational.ae/article/20080904/NATIONAL/726459427/1010&profile=1010
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080829-01
Louisiana Real Estate Commission
LA
8/22/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
13,000
A glitch during a computer upgrade at the Louisiana Real Estate Commission caused the names, addresses and Social Security numbers of more than 13,000 licensed agents to be exposed on the Internet last week, sending waves of concern through the real estate community statewide. The commission, which is a state regulatory agency that oversees the licensing of all real estate agents and brokers, discovered the problem Friday after the confidential information had been accessible on the Internet for about two days, Executive Director J.C. Willie said. Attribution 1
Publication:
Times Picayune
Article Title:
Computer error puts some personal data online
Author: Robert Travis Scott
Date Published:
8/28/2008
Article URL: http://www.nola.com/news/t-p/capital/index.ssf?/base//news-6/1219902067300440.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080828-05
Nye Lubricants
US
8/15/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
173
Jackson Lewis, lawyers for Nye Lubricants, has notified the New Hampshire Attorney General that an employee "may have accessed electronic personal information stored in certain of the Company's databases without proper authority and/or for improper purposes" on or about August 15. According to the notification, 173 employees are being notified that their personal information, including their Social Security numbers, may have been accessed or misused, but the firm was reportedly unable to determine whether any of the current or former employees' data were accessed or misused. Attribution 1
Publication:
notice to NH AG
Article Title:
Nye Lubricants
Author: Jackson Lewis LLP
Date Published:
8/22/2008
Article URL: http://doj.nh.gov/consumer/pdf/nye.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080828-04
unknown retailer Washington Trust Co
RI
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Banking/Credit/Financial
The Washington Trust Co. has notified about 1,000 customers that their debit and credit card accounts might have been compromised in a suspected security breach at an unidentified national MasterCard merchant. Washington Trust spokeswoman Elizabeth B. Eckel, senior vice president of marketing, said this morning that, although there has been no evidence of fraudulent activity, the bank’s policy calls for the accounts to be closed and new cards to be issued. That action was taken after Washington Trust, Rhode Island’s largest independent bank, received an advisory from MasterCard saying the company was investigating a suspected security breach of the database of a "national retailer." Attribution 1
Publication:
Providence Business News
Author: William Hamilton
Date Published:
Article Title: Suspected merchant data breach spurs -WashTrust to notify 1,000 card-holders Article URL: http://www.pbn.com/stories/34753.html Copyright 2008 Identity Theft Resource Center
8/28/2008
Exposed # of Records Rptd
1,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 61 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20080828-03
Cape Coral Wachovia Bank
FL
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
0
The ATM at the Camelot branch of Wachovia Bank in Cape Coral has found a device that collects each person's card info plus PIIs allowing a perp to create different debit cards with that information.
Attribution 1
Publication:
news press.com, Southwest Florida
Author:
Date Published:
8/28/2008
Article Title: nformation stolen from debit cards at Cape Coral ATM Article URL: http://news-press.com/apps/pbcs.dll/article?AID=/20080828/NEWS0101/80828066
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080828-02
Reynoldsburg Schools
OH
8/23/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
4,000
A laptop containing the personal information of at least 4,000 students was stolen earlier this week, according to a Reynoldsburg City School district spokeswoman. The spokeswoman told 10TV News that the laptop was stolen from a district employee's car on Saturday The employee informed administrators that files on the laptop contained students' personal information, including Social Security numbers, 10TV News reported. The computer technician had been using the laptop to transfer student information into a computerized lunch-payment system at each of the district's schools, said Assistant Superintendent Dan Hoffman. Attribution 1
Publication:
Columbus Dispatch
Article Title:
Schools' laptop, laden with student listings, taken from tech's car
Author: Charlie Boss
Date Published:
8/29/2008
Article URL: http://www.dispatch.com/live/content/local_news/stories/2008/08/29/Rey_students.ART_ART_08-29-08_B1_V4B5TK Attribution 2
Publication:
10 News
Author: staff
Date Published:
8/28/2008
Article Title: Laptop With Students' Personal Information Stolen Article URL: http://www.10tv.com/live/content/local/stories/2008/08/28/story_reynoldsburg.html?sid=102
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080828-01
Ohio Police & Fire Pension Fund
OH
8/15/2008
Electronic
Business
Records Exposed? Yes Published #
A database that contains the names, addresses and Social Security numbers of 13,000 retired Ohio police officers was improperly transmitted by a retired Ohio Police & Fire Pension Fund employee, officials said Wednesday. State officials do not believe the unidentified employee would have used it for "malicious intent," so they do not plan to prosecute him at this point, according to pension fund spokesman David Graham. Attribution 1
Publication:
Cincinatti.com
Author: Jon Craig
Date Published:
Article Title: Database security breached Article URL: http://news.cincinnati.com/apps/pbcs.dll/article?AID=/20080827/NEWS0108/308270043
Copyright 2008 Identity Theft Resource Center
8/27/2008
Exposed # of Records Rptd
13,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 62 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080827-04
Heavenly Ham
US
8/6/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
600
Heavenly Ham, a national catering company, alerted its customers of a credit card identity theft that may have occurred. In a letter to about 600 affected customers, the company stated "unauthorized access to personal information, including credit card data" had been illegally obtained from customers, who placed orders from May 29 to Aug. 6. Attribution 1
Publication:
Green Bay Press Gazette
Article Title:
Heavenly Ham caterer warns of credit thefts
Author:
Date Published:
8/27/2008
Article URL: http://www.greenbaypressgazette.com/apps/pbcs.dll/article?AID=/20080827/GPG03/808270611/1247
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080827-03
Prince William County
VA
8/14/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
2,550
Confidential information for more than 2,500 students, employees and volunteers in Prince William County was put in the public domain for more than a month this summer. Personal information for more than 1,600 students and 65 employees at two Prince William County schools were exposed from about July 14 to Aug. 18 after a Prince William County school employee accidentally released the information. Confidential information for 257 other division employees, and names, addresses and e-mail addresses of 736 parent volunteers also were released. Attribution 1
Publication:
DC Examiner
Author: David Sherfinski
Date Published:
8/27/2008
Article Title: Personal info of over 2,550 students, school employees, parents released in Prince William Article URL: http://www.dcexaminer.com/local/Personal_info_of_2550_students_school_employees_parents_released_in_Princ
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080827-02
Kansas State University
KS
8/16/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
86
Eighty-six Kansas State University students are receiving letters from the Division of Continuing Education advising them that papers with their names and Social Security numbers on them were stolen from a parked vehicle last week. Attribution 1
Publication:
CJ Online
Author: staff
Date Published:
8/27/2008
Article Title: Theft included K-State students’ personal data Article URL: http://cjonline.com/stories/082708/bre_theft.shtml
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080827-01
YMCA Illinois
IL
8/24/2008
Electronic
Business
Customers who paid for items at a YMCA fund-raiser with checks or credit cards are being warned about a burglary at which credit and debit card numbers were taken. The University YMCA at 1001 S. Wright St., C, conducted its annual garage sale fund-raiser at the University of Illinois Stock Pavilion on Saturday Sometime between 4 p.m. Saturday and 11 a.m. Sunday, someone took cash from the sale, along with checks and credit and debit card numbers, according to Willard Broom, interim executive director at the YMCA.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 63 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
News Gazette
Article Title:
Checks, debit and credit card numbers stolen from YMCA sale
Author: Steve Bauer
Date Published:
8/27/2008
Article URL: http://www.news-gazette.com/news/local/2008/08/27/checks_debit_and_credit_card_numbers_stolen_from_ymca_s
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080826-02
US Army
US
3/31/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
50,000
Promotion selection lists containing the names and Social Security numbers of more than 50,000 activecomponent noncommissioned officers were compromised earlier this year and in 2005, according to officials familiar with an ongoing Army investigation. The 2008 sergeant first class list that was compiled by a board that met in February initially was the subject of the probe. CID notified Human Resources Command that the “close hold” version of the list made available to commanders and their designated representatives in mid-March had been improperly released over the Internet, according to Brig. Gen. Reuben Jones, adjutant general of the Army. While investigating the E-7 list problem, CID agents found the 2005 prepositioned master sergeant list in a folder on a peer-to-peer, or shared, Web site. Attribution 1
Publication:
Army Times
Author: Jim Tice
Date Published:
8/26/2008
Article Title: Breakdown in security led to compromise of SSNs Article URL: http://www.armytimes.com/news/2008/08/army_security_breach_082408w/
ITRC Breach ID
Company or Agency
Location
ITRC20080826-01
PA Dept. of Public Welfare
PA
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Yes Published #
Government/Military
Exposed # of Records Rptd
2,845
Paper jams in a mail-inserting machine caused 2,845 welfare benefit renewal packets to go to the wrong Pennsylvania welfare clients' homes, and nearly half included the Social Security numbers of the intended recipients. The department also placed a 90-day fraud alert on the credit reports of 1,280 people whose Social Security numbers were shared through the mistake in the state Department of General Services' print shop. Attribution 1
Publication: Article Title:
Penn Live - Patriot News Welfare renewals take a wrong turn
Author: Jan Murphy
Date Published:
8/26/2008
Article URL: http://www.pennlive.com/news/patriotnews/index.ssf?/base/news/1219713931186670.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080822-03
Cost Plus
CA
6/15/2008
Electronic
Records Exposed? Yes Unknown #
Business
Cost Plus, a retailer of food, wine and furniture, began alerting customers July 22 that the debit card PIN pads at select stores had been tampered with between February and April. As a result, an unknown number of account numbers and PINs were hijacked, according to the company. “We have now identified 11 stores,” Cost Plus spokesman Ronald Low said yesterday. “We believe this is an isolated incident involving a very small number of stores over a specific period of time.” Attribution 1
Publication:
Sign On San Diego
Article Title:
Cost Plus reports breach in security
Author: Penni Crabtree
Date Published:
Article URL: http://www.signonsandiego.com/news/business/20080822-9999-1b22costplus.html
Copyright 2008 Identity Theft Resource Center
8/22/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 64 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080822-02
Thompson Hospital nurse
NY
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
While searching the home of a former Thompson Hospital nurse, police say they found hundreds of syringes, medicine vials and — possibly most disturbing — the private medical records of dozens of patients. Only about six of the records were for Thompson patients, while the others were for patients at other hospitals and medical facilities, including Highland Hospital and Strong Memorial Hospital, both in Rochester, said Canandaigua police Detective Scott Kadien. Attribution 1
Publication:
Daily Messenger
Author: Jessica Pierce
Date Published:
8/21/2008
Article Title: Cops: Ex-nurse stole medical records, drugs Article URL: http://www.mpnnow.com/news/x633542228/Cops-Ex-nurse-stole-medical-records-drugs
ITRC Breach ID
Company or Agency
Location
ITRC20080822-01
Alaska Airlines
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
On August 5, Alaska Airline's Executive Vice-President of Flight & Marketing informed the New Hampshire Attorney General's office that the company had discovered that one of their employees in Phoenix had been misusing payment card information provided by customers of Alaska Airlines and Horizon Air when they made reservation changes. The employee reportedly processed the reservation changes but diverted the payments to his personal account. Attribution 1
Publication:
notice to NH AG
Author: Gregg Saretsky
Date Published:
8/5/2008
Article Title: Alaska Airline Article URL: http://doj.nh.gov/consumer/pdf/AlaskaAirlines.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080821-03
WomanCare
MI
3/1/2008
Paper Data
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
50
A Lathrup Village Abortion Clinic has been issued a warrant for improperly disposing of medical records. In March, Sgt. Vincent Lynch said that up to 50 patients could be identified in medical records, which were mostly created in February and included personal information and the types of procedures performed. Attribution 1
Publication:
Detroit Free Press
Author: Gina Damron
Date Published:
8/21/2008
Article Title: Abortion clinic charged with improper record disposal Article URL: http://www.freep.com/apps/pbcs.dll/article?AID=/20080821/NEWS03/80821051
ITRC Breach ID
Company or Agency
Location
ITRC20080821-02
University of Pennsylvania Health System
PA
Est. Date
Breach Type Breach Category Electronic
Medical/Healthcare
Records Exposed? Yes Unknown #
University of Pennsylvania Health System notified an undisclosed number of patients this week that an encrypted backup tape containing personal and credit information was lost in transit by an outside carrier. Affected persons are those who made payments to UPHS between Feb. 25 and April 25. Attribution 1
Publication:
The Bulletin
Author: Heather Chin
Date Published:
8/21/2008
Article Title: UPHS Notifies Public Of Lost Payment Data Article URL: http://www.thebulletin.us/site/index.cfm?newsid=20084468&BRD=2737&PAG=461&dept_id=576361&rfi=8 Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 65 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20080821-01
Wells Fargo #2
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
0
A computer data tape with customer information from five new Wells Fargo banks is missing. Banks involved are Shoshone First Bank in Cody and Powell, Jackson State Bank & Trust, Sheridan State Bank, First State Bank of Pinedale and United Bank of Idaho in Driggs. The tapes were being transported from one bank site to another. The information on the computer tape included names, addresses, Social Security numbers and account numbers. The tape contained information from all five banks in the former United Bancorporation, which has recently been sold to Wells Fargo. Attribution 1
Publication:
AP release
Article Title:
Jackson bank says customer records lost
Author: AP
Date Published:
8/23/2008
Article URL: http://hosted.ap.org/dynamic/stories/W/WY_BANK_RECORDS_IDOL-?SITE=IDLEW&SECTION=HOME&TEMPLATE= Attribution 2
Publication:
Cody Enterprise
Article Title:
Tape with bank records ‘lost'
Author: Richard Reeder
Date Published:
8/20/2008
Article URL: http://www.codyenterprise.com/articles/2008/08/20/news/news4.txt
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080820-03
Princeton Review
FL
6/15/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
34,000
The personal information of nearly every student in Sarasota County was made public on the Internet for nearly two months because a company that the district contracts with accidentally posted it. The Princeton Review posted information from the district's Sarasota County Planning Tool. The information posted included the names of about 34,000 students and their school identification numbers -- in some cases the same as their Social Security numbers. Attribution 1
Publication:
Herald Tribune
Author: Tiffany Lankes
Date Published:
8/20/2008
Article Title: Students' records wind up on Web Article URL: http://www.heraldtribune.com/article/20080820/ARTICLE/808200369/2055/NEWS&title=Students__records_wind_up
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080820-02
Premier Bank
KS
1/10/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
Several people used a computer to illegally access customer databases at Premier Bank in Overland Park and stole credit report information and credit card information. They applied for new accounts using the identity information and credit scores of the victims. Under federal statutes they could face 50 years in a federal prison without parole. Attribution 1
Publication:
Fox 4
Author: staff
Date Published:
8/20/2008
Article Title: Fmr. Bank Employee Charged With Identity Theft Article URL: http://www.myfoxkc.com/myfox/pages/News/Detail?contentId=7250283&version=1&locale=EN-US&layoutCode=TST Attribution 2
Publication:
infoZine
Article Title:
Kansas City Man Pleads Guilty to Identity Theft, Credit Card Fraud
Author: staff
Article URL: http://www.infozine.com/news/stories/op/storiesView/sid/30068/
Copyright 2008 Identity Theft Resource Center
Date Published:
8/20/2008
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 66 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080820-01
Case Western Reserve University
OH
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
1,160
A spokeswoman for Case Western Reserve University said the personal information of 1,160 undergraduates was inadvertently disclosed on the school's Web site. Laura Massie said the names and Social Security numbers were disclosed on the site but that there is no evidence the personal data has been misused. Attribution 1
Publication:
News Net 5
Article Title:
Undergrads' Personal Data Disclosed On CWRU Web Site
Author: staff
Date Published:
8/20/2008
Article URL: http://www.newsnet5.com/education/17244730/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080819-02
Kingston Tax Service
WA
8/12/2008
Electronic
Business
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
Kingston Tax Service office computers were stolen on Aug. 12 before 8:30 am. The computers included tax return information for clients in the last 8 years. The computers were found on Craig's List for sale.
Attribution 1
Publication:
North Kitsap Herald
Article Title:
Kingston Tax Service computers stolen; clients warned of identity theft
Author: Kelly Joines
Date Published:
8/19/2008
Article URL: http://www.pnwlocalnews.com/kitsap/nkh/news/27134264.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080819-01
Dominion Enterprises InterActive Financial
VA
9/1/2007
Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
92,095
Dominion Enterprises today announced that a computer server within InterActive Financial Marketing Group (IFMG), a division of Dominion Enterprises located in Richmond, Virginia, was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008. The data intrusion resulted in the potential exposure of personal information, including the names, addresses, birth dates, and social security numbers of 92,095 applicants who submitted credit applications to IFMG's family of special finance Web sites. Attribution 1
Publication:
notice to MD AG
Author: Rich Crawford
Date Published:
8/19/2008
Date Published:
8/18/2008
Article Title: breach notice from MD AG Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-157432.pdf Attribution 2
Publication:
Market Watch
Article Title:
Dominion Enterprises Discloses Data Breach in Business Division
Author:
Article URL: http://www.marketwatch.com/news/story/dominion-enterprises-discloses-data-breach/story.aspx?guid=%7B2FC9A
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 67 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080818-07
Treatment Associates
TX
8/14/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Medical/Healthcare
0
Several state and county agencies use Treatment Associates in San Antonio for drug testing and treatment including Child Protective Services and the Texas Department of Criminal Justice. But what the News 4 Trouble Shooters found in their trash has state officials concerned. More than 40 files were found so far including medical histories of clients with diseases and drug addictions, and documents showing sexual abuse and social security numbers. Attribution 1
Publication:
WOAI
Author: Brian Collister
Date Published:
8/14/2008
Article Title: Private Medical Records Found by the Trouble Shooters Article URL: http://www.woai.com/content/troubleshooters/story.aspx?content_id=dce3d3fb-cb5b-4d1d-ad72-beef2cf29cb3
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080818-06
Wuesthoff Medical Center
FL
8/11/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
500
Hundreds of people in Brevard County found out Thursday if their personal information was stolen. Names, social security numbers and even personal medical information of more than 500 patients at Wuesthoff Medical Center were posted on the Internet. It is unclear if this is a case of hackers or accidental web exposure. Wuestoff officials said there were six outside "hits" Tuesday and Wednesday to its live Web site, where patients registered ahead of time for surgery, lab work and other services the Rockledge-based healthcare system provides. The site was immediately shut down. Attribution 1
Publication: Article Title:
Florida Today Wuesthoff Web site security breached
Author: Susan Jenks
Date Published:
8/15/2008
Article URL: http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20080815/BUSINESS/808150326/1006/NEWS01 Attribution 2
Publication:
WFTV
Article Title:
Medical Center Patient Records Posted On Internet
Author:
Date Published:
8/14/2008
Article URL: http://www.wftv.com/news/17188045/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080818-05
Green Acres Gas Station
FL
8/13/2008
Paper Data
Business
Records Exposed? Yes Published #
Hundreds of check stubs containing personal information were found scattered across a field behind a Greenacres gas station Wednesday. Officials fear the names and social security numbers of more than 200 workers has been compromised. An employee with Labor for Hire Pompano located in Lake Worth tossed the check stubs into the company dumpster, instead of following policy of shredding them, said Vern Vokus, the CEO of the company. Attribution 1
Publication:
CBS 12
Article Title:
Hundreds of Check Stubs Found With Names and Social Security Numbers at Greenacres Gas Station
Author: Kara Kostanich
Date Published:
Article URL: http://www.cbs12.com/news/check_4709033___article.html/stubs_company.html
Copyright 2008 Identity Theft Resource Center
8/13/2008
Exposed # of Records Rptd
200
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 68 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080818-04
Obra Homes
TX
8/14/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Police are investigating after a folder containing the personal information of hundreds of people is found in a dumpster. The folder belonged to Obra Homes. The man who found it says he was surprised when it turned up in the dumpster behind his business. ITRC verified with the TV station that SSNs were included. Attribution 1
Publication:
KRGV, ABC 5
Article Title:
Personal Information Found in Dumpster
Author: staff
Date Published:
8/14/2008
Article URL: http://www.newschannel5.tv/2008/8/14/996452/Personal-Information-Found
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080818-03
Keller High School
TX
8/5/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Educational
0
Keller High School sent out forms to families with other people's information including SSNs, student ID number, home address and emergency care authorization.
Attribution 1
Publication:
Keller Citizen
Article Title:
KHS mail mix-up prompts identity theft concerns
Author: Sandra Engelland
Date Published:
8/15/2008
Article URL: http://www.kellercitizen.com/101/story/10750.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080818-02
Atlanta lawyer
GA
8/15/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Thousands of documents loaded with social security numbers and other personal information were thrown out Friday, August 15, 2008 left in dumpsters that anyone could get to. The documents listed dates of birth, addresses and even medical records in almost every file. No one was at the law office Friday afternoon where the case files originated. Late Friday, the personal injury lawyer who represented the clients in the files said the cases were closed so he threw the documents out. He later admitted it was a mistake to dump them. Attribution 1
Publication:
Fox 5
Article Title:
Documents Loaded with Personal Information Found in Atlanta Dumpster
Author: Chris Shaw
Date Published:
8/15/2008
Article URL: http://www.myfoxatlanta.com/myfox/pages/News/Detail?contentId=7220769&version=1&locale=EN-US&layoutCode
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080818-01
Charter Communications
SC
7/15/2008
Electronic
Business
Cable television operator Charter Communications Inc. is alerting employees, including some in Massachusetts, that their personal information was involved in a security breach that occurred when a number of laptop computers were stolen last month from a Charter media facility in Greenville, S.C. “There was a breakin in our Greenville, S.C., office, and a number of employee laptops were taken,” said Marty Richmond, a spokesman for St. Louis-based Charter. “In the process of identifying the information contained on the laptops, we discovered the personal information of about 9,000 current and former employees.” The personal information consisted of names, dates of birth and Social Security numbers. Mr. Richmond declined to say how the laptops were used, why they contained the information and whether the records were encrypted.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
9,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 69 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Worchester Telegram and Gazetter New
Article Title:
Employees at Charter told data was stolen
Author: Lisa Eckelbecker
Date Published:
8/13/2008
Article URL: http://www.telegram.com/article/20080813/NEWS/808130324/1002
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080812-01
Wells Fargo
US
7/1/2008
Electronic
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
7,000
Wells Fargo Bank NA is in the process of notifying some 7,000 individuals that a thief may have accessed their Social Security numbers and other personal information by illegally using the financial services firm's access codes. The bank learned of the compromise on July 1 when MicroBilt Corp., a reseller of consumer data, notified it of suspicious transactions made using the Wells Fargo access codes, a spokeswoman for the San Francisco-based bank said today. The codes are used by Wells Fargo employees to gain access to consumer credit data. In a letter sent to the NH AG Peter McCorkell, Wells Fargo's senior company counsel, said that the investigation has confirmed that "a significant number of unauthorized transactions had been made using Wells Fargo's codes." He said that Social Security numbers, birth dates, addresses, driver's license numbers and, in some cases, credit account information were illegally accessed. Attribution 1
Publication: Article Title:
ComputerWorld Author: Jaikumar Vijayan Wells Fargo code used to illegally access consumer data
Date Published:
8/11/2008
Article URL: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=911235
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080808-02
International Brotherhood of Electrical Workers Union
SC
3/29/2007
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
44
An Aiken man who pleaded guilty to identity theft charges earlier this year was sentenced by a federal judge Wednesday and will spend five years in prison and pay more than $145,000 in restitution to his victims. He had an insider at the International Brotherhood of Electrical Workers Union steal information for him which he then used to get car loans, credit cards, and postal boxes. The case was investigated by the Secret Service and US Postal Inspector and tried by an Asst US Attorney. Attribution 1
Publication: Article Title:
Author: Mike Gellatly
Date Published:
8/6/2008
Date Published:
8/6/2008
Man gets five years, big fine for identity fraud
Article URL: http://www.aikenstandard.com/0807IDTheft Attribution 2
Publication:
The State
Article Title:
Man ordered to repay victims in identity theft scheme
Author:
Article URL: http://www.thestate.com/breaking/story/482081.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080808-01
Bakersfield Police Dept
CA
7/15/2008
Paper Data
Government/Military
Records Exposed? Yes Unknown #
A Bakersfield resident found 12 discs about 1 1/2 years ago in a trash container at the rear of city hall. They contained personal identifying information of employees of the police department and other members of the community — but the data was fairly old, dating from 1998 through 2002. The investigation began in mid-July after police learned that this person was in possession of computer disks containing “sensitive and confidential police department records.” Attribution 1
Publication:
Bakersfield Californian
Author: Steven Mayer
Article Title: Police determine Bakersfield city's info tech unit hasn't committed crime Article URL: http://www.bakersfield.com/102/story/517667.html Copyright 2008 Identity Theft Resource Center
Date Published:
8/8/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 70 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080807-05
Harris County Hospital District
TX
7/25/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Medical/Healthcare
1,200
Many of the medical and financial records stored on a flash drive that has gone missing from the Harris County Hospital District belonged to patients with HIV or AIDS, Harris County Judge Ed Emmett said today. About 1,200 patients were affected by the security breach, the hospital district said in a brief statement issued Wednesday. The employee loaded the information onto the flash drive to work on a project at home a couple weeks ago and never saw it again, Emmett said. The device may not have even left district property, he added. Attribution 1
Publication:
Houston Chronicle
Article Title:
Emmett: Missing records belonged to AIDS patients
Author: Liz Peterson
Date Published:
8/7/2008
Article URL: http://www.chron.com/disp/story.mpl/front/5929121.html
ITRC Breach ID
Company or Agency
Location
ITRC20080807-04
S&K Menswear
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Business
0
S&K Menswear had thousands of people whose credit card information has been compromised by a hacking. This may be related to an incident in Dec 2007 reported to the NH AG or may be another of the hacking related to the TJX gang,. Attribution 1
Publication: Article Title:
WSYR Syracuse Author: Security breach at S&K Menswear website: The Real Deal
Date Published:
8/6/2008
Article URL: http://www.9wsyr.com/content/news/real_deal/story.aspx?content_id=554e9769-330e-47c6-92e2-3b908a276988
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080807-03
Central Florida Healthcare Federal Credit Union
FL
7/28/2008
Electronic
Banking/Credit/Financial
Records Exposed? Yes Published #
Exposed # of Records Rptd
200
Information from an internal auditing document belonging to Central Florida Healthcare Federal Credit Union accidentally got posted online where anyone could see it. The document may have been there for up to three weeks. Almost 200 accounts may have been affected. Information revealed included Social Security numbers, creditunion account numbers, birth dates, loan balances, and types of vehicles belonging to car-loan customers. Attribution 1
Publication:
Orlando Sentinel
Article Title:
Credit-union security breach prompts lawsuit
Author: Sandra Pedicini
Date Published:
8/7/2008
Article URL: http://www.orlandosentinel.com/services/newspaper/printedition/thursday/localandstate/orl-idonline0708aug07,0,4
ITRC Breach ID
Company or Agency
Location
ITRC20080807-02
Russell School
IA
Est. Date
Breach Type Breach Category Paper Data
Educational
Parents allege that school and health records for dozens of students ended up in the trash or on the auction block after crews cleaned out Russell's only school building. State officials decided in March to shut down the small, cash-strapped school district last month. The Russell mother who said she bought a file cabinet full of student health records at the auction last month requested that her identity not be disclosed because her children will go to Chariton schools this fall. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 71 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Des Moines Register
Article Title:
Students' files tossed, sold at Russell, parents say
Author: Staci Hupp
Date Published:
8/7/2008
Article URL: http://www.desmoinesregister.com/apps/pbcs.dll/article?AID=/20080807/NEWS02/808070403/-1/BUSINESS04
ITRC Breach ID
Company or Agency
Location
ITRC20080807-01
Bank of America
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
0
A Bank of America laptop containing customer information including names, account numbers and social security numbers was stolen from a bank facility. Bank spokesperson Betty Riess would not say how many customers were affected were involved or what location the laptop was taken from. Attribution 1
Publication:
Times Herald-Record
Article Title:
Bank of America laptop stolen; customer data compromised
Author: Christian Livermore
Date Published:
8/7/2008
Article URL: http://www.recordonline.com/apps/pbcs.dll/article?AID=/20080807/BIZ/80807021
ITRC Breach ID
Company or Agency
Location
ITRC20080805-07
Kelsey-Seybold Clinic
TX
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,600
Hundreds of Kelsey-Seybold Clinic patients had financial records stolen by a billing office employee. At least 200 patients with common surnames had unauthorized accounts opened with combined credit limits of $1.6 million. The culprits have been arrested and sentenced. Information was sold between October 2005 and March 2007. Kelsey- Seybold is sending letters to 1600 patients whose accounts were accessed by the thief. Kelsey-Seybold Clinic, which is part of St. Luke’s Episcopal Hospital System, has 18 locations, including Clear Lake Regional Medical Center. Update: It is not clear if a second breach has occurred or additional information is now available. Detectives believe one of the suspects from the above case used personal information from more than 500 people in applying for more than 1,000 short-term "payday" loans valued at between $200 and $800 each, the Fort Bend Sheriff's Office said in a statement. Fraudulent loans are believed to have exceeded $230,000 in value. Update: arrests were made in Sept. Attribution 1
Publication:
Sealy News Online
Article Title:
Arrests made in ID theft case
Author: Mary Hogan
Date Published:
9/23/2008
Date Published:
7/28/2008
Article URL: http://www.sealynews.com/articles/2008/09/23/news/news04.txt Attribution 2
Publication:
Fort Bend
Author: Bob Dunn
Article Title: Local Medical Clinic Patients Among 500 Victimized In Major Identity Theft Ring Article URL: http://www.fortbendnow.com/pages/full_story?page_label=home&id=119590&article-Local-Medical-Clinic-PatientsAttribution 3
Publication:
Houston Chronicle
Article Title:
2 get prison terms in ID theft from clinic patients
Author:
Article URL: http://www.chron.com/disp/story.mpl/headline/metro/5583753.html
Copyright 2008 Identity Theft Resource Center
Date Published:
3/1/2008
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 72 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080805-06
American Greetings / UPS
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Business
0
The FBI, the Secret Service, U.S. Customs and police are investigating a case of identity theft from inside the human resources department at one of Nelson County's top employers. Bardstown Police have arrested the assistant human resources manager of American Greetings on multiple felony charges after they say he stole the identities of at least 10 employees at the plant. Now, hundreds of people are worried they might have been victimized by someone they trusted. Police say there are hundreds of other potential victims at American Greetings plant and thousands at UPS, where Kaelin worked as a human resources manager for 7 years. Attribution 1
Publication:
WHAS 11 ABC
Author:
Date Published:
8/1/2008
Article Title: Former HR employee at American Greetings, UPS accused of multiple identity thefts Article URL: http://www.whas11.com/topstories/stories/whas11_localnews_080801_americangreetingsHR.5668c3a.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080805-05
Delphi
OH
7/25/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
2,600
An OH state official says a computer flash drive with Social Security numbers and other personal information for 2,600 former Dayton-area Delphi Corp. workers is missing. Ohio Department of Job and Family Services Director Helen Jones-Kelley said Friday that the drive was removed from the unattended laptop computer of a state employee on July 25 in Lebanon. Attribution 1
Publication:
mlive.com, Everything Michigan
Author: AP Michigan
Date Published:
8/1/2008
Article Title: Ohio official: Former Delphi workers' data missing Article URL: http://www.mlive.com/newsflash/michigan/index.ssf?/base/news-56/121763934915770.xml&storylist=newsmichigan
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080805-04
Metairie Convenience Stores
LA
3/1/2007
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
An Avondale man faces up to 15 years in prison and a $250,000 fine after he admitted skimming credit and debit card information from automated teller machines at two Metairie convenience stores, authorities said. A search of the man's residence turned up the air compressor bought with the stolen info of a Las Vegas man, 75 counterfeit credit cards, 450 handwritten credit card numbers on notebook paper and equipment to scan and load pilfered data onto blank debit and credit cards, court records said. Attribution 1
Publication:
Times Picayune
Article Title:
Man pleads guilty to fraud via ATMs-Devices used to steal account information
Author: East Jefferson bureau
Date Published:
8/1/2008
Article URL: http://www.nola.com/timespic/stories/index.ssf?/base//library-152/1217596226252680.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080805-03
Washington Mutual
MN
2/1/2007
Electronic
Banking/Credit/Financial
Lawrenceville police have arrested three men suspected of stealing ATM information from several hundred Washington Mutual customers in Duluth. Police Chief Greg Vaughn said the thieves used a skimming device and a small video camera to steal customer data that allowed them to access the accounts.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 73 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Atlanta Journal Constitution
Article Title:
Lawrenceville police arrest 3 men for ATM scam
Author: staff
Date Published:
7/29/2008
Article URL: http://www.ajc.com/services/content/metro/gwinnett/stories/2008/07/29/washington_mutual_atm_scam.html?cxtype
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080805-02
Arapahoe Community College
CO
8/1/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
15,000
Arapahoe Community College (ACC) is notifying 15,000 students that their personal information has been lost or stolen. The flash drive contained the records for students from the Corporate Learning Division and had the personal information of students dating back to 1997. The Corporate Learning Division has a small percentage of non-credit students. This does not affect students at the main campus in Littleton, according to John Scarffe with ACC. Information on the drive included the names, addresses, credit card numbers and social security numbers for more than 5,000 students in the Corporate Learning Division. The drive did not contain the threedigit security code for the credit cards. Attribution 1
Publication:
9 News.com CBS
Author: Jonathan Ashford
Date Published:
8/4/2008
Article Title: College contractor loses 15,000 students' personal information Article URL: http://www.9news.com/news/local/article.aspx?storyid=97054&catid=346
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080805-01
Transportation Security Administration
US
8/2/2008
Electronic
Records Exposed? Yes (Password) Published#
Government/Military
The federal government on Monday barred a registered-traveler service launched three years ago at Orlando International Airport from enrolling new members after an unencrypted company laptop containing personal information for about 33,000 prospective customers was stolen from a locked office in San Francisco. Verified Identity Pass said most people affected were customers who had signed up online for the Clear program but who had not yet completed their enrollments in person. A "small number" of members who were in the process of re-enrolling were also affected. The company said the information on the stolen laptop included applicant names, addresses and birth dates. The computer also contained drivers license numbers, passport numbers and alien registration card numbers for "some" customers -- but no credit-card information, Social Security numbers or biometric information. The company said the information was secured by two levels of password protection. UPDATE: Laptop was stolen and not misplaced. Attribution 1
Publication:
CBS 5
Article Title:
SFO: INVESTIGATORS BELIEVE LAPTOP WAS STOLEN, NOT MISPLACED
Author: AP
Date Published:
8/11/2008
Article URL: http://cbs5.com/localwire/22.0.html?type=bcn&item=STOLEN-LAPTOP-bagmAttribution 2
Publication: Article Title:
ABC 7 - KGO Author: Lilian Kim Clear suspended following SFO laptop theft
Date Published:
8/5/2008
Date Published:
8/5/2008
Article URL: http://abclocal.go.com/kgo/story?section=news/local&id=6306342 Attribution 3
Publication:
Orlando Sentinel
Article Title:
'Clear' registration halted after laptop theft
Author: staff
Article URL: http://www.orlandosentinel.com/business/orl-clear0508aug05,0,4458701.story
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
33,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 74 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080804-01
Countrywide
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
2,000,000
The FBI on Friday arrested a former Countrywide Financial Corp. employee and another man in an alleged scheme to steal and sell sensitive personal information, including Social Security numbers, of as many as 2 million mortgage applicants. The breach in security, which occurred over a two-year period though July, was one of the largest in years, experts said. The insider was identified as a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. He would copy information on about 20,000 customers on Sunday nights using a computer that did not have the same security features that other machines in the office had. Attribution 1
Publication: Article Title:
LA Times Author: E Scott Reckard Date Published: Mortgage firm Countrywide, in response to alleged data breach, offers free credit monitoring
9/10/2008
Article URL: http://www.latimes.com/business/la-fi-countrywide10-2008sep10,0,7540181.story Attribution 2
Publication:
ABC 4
Article Title:
Mortgage executive caught selling customer identities
Author: Annie Cutlier
Date Published:
9/9/2008
Article URL: http://www.abc4.com/mostpopular/story.aspx?content_id=f0750b9f-9682-46de-9fbb-ceb4d1bc1270 Attribution 3
Publication: Article Title:
Los Angeles Times Author: Joseph Menn and E S Countrywide insider stole mortgage applicants' data, FBI says
Date Published:
8/2/2008
Article URL: http://www.latimes.com/business/la-fi-arrest2-2008aug02,0,7330731.story
ITRC Breach ID
Company or Agency
Location
ITRC20080801-03
SavaSeniorCare #3
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
While the notification letter to the MD Ag listed a lost CD, the attached letter refers to a stolen laptop containing resident names, Medicare and Medicaid numbers and resident medical assessment information. It has been confirmed with the company that 3 breaches actually occurred. The letter is addressed to current or former residents at one of the skilled nursing facilities. Attribution 1
Publication:
notice to MD AG
Article Title:
SavaSeniorCare
Author: Miriam Murray
Date Published:
6/25/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154008.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080801-02
SavaSeniorCare
US
1/1/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Medical/Healthcare
In January 2008, Sava sent a CD with 3 years of MDS data in SQL format to an outside vendor and it was lost in transit before it even left Atlanta. Maryland had 10 facilities involved for a total of approximately 4850 residents. The file included names, Medicare and Medicaid numbers, and medical assessment information. In the letter to the AG, Sava referred to facilities across the country. The Long Term Care Minimum Data Set (MDS) is a standardized, primary screening and assessment tool of health status which forms the foundation of the comprehensive assessment for all residents of long-term care facilities certified to participate in Medicare or Medicaid. Attribution 1
Publication:
notice to MD AG
Article Title:
SavaSeniorCare
Author: Miriam Murray
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154008.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
6/25/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 75 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080801-01
unknown financial consultant
KY
7/31/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
0
Detectives in Warren County are trying to track down a financial consultant who dumped thousands of records belonging to his clients in dumpsters. The records found in the Harbor Watch neighborhood off SocialvilleFoster Road in Deerfield Township. Sheriff's investigators spent Thursday going through more than twenty boxes of files that contain social security numbers, addresses, phone numbers and driver's license information. So far, all the files are on people from Florida. Attribution 1
Publication:
KY Post.com
Author: Deb Silverman
Date Published:
7/31/2008
Article Title: Financial Consultant Accused Of Dumping Boxes Of Personal Records Article URL: http://www.kypost.com/content/wcposhared/story.aspx?content_id=70315859-a2b9-4cca-9ea7-27a6865de259
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-15
LPL Financial #6
US
4/4/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
LPL Financial, which has reported five breaches involving personal information, has revealed a 6th incident involving customer data. On April 4, 2008 one or more unknown persons broke into and entered the Lansing, Michigan office of William and Nathanael Flynn and stole a laptop computer. The laptop contained unencrypted names, Social Security numbers, account numbers, and date of birth of an unspecified number of customers and non customer beneficiaries. Attribution 1
Publication:
notice to NH AG
Author:
Date Published:
7/24/2008
Article Title: LPL Financial #6 Article URL: http://doj.nh.gov/consumer/pdf/lpl_financial3.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-14
Aon Consulting #2
US
5/30/2008
Electronic
Records Exposed? Yes (Password) Published#
Business
Exposed # of Records Rptd
57,160
In an apparent second breach (other reported early May), on May 30th a laptop involving the names and SSNs of 57,000 people were stolen from a restaurant. Another breach has been reported that involved 2000 from a laptop stolen early in May. This involved pre-employment screens for Verizon. Attribution 1
Publication:
notice to MD AG
Author: Bobbie McGee Gregg
Date Published:
6/19/2008
Article Title: Aon Consulting #2 Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153872.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-13
University of Texas at Dallas
TX
7/12/2008
Electronic
Educational
A computer network attack at the University of Texas at Dallas may have exposed Social Security numbers and other personal information for 9,100 individuals, school officials said. A security breach in UTD’s computer network may have exposed Social Security numbers along with names, addresses, email addresses or telephone numbers, officials said.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
9,100
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 76 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Dallas Morning News
Article Title:
Computer breach at UT Dallas may have exposed students' personal info
Author: Holly Hacker
Date Published:
7/31/2008
Article URL: A computer network attack at the University of Texas at Dallas may have exposed Social Security numbers and oth Attribution 2
Publication: Article Title:
UT Dallas.edu Press release from college
Author:
Date Published:
7/31/2008
Article URL: http://www.utdallas.edu/news/2008/08/01-001.php
ITRC Breach ID
Company or Agency
Location
ITRC20080731-12
Placemark Investments
MA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
89
A laptop stolen from an employee's car lead to the potential exposure of 89 current or former advisory clients of Placemark Investments
Attribution 1
Publication: Article Title:
notice to MD AG Placemark
Author: Richard Dion
Date Published:
7/14/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-155026.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-11
Direct Marketing Services, Inc.
US
10/9/2007
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
52,000
DMSI discovered that hackers had accessed their computers with customer names and credit card information between Oct. 9, 2007 and Dec. 28, 2008. About 52,000 may be impacted.
Attribution 1
Publication: Article Title:
notice to MD AG Direct Marketing Services
Author: Ian Ballon
Date Published:
7/2/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154881.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-10
RH Donnelley Inc, RHD
GA
6/8/2008
Electronic
Business
Records Exposed? Yes Published #
RH Donnelley had a breach when an employee visiting relatives in NC had her laptop stolen. Her car was broken into and her backpack was stolen. Names, SSNs, timecards and addresses of current and former employees may be affected. Attribution 1
Publication:
notice to MD AG
Author: Joseph Lazzarotti
Article Title: RH Donnelley Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-155029.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
7/10/2008
Exposed # of Records Rptd
6,670
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 77 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-09
Stanadyne Corporation
CT
6/27/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A laptop was stolen from an automobile belonging to a Stanadyne employee. It included sensitive employee information. According to law, a retiree of the company in Maryland was notified that their name, address, date of birth and SSN was involved. There is no information about other people other than it included employee information. Attribution 1
Publication:
notice to MD AG
Article Title:
Stanadyne Corp
Author: Catherine Intravia
Date Published:
7/9/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154889.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080731-08
Oakland University
MI
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Educational
Exposed # of Records Rptd
0
Oakland University had an external hard drive stolen. Names and SSNs may have been present. No other information was made available.
Attribution 1
Publication:
notice to MD AG
Article Title:
Oakland University, MI
Author: Christine Arevalo
Date Published:
7/9/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154873.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-07
Art Institute of Washington
VA
6/10/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Business
Exposed # of Records Rptd
0
The Art Institute of Washington had a password protected laptop stolen which may have had information about current and former employees names and SSNs.
Attribution 1
Publication:
notice to MD AG
Article Title:
Art Institute of Washington
Author: Jack Chester, Directo
Date Published:
6/19/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153635.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-06
Yuma City
AZ
7/24/2008
Electronic
Government/Military
Records Exposed? Yes Published #
The Social Security numbers of about 300 city of Yuma employees were "unintentionally released" in an email sent to city administrative personnel earlier this week, The Sun learned Thursday.
Attribution 1
Publication:
Yuma Sun
Article Title:
City workers' Social Security numbers missent
Author: Joyce Lobeck
Date Published:
Article URL: http://www.yumasun.com/news/city_43177___article.html/missent_numbers.html
Copyright 2008 Identity Theft Resource Center
7/24/2008
Exposed # of Records Rptd
300
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 78 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080731-05
Nationwide Mutual Insurance Company
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes (Password) Unknown#
Exposed # of Records Rptd
0
In May the car of a Nationwide employee was robbed in PA and a password protected laptop with names, SSNs and driver's license numbers was taken.
Attribution 1
Publication:
notice to MD AG
Article Title:
Nationwide Mutual Insurance
Author: Maththew Mrkobrad
Date Published:
6/18/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153636.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080731-04
Willis Group Holding Ltd
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Willis reported the loss of computer backup tapes when being transported to storage. Information included bank account details and SSNs.
Attribution 1
Publication:
notice to MD AG
Article Title:
Willis Group info lost in transit
Author: Adam Ciongoll
Date Published:
6/18/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153650.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-03
SunGard Data Systems/ Newedge
US
5/11/2008
Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
SunGard Data Systems who processes trade data for retail and institutional brokerage firms had data belonging to Newedge USA lost in a taxi in Florida.
Attribution 1
Publication:
notice to MD AG
Article Title:
SunGard Data Systems and Newedge
Author: Bernard Nash
Date Published:
6/18/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153870.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-02
Fischbach LLC
US
3/21/2008
Electronic
Business
Records Exposed? Yes Unknown #
Fischbach LLC lost a backup media disk in transit containing a database of all litigation records. The information may include SSNs, dates of birth, work histories, medical records, mother's maiden names for individuals involved in either a lawsuit or a workers compensation claim against Fischbach or one of its subsidiaries. Attribution 1
Publication:
notice to MD AG
Article Title:
Fischbach LLC breach
Author: Glen Bronstein
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154485.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
6/20/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 79 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080731-01
Grady Memorial Hospital
GA
7/24/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Medical/Healthcare
45
The FBI is investigating the theft of medical records belonging to Grady Memorial Hospital. The records were sent to a vendor to transcribe and then stolen from a subcontractor employed by that vendor. It is unknown if the records contained financial information as the investigation is just beginning. Update: The investigation is indicating that human error and not hackers caused 45 patient records to be placed on an unsecured Wed site. Attribution 1
Publication:
Atlanta Journal Constitution
Article Title:
Human error to blame for Grady data breach
Author: Craig Schneider
Date Published:
9/23/2008
Article URL: http://www.ajc.com/metro/content/metro/atlanta/stories/2008/09/23/grady_data_breach.html Attribution 2
Publication:
Atlanta Journal-Constitution
Article Title:
Grady patients' medical records stolen - FBI investigating
Author: Craig Schneider
Date Published:
7/25/2008
Article URL: http://www.ajc.com/metro/content/metro/atlanta/stories/2008/07/25/grady_records_theft.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080730-02
unknown doctors- Folkston Dr. offices
FL
7/21/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Medical/Healthcare
0
Residents combing through trash left at a closed physicians' office under renovation found a box of medical records this week. The patient files were in a pile of old framed pictures, lamps and furniture in front of the building Monday, Folkston Police Chief Wesley Green said Thursday. State laws lay out clear guidelines for safeguarding medical records and notifying patients if physicians close their practices, officials said. The office closed several years ago and are now being housed by a local hospital for safekeeping. Attribution 1
Publication:
Red Orbit and Florida Times Union
Article Title:
Patient Files Found in Folkston Trash at a Closed Physicians' Office Yields a Box of Abandoned Medical Records
Author: Gordon Jackson
Date Published:
7/25/2008
Article URL: http://www.redorbit.com/news/health/1495896/patient_files_found_in_folkston_trash_at_a_closed_physicians/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080730-01
Tele Atlas North America/ TANA
US
6/9/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
TANA learned that a third party benefits administrator misplaced backup tapes while in transit to a storage facility in India on June 9, 2008. The tapes include names and SSNs of TANA employees and their dependents who have insurance through TANA. At least 496 New Hampshire residents have been affected. The company has more than 1600 employees Attribution 1
Publication:
notice to NH AG
Article Title:
TANA breach
Author: James O'Gorman VP
Date Published:
7/17/2008
Article URL: http://doj.nh.gov/consumer/pdf/tele.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080729-03
Macy's
US
Est. Date
Breach Type Breach Category Electronic
Business
Macy's had to notify 4,100 customers across the country who hold a Macy's Visa credit card -- not the regular charge card. Macy's says there was a massive security breach at a Visa processing center in England. Thieves got hold of Visa account numbers and started making unauthorized charges, mainly at gas stations. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
4,100
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 80 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
ABC 7 KGO
Article Title:
Macy's security breach halts card service
Author: Michael Finney
Date Published:
7/28/2008
Article URL: http://abclocal.go.com/kgo/story?section=news/7_on_your_side&id=6292677
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080729-02
Anheuser- Busch
MO
6/1/2008
Electronic
Business
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
A laptop containing personal information of current and former employees, including some from Hampton Roads, was stolen from a St. Louis-area Anheuser-Busch office in June, according to a statement from the company. The company is not disclosing how many are affected but did state that SSNs were included on the password-protected and encrypted laptop. Attribution 1
Publication:
Chicago Tribune
Article Title:
Data for over 190,000 at risk
Author: Newsport News VA, D
Date Published:
8/6/2008
Article URL: http://www.chicagotribune.com/business/dp-biz_dataloss_0806aug06,0,4148457.story Attribution 2
Publication: Article Title:
CBS 4 Author: AP Personal Information Of 90,000 People Stolen
Date Published:
7/29/2008
Date Published:
7/29/2008
Article URL: http://cbs4.com/local/busch.anheuser.brewery.2.787651.html Attribution 3
Publication:
St Louis Daily Press
Article Title:
Stolen laptop had Busch employees' personal info
Author: Nicolas Zimmerman
Article URL: http://www.dailypress.com/news/dp-local_busch_0729jul29,0,6332846.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080729-01
Blue Cross/Blue Shield of GA
GA
7:23:00 AM
Paper Data
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
202,000
Georgia's largest health insurer sent an estimated 202,000 benefits letters containing personal and health information to the wrong addresses last week, in a privacy breach that also raised concerns about potential identity theft. Blue Cross and Blue Shield of Georgia said Monday that the erroneous mailings were primarily Explanation of Benefits (EOB) letters, which include the patient's name and ID number, the name of the medical provider delivering the service, and the amounts charged and owed. "A small percentage" of letters also contained the patient's Social Security numbers, said Cindy Sanders, a Blue Cross spokeswoman. The EOB forms were mailed to the addresses of other Blue Cross policyholders. Attribution 1
Publication:
Atlanta Journal Constitution
Author: Andy Miller
Date Published:
7/29/2008
Article Title: Private medical data exposed Article URL: http://www.ajc.com/news/content/news/stories/2008/07/29/bluecross.html?cxntnid=amn072908e
ITRC Breach ID
Company or Agency
Location
ITRC20080728-09
Moraine Park Technical College
WI
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Published #
Equipment hosting the security system of the MPTC experienced a breach that may have affected customers who purchased books and supplies between 2002- July 2006. ITRC contacted the school and confirmed that some SSNs may be affected and about 4400 people are receiving letters. Attribution 1
Publication:
Daily Citizen, WiscNews
Author: staff
Article Title: MPTC warns of data breach Article URL: http://www.wiscnews.com/bdc/news/297649 Copyright 2008 Identity Theft Resource Center
Date Published:
7/28/2008
Exposed # of Records Rptd
4,400
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 81 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080728-08
Labor for Hire
FL
7/23/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Private payroll information for hundreds of “Labor for Hire” employees was found in a dumpster. A public dumpster behind the employment agency Labor for Hire was found full of personal information of employees who've used the agency in the past. Hundreds of files that included social security numbers were supposed to be shredded but were found discarded in a public dumpster. Attribution 1
Publication:
WPTV
Article Title:
Possible security threat at employment agency
Author: Katie Brace
Date Published:
7/23/2008
Article URL: http://www.wptv.com/news/local/story.aspx?content_id=03795c28-131d-4639-a724-b375b863dca6
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080728-07
Hillsborough Community College
FL
7/21/2008
Electronic
Records Exposed? Yes (Password) Published#
Educational
Exposed # of Records Rptd
2,000
Hillsborough Community College warned its roughly 2,000 employees on Wednesday to monitor their bank accounts because an HCC programmer's laptop was stolen from a hotel parking lot in Georgia. The programmer had deleted all files and the computer is password protected. The programmer had been working on a payroll project for a group of employees using their names, bank-routing numbers, retirement information and Social Security numbers. Attribution 1
Publication:
Tampa Tribune
Article Title:
Loss Of HCC Worker's Laptop Spurs ID Theft Warning
Author: Valerie Kalfrin
Date Published:
7/24/2008
Article URL: http://www2.tbo.com/content/2008/jul/24/loss-hcc-employees-laptop-spurs-id-theft-warning/
ITRC Breach ID
Company or Agency
Location
ITRC20080728-06
Sealaska
AK
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Sealaska Corp. arranged credit protection service for its shareholders after company data was stolen from one of its employees. Sealaska declined to provide details about the theft. Sealaska spokesman Todd Antioquia said he couldn't describe where, when or how the theft occurred, but he said it wasn't at Sealaska headquarters in Juneau. "We believe that unauthorized access to your name, address and Social Security number by the thieves is unlikely, but we cannot know for sure," wrote Chris McNeil Jr., president and CEO of Sealaska, in a letter to shareholders. Sealaska has 19,000 shareholders. Attribution 1
Publication:
Newsminer
Article Title:
Sealaska arranges for credit protection after data stolen
Author: AP
Date Published:
7/23/2008
Article URL: http://newsminer.com/news/2008/jul/23/sealaska-arranges-credit-protection-after-data-sto/
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
19,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 82 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080728-05
University of Houston
TX
10/1/2005
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
259
The University of Houston is notifying 259 students that their personal information was inadvertently posted online for almost three years -- but was recently removed. UH was contacted in May about student names and Social Security numbers being posted. It said the mistake happened in October 2005 when a math department lecturer placed student grades on a university Web server. Attribution 1
Publication:
KTEN
Article Title:
U. of Houston student info mistakenly posted
Author: AP
Date Published:
7/25/2008
Article URL: http://www.kten.com/Global/story.asp?S=8733968&nav=menu410_3
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080728-04
Ohio Univ. Centers for Osteopathic Research and
OH
3/20/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
492
A clerical error led to the online posting of the names and Social Security numbers of 492 people who spoke at Ohio University's Centers for Osteopathic Research and Education, a spokeswoman said. On July 16, the centers, known as CORE, removed a spreadsheet that contained the information. It had been accessible since March 20 and was discovered when a nurse found the information last week while conducting online research. Attribution 1
Publication:
Columbus Dispatch
Article Title:
Personal data put online in error
Author: Misti Crane
Date Published:
7/25/2008
Article URL: http://www.columbusdispatch.com/live/content/local_news/stories/2008/07/25/OUCORE.ART_ART_07-25-08_B2_LL
ITRC Breach ID
Company or Agency
Location
ITRC20080728-03
Conn. College/Wesleyan University/ Trinity College
CT
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
2,815
A college library consortium that serves Connecticut College, Trinity College and Wesleyan University was breached by hackers. The database contains names, addresses, and SSNs or DL #s of about 2800 library patrons. Attribution 1
Publication:
Courant
Article Title:
Hackers Breach Connecticut College Library System
Author: staff
Date Published:
7/26/2008
Article URL: http://www.courant.com/news/local/hc-cthack0726.artjul26,0,2016745.story
ITRC Breach ID
Company or Agency
Location
ITRC20080728-02
Resorts Atlantic City/Dunking Donut
NJ
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Published #
Several teens used handheld skimming devices to steal credit card information from clients at Resorts Atlantic City and Dunking Donuts. The head of the group, a 19 year old, obtained the skimmers and gave them out to friends to use. The ringleader must pay about $9,500 in credit card fraud losses. Attribution 1
Publication:
Press of Atlantic City
Article Title:
Teen ringleader gets 5 years for skimming data from credit cards
Author: Lynda Cohen
Article URL: http://www.pressofatlanticcity.com/179/story/215079.html
Copyright 2008 Identity Theft Resource Center
Date Published:
7/26/2008
Exposed # of Records Rptd
150
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 83 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080728-01
Senior Source
TX
7/22/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Trash bags filled with papers containing names, addresses, dates of birth and SSNs were found in a vacant lot in South Dallas. The information came from Senior Source, a non-profit that helps older residents in Dallas. The company uses a shredding company and a regular cleaning crew deals with trash. The director is investigating how this occurred Attribution 1
Publication: Article Title:
WFAA TV Dallas Personal info dumped in Dallas lot
Author: Monika Diaz
Date Published:
7/26/2008
Article URL: http://www.dallasnews.com/sharedcontent/dws/news/localnews/stories/072608dnmetseniorinfo.6419013.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080725-01
Postal Annex
CA
7/24/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Sensitive documents with account, SSN numbers, medical records and credit card bills were found in a trash bin behind a Postal Annex in Lemon Grove. However the information came from a Postal Annex, owned by the same person, in Encinitas, about 35 miles away. It is unknown how the information got there. Attribution 1
Publication: Article Title:
KGTV- 10 News ABC San Diego Author: staff 10News I-Team Discovers Personal Info In Dumpster
Date Published:
7/24/2008
Article URL: http://www.10news.com/news/16982923/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080724-03
Tinley Park
IL
6/23/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Computer backup tapes that contain thousands of Social Security numbers of Tinley Park residents have been lost while being transferred from the village hall to another site within the Chicago suburb on June 23. Officials say the tapes containing information from as long ago as 15 years includes about 19,000 residents and another 1,400 current, former or retired village employees. UPDATE: The tape has been found Attribution 1
Publication: Article Title:
Chicago Tribune Author: AP Computer tapes with Social Security numbers lost
Date Published:
7/24/2008
Date Published:
7/24/2008
Article URL: http://www.chicagotribune.com/news/chi-ap-il-idtheft,0,1975150.story Attribution 2
Publication:
Chicago Tribune
Article Title:
Personal info for 20,000 found
Author: AP
Article URL: http://www.chicagotribune.com/news/chi-ap-il-computertapelost,0,511929.story
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
21,400
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 84 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080724-02
University of Rhode Island
RI
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Educational
Exposed # of Records Rptd
0
Two cleaning women who worked for one of the companies involved in an immigration sweep at courthouses last week are charged with stealing the Social Security numbers of University of Rhode Island employees. Police in Fall River, Massachusetts charged the women after raiding their apartment in March and seizing a computer, credit card applications and bills in the names of others, including employees at URI's alumni center. Attribution 1
Publication:
WPRI
Article Title:
Former janitorial workers face ID theft charges
Author: AP
Date Published:
7/24/2008
Article URL: http://www.wpri.com/Global/story.asp?S=8727454&nav=menu20_3
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080724-01
Saint Mary's Regional Medical Center
NV
4/28/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
128,000
Saint Mary's Regional Medical Center's database, used for Saint Mary's health education classes and wellness programs, contained personal information such as names and addresses, limited health information and some Social Security numbers. The database did not contain medical records or credit card information, said Gary Aldax, marketing manager for Saint Mary's. The potential breach was discovered in April 28. Saint Mary's officials said they immediately shut down the database and launched an investigation. The delay in notifications occurred because the database had to be reconstructed, Aldax said. UPDATE: A mailing processing error by Equifax has affected 7000 clients and patients. Attribution 1
Publication: Article Title:
KRNV Author: AP Data breach, mailing error effecting St. Mary's patients
Date Published:
9/5/2008
Date Published:
7/24/2008
Article URL: http://www.krnv.com/Global/story.asp?S=8958484&nav=8faO Attribution 2
Publication:
Reno Gazette Journal
Article Title:
Saint Mary's warns of possible data leak
Author: Jason Hidalgo
Article URL: http://www.rgj.com/apps/pbcs.dll/article?AID=/20080724/NEWS10/807240352/1321/NEWS
ITRC Breach ID
Company or Agency
Location
ITRC20080723-02
Washington DC- unknown settlement company
DC
Est. Date
Breach Type Breach Category Paper Data
Business
Records Exposed? Yes Unknown #
Documents with Washington residents' personal information, including Social Security numbers and canceled checks, turned up Tuesday in a trash bin in an alley in northwest Washington, Pat Collins reported First On 4. The trash bin on Paloma Way behind a storage building on U Street contained hundreds of real estate transactions. The papers contained bank balances, salary information and Social Security numbers. Real estate agent Ron Sneijder said the files came from a settlement company that went out of business a few months ago. Attribution 1
Publication:
NBC 4
Author: Pat Colliins
Article Title: Records With D.C. Residents' Personal Information Found In Trash Bin Article URL: http://www.nbc4.com/news/16957721/detail.html
Copyright 2008 Identity Theft Resource Center
Date Published:
7/22/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 85 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080723-01
San Francisco Human Services Dept
CA
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Exposed # of Records Rptd
Yes Published #
Government/Military
70
The San Francisco Human Services Dept. has been dumping confidential documents into recycle bins. In some cases entire case files were discarded. Blown up copies of social security cards, driver's licenses, passports, bank statements and other sensitive personal information were all left in these unlocked bins. A KTVU cameraman caught 2 people with pick-up trucks leaving with armloads of paper. The agency handles caseloads of 8,000 San Franciscans. Update: 70 people are being notified; they had applied for food stamps or financial services. Attribution 1
Publication:
Fox Reno
Author: staff
Date Published:
7/24/2008
Date Published:
7/23/2008
Article Title: SF Human Services Warns Locals Of Security Breach Article URL: http://www.foxreno.com/news/16972392/detail.html Attribution 2
Publication:
KTVU
Article Title:
Major Security Breach At SF City Agency Exposed
Author: staff
Article URL: http://www.ktvu.com/news/16961916/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080721-05
Minneapolis Veterans Home
MN
7/11/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Published#
Medical/Healthcare
336
Thieves stole a password protected backup server with names, next of kin, dates of birth, SSNs and some medical information about Minneapolis Veterans Home residents and some dependents.
Attribution 1
Publication:
Star Tribune
Article Title:
Vets Home server held personal data
Author: Norman Draper
Date Published:
7/19/2008
Date Published:
7/18/2008
Article URL: http://www.startribune.com/local/25652209.html? Attribution 2
Publication:
Star Tribune
Author: Tim Harlow
Article Title: Computer server part of haul in Veterans Home burglary Article URL: http://www.startribune.com/local/25623519.html?location_refer=Homepage:latestNews:4
ITRC Breach ID
Company or Agency
Location
ITRC20080721-04
Florida Dept. of Business and Prof. Regulation
FL
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Published #
Government/Military
The Department of Business and Professional Regulation is notifying 150 people they should check their credit reports. A department employee is accused of unsuccessfully trying to get credit cards with personal information the agency received on complaint forms. Attribution 1
Publication: Article Title:
Florida Today Author: AP State agency fires worker in attempted ID theft
Date Published:
7/18/2008
Article URL: http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20080718/BREAKINGNEWS/80718055/1006/NEWS01
Copyright 2008 Identity Theft Resource Center
150
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 86 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080721-03
Baxter International
US
6/24/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
6,900
A Baxter HR employee had a laptop stolen from their hotel room while attending a conference. On the laptop were 2 files with names, SSNs, encoded information regarding background checks and addresses or current, former and prospective US employee adding up to roughly 6,900 people. Attribution 1
Publication:
notice to NH AG and MD AG
Article Title:
Baxter International breach
Author: Jeanne Mason, Corp
Date Published:
7/11/2008
Article URL: http://doj.nh.gov/consumer/pdf/baxter.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080721-02
Huron Consulting Group
US
7/8/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A leading provider of financial and operational consulting services, Huron Consulting Group discovered that an employee may have stolen paychecks and fraudulently endorsed and cashed or deposited them. The employee was fired, but when the employee's company laptop was returned to them by an associate of the employee on July 8, Huron discovered that the employee, who had had authorized access to personal financial information of Huron's current and former employees, had downloaded a full set of employee W-2 forms in a text file on to her laptop. The personal information on the laptop included Social Security numbers as well as banking information used to make direct payroll deposits to employee accounts. Attribution 1
Publication: Article Title:
notice to NH AG Huron Consulting Group
Author: Steven Ginsburg
Date Published:
7/15/2008
Article URL: http://doj.nh.gov/consumer/pdf/huron.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080721-01
Heinemann-Raintree Publishers, Pearson
US
1/1/2007
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A year and a half after an intruder accessed its customer database, Heinemann-Raintree, a Pearson Education affiliate that publishes books for school libraries and classrooms, discovered the breach and secured their web sites. Personal information on customers included names, billing and shipping addresses, payment methods, and credit-card numbers. The company is not indicating how many customers may be affected. Attribution 1
Publication: Article Title:
notice to NH AG Author: George Costello, Sr. Heinemann-Raintree, Pearson Education breach
Date Published:
7/15/2008
Article URL: http://doj.nh.gov/consumer/pdf/pearson_education.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080718-03
University of Maryland
MD
7/8/2008
Paper Data
Educational
University of Maryland said Thursday they accidentally released the addresses and social security numbers of thousands of students. The University of Maryland's Department of Transportation Services sent all students, a total of more than 23,000, registered for classes a brochure with on-campus parking information. It was sent by U.S. Mail. The mailings were sent out July 1, but the problem was not discovered until July 8.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
23,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 87 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
WJLA
Article Title:
UMD Released Students' Social Security Numbers
Author: staff
Date Published:
7/17/2008
Article URL: http://www.wjla.com/news/stories/0708/536794.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080718-02
Bristol-Myers
NY
6/4/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Unknown#
Business
0
Bristol-Myers Squibb Co. (BMY) said a backup computer-data tape containing former and current employees' personal information, including Social Security numbers and in some cases bank account information, was stolen recently. Family member data may also have been on the tape. The New York drug maker learned of the theft on June 4, and began notifying current and former employees by letter in the past few days, spokeswoman Tracy Furey told Dow Jones Newswires Thursday afternoon. The Bristol-Myers backup data tape was stolen while being transported from a storage facility. By letter dated July 11 to the NH AG, James M. Beslity, Senior Counsel, Global Privacy and Records Management Law Department, reported that the data on the tape were protected by a 12-character password "that it is readable and accessible only through the use of specialized software." Attribution 1
Publication: Article Title:
Computer World Author: Brian Fonseca Stolen tape puts Bristol-Myers employee data at risk
Date Published:
7/22/2008
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9110485&i Attribution 2
Publication:
CNN Money
Article Title:
Bristol-Myers: Tape With Workers' Personal Data Was Stolen
Author: Peter Loftus, Dow Jon
Date Published:
7/17/2008
Article URL: http://money.cnn.com/news/newsfeeds/articles/djf500/200807171514DOWJONESDJONLINE000844_FORTUNE5.htm
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080718-01
Wachovia Bank Lafayette Hill
PA
9/10/2007
Electronic
Banking/Credit/Financial
Records Exposed?
Exposed # of Records Rptd
Yes Published #
13
A former teller at the Lafayette Hill branch of the Wachovia Bank this week admitted his involvement in an identity theft ring that stole $43,000 from bank customer accounts. An investigation eventually pointed to the former teller and it is believed that there are 13 victims. Attribution 1
Publication:
Times Herald
Article Title:
Ex-bank teller admits role in ID theft ring
Author: Margaret Gibbons
Date Published:
7/18/2008
Article URL: http://www.timesherald.com/site/news.cfm?newsid=19859163&BRD=1672&PAG=461&dept_id=33380&rfi=6
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080716-04
Greensboro Gynecology
NC
5/29/2008
Electronic
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
In a letter mailed to patients, Greensboro Gynecology Associates said a backup tape of their computer database was stolen. The medical practice said a backup tape of patient information was stolen on May 29 from an employee who was taking the tape to an off-site storage facility for safekeeping. The stolen information included patients' name, address, Social Security number, employer, insurance company, policy numbers and family members. Attribution 1
Publication:
News & Record
Article Title:
Security breach puts Greensboro Gynecology patients’ personal information at risk
Author: Ryan Seals
Date Published:
7/15/2008
Article URL: http://www.news-record.com/content/2008/07/15/article/security_breach_puts_patients_of_greensboro_gynecology
Copyright 2008 Identity Theft Resource Center
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 88 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080716-03
Indiana State University
IN
7/12/2008
Electronic
Records Exposed? Yes (Password) Published#
Educational
Exposed # of Records Rptd
2,500
A password-protected laptop computer containing personal information for an estimated 2,500 or more current and former Indiana State University students was stolen during the weekend, the university reported today. The laptop contained data for students who took economics classes from 1997 through the spring semester 2008, estimated at more than 2,500 individuals. The information includes names and student identification numbers. Beginning in 2003, use of Social Security numbers as student ID numbers was discontinued in favor of university-specific identification numbers so some SSNs may be affected. The theft occurred Saturday while the professor was traveling in southern Indiana. UPDATE: Computer has been returned by mail Attribution 1
Publication:
WLFI
Article Title:
Stolen Indiana State laptop returned to professor
Author: AP
Date Published:
7/22/2008
Date Published:
7/15/2008
Article URL: http://www.wlfi.com/Global/story.asp?S=8716428&nav=menu591_3 Attribution 2
Publication:
The Tribune Star
Author: staff
Article Title: Stolen laptop contains ISU student information Article URL: http://www.tribstar.com/local/local_story_197153753.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080716-02
EF Mortgage of Portage
MI
7/15/2008
Paper Data
Banking/Credit/Financial
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
Responding to a tip on Tuesday, NEWSCHANNEL 3 found a dumpster full of Social Security numbers, names and addresses, all left out in the open for anyone to see. According to Michigan law, records containing personal information are supposed to be disposed of in a way that prevents the public from finding them, but that did not happen to these files. Nearly all of the files register to E.F. Mortgage of Portage, a business that NEWSCHANNEL 3 has been told no longer exists Attribution 1
Publication: Article Title:
WWMT Author: staff Dumpster full of personal information discovered in Kalamazoo
Date Published:
7/15/2008
Article URL: http://www.wwmt.com/news/information_1351219___article.html/newschannel_dumpster.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080716-01
Missouri National Guard
MO
7/14/2008
Electronic
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
2,000
About 2000 Missouri National Guardsmen have been breached. In a recent press release, the following information was disclosed: The theft of computer hardware containing a list with names, social security numbers and military unit of assignments, potentially compromised the personal information of up to 2,000 Missouri National Guardmembers. All affected members will receive letters. Attribution 1
Publication: Article Title:
St Louis Post Dispatch Author: Carolyn Tuft Breach puts Mo. soldiers' personal data at risk
Date Published:
7/15/2008
Article URL: http://www.stltoday.com/stltoday/news/stories.nsf/news/missouristatenews/story/ca0fe7785a2d8471862574870051f Attribution 2
Publication: Article Title:
Author: MO National Guard
Date Published:
FAQ released
Article URL: http://www.moguard.com/What%20Happened%20in%20July%202008%20and%20How%20Does%20this%20Affect%2
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 89 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 3
Publication:
from MO National Guard
Article Title:
MO National Guard
Author: press release provide
Date Published:
Article URL: provided to ITRC directly from MO National Guard
ITRC Breach ID
Company or Agency
Location
ITRC20080715-05
LPL Financial #5
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Published #
Banking/Credit/Financial
10,219
For the second time in a year, LPL Financial has experienced a major technology snafu, this time reporting that hackers "compromised" the logon passwords of 14 financial advisers and four assistants. The hackers' goal was to use the passwords to gain access to customer accounts in order to "pump and dump" penny stocks. The incidents, which began last July, affected 10,219 clients, Boston-based LPL said in a letter dated May 6 to Maryland Attorney General Douglas F. Gansler. Valuable private client information was at stake, Keith H. Fine, senior vice president and associate counsel of LPL wrote in the letter, as the hackers potentially could get their hands on clients' unencrypted names, addresses and Social Security numbers. Attribution 1
Publication:
Investment News
Author: Bruce Kelly
Date Published:
7/8/2008
Article Title: Hackers compromised LPL security Article URL: http://www.investmentnews.com/apps/pbcs.dll/article?AID=/20080708/REG/134627256/1094/INDaily01 Attribution 2
Publication:
notice to MD AG
Article Title:
LPL Breach
Author: Keith Fine
Date Published:
5/6/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152079.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080715-04
Supreme Builders
TX
7/5/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Reams of closing sale documents with money orders, SSNs, driver's license numbers and bank statements were left in an open garage of an unfinished home in a subdivision. The police felt it was a civil matter since the residents were trespassing when they entered the open garage to retrieve their documents. The community blames the builders. The company appears to be in violation of the Texas Identity Theft Protection Act of 2005, Section 48.102 which require they safeguard sensitive information collected. Attribution 1
Publication:
The Courier
Article Title:
No disclosure
Author: Jamie Nash
Date Published:
7/12/2008
Article URL: http://www.hcnonline.com/site/news.cfm?newsid=19846801&BRD=1574&PAG=461&dept_id=639299&rfi=6 Attribution 2
Publication: Article Title:
KHOU Conroe residents' personal info exposed
Author: Leigh Frillici
Date Published:
7/5/2008
Article URL: http://www.khou.com/topstories/stories/khou080704_jj_sensitivedocumentsfound.21a247c9.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080715-03
Washington Metro Area Transit Authority
DC
6/9/2008
Electronic
Government/Military
The names and SSNs of nearly 4700 former and current employees were mistakenly posted on the transit agency's web site last month according to officials. The information was posted between June 9 and June 25, when the breach was discovered. The information was part of a solicitation from Metro to companies interested in providing workers' compensation and risk management services. The document mistakenly included the Social Security numbers of 4,675 employees. The names and Social Security numbers of a smaller group of employees also were posted in the lengthy document.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
4,700
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 90 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Washington Post
Article Title:
Posting of Social Security Numbers Results in Suspension of 3 Workers
Author: Leah Sun
Date Published:
7/15/2008
Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/07/14/AR2008071402245_pf.html Attribution 2
Publication: Article Title:
Forbes Author: AP Metro releases employees' Social Security numbers
Date Published:
7/14/2008
Article URL: http://www.forbes.com/feeds/ap/2008/07/14/ap5213364.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080715-02
Weber Law Firm
TX
7/14/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Harris County Sheriff's deputies uncovered hundreds of people's personal financial files in 32 boxes that had been discarded in a dumpster in northwest Houston on Monday. The records were mostly bankruptcy case files from a Houston attorney's office that found their way into a dumpster belonging to a Houston day care. The papers included personal financial records, documents with Social Security numbers, people's medical files and more. Local police said it was "no big deal" however the State AG said he could find plenty to charge the Weber Law Firm with. “If there were boxes of documents that potentially contained hundreds or thousands of names, that could potentially be hundreds or thousands of violations,” Abbott said. Attribution 1
Publication:
KHOU
Article Title:
AG looking into Houston file-dumping case
Author: Jeremy Desel
Date Published:
7/18/2008
Article URL: http://www.khou.com/business/stories/khou080717_tj_filedumping.677a3ce4.html Attribution 2
Publication:
11 News
Author: Jeremy Desel
Date Published:
7/15/2008
Article Title: Personal records from Houston attorney's office found in trash dumpster Article URL: http://www.khou.com/business/stories/khou080711_tj_recordsfound.57f842ba.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080715-01
University of Texas Austin
TX
1/1/2008
Electronic
Records Exposed? Yes Published #
Educational
Almost twenty-five hundred UT Austin students have had their personal information including names and SSNs posted on the web without their knowledge for about five years. The files have now been deleted. The files were discovered in January 2008 and University officials restricted access to the files at that time, but copies remained in the Yahoo search engine caches until at least late May. Attribution 1
Publication:
KXAN
Author: staff
Date Published:
7/15/2008
Date Published:
7/14/2008
Article Title: SSN Numbers breached at UT Article URL: http://www.kxan.com/Global/story.asp?S=8676383&nav=0s3d Attribution 2
Publication:
KLBJ Radio
Article Title:
Watchdog Group finds UT Students’ Socials Online
Author: Newsroom
Article URL: http://www.590klbj.com/News/Story.aspx?ID=95423
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
2,500
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 91 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080711-03
Liberty Furniture
MS
7/9/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Thousands of financial records, shipping order forms, and W-2's of former employees of Liberty Furniture were scattered along the road in Tate County, Mississippi. Many of the records are from Liberty Furniture, a North Carolina based company with Mid-South ties to Cromcraft - a furniture warehouse in Tate County. Most of the W-2's are from the late 1970's and early 80's. And we're told Liberty Furniture went out of business more than twenty years ago. Attribution 1
Publication:
Eyewitness News ABC 24
Author: Kevin Holmes
Date Published:
7/10/2008
Article Title: Tax Forms and other Personal Information Found Along Road in Tate County Article URL: http://www.myeyewitnessnews.com/news/local/story.aspx?content_id=1601248c-3496-44ad-a2a3-053a779e9edf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080711-02
Fort Lewis
WA
7/4/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
900
A 17-year-old Lacey boy faces a charge of suspicion of possession of stolen property after Tumwater police uncovered items from vehicle prowls, including a stolen Army laptop containing information about up to 900 Fort Lewis soldiers, police reported today. On July 4, an Army employee reported to Lacey police that someone had taken a laptop and a 500-gigabyte removable hard drive that he left on the seat of his unlocked Dodge truck overnight. Attribution 1
Publication:
The News Tribune
Author: Mike Gilbert
Date Published:
7/11/2008
Date Published:
7/11/2008
Article Title: Army records on stolen laptop Article URL: http://www.thenewstribune.com/news/local/story/409911.html Attribution 2
Publication:
Olympian
Article Title:
Laptop with information about soldiers found; Lacey teen arrested
Author: Venice Buhain
Article URL: http://www.theolympian.com/377/story/504243.html
ITRC Breach ID
Company or Agency
Location
ITRC20080711-01
Williamson County Schools
TN
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Published #
School officials in Williamson County are working to determine how sensitive data from as many as 17,000 students was accidentally released onto the internet. The information was exposed in the fall of 2007 and included names, social security numbers, birthdates and test scores. Attribution 1
Publication:
WKRN.com
Article Title:
Williamson Co. investigates security breach
Author: staff
Article URL: http://www.wkrn.com/global/story.asp?s=8656193
Copyright 2008 Identity Theft Resource Center
Date Published:
7/11/2008
Exposed # of Records Rptd
17,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 92 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080709-02
Wagner Resource Group
DC
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
2,000
Sometime late last year, an employee of a McLean investment firm traded some music, or maybe a movie, with users of the online file-sharing network LimeWire while using a company computer. In doing so, he inadvertently opened the private files of his firm, Wagner Resource Group, to the public. That exposed the names, dates of birth and Social Security numbers of about 2,000 of the firm's clients, including a number of high-powered lawyers and Supreme Court Justice Stephen G. Breyer. UPDATE- in a letter to the MD AG it states 640 individuals. Since the articles came afterwards, that may be a more accurate number. Attribution 1
Publication:
Washington Post
Author: Brian Krebs
Date Published:
7/9/2008
Article Title: Justice Breyer Is Among Victims in Data Breach Caused by File Sharing Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/07/08/AR2008070802997_pf.html Attribution 2
Publication:
AHN News
Article Title:
File Sharing Leads To Data Breach, Including Details Of A U.S. Supreme Court Justice
Author: Vittorio Hernandez
Date Published:
7/9/2008
Article URL: http://www.allheadlinenews.com/articles/7011552003 Attribution 3
Publication:
notice to MD AG
Author: Jackson Lewis
Date Published:
7/1/2008
Article Title: Wagner Resource Group Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154229.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080709-01
Illinois Secretary of State Office
IL
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
A former employee of the IL Secretary of State's office allegedly took documents with SSNs and other PII and stored them in a locker. It was discovered last year when an auctioneer bought the locker contents after rent was not paid. Charges are not being files since the former employee did not have exclusive access to the locker. Attribution 1
Publication: Article Title:
Chicago Tribune Author: AP No charges filed against woman who stole documents
Date Published:
7/9/2008
Article URL: http://www.chicagotribune.com/news/chi-ap-il-stolendocuments,0,1379941.story Attribution 2
Publication:
KHQA
Article Title:
State worker linked to car titles on unpaid leave
Author: AP
Date Published:
12/12/2007
Article URL: http://www.khqa.com/news/news_story.aspx?id=75072
ITRC Breach ID
Company or Agency
Location
ITRC20080708-03
US Foodservice
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
A theft of a US Foodservice laptop which had names, SSNs, and other SPII has involved former and present USF employees and in a few instances their dependents and applicants for jobs at USF. While the laptop was password protected the files were not. UPDATE: In its newest letter to the NH AG the company states that an audit indicates that there appears to be a larger group of individuals whose SSNs were involved than realized before. http://doj.nh.gov/consumer/pdf/298876.pdf Attribution 1
Publication:
notice to NH AG
Article Title:
US Foodservice breach
Author: David Eberhardt
Article URL: http://doj.nh.gov/consumer/pdf/us_foodservice.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
6/13/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 93 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080708-02
Houghton Mifflin Harcourt (HMH)
US
4/25/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
In April, a world-wide Internet attack affected one of Houghton Mifflin Harcourt's websites. SSNs were included in this site. It was not disclosed what type of individuals are affected other than it was not an e-commerce site. 194 individuals in the Trade and Reference Division are being notified so far. Attribution 1
Publication:
notice to NH AG
Author: J Beckwith Burr
Date Published:
7/1/2008
Article Title: HMH breach Article URL: http://doj.nh.gov/consumer/pdf/wilmerhale.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080708-01
Florida Organ and Tissue Registry
FL
6/20/2008
Electronic
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
Yes Published #
55,000
A database with names, addresses, SSNs, dates of birth, driver's license numbers may have been viewed by unauthorized persons due to a potential security flaw in the system
Attribution 1
Publication:
ABC Action News Tampa
Author: Carly Timmons
Date Published:
7/8/2008
Article Title: Breach in Florida donor registry may have exposed IDs Article URL: http://www.abcactionnews.com/news/local/story.aspx?content_id=6dba422a-f7fb-4811-96a8-816aa1bb13af Attribution 2
Publication:
FL DHC site
Article Title:
FL Organ and Tissue Registry breach
Author: FL Agency for Health
Date Published:
Article URL: http://www.fdhc.state.fl.us/Organ/faq.htm
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080707-04
7-Eleven Stores- Citibank ATMs
NY
10/1/2007
Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Police have uncovered a massive identity theft scam in New York City. Thieves have been stealing pin numbers and have gotten away with millions of dollars in cash. The theft came from Citibank ATM's located inside 7-Eleven convenience stores. Federal investigators say from October 2007 to March of this year three identity thieves were able to get cash from those ATMs conveniently without even touching the machines. "It looks like what happened was hackers got into a server that processes ATM transactions from Citibankbranded ATMs at 7-Eleven convenience stores," according to Wired, which first broke the story Attribution 1
Publication:
CBS 2 Chicago
Article Title:
Massive ATM Scam Strikes Citibank
Author: staff
Article URL: http://cbs2chicago.com/national/atm.citibank.7.2.762614.html
Copyright 2008 Identity Theft Resource Center
Date Published:
7/2/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 94 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080707-03
Freedom Credit Union
MA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
Freedom Credit Union is warning customers of a security breach whereby debit card data was electronically captured by individuals who may have used it in a counterfeit scheme. "We have been notified that your Debit card number was one of several obtained during the arrest and indictment of individuals in Eastern Europe and the United States," reads a June 27 letter from Freedom Credit Union to certain customers. In response, the credit union has issued new debit cards and PIN numbers to affected customers. Attribution 1
Publication:
The Republican
Author: Jim Kinney
Date Published:
7/3/2008
Article Title: Customers warned of data grab Article URL: http://www.masslive.com/springfield/republican/index.ssf?/base/news-15/1215069381210310.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080707-02
Clark County Courts
NV
7/4/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
380
In a District Court security breach, a contracted vendor released personal information on about 380 potential jurors to an employee's private e-mail address, court officials said Thursday. The information provided to the email account could have included names, addresses, social security numbers and birth dates. After reviewing the matter, court officials determined much of the personal information released was incomplete. The information was transferred from the printing company that prepares jury summons notices to an unidentified employee's e-mail account. UPDATE- it appears that these people did not have return addresses or had moved out of state, leading to speculation among authorities that the employee may have accumulated the personal data in a scheme to help illegal immigrants enter the country. Attribution 1
Publication:
Las Vegas Sun
Article Title:
Potential jurors’ IDs put at risk in breach
Author: Jeff German
Date Published:
7/16/2008
Article URL: http://www.lasvegassun.com/news/2008/jul/16/potential-jurors-ids-put-risk-breach/ Attribution 2
Publication:
Review Journal
Author: Antonio Planas
Date Published:
7/4/2008
Date Published:
7/3/2008
Article Title: Juror data breach is reported Article URL: http://www.lvrj.com/news/23025969.html Attribution 3
Publication:
ABC 13 Action News
Article Title:
Security Breach At Clark County District Court
Author: Tania Reyes
Article URL: http://www.ktnv.com/Global/story.asp?S=8618750
ITRC Breach ID
Company or Agency
Location
ITRC20080707-01
Wells Fargo
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
In a letter dated May 16, Wells Fargo Senior Counsel September Wethington-Smith disclosed that a Wells Fargo employee working in their reverse mortgage servicing department had "inappropriately used" a customer's account information. The employee had access to personal information in the course of regular employment. That information included names, addresses, dates of birth, loan numbers, PIN numbers, current bank account numbers and last five digits of their Social Security numbers. Attribution 1
Publication:
notice to NH AG
Article Title:
Wells Fargo breach
Author: Law Dept.
Article URL: http://doj.nh.gov/consumer/pdf/WellsFargoBank.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
5/16/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 95 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080702-03
Baptist Health
AR
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,800
Baptist Health has sent letters warning about 1, 800 patients that the hospital system’s records may have been breached, the Arkansas Democrat-Gazette has learned. The notification came after the arrest of a Baptist Health employee at a Wal-Mart store on 25 counts of financial identity fraud. The letters, mailed last week, follow the firing of the woman in early June. North Little Rock police say Tamara Hill, 30, of that city worked at Baptist Health Medical Center-North Little Rock in the emergency department. Attribution 1
Publication:
Arkansas Democrat Gazette
Author: Toby Manthey
Date Published:
7/2/2008
Article Title: Baptist Health alerts patients to ID theft Article URL: http://www.nwanews.com/adg/News/230290/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080702-02
New England Baptist Hospital
MA
12/1/2007
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
9
A check forgery ring targeted patients at New England Baptist Hospital in Boston, using private checking account information and stolen identities to take as much as $3,000 from each victim, according to hospital and law enforcement officials. So far, nine victims have been identified by the hospital, but more may have been targeted, officials said. The victims' checking accounts were raided between December and May, but they have since been reimbursed by their banks. The forgery ring appears to have used basic methods, according to Ruane and hospital officials: A hospital insider apparently took bank routing and account numbers from checks used by patients. The forgers then used popular check-writing software and magnetic ink - available at office supply stores - to create counterfeit checks. Attribution 1
Publication:
Boston Globe
Article Title:
Hospital: Forgers defrauded patients
Author: Jeffery Krasner
Date Published:
7/2/2008
Article URL: http://www.boston.com/business/articles/2008/07/02/hospital_forgers_defrauded_patients/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080702-01
University of NebraskaKearney
NE
6/8/2008
Electronic
Records Exposed? Yes Unknown #
Educational
Officials at the University of Nebraska at Kearney discovered a security breach involving nine university computers in early June, and this week, letters are going out to individuals who may be affected. "The computers involved in the incident were immediately secured, and the university took additional steps to prevent unauthorized external access to any campus computers," said Deborah Schroeder, UNK assistant vice chancellor for Information Technology. "We have no evidence that an unauthorized individual has actually retrieved, or is using, any of the social security numbers for illegal or malicious activity," Schroeder said. Attribution 1
Publication:
University Press Release
Article Title:
Unversity of Nebraska - Kearney
Author: VC- Curt Carlson
Article URL: http://www.unk.edu/news/nr/index.php?id=37832
Copyright 2008 Identity Theft Resource Center
Date Published:
7/2/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 96 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080630-04
Montgomery Ward
US
12/1/2007
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
51,000
At least 51,000 credit card numbers were exposed in the breach at the parent company of Montgomery Ward and failed to report it to customers. It is now owned by Direct Marketing Services.
Attribution 1
Publication:
TMC Net
Article Title:
Montgomery Wards
Author: AP Online
Date Published:
6/28/2008
Date Published:
6/27/2008
Article URL: http://www.tmcnet.com/usubmit/2008/06/28/3521821.htm Attribution 2
Publication:
SC Magazine
Article Title:
Montgomery Ward fails to alert victim breach
Author: Chuck Miller
Article URL: http://www.scmagazineus.com/Report-Montgomery-Ward-fails-to-alert-victims-of-breach/article/111922/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080630-03
undisclosed Internet-based order processing server
US
1/1/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A 21-year-old Maple Grove man admitted in federal court Friday to hacking his way into the credit card information of thousands of people from an undisclosed Internet-based order processing center and using some of the information to add value to gift cards that he purchased and then sold on Craigslist. Attribution 1
Publication:
Star Tribune
Article Title:
Maple Grove man pleads guilty to wire fraud and identity theft
Author: Paul Walsh
Date Published:
6/27/2008
Article URL: http://www.startribune.com/local/22081329.html?location_refer=Homepage:highlightModules:4
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080630-02
Frontier Homes Arizona Project
AZ
6/27/2008
Paper Data
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
Frontier Homes Arizona Project Manager Doug Stewart said Thursday that personal financial files of homeowners found outside of the old Frontier sales office did not belong to Frontier. The files were discovered by a resident who called police to notify them that the box of files was sitting out in the open near the old office, near Keller Drive and Miller Way. The company states that all files are in their hands. Maricopa police, however, collected more than a dozen files containing homeowners' financial information and began calling residents Thursday afternoon seeking to return them. Attribution 1
Publication:
Tri-Valley Central
Article Title:
Personal financial records found outside closed Maricopa builder's office
Author: staff
Date Published:
6/28/2008
Article URL: http://www.zwire.com/site/news.cfm?newsid=19812938&BRD=1817&PAG=461&dept_id=68561&rfi=6
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080630-01
University of VA
VA
4/1/2008
Electronic
Educational
A thief walked away with a laptop containing a University of Virginia biochemist's name and Social Security number, as well as those of more than 7,000 other professors, staff members, and students. The machine belonged to a university employee who had taken it off campus.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
7,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 97 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Chronicle of Higher Education- issue 7/4
Article Title:
Increase in Stolen Laptops Endangers Data Security
Author: Andrea Foster
Date Published:
6/30/2008
Article URL: http://chronicle.com/free/v54/i43/43a00103.htm
ITRC Breach ID
Company or Agency
Location
ITRC20080627-04
L-1 Identity Solutions - DPS
TX
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
826
A lockbox containing the information was taken from the home office of an employee of L-1 Identity Solutions, a private company contracted by the Department of Public Safety to do fingerprinting. Notices are in the mail to inform the hundreds of victims that their names, home addresses, dates of birth, driver's license and Social Security numbers are in the hands of criminals. About 100 of those people work for the State Board of Education, and this is happening less than a year after the Texas Legislature mandated that all education employees submit their fingerprints for criminal background checks. Attribution 1
Publication:
KXAN
Author: staff
Date Published:
6/26/2008
Article Title: Workers' data stolen from DPS-contracted company Article URL: http://www.kxan.com/Global/story.asp?S=8562199
ITRC Breach ID
Company or Agency
Location
ITRC20080627-03
Xlibris Corp
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
Xlibris Corporation has notified the New Hampshire Attorney General's office that a hacker was able to access their online store database. The database contained names, addresses, and credit card numbers of purchasers.
Attribution 1
Publication:
notice to NH AG
Author: Jonathan HuggEsq
Date Published:
6/20/2008
Article Title: Xlibris Corp Article URL: http://doj.nh.gov/consumer/pdf/xlibris.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080627-02
Envision Credit Union
FL
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Banking/Credit/Financial
(may link to Dave & Busters- unknown at publication time). Envision Credit Union has deactivated 612 credit and debit cards following the arrest of computer hackers. The hackers had in excess of a million card numbers, possible from a national restaurant chain hacking. Attribution 1
Publication:
Tallahassee Democrat
Author: Steve Liner
Date Published:
Article Title: Updated: Credit-card thefts lead to 612 Envision cards deactivated Article URL: http://www.tallahassee.com/apps/pbcs.dll/article?AID=/20080627/BUSINESS/806270364
Copyright 2008 Identity Theft Resource Center
6/27/2008
Exposed # of Records Rptd
612
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 98 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080627-01
BetonSports.com
US
6/23/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
150
A former employee of BetonSports.com stole the names, SSNs and dates of birth of some 150 people to commit bank and wire fraud. He has been charged by the US Attorney's office.
Attribution 1
Publication:
WNBC 4 New York
Article Title:
Man Accused Of Helping To Steal Personal Information Online
Author: staff
Date Published:
6/23/2008
Article URL: http://www.wnbc.com/investigations/16688536/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080625-02
EZMONEY/ EZPAWN
TX
5/1/2007
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
0
Texas Attorney General Greg Abbott has reached an agreement with two Austin companies that will protect Texans from identity theft. The settlement resolves the state’s May 2007 enforcement action against EZMONEY, L.P. and EZPAWN L.P., which were charged with violating state laws governing the disposal of customer records containing sensitive personal information. Under Texas law, vendors must take specific precautions before discarding documents that include customers’ bank accounts, driver’s license and Social Security numbers. Attribution 1
Publication:
TX AG
Author: TX AG Press Release
Date Published:
6/23/2008
Article Title: Attorney General Abbott Reaches Agreement To Protect Texans From Identity Theft Article URL: http://www.oag.state.tx.us/oagNews/release.php?id=2519
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080625-01
CA Dept. of Consumer Affairs
CA
6/5/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
5,000
The CA Department of Consumer Affairs has sent letters to 5,000 employees, contractors and board members warning them of a security breach that has compromised their names and social security numbers. The breach occurred on June 5 or 6 when a Microsoft Word document was improperly transmitted electronically outside of the department, said DCA spokesman Russ Heimerich. Update: A former state worker is under investigation for the breach. Attribution 1
Publication: Article Title:
Sacramento Bee Author: Andrew McIntosh California state worker probed in ID security breach
Date Published:
7/10/2008
Date Published:
6/23/2008
Article URL: http://www.sacbee.com/111/v-print/story/1072332.html Attribution 2
Publication:
Capitol Weekly
Article Title:
Security breach compromises 5,000 social security numbers at Consumer Affairs
Author: Malcolm Maclachlan
Article URL: http://www.capitolweekly.net/article.php?_adctlid=v|jq2q43wvsl855o|x7o0b2qds4gxzs&issueId=x79xdv8us2oeyp&xi
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 99 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080624-02
Bank Atlantic
FL
6/18/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Banking/Credit/Financial
0
Bank Atlantic confirms that they had a data loss involving MasterCard debit cards. It appears it happened via one local merchant, as yet undisclosed.
Attribution 1
Publication:
My Fox Tampa Bay
Article Title:
Data breach at Bay Area bank
Author: staff
Date Published:
6/23/2008
Article URL: http://www.myfoxtampabay.com/myfox/pages/News/Detail?contentId=6830565&version=1&locale=EN-US&layoutCo
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080624-01
New Hampshire Technical Institute - Concord
NH
4/23/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
128
On April 23, New Hampshire Technical Institute, Concord's Community College, discovered that a flash drive that may have contained a folder with names, addresses, phone numbers, social security numbers and email addresses of 128 nursing program graduates from 2006 and 2007 was missing. Attribution 1
Publication:
notice to NH AG
Article Title:
New Hampshire Technical Institute breach
Author: Lynn Kilchenstein
Date Published:
5/30/2008
Article URL: http://doj.nh.gov/consumer/pdf/NHTI.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-10
Surplus Property - KS state computers
KS
6/18/2008
Electronic
Records Exposed? Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
Computers sent to the state Surplus Property agency for sale to the general public still contained confidential information, including thousands of names and Social Security numbers, according to an audit released Wednesday. The discovery by the Legislative Division of Post Audit brought a temporary halt last month to the sale of used state computers, and promises from the heads of several large state agencies to do a better job. The state also is considering whether to hunt down old computers that were sold. 15 computers were checked, 10 still had data on them including SSN of Medicaid beneficiaries. The problem may be worse, In April the state disposed of about 600 other computers but didn't check for deleted data. Attribution 1
Publication: Article Title:
LJ World SSNs likely on sold computers
Author: Scott Rothschild
Date Published:
6/18/2008
Article URL: http://www2.ljworld.com/news/2008/jun/18/used_state_computers_found_confidential_files/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-09
Citibank
NY
10/1/2007
Electronic
Banking/Credit/Financial
A computer hacking into a Citibank server allowed 2 men to process ATM withdrawals from NY City cash machines to the tune of $750,000. This is the first ATM spree tied to a breach of a major bank. Citibank denied to Wired.com's Threat Level that its systems were hacked. But the bank's representatives warned the FBI on February 1 that "a Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached," according to a sworn affidavit (.pdf) by FBI cyber-crime agent Albert Murray.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 100 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Wired
Article Title:
Citibank Hack Blamed for Alleged ATM Crime Spree
Author: Kevin Poulsen
Date Published:
6/18/2008
Date Published:
2/28/2008
Article URL: http://blog.wired.com/27bstroke6/2008/06/citibank-atm-se.html Attribution 2
Publication: Article Title:
US District Court, Eastern District of NY sworn statement to FBI by Citibank
Author:
Article URL: http://blog.wired.com/27bstroke6/files/citibank_complaint_edny.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-08
Facebook
US
5/2/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
During the installation of a software update a code glitch allowed driver's license images of some Facebook members to be available to visitors to their Pages for approximately 2 hours.
Attribution 1
Publication: Article Title:
notice to MD AG Facebook
Author: Simon Axten
Date Published:
6/9/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153491.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-07
Colt Express Outsourcing Services - multiple clients
CA
5/26/2008
Electronic
Records Exposed? Yes Published #
Business
About 20 client companies of Colt Express Outsourcing Services including CNet, Google, Pillsbury Winthrop Shaw Pittman LLP, American Baptist Homes of the West, 24 Hour Fitness and Bankers Benefits were affected when a computer was stolen from Colt offices. The information included names, SSNs, of current and former employees and their dependents. Notices have been filed by numerous entities with either the New Hampshire or Maryland Attorney General's offices. About 70,000 records are known to be compromised and about half of the companies have not disclosed how many records were involved. Attribution 1
Publication:
notice to MD AG
Article Title:
Banker Benefits reports 50,000 involved
Author: Leland Chan
Date Published:
6/30/2008
Date Published:
6/27/2008
Date Published:
6/24/2008
Date Published:
6/20/2008
Date Published:
6/13/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-154875.pdf Attribution 2
Publication:
KHON 2
Article Title:
Punahou School Data Breach
Author: Ron Mizutani
Article URL: http://www.khon2.com/home/ticker/22241409.html Attribution 3
Publication:
notice to NH AG
Article Title:
Google also affected
Author: Lewis Segall
Article URL: http://doj.nh.gov/consumer/pdf/Google.pdf Attribution 4
Publication:
notice to NH AG
Author: Daniel Feldstein
Article Title: Avante Breach tied to Colt Article URL: http://doj.nh.gov/consumer/pdf/synopsys.pdf Attribution 5
Publication:
notice to MD AG
Article Title:
Colt Express Outsourcing Services
Author: Alan Raul
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153493.pdf
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
70,710
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 101 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-06
SunGard Availability Services (SAS) #2
PA
3/5/2008
Electronic
Records Exposed? Yes (Password) Published#
Business
Exposed # of Records Rptd
160
On March 5, 2008 an employee left a laptop in a car outside a mall in King of Prussia. Information with names and SSNs of present and former employees were included.
Attribution 1
Publication:
notice to MD AG
Article Title:
SunGard breach, SAS
Author: Bernard Nash
Date Published:
6/6/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153499.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-05
Balmar Inc
US
4/4/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Balmar Inc. has notified the Maryland Attorney General's Office that SQL-injection queries on their e-commerce site from an IP in Viet Nam resulted in the acquisition and transfer of data from their web server to a web page. Their investigation revealed that at least one fraudulent credit card transaction occurred as a result of the security incident. Attribution 1
Publication:
notice to MD AG
Article Title:
Balmar Inc
Author: Bruce Seger, Preside
Date Published:
6/3/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153502.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-04
LPL Financial
US
5/5/2008
Electronic
Records Exposed? Yes (Password) Published#
Banking/Credit/Financial
Exposed # of Records Rptd
185
Hackers compromised the log-on password of an advisor of LPL Financial to gain access to customer accounts in an attempt to pump and dump penny stocks. About 185 customers may be affected. Names and SSNs are involved of customers and beneficiaries. Attribution 1
Publication:
notice to MD AG
Article Title:
LPL Financial breach
Author: Keith Fine, Sr VP
Date Published:
6/10/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153498.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080623-03
Petroleum Wholesale Sunsmart Convenience
TX
Est. Date
Breach Type Breach Category Paper Data
Business
Records Exposed? Yes Unknown #
The Texas AG has charged Petroleum Wholesale which operates Sunsmart Convenience Stores to id theft by dumping paperwork with names, SSNs, bank account numbers and credit or debit card information. The documents were reportedly dumped behind the company’s former Houston headquarters. They operate 10 stores across the country. Attribution 1
Publication:
KHOU
Article Title:
Houston company accused of exposeing customers to id theft
Author: staff
Date Published:
Article URL: http://www.khou.com/news/local/crime/stories/khou080619_jj_storeid.1c30dcf3.html
Copyright 2008 Identity Theft Resource Center
6/19/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 102 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080623-02
D.C Schools
DC
4/1/2006
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
65
A former D.C. public schools employee admitted in federal court yesterday that she and a friend stole the identities of 65 co-workers and job applicants as part of a scheme to open credit card accounts in their names. Prosecutors said the pair opened about 30 lines of credit with the stolen identities and charged at least $40,000 for items including boys' coats, musical equipment and car service. The scam lasted a year and started in April 2006. As part of her job, she had access to documents that contained the names, birthdates and Social Security numbers of school employees and those who were applying for jobs, according to prosecutors. Attribution 1
Publication:
Washingtonpost.com
Article Title:
Ex-Schools Employee and Friend Admit ID Theft
Author: Del Quentin Wilber
Date Published:
6/20/2008
Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/06/19/AR2008061903559_pf.html
ITRC Breach ID
Company or Agency
Location
ITRC20080623-01
Southeast Missouri State University
MO
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
800
A former Southeast Missouri State University employee has been found with computer data files of personal information of several hundred Southeast students. According to Southeast, files with the names and Social Security numbers of about 800 Southeast students were found on the former employee's computer files. The data was discovered by the Office of Information Technology while activity logs were being reviewed. Attribution 1
Publication:
KFVS 12
Article Title:
Former SEMO Employee Found with Data Files of Personal Information of Students
Author: Christy Hendricks
Date Published:
6/23/2008
Article URL: http://www.kfvs12.com/Global/story.asp?S=8541051
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080618-01
Domino's Pizza
AZ
6/17/2008
Paper Data
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Hundreds of credit card receipts were blowing around the alley from Domino's Pizza store. The TV station contacted the owners of 24 stores in Tucson and she said that she had been discarding boxes of old records near her home and they must have gotten loose. Investigators have destroyed the records they found. Attribution 1
Publication:
New 4 Tucson KVOA
Article Title:
Hundreds of receipts reveal the risk of identity theft
Author: Tom McNamara
Date Published:
6/17/2008
Article URL: http://www.kvoa.com/Global/story.asp?S=8516485&nav=HMO6HMaY
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080617-02
Commerce Bank
PA
3/1/2007
Electronic
Banking/Credit/Financial
A state grand jury has indicted a former employee of the Commerce Bank branch in Mount Laurel on charges she provided personal information of bank customers to individuals who then stole the customers' identities. The indictment alleges that between March 1 and Oct. 30, 2007, Mullner accessed at least 240 bank documents containing customer information, including loan information and account numbers, and unlawfully provided the information to Wood. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
240
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 103 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Burlington County Times
Article Title:
Bank worker charged with identity theft
Author: Melissa Hayes
Date Published:
6/17/2008
Article URL: http://www.phillyburbs.com/pb-dyn/news/112-06172008-1550203.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080617-01
South Bend Teacher's Credit Union
IN
6/14/2008
Electronic
Banking/Credit/Financial
Records Exposed? Yes Published #
Exposed # of Records Rptd
100
More than 100 credit union members in South Bend had money fraudulently taken from their accounts from ATMs over the weekend in places such as Russia and the Ukraine, officials said Monday. Teachers Credit Union is investigating the source of the fraudulent withdrawals that affected 97 of its members, said Paul Marsh, senior vice president for sales and marketing. He said the withdrawals were all transactions based on personal identification numbers made on debit cards at ATMs in nations including Russia, the Ukraine and Nigeria. Attribution 1
Publication:
Chicago Tribune
Article Title:
Credit unions investigate weekend withdrawals overseas
Author: AP
Date Published:
6/16/2008
Article URL: http://www.chicagotribune.com/news/chi-ap-in-creditunions-brea,0,4053122.story
ITRC Breach ID
Company or Agency
Location
ITRC20080616-12
United Transportation Union Insurance Assoc.
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Two laptops being shipped via UPS with names and SSNs are missing.
Attribution 1
Publication:
notice to NH AG and MD AG
Article Title:
UTUIA breach
Author: Stu Collins
Date Published:
6/9/2008
Article URL: http://doj.nh.gov/consumer/pdf/united_trans_union.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-11
R E Moulton
US
3/7/2008
Electronic
Business
Records Exposed? Yes Published #
Thieves broke into the Irving TX office and stole computers with names and SSNs. Approximately 19,000 people were on the master list.
Attribution 1
Publication:
notice to MD AG
Article Title:
RE Moulton
Author: Susan Caito
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153058.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
5/23/2008
Exposed # of Records Rptd
19,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 104 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-10
CAI Hedge Fund Partners
US
4/14/2008
Paper Data
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
113
CAI Hedge Fund Partners mailed out estimated tax information to clients then realized that the SSNs may have been visible through the envelope window.
Attribution 1
Publication:
notice to MD AG
Article Title:
CAI Hedge Fund Partners
Author: Craig Barrack
Date Published:
5/21/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152397.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-09
FINRA- Financial Industry Regulatory Authority
US
5/17/2008
Electronic
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
100
A major money center bank lost a back-up tape that contained image files of checks submitted to FINRA between February 25, 2008- April 25, 2008. The package arrived at the Pittsburgh facility but was torn and the tape was not inside the package. Part of the BNY Mellon breach? Attribution 1
Publication:
notice to MD AG
Article Title:
FINRA breach- part of the BNY Mellon breach?
Author: Laurie Dzien
Date Published:
6/2/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153112.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-08
Quest Diagnostics
NJ
5/1/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Business
Exposed # of Records Rptd
0
Names and SSNs may have been impacted due to the theft of a password protected laptop.
Attribution 1
Publication:
notice to MD AG
Article Title:
Quest Diagnostics
Author: Carol Landorno CPO
Date Published:
5/30/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153105.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-07
WA Suburban Sanitary Commission
MD
5/31/2008
Electronic
Government/Military
Records Exposed? Yes Unknown #
WSSC's computer registration system enabled vendors to register online and some registrants may have used their SSNs. Unfortunately it was hosted on an external web site and had an unauthorized intrusion in the system between May 31-June 1. Attribution 1
Publication:
notice to MD AG
Article Title:
Washington Suburban Sanitary Commission
Author: Adrienne Mandel
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153116.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
6/5/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 105 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-06
H&R Block
US
4/10/2008
Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
H&R Block Digital Tax Services Due to a software application error, a limited set of online message board users may have had access to other users' correspondence with their tax professional including SSNs, bank and credit account numbers and other financial account numbers. Attribution 1
Publication:
notice to MD AG
Article Title:
H&R Block breach
Author: Catherine Watson, Es
Date Published:
6/4/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153113.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-04
Dickson County Schools
TN
6/7/2008
Electronic
Educational
Records Exposed? Yes (Password) Unknown#
Exposed # of Records Rptd
850
A laptop computer containing the Social Security numbers and payroll information of all the employees of the Dickson County school system has been stolen, including information from the 2006-7 school year. The theft occurred sometime between Friday afternoon and Monday morning, said Johnny Chandler, the new county's new schools directors. "It had Social Security numbers, payroll of everybody," Chandler said. "It has a double password so it would take a computer genius to get into it." Attribution 1
Publication:
Tennessean
Author: Teri Burton, Gannet
Date Published:
6/12/2008
Article Title: Official: Dickson schools payroll data on stolen laptop Article URL: http://www.tennessean.com/apps/pbcs.dll/article?AID=/20080612/COUNTY03/806120370 Attribution 2
Publication:
WSMV
Article Title:
Schools' Stolen Laptop Contains Personal Info
Author: Chris Tatum
Date Published:
6/11/2008
Article URL: http://www.wsmv.com/news/16573465/detail.html
ITRC Breach ID
Company or Agency
Location
ITRC20080616-03
CT Dept. of Admin Services
CT
Est. Date
Breach Type Breach Category Electronic
Government/Military
Records Exposed? Yes Unknown #
For more than three years, the state Department of Administrative Services posted the Social Security numbers of individual contractors on a state Web site in violation of state law, exposing the state to lawsuits and monetary loss, according to a recently released state audit. The audit also uncovered that the Social Security numbers of prospective nursing employees were accessible on an agency Web site for 19 months until a complaint was lodged. Attribution 1
Publication:
Hartford Business Journal
Article Title:
SSNs Posted On State Web Sites
Author: Diane Weaver Dunne
Article URL: http://www.hartfordbusiness.com/news5756.html
Copyright 2008 Identity Theft Resource Center
Date Published:
6/16/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 106 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080616-02
Columbia University
NY
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
5,000
University officials confirmed the personal information of about 5,000 current and former Columbia students had been posted online for over a year due to a mistake by a student employee at Housing and Dining. The information included SSNs and apparently stated in the spring of 2007. An alumna reported the file location to Housing and Dining on June 3, 2008. Attribution 1
Publication:
Columbia Spectator
Article Title:
5000 Students Informed of Online Security Breach
Author: Jacob Schneider and
Date Published:
6/11/2008
Article URL: http://www.columbiaspectator.com/node/55185
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-01
Bearing Point Inc
VA
5/14/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
The residence of an employee was burglarized and a company issued laptop was taken. It included names and SSNs.
Attribution 1
Publication:
notice to MD AG
Article Title:
Bearing Point Inc
Author: Russ Berland, CCO
Date Published:
6/5/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153117.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080616-01
Texas Insurance Claims Services
TX
6/13/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Hundreds of files with people's names, SSNs and policy numbers were found in a Richardson dumpster from Texas Insurance Claims Services.
Attribution 1
Publication:
WFAA TV
Article Title:
Insurance files found in Richardson dumpster
Author: Rebecca Lopez
Date Published:
6/13/2008
Article URL: http://www.wfaa.com/sharedcontent/dws/news/localnews/tv/stories/wfaa080613_lj_lopez.2c3f840a.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080611-08
Nationwide - Farm Bureau
OH
4/1/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
10,000
2 local farm bureaus, Hamilton and Warren County, had 10,000 Cincinnati area people potentially affected when a computer with SSNs was stolen in April. Not all of the people are farmers; all are Nationwide Insurance customers. Attribution 1
Publication:
SmartBrief
Article Title:
Farm bureau security breach affects Nationwide customers
Author: PCI SmartBrief
Date Published:
6/11/2008
Article URL: http://www.smartbrief.com/news/pci/storyDetails.jsp?issueid=1E468AEE-00D0-4C80-9EE6-8A8CF0075875©id=6
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 107 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
WCPO - ABC
Article Title:
Farm Bureau/ Nationwide Insurance Security Breach
Author: John Batarese
Date Published:
6/10/2008
Article URL: http://www.wcpo.com/content/news/localshows/dontwasteyourmoney/story.aspx?content_id=4595411d-e836-4ffd-a
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080611-07
Stanford University
CA
6/1/2008
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
72,000
Stanford had a laptop stolen. The records include current and former employees hired before Sept. 28, 2007. http://www.stanford.edu. Officials estimate that the problem could extend to as many as 60,000 people currently or previously employed by Stanford. The information may include name, SSN, Stanford ID card number and other information. The Chronicle reported that a spokesperson reported 72,000 people Attribution 1
Publication:
SF Chronicle
Article Title:
Stanford employees' data on stolen laptop
Author: Ilana DeBare
Date Published:
6/8/2008
Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/06/07/BAR9115907.DTL Attribution 2
Publication: Article Title:
Stanford Report Author: Stanford Report Stanford alerts employees that stolen laptop had personal data
Date Published:
6/6/2008
Article URL: http://news-service.stanford.edu/news/2008/june11/laprelease-061108.html
ITRC Breach ID
Company or Agency
ITRC20080611-06
Southington Water and Power CT
Location
Est. Date
Breach Type Breach Category
5/25/2008
Paper Data
Government/Military
Records Exposed?
Exposed # of Records Rptd
Yes Published #
26
CT is asking Southington to protect the names and SSNs of 26 current and former water department employees after documents about them were stolen.
Attribution 1
Publication: Article Title:
Record Journal Payroll records stolen
Author: Leslie Hutchison
Date Published:
6/16/2008
Article URL: http://www.myrecordjournal.com/site/tab1.cfm?newsid=19777902&BRD=2755&PAG=461&dept_id=592708&rfi=6 Attribution 2
Publication:
Courant
Article Title:
State Asks Southington To Give 26 ID-Theft Protection
Author: Ken Byron
Date Published:
6/7/2008
Article URL: http://www.courant.com/news/local/nb/hc-southeft0607.artjun07,0,983269.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080611-05
East Tennessee State University
TN
5/17/2008
Electronic
Educational
Records Exposed? Yes (Password) Published#
A password protected computer was stolen on May 17 which included personal identifiable information.
Attribution 1
Publication:
Knox News
Article Title:
ETSU says stolen computer could lead to identity theft
Author: staff
Date Published:
6/7/2008
Article URL: http://www.knoxnews.com/news/2008/jun/07/etsu-says-stolen-computer-could-lead-identity-thef/
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
6,200
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 108 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080611-04
University of So Carolina
SC
5/25/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Educational
7,000
The Univ of SC had a desktop stolen from an office at the business school over the Memorial Day weekend. It included some staff and student information personally identifiable data.
Attribution 1
Publication:
The State
Article Title:
USC warns personal data may be on stolen computer
Author: James Hammond
Date Published:
6/9/2008
Article URL: http://www.thestate.com/breaking/story/428754.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080611-03
University of Utah Hospitals and Clinics
UT
6/2/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Medical/Healthcare
2,200,000
A metal box with encrypted backup tapes with billing records for 2.2 million patients and guarantors was stolen from a car belonging to a driver who worked for an independent storage company contracted by the health-care system. After moving them in a secure transport, he took them home where they were stolen from his car. He has been fired. None of the records contained credit card numbers but about 1.3 million patient records had SSNs. There's no evidence any of the information on the tapes has been accessed and anyone trying to use the tapes would need specialized equipment to view the contents, according to officials. Attribution 1
Publication:
Daily Utah Chronicle
Author: Michael McFall, Jed B
Date Published:
6/11/2008
Article Title: U hospital billing records missing Article URL: http://media.www.dailyutahchronicle.com/media/storage/paper244/news/2008/06/11/News/U.Hospital.Billing.Record Attribution 2
Publication:
Salt Lake Tribune
Article Title:
U of U medical records stolen, 2.2 million patients' data at risk
Author: Melinda Rogers
Date Published:
6/11/2008
Date Published:
6/10/2008
Article URL: http://www.sltrib.com/ci_9540210 Attribution 3
Publication:
Business Wire
Author: staff
Article Title: University of Utah Hospitals & Clinics Notifies Patients of Billing Records Theft Article URL: http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20080610006379&newsLang=en
ITRC Breach ID
Company or Agency
Location
ITRC20080611-02
University of Florida
FL
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Published #
Educational
An online exposure was reported that includes the names and SSNs of 11,300 current and former UF students that attended CLAS between 2003-2005. The error was discovered during a recent audit.
Attribution 1
Publication:
Times Union Jacksonville
Author: Adam Aasen
Date Published:
6/10/2008
Article Title: Thousands of UF students’ private records breached online Article URL: http://news.jacksonville.com/justin/2008/06/10/thousands-of-uf-students-private-records-breached-online/ Attribution 2
Publication:
UF Website
Article Title:
Press Release and Info, UF Website
Author: staff
Article URL: http://privacy.ufl.edu/CLASBreach/
Copyright 2008 Identity Theft Resource Center
Date Published:
11,300
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 109 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080611-01
HSBC Card/ Retail Services and Bank Nevada
US
4/14/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
In a breach possibly attributed to the Hannaford breach, HSBC informed the NH AG that unauthorized disclosure of customer info was enabled via the Forgot Login Password page of a website. The person had to know the account number and last 4 digits of the SSN. HSBC said this incident had a 95% match rate with the accounts compromised by the Hannaford Brothers Breach. It is uncertain if it is linked. Attribution 1
Publication:
notice to NH AG
Article Title:
HSCB possible breach
Author: Tomas Chambers, VP
Date Published:
4/25/2008
Article URL: http://doj.nh.gov/consumer/pdf/hsbc.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080605-01
AT&T
US
5/15/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
113,000
An undisclosed number of management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop. The laptop was stolen May 15 from the car of an employee, Walt Sharp, a spokesman for AT&T, told SC MagazineUS.com on Wednesday. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information. UPDATE: n a disclosure letter to the Maryland Attorney General's office subsequently posted online, AT&T reported that the laptop, stolen from an employee's vehicle in San Antonio, contained unencrypted Social Security numbers and bonus/salary information. AT&T's mandated notification to the NYS Attorney General's office, now obtained by this site, reveals that 113,595 employees had their personal information on the stolen laptop. Of the total, 1,933 were New York State residents. Attribution 1
Publication:
MD AG notification list
Article Title:
AT&T
Author:
Date Published:
8/11/2008
Date Published:
6/4/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152589.pdf Attribution 2
Publication:
SC Magazine US
Author: staff
Article Title: AT&T management staff data on stolen laptop Article URL: http://www.scmagazineus.com/ATT-management-staff-data-on-stolen-laptop/article/110884/ Attribution 3
Publication:
notice to MD AG
Article Title:
Notice to MD AG
Author: Dorothy Attwood
Date Published:
5/22/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152589.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080604-02
Oregon State Bookstore
OR
6/15/2008
Electronic
Educational
Records Exposed? Yes Published #
Credit card scamming (skimming?) is the unofficial cause of 4700 online bookstore customers who noticed suspicious charges on their credit cards immediately after they'd placed online orders. State Police Lieutenant Jeff Lanz says the security breach appears to have originated outside the university, but where is unknown. Attribution 1
Publication:
Democrat Herald.com
Article Title:
OSU Bookstore investigating possible ID theft
Author: staff
Article URL: http://www.dhonline.com/articles/2008/06/03/news/local/5loc10_osu.txt
Copyright 2008 Identity Theft Resource Center
Date Published:
6/3/2008
Exposed # of Records Rptd
4,700
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 110 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
KGW
Article Title:
Police investigate online thefts at Oregon State bookstore
Author: AP
Date Published:
6/3/2008
Article URL: http://www.kgw.com/sharedcontent/APStories/stories/D912RHPG1.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080604-01
Axcess Financial
US
10/23/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Unknown#
Business
0
A stolen Axcess Financial password employee computer has resulted in the potential risk of names and SSNs. The crime occurred on October 23, 2007 but notification was on May 13. 142 NY residents were notified.
Attribution 1
Publication:
notice to NH AG
Article Title:
Axcess Financial breach
Author: Stephen Schaller, Ge
Date Published:
5/13/2008
Article URL: http://doj.nh.gov/consumer/pdf/axcessfinancial.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080603-03
CT Dept. of Labor
CT
5/25/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Government/Military
2,100
State labor officials say records with confidential information on about 2,100 people have been lost and might have been mistakenly shredded. The files contained copies of letters informing applicants that they were ineligible for the unemployment insurance. They were dated between May 2 and May 20 and contained names, addresses and Social Security numbers. Attribution 1
Publication:
Newsday
Article Title:
Labor agency reports losing unemployment files
Author: staff
Date Published:
6/2/2008
Article URL: http://www.newsday.com/news/local/wire/connecticut/ny-bc-ct--lostlaborrecords0602jun02,0,7864495.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080603-02
Wheeler's Moving
FL
6/2/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Nearly 20 years' worth of personal records appear to be among those tossed into a dumpster on Northwest 1st Avenue in Boca Raton. The documents were discovered by an unknown person Monday night. The files appear to have belonged to Wheeler's Moving, a local company once based out of an office near the dumpsters. Some of the documents appear to be old client files, including banking account and routing numbers. There are also personnel files, which appear to contain driver's license and social security numbers, as well as tax information, addresses, phone numbers, and birth dates. Attribution 1
Publication:
CBS 12
Article Title:
Personal Records Found in Boca Dumpster
Author: staff
Date Published:
Article URL: http://www.cbs12.com/news/records_4707964___article.html/dumpster_personal.html
Copyright 2008 Identity Theft Resource Center
6/3/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 111 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080603-01
Roswell Dept of Workfoce Solutions
NM
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Exposed # of Records Rptd
Yes Unknown #
Government/Military
0
State documents with names and Social Security numbers were thrown into a trash bin behind the state Department of Workforce Solutions office in Roswell. A department official, Magil Duran, says the agency recently moved to a new location and a janitor inadvertently threw four boxes of folders containing the documents into the bin Monday. Attribution 1
Publication:
Current-Argus
Article Title:
Documents with Social Security numbers tossed out in Roswell
Author: staff
Date Published:
6/3/2008
Article URL: http://www.currentargus.com/ci_9464881
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080602-04
Walter Reed Army Medical Center
MD
5/21/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,000
Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach, sparking identity theft concerns and an investigation by the Army. Names, Social Security numbers, birth dates and other information was released, hospital officials said Monday. The computer file that was breached did not include information such as medical records, or the diagnosis or prognosis for patients, they said. Walter Reed officials declined to explain exactly how the information was compromised, pending an ongoing investigation by the hospital and the Army. They would only say that the computer file was found on a "non-government, non-secure computer network." Attribution 1
Publication: Article Title:
Yahoo News Author: AP, Jennifer Kerr Walter Reed says patient data may be compromised
Date Published:
6/2/2008
Article URL: http://news.yahoo.com/s/ap/20080602/ap_on_go_ot/walter_reed_data_breach;_ylt=Ai1MN3gpuCFTy8o0aCaJkL8NJ_
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080602-03
BNY Mellon- #2
US
4/29/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Bank of New York Mellon Corp., the world's largest custodian of assets, reported a second potential breach of customer data this year and said it will provide enhanced fraud-protection services to those affected. The most recent incident occurred on April 29 when a backup data-storage tape containing images of scanned checks and other payment documents was lost while being moved by an unnamed commercial carrier from Philadelphia to Pittsburgh, spokesmen for the bank said Friday. It involved data of 47 institutional clients and a yet to be determined number of individual customers. Attribution 1
Publication:
Pittsburgh Live
Article Title:
BNY Mellon's data tape 'lost in transit'
Author: staff
Article URL: http://www.pittsburghlive.com/x/pittsburghtrib/s_570347.html
Copyright 2008 Identity Theft Resource Center
Date Published:
5/31/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 112 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080602-02
Pocono Mountain Schools
PA
5/29/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
11,500
An apparent cyber break-in of Pocono Mountain School District's computer system has put at potential risk personal information about students and parents, the district announced Friday. The District Superintendent said that irregularities were found during a routine check. Information that may have been exposed included, SSNs, student identification, names, date of birth, etc. No payroll or financial records related to the district had been breached, she said. Pocono Mountain houses some 11,500 students and is budgeted to spend $172 million this year. Attribution 1
Publication:
Pocono Record
Author: Dan Berrett
Date Published:
6/1/2008
Article Title: Breach of system has Pocono Mtn. parents, students at risk of ID theft Article URL: http://www.poconorecord.com/apps/pbcs.dll/article?AID=/20080601/NEWS/806010334 Attribution 2
Publication:
Morning Call.com
Article Title:
District hit by computer breach
Author: Joe McDonald
Date Published:
5/31/2008
Article URL: http://www.mcall.com/news/local/all-b4_3pocono.6436000may31,0,1422227.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080602-01
1st Source Bank
IN
5/12/2008
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
1st Source Bank is sending out letters reminding their customers to check their recent bank account activity. The bank says someone hacked into a computer containing debit card information earlier this month. "The server that holds our debit card information, they were in there and they transferred information out. But we can't really tell if it was 10, 20, or 30 percent of our card holders," said Seitz, sr. VP. UPDATE: The bank is reissuing its entire portfolio of debit cards. Attribution 1
Publication:
South Bend Tribune
Article Title:
Investigation into 1st Source Bank breach ongoing
Author: Dave Stephens
Date Published:
8/4/2008
Article URL: http://www.southbendtribune.com/apps/pbcs.dll/article?AID=/20080802/News01/808020313/0/ENT Attribution 2
Publication:
Digital Transactions
Article Title:
Indiana Bank’s Debit Card Breach Underscores Issuer Vulnerability
Author: staff
Date Published:
6/4/2008
Date Published:
5/30/2008
Article URL: http://www.digitaltransactions.net/newsstory.cfm?newsid=1804 Attribution 3
Publication:
South Bend- WSBT
Article Title:
Bank mailing letters to customers about security breach
Author: Nora Gathings
Article URL: http://www.southbendtribune.com/apps/pbcs.dll/article?AID=/20080530/News01/162567786
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080530-05
London Properties
CA
5/16/2008
Paper Data
Business
Records Exposed? Yes Unknown #
A local Fresno CA real estate company, London Properties, dumped dozens of files with client checking account numbers, SSNs and names.
Attribution 1
Publication:
ABC 30
Article Title:
London Properties says Dumping Files a "Mistake"
Author: Christine Park
Date Published:
Article URL: http://abclocal.go.com/kfsn/story?section=news/consumer&id=6168775
Copyright 2008 Identity Theft Resource Center
5/28/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 113 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080530-04
Jefferson County Court Archives
KY
5/1/2008
Paper Data
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
300
The records of more than 300 traffic cases were stolen this month from the Jefferson County court archives, leading court officials to update their security and warn citizens of potential identify theft. The traffic cases, all from November 2003, include the names, addresses, dates of birth and possibly the Social Security number of people who received a traffic citation or were involved in DUI arrest that month, said Jefferson Circuit Court Clerk David Nicholson. Police are not releasing information on the person arrested. Attribution 1
Publication:
Courier Journal
Author: Jason Riley
Date Published:
5/28/2008
Article Title: Stolen traffic records include personal information Article URL: http://www.courier-journal.com/apps/pbcs.dll/article?AID=/20080529/NEWS01/80529038/1008
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080530-03
Charter Communications
US
5/27/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
A woman in Illinois trying to pay her bill online got the Charter account of another person in Tennessee instead. This happened multiple times, each time showing another account including full name, address, phone number, security code number, cable TV service (the "Big Value Package," with Digital Sports View), r highspeed Internet service, and the bill. Charter has 5.6 million cable, Internet or phone customers and is the nation's fourth largest cable company. Attribution 1
Publication:
St Louis Post-Dispatch
Author: Michael Sorkin
Date Published:
5/30/2008
Article Title: "Glitch" gives customer access to other Charter accounts Article URL: http://www.stltoday.com/stltoday/news/columnists.nsf/savvyconsumer/story/D60F740AA1FEBFF1862574590011EF4
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080530-02
University of Iowa
IA
2/25/2008
Electronic
Records Exposed? Yes Published #
Educational
The University of Iowa alerted 946 current and past employees of the Center of Disabilities and Development that a computer application containing social security numbers and dates of birth was improperly accessed, according to a statement. The information was accessed before March of this year. Attribution 1
Publication:
Press Citizen
Author: Chris Rhatigan
Date Published:
5/30/2008
Article Title: UI notifies staff of computer security breach Article URL: http://www.press-citizen.com/apps/pbcs.dll/article?AID=/20080530/NEWS01/80530007/1079
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
946
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 114 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080530-01
State Street - IBT, Exeter Trust
MA
1/1/2008
Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
45,000
Computer equipment containing personal information on more than 45,000 customers and employees of a State Street unit was stolen five months ago, the company said. The personal information included names, addresses and social security numbers. The company, a Boston-based provider of financial services to institutional investors, said 5,500 employees and 40,000 customers of Investors Financial Services, which it acquired last year, were affected. The computer equipment was stolen from a vendor hired by Investors Financial Services to provide legal support services. Update: Exeter Trust notified the MD AG that 3659 of their clients were impacted by the theft of a computer tower from State Street. The tower contained over 4 million emails which included names, SSNs and or checking account numbers. Goldman Sach Group also reported being part of the breach to the MD AG Attribution 1
Publication:
notice to MD AG
Article Title:
Goldman Sachs Group part of breach
Author: Stewart Pomerantz
Date Published:
6/23/2008
Date Published:
6/6/2008
Date Published:
5/29/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153862.pdf Attribution 2
Publication:
notice to MD AG
Article Title:
Exeter notice to MD AG
Author: Megan Henry, Exec V
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153496.pdf Attribution 3
Publication:
CNBC
Article Title:
State Street Data Theft Affects More Than 45,000
Author: Reuters
Article URL: http://www.cnbc.com/id/24875931
ITRC Breach ID
Company or Agency
Location
ITRC20080528-01
Hub City Ford
FL
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
33
A Niceville man was arrested and charged with 33 counts of fraud and grand theft. He worked for a car dealership called Hub City Ford in Crestview. A victim said that the personal information gave while car shopping may have been the cause of his identity theft which led to an investigation. Police determined McDonald would record the victims’ names, dates of birth, social security numbers and other personal information when they visited the dealership. McDonald would then apply for credit in the victim’s name using that information. Attribution 1
Publication:
NW Daily News
Article Title:
Car dealership employee accused of identity theft
Author: Robbyn Brooks
Date Published:
5/28/2008
Article URL: http://www.nwfdailynews.com/article/14799
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080522-06
HealthSpring
TN
3/30/2008
Electronic
Medical/Healthcare
Records Exposed? Yes Published #
Nashville-based managed care company HealthSpring Inc. said Wednesday a laptop computer containing names, dates of birth and SSNs for about 9,000 individuals was stolen from an employee's locked car on March 30th. 450 live in TN. Attribution 1
Publication:
Tennessean
Article Title:
HealthSpring says laptop with personal data stolen
Author: Wendy Lee
Date Published:
5/22/2008
Article URL: http://www.tennessean.com/apps/pbcs.dll/article?AID=/20080522/BUSINESS01/805220343/1003/NEWS01
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
9,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 115 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080522-05
Duke University Fuqua School of Business
NY
4/30/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
273
Duke University's Fuqua School of Business is notifying 273 former New York University students that some of name and SSN information was inadvertently accessible by targeted Internet searches between July 2007 and April 2008. The NYU students were part of a 1997 class taught by a professor who now teaches at the Duke business school, according to a Duke press release. The information has since been removed. Attribution 1
Publication:
The News and Observer
Author: Eric Ferreri
Date Published:
5/20/2008
Article Title: NYU students' information on Web for months Article URL: http://www.newsobserver.com/news/story/1079337.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080522-04
Oklahoma Corporate Commission
OK
4/20/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
5,000
The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after a server containing the names and Social Security numbers of thousands of residents was sold at an auction recently. An Oklahoma City resident discovered more than 5,000 Social Security numbers after purchasing the server and other surplus state computer equipment at an auction last month. Attribution 1
Publication:
Tulsa World
Author: AP
Date Published:
5/21/2008
Article Title: OKC buyer finds sensitive information on server Article URL: http://www.tulsaworld.com/news/article.aspx?articleID=20080521_12_OKLAH32253
ITRC Breach ID
Company or Agency
Location
ITRC20080522-03
Wende Correctional Facility
NY
Est. Date
Breach Type Breach Category Paper Data
Government/Military
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A woman found boxes of sensitive personal employee information including SSNs after moving. Her former husband is a lieutenant at the facility.
Attribution 1
Publication:
WTVB
Author: Luke Moretti
Date Published:
5/22/2008
Article Title: Did woman stumble onto prison personnel records? Article URL: http://www.wivb.com/Global/story.asp?s=8361076
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080522-02
Elmer Country Ford
NJ
12/1/2007
Electronic
Business
Records Exposed? Yes Published #
11 service technicians of Country Ford in Elmer have had their SSNs and name used in Colorado. It is unknown how the breach occurred. Law enforcement believes the incident is the work of a ring or how many more people may be potentially affected. Attribution 1
Publication:
Daily Journal
Author: James Quaranta
Date Published:
5/22/2008
Article Title: ID thieves hit Elmer auto dealer employees Article URL: http://www.thedailyjournal.com/apps/pbcs.dll/article?AID=/20080522/NEWS01/805220323/1002
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
11
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 116 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20080522-01
University of NebraskaLincoln
NE
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
66
The University of Nebraska-Lincoln potentially has had 290 students exposed to identity theft. Vice Chancellor Chris Jackson says a math professor posted 66 full and 224 partial Social Security numbers on the server, using the numbers to identify students. Jackson says some of the information, which could have been viewed by the public, dates back to 2000. Attribution 1
Publication: Article Title:
NTV University of Nebraska- Lincoln breach
Author: Associated Press
Date Published:
5/22/2008
Article URL: http://www.nebraska.tv/Global/story.asp?S=8364952&nav=menu605_1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-09
Montgomery Greil Hospital
AL
2/1/2008
Paper Data
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
Montgomery Greil Hospital has reported that hundreds of records on index cards with names, dates of birth and SSNs have been disappearing Some of the records goes back 5-6 years ago. "Several months ago we noticed something irregular in some patient records," explained Dr. John Ziegler of the Alabama Department of Mental Health and Mental Retardation. Attribution 1
Publication: Article Title:
WSFA Author: Cody Holyoke Patient Information "Disappears" from Montgomery Psychiatric Hospital
Date Published:
5/16/2008
Article URL: http://www.wsfa.com/Global/story.asp?S=8339331&nav=0RdDAp3y
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-08
University of Florida College of Medicine
FL
1/29/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,900
Univ. of Florida College of Medicine files were stored on unsecured digital photographs, including names, SSNs and Medicare computers. The professor with the information gave the computer to a family member who replaced its operating system. Attribution 1
Publication: Article Title:
Jacksonville Business Journal UF warns patients of security breach
Author: staff
Date Published:
5/20/2008
Article URL:
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-07
Downingtown High School West
PA
5/9/2008
Electronic
Educational
A 15 year old student broke into an office at the Downingtown High School West and downloaded files on teaches and thousands of district taxpayers. The information included W-2's with SSNs and SSNs on school district taxpayers. The student shared the information with several other students. According to The Daily Local, 16,595 residents were named in the file, which police say contained more than 41,000 adult taxpayers’ names and personal information including Social Security numbers, and more than 15,000 students’ names and personal information.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
56,071
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 117 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Daily Local
Article Title:
Hacker suspect arrested
Author: Danielle Lynch
Date Published:
5/21/2008
Article URL: http://www.dailylocal.com/WebApp/appmanager/JRC/Daily;!-695287870?_nfpb=true&_pageLabel=pg_article&r21.pg Attribution 2
Publication: Article Title:
Philadelphia Inquirer Student hacks district files
Author: Suzette Parmley
Date Published:
5/17/2008
Article URL: http://www.philly.com/inquirer/education/20080517_Student_hacks_district_files.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-06
DeWitt Law Firm, Mediation Services of Central Florida
FL
5/15/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A dumpster was found with hundreds of files from cases handled by local law firms, including the DeWitt law firm, Sarah Arnold Esq., and Mediation Services of Central Florida. The info included divorce papers, W-2 forms, Social Security numbers and bank statements with account numbers on them. Attribution 1
Publication: Article Title:
WESH E-Mail News Alerts
Author: staff
Date Published:
5/17/2008
Article URL:
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-05
Concrete Reinforcing Products
US
5/5/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A hacker was able to get into the system at Concrete Reinforcing and found files with names, credit card numbers and passwords. An IT technician from the company found the breach. It appears that customers were from across the country Attribution 1
Publication: Article Title:
Miami Herald Hacker invades Sunrise firm's computer
Author:
Date Published:
Article URL: http://www.miamiherald.com/481/story/535311.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-04
Hadassah, Young Judaea
US
4/7/2008
Electronic
Business
Records Exposed? Yes Published #
According to Hadassah's notification [pdf] to the Maryland Attorney General's office, for 7 hours on April 7, the Young Judea web site allowed 16 web users to see personal information on 25 other individuals who had signed up teenagers for Young Judea's Year Course. The exposed personal information included the youths' names, the credit card holders' names, credit card numbers, expiration dates, and security codes. The error was due to an unnamed web hosting company. The site as been pulled down Attribution 1
Publication:
notice to MD AG
Article Title:
Hadasah, Young Judaea breach
Author: Larry Blum
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152085.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
5/9/2008
Exposed # of Records Rptd
25
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 118 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-03
Bearing Point Management & Technology Consultants
US
4/11/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Bearing Point Management and Technology Consultants, a Fortune 2000 company, had a laptop stolen from the trunk of a car of an employee. They have not reported a total count but confirm that 26 MD residents were affected. Names and SSNs of employees were potentially affected. Attribution 1
Publication:
notice to MD AG
Article Title:
Bearing Point Inc breach
Author: Russ Bwerland
Date Published:
5/7/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152076.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080520-02
Sodexo, Inc
MD
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Published #
Business
919
The theft of a laptop from an employee's car may have led to the potential exposure of names and SSNs of 919 employees. Sodexo is a food and facilities management service.
Attribution 1
Publication:
notice to MD AG
Article Title:
Sodexo breach
Author: Robert Stern
Date Published:
5/9/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152083.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080520-01
Los Gatos Lunardi's Supermarket
CA
4/27/2008
Electronic
Business
Records Exposed?
Exposed # of Records Rptd
Yes Published #
234
Most recent figures show that 234 Lunardi's shoppers reported they are victims of the scam. Approximately $251,000 has been stolen since police discovered an ATM machine at the store had been tampered with to obtain customers' account information. The men were in possession of two of the 222 stolen bank account numbers from Lunardi's and $70,000 in cash when they were arrested by Orange County sheriff's. Attribution 1
Publication:
CBS 5
Article Title:
Man Arrested For ID Theft At Los Gatos Supermarket
Author: staff
Date Published:
8/1/2008
Date Published:
5/19/2008
Article URL: http://cbs5.com/local/supermarket.identity.theft.2.786035.html Attribution 2
Publication:
Mercury News, Los Gatos Weekly-Time
Article Title:
Secret Service joins Lunardi's ATM theft case, 234 victims now identified
Author: Judy Peterson
Article URL: http://www.mercurynews.com/ci_9312234?IADID=Search-www.mercurynews.com-www.mercurynews.com
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080519-04
LPL Financial - 4
NC
4/10/2008
Electronic
Business
On April 10, 2008, a laptop containing data on 2800 employees of LPL or its affiliated companies was from an employee's car in North Carolina. The personal information on the laptop contained names, Social Security numbers, employee ID numbers, and other employee financial compensation information.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
2,800
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 119 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
notice to MD AG
Article Title:
LPL Financial- breach 4
Author: Keith Fine
Date Published:
5/6/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152082.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080519-03
LPL Financial - 3
CA
9/12/2007
Electronic
Records Exposed? Yes (Password) Published#
Business
Exposed # of Records Rptd
1,397
A laptop was stolen from a home of a San Diego employee which resulted in the exposure of data of residents of Massachusetts. The data included fingerprints, SSNs, names, and addresses of registered reps and office employees Attribution 1
Publication:
notice to MD AG
Article Title:
LPL Financial- stolen laptop
Author: Keith Fine
Date Published:
5/6/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152080.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080519-01
LPL Financial 2
CA
12/11/2007
Electronic
Records Exposed? Yes (Password) Published#
Business
Exposed # of Records Rptd
444
A burglary of LPL Financial in Diamond Bar, CA potentially affected 444 LPL customers. The computers were password protected and contained names, dates of birth, SSNs and account numbers.
Attribution 1
Publication:
notice to MD AG
Article Title:
5 computers stolen from LPL Financial
Author: Keith Fine, VP
Date Published:
5/6/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-152081.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080516-07
IRS
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
15,000
Some 15,000 IRS stimulus checks were electronically deposited in the wrong bank accounts due to a computer programming glitch. McKeon directed those awaiting stimulus or 2007 tax refund checks to irs.gov/individuals/article/0,, id=96596,00.html, or the toll-free service Refund Hotline at 800-829-1954. Attribution 1
Publication:
Newsday
Article Title:
IRS: Some stimulus checks sent to wrong accounts
Author: Carol Polsky
Date Published:
5/14/2008
Article URL: http://www.newsday.com/news/local/longisland/ny-listim0515,0,1840951.story
ITRC Breach ID
Company or Agency
Location
ITRC20080516-06
Houston banker
TX
Est. Date
Breach Type Breach Category Electronic
Banking/Credit/Financial
A Houston banker who sold personal account information as part of an identity theft ring must serve three years in federal prison. Prosecutors on Thursday announced the sentencing of 34-year-old former Amegy Bank senior banker Lamont Wallace. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 120 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
KLTV
Article Title:
Houston banker admits to ID
Author: AP
Date Published:
5/15/2008
Article URL: http://www.kltv.com/Global/story.asp?S=8332427&nav=1TjD
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080516-05
Amateur Athletic Union
FL
5/15/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A tip from a Channel 9 viewer led to a dumpster that was filled with boxes of personal information from a national youth sports organization called the Amateur Athletic Union. The boxes were dumped off South Orange Blossom Trail near SR-417. The boxes contained SSNs to copies of birth certificates on athletes and their guardians. According to its website, the AAU claims to be one of the largest non-profit volunteer organizations in the United States dedicated to the promotion and development of amateur sports. Attribution 1
Publication:
WFTV
Article Title:
Dumpster Full Of Amateur Athletes' Records Found At Storage Complex
Author: staff
Date Published:
5/16/2008
Article URL: http://www.wftv.com/news/16288839/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080516-04
University of Louisville
KY
4/30/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
20
The University of Louisville recently sent letters to about 20 employees in the president’s office alerting them that a security breach may have resulted in their Social Security numbers and student/employee id numbers being compromised. Spokesman John Drees said the university reported the incident, which involved documents being copied and taken from a private office in the president’s office, to its Internal Audit Office and Department of Public Safety. Attribution 1
Publication:
Courier Journal, KY
Author: Nancy Rodriguez
Date Published:
5/16/2008
Article Title: Employee data breached at U of L president's office Article URL: http://www.courier-journal.com/apps/pbcs.dll/article?AID=/20080516/NEWS01/80516030/1008
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080516-03
Oklahoma State University
OK
3/1/2008
Electronic
Records Exposed? Yes Published #
Educational
A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of about 70,000 students, staff and faculty who bought parking and transit services permits in the past six years. OSU announced the breach and began notifying permit holders today, even though it was discovered in March. The server was shut down at that time and Social Security numbers removed from the site. The OSU Web page, http://idalert.okstate.edu/resources.html, provides additional information and links to other sites. Attribution 1
Publication:
News OK.com, The Oklahoman
Author: Susan Simpson
Date Published:
5/14/2008
Article Title: OSU admits computer security breach Article URL: http://newsok.com/osu-admits-computer-security-breach/article/3243594/?tm=1210801442
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
70,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 121 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080516-02
BB&T Insurance Harrisonburg City Schools
VA
5/1/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A BB&T Insurance laptop containing the personnel information of some Harrisonburg City Schools employees was stolen from an outside sales rep's car on May 1, according to company officials. The information came from employees enrolled in the system's dental plan, although the company does not know how many employees' information is on the computer. "It's a portion of the employees," said A.C. McGraw, BB&T's media relations manager, who added that several security methods are used for the laptops, including passwords. "The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history." Attribution 1
Publication: Article Title:
DNR Online, Rocktown Weekly.com Author: Pete DeLea Theft Of Laptop Imperils School Employees' Data
Date Published:
5/16/2008
Article URL: http://www.rocktownweekly.com/news_details.php?AID=16845&CHID=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080516-01
Spring Independent School District
TX
5/14/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
8,000
A stolen laptop and flash drive contained 8000 Spring ISD students names, SSNs and other personal information. In a letter sent to parents on Thursday, Spring ISD said a testing coordinator's car was broken into when she made a quick stop on her way home from work. The car burglars made off with her school laptop and an external flash drive. Attribution 1
Publication: Article Title:
Click 2 Houston Author: Elizabeth Scarboroug 8,000 Students' Personal Information Stolen
Date Published:
5/16/2008
Date Published:
5/16/2008
Article URL: http://www.click2houston.com/news/16292512/detail.html Attribution 2
Publication:
KHOU
Article Title:
Spring students' info at risk after laptop theft
Author: staff
Article URL: http://www.khou.com/news/local/stories/khou080515_tj_laptoptheft.1057713ee.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080512-04
Pfizer Inc
US
4/1/2008
Electronic
Records Exposed? Yes Published #
Business
In yet another breach 13,000 Pfizer employees had their information potentially compromised when a company laptop and flash drive were stolen. The data breach, which occurred about a month ago, was the second this year affecting Pfizer Inc. employees and the sixth made public in a one-year span dating back to May 2007. More than 65,000 data-breach notifications have been sent out by Pfizer over the past year, including more than 10,000 to employees from Connecticut. The company said in an e-mail to affected employees late Friday that no Social Security numbers were on the laptop, but names, home addresses, home telephone numbers, employee ID numbers, positions and salaries were possibly compromised. Attribution 1
Publication:
The Day
Author: Lee Howard
Date Published:
Article Title: Another Laptop Stolen from Pfizer, Employee Information Compromised Article URL: http://www.theday.com/re.aspx?re=712c0410-ee9a-47a8-b08d-c7a71a713a5e
Copyright 2008 Identity Theft Resource Center
5/12/2008
Exposed # of Records Rptd
13,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 122 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080512-03
Dave & Buster's Restaurants
US
5/1/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Three defendants have been charged in a federal grand jury indictment and complaint with illegally accessing the computer systems of a national restaurant chain and stealing credit and debit card numbers from that system, Assistant Attorney General Alice S. Fisher of the Criminal Division and U.S. Attorney for the Eastern District of New York Benton J. Campbell announced. The thieves hacked into cash register terminals at 11 restaurants around in the US. The defendants then sold the stolen data to others who used it to make fraudulent purchases or re-sold it to make such purchases, causing losses to financial institutions that issued the credit and debit cards. Attribution 1
Publication: Article Title:
Statement from Dave & Busters Thieves caught
Author: PR Wire
Date Published:
5/13/2008
Article URL: http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/05-13-2008/0004812712&EDATE= Attribution 2
Publication:
E-Commerce Times
Article Title:
Breaches Make a Mockery of PCI Security Standards
Author: Jason Cohen
Date Published:
5/13/2008
Article URL: http://www.technewsworld.com/story/security/62982.html?welcome=1210788193&welcome=1210978148 Attribution 3
Publication: Article Title:
PR Newswire Author: staff Date Published: 5/12/2008 Hackers Indicted for Stealing Credit and Debit Card Numbers From National Restaurant Chain
Article URL: http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/05-12-2008/0004811579&EDATE=
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080512-02
RentWay - Rent-A-Center
FL
5/3/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
RentWay tossed personnel files in a dumpster early in May. Because RentWay is a subsidiary of Rent-ACenter, deputies contacted a Rent-A-Center store in Bradenton. That store called a Rent-A-Center in the shopping plaza where the former RentWay is located. Lt. William Vitaioli said it would not be a criminal violation to dispose of personal information such as Social Security numbers, credit card numbers, driver's license numbers or phone numbers. Rather than shredding the documents that contained personal information of clients and taking them to their own Dumpster, the employees left the papers piled in the bottom of the Dots' store Dumpster, Lash said. She said the Rent-A-Center store manager said there were personal documents in the Dumpster. Attribution 1
Publication:
Bradenton Herald.com
Article Title:
Rental firm's customer info thrown in trash
Author: Beth Burger
Date Published:
5/10/2008
Article URL: http://www.bradenton.com/local/story/596353.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080512-01
Aon Consulting- Park National Corp
OH
3/1/2008
Electronic
Government/Military
Records Exposed? Yes Published #
About 2,000 past and present employees of Park National Corp. are keeping their fingers crossed that they don't become identity theft victims after their pension administrator lost a laptop computer containing their personal information. Aon Consulting Inc., which provides administration services for Newark-based Park's pension plan, lost the laptop in March. Attribution 1
Publication:
Biz Journal, Business First of Columbus
Article Title:
Park National vendor loses laptop with employees' personal info
Author: Doug Buchanan
Article URL: http://www.bizjournals.com/columbus/stories/2008/05/12/tidbits1.html
Copyright 2008 Identity Theft Resource Center
Date Published:
5/9/2008
Exposed # of Records Rptd
2,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 123 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080509-05
Merrill Corporation
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
Merrill Corp. has determined that a limited number of customer purchases from its online engraved stationary store were inadvertently accessible over the Internet. The information included names and credit card numbers.
Attribution 1
Publication:
notice to MD AG
Article Title:
Merrill Corporation
Author: Craig Komanecki
Date Published:
4/29/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-151486.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080509-04
Camp Starfish
MA
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Camp Starfish in Massachusetts has notified the Maryland Attorney General's office that a "glitch" in their online system left applicants' personal information accessible on the internet. The personal information included name, address, phone number, email address, and Social Security number. At least 3 Maryland residents were affected, but the total number of applicants whose data were exposed was not indicated. Attribution 1
Publication:
notice to MD AG
Article Title:
Camp Starfish
Author: Emily Golinsky
Date Published:
4/24/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-151484.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080509-03
Big Momma's Day Care
TN
Est. Date
Breach Type Breach Category Paper Data
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
When Big Momma's Day Care went out of business it left behind dolls, toys and customer papers including SSNs, names and medical records. They were found by neighbors who notified the television station. Channel 4 talked to the former owner on the phone. She said the bank locked the doors, and she was never allowed to go back inside to secure the files. Attribution 1
Publication:
WSMV TV
Article Title:
Day Care Leaves Behind Personal Files
Author: Catharyn Campbell
Date Published:
5/9/2008
Article URL: http://www.wsmv.com/news/16211554/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080509-02
Deschutes County Mental Health Dept.
OR
5/2/2008
Paper Data
Medical/Healthcare
Records Exposed? Yes Published #
On Saturday, May 3, the Deschutes County Mental Health Department sent certified letters to 50 individuals who received services from the Department during 2005-06. The letters inform the clients that the location of their copied service documents, mailed through the U.S. Postal Service to the State, is unknown. ITRC called this department and confirmed that names and SSNs may have been involved. Attribution 1
Publication:
Bend Weekly
Article Title:
Deschutes County notifies mental health clients of missing records
Author: staff
Article URL: http://www.bendweekly.com/Local-News/15332.html
Copyright 2008 Identity Theft Resource Center
Date Published:
5/9/2008
Exposed # of Records Rptd
50
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 124 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080509-01
Princeton University Tower Club
NJ
5/7/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
103
Tower Club is taking steps to protect 103 alumni members from the classes of 2006-7 after a spreadsheet listing their names and social security numbers was e-mailed to current club members early Wednesday morning. he e-mail was sent by Tower officers from an internal email account to the roughly 200 current club members. Attribution 1
Publication: Article Title:
Author: Rachel Dunn Tower Club leaks alumni members' social security numbers
Date Published:
5/9/2008
Article URL: http://www.dailyprincetonian.com/2008/05/09/21173/
ITRC Breach ID
Company or Agency
Location
ITRC20080508-02
Adobe Systems Inc
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
Adobe Systems Inc. had certain personal information stored on a serves accessed via an Adobe website portal "at a time when the server did not contain security or authentication procedures. The server was created to allow customers to upload information in order to enable Adobe to validate a customer's qualification to purchase certain education software." Adobe believes the information exposed included name, address, date of birth, partial or cull credit card numbers, card expiration dates, security codes, forms of identification and driver's license numbers. Attribution 1
Publication:
notice to NH AG
Article Title:
Adobe Systems breach
Author: Mauricio Paez, Esq.
Date Published:
5/1/2008
Article URL: http://doj.nh.gov/consumer/pdf/adobe.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080508-01
Saks Fifth Avenue
US
4/15/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Business
Saks Fifth Avenue had two laptops stolen that included files with customer names, addresses and credit card numbers. Approximately 163 NH residents and 2391 MD residents had data on the laptops but the total for the United States is not reported. The laptops are password protected. It is also listed with the MD AG at http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-151607.pdf Update: based on a notice to the NH AG the computers have been recovered and they were able to confirm the data had been accessed Attribution 1
Publication:
notice to NH AG
Article Title:
Data may not have been compromised
Author: Sunny Park
Date Published:
5/16/2008
Date Published:
4/30/2008
Article URL: http://doj.nh.gov/consumer/pdf/saks051608.pdf Attribution 2
Publication: Article Title:
notice to NH AG Saks Fifth Avenue
Author: Sunny Park, Asst Leg
Article URL: http://doj.nh.gov/consumer/pdf/saks.pdf
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 125 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080507-02
Northeast Security- Safe Home Security
CT
Est. Date
Breach Type Breach Category Paper Data
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Names, SSNs, bank account numbers and cancelled checks were found inside a dumpster belonging to Northeast Security, a subcontractor for Safe Home Security. The company installs alarm systems.
Attribution 1
Publication:
WTNH
Article Title:
Personal information compromised by security company
Author: Erin Cox
Date Published:
5/6/2008
Article URL: http://www.wtnh.com/Global/story.asp?S=8279795&nav=menu29_2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080507-01
Ohio State University
OH
4/29/2008
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
192
Personal information on 192 faculty and staff members of Ohio State University Agricultural Technical Institute accidentally was e-mailed to about 680 students. The April 29 e-mail contained spreadsheet information listing the names, positions, salaries and Social Security numbers on OSU-Wooster employees during 2001-02 and 2003-04. Attribution 1
Publication:
Columbus Dispatch
Article Title:
Personal information accidentally e-mailed by OSU-Wooster
Author: Randy Ludlow
Date Published:
5/6/2008
Article URL: http://www.columbusdispatch.com/live/content/local_news/stories/2008/05/06/wooster.html?sid=101
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080506-03
Drive Time Auto Sales
FL
5/4/2008
Paper Data
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
200
A woman working at Drive Time Auto Sales may have targeted more than 200 customers of the Florida dealership using their SSNs. Investigators said they found what appeared to be more than 200 Social Security numbers that were jotted on pieces of paper, in notebooks and on sales contracts for cars. Authorities are working to determine who the Social Security numbers belonged to and whether they've been compromised or whether Smith just made them up. Attribution 1
Publication:
WESH
Author: staff
Date Published:
5/6/2008
Article Title: Traffic Stop Ends in ID Theft Investigation Article URL: http://www.wesh.com/news/16171768/detail.html
ITRC Breach ID
Company or Agency
Location
ITRC20080506-02
International Visa Service
GA
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Published #
An employee of International Visa Service has been arrested for using the personal information of people who applied for a passport and selling said information. The FBI is notifying potentially affected customers.
Attribution 1
Publication:
WRDW News 12 CBS
Author: Associated Press
Article Title: FBI notifies customers of Atlanta visa service Article URL: http://www.wrdw.com/news/headlines/18684299.html
Copyright 2008 Identity Theft Resource Center
Date Published:
5/6/2008
Exposed # of Records Rptd
1,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 126 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080506-01
Marriott International - Hewitt
US
1/31/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
137
Hewitt Associates, the record keeper for Marriott International's welfare plans, discovered a container of backup tapes given to an outside carrier was lost. They included employee names and SSNS.
Attribution 1
Publication:
notice to MD AG
Author: Frances Snyder
Date Published:
3/28/2008
Article Title: Hewitt Associates- Marriott International breach Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150109.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080505-05
Iredell County Tax Collector's Office
NC
4/22/2008
Electronic
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
468
On Tuesday, April 22, a courier vehicle providing services for First Citizens Bank was stolen in Charlotte. The courier was transporting a shipment containing data related to Iredell County tax payments received on April 21st. The stolen shipment contained a computer report of 468 taxpayer's check information including account and routing numbers. An additional 61 unprocessed items in the shipment could not be identified as having come from a particular taxpayer. Update: Law enforcement in Wingate recovered the shipment of items. The bags did not appear to have been opened Attribution 1
Publication:
Statesville
Article Title:
Officials recover stolen tax information
Author: staff
Date Published:
5/6/2008
Article URL: http://www.statesville.com/servlet/Satellite?pagename=SRL%2FMGArticle%2FSRL_BasicArticle&c=MGArticle&cid= Attribution 2
Publication:
Prime Newswire
Author: staff
Date Published:
5/2/2008
Article Title: Missing Taxpayer Information the Result of Stolen Courier Shipment Article URL: http://www.primenewswire.com/newsroom/news.html?d=141716
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080505-04
Marine Corps Reserve Center
TX
2/6/2008
Electronic
Government/Military
Records Exposed? Yes Published #
A former U.S. military contractor has pleaded guilty to exceeding authorized access to a computer and aggravated identity theft after he was accused of selling names and Social Security numbers of 17,000 military employees, the U.S. Department of Justice said. The person who purchased the names and Social Security numbers from Craig was an undercover FBI agent, they said. Craig worked as a private computer contractor at the Marine Corps Reserve Center in San Antonio, Texas, in September 2007, and he had access to personal information of U.S. Marines in the center's database, the DOJ said. An investigation found that none of the information was sold to thieves or had otherwise been compromised. Attribution 1
Publication:
Network World
Article Title:
Military computer contractor convicted on ID theft charges
Author: Grant Gross, IDG Ne
Date Published:
5/2/2008
Article URL: http://www.networkworld.com/news/2008/050208-military-computer-contractor-convicted-on.html
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
17,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 127 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080505-03
New York Institute of Technology
NY
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
250
The New York Institute of Technology had an employee of the Chicago-based Cardean Learning Group expose 250 student names, SSNs, dates of birth and addresses when he inadvertently attached a spread sheet to an email summary he was sending to students. Cardean provides services to students at NYIT. The breach occurred in March 2007 but the school only found out about it on 4/13/2008 Attribution 1
Publication:
notice to MD AG
Article Title:
New York Institute of Technology breach
Author: Stephen Kloepfer
Date Published:
4/13/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-151045.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080505-02
Purdue Pharma
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
5,000
Purdue Pharma learned that a former employee accessed a disk containing names, birthdates, SSNs and other pension related information of employees of Purdue and its associated US companies prior to Dec. 31, 2003 and attempted to email them to another person. The company discovered the situation late in March 2008. Attribution 1
Publication:
notice to MD AG
Article Title:
Purdue Pharma
Author: David Long, Sr. VP
Date Published:
4/14/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150669.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080505-01
J&J Home Health
TX
5/3/2008
Paper Data
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
Piles of documents with private information were found out in the open at an abandoned health care facility that was demolished in Fort Worth. The information included names, medical histories, SSNs and credit card numbers. Attribution 1
Publication:
CBS 11
Article Title:
Sensitive Information Found Blowing In The Wind
Author: Seema Mathur
Date Published:
5/4/2008
Article URL: http://cbs11tv.com/consumer/Identity.theft.risk.2.715803.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080502-02
Target America- U C San Francisco Hospital
CA
10/9/2007
Electronic
Medical/Healthcare
Names, patient id numbers, departments treated and addresses were accessible on the Internet for more than 3 months last year but the University of California San Francisco is only now notifying those patients. UCSF had shared information on its patients with a vendor, Target America Inc., which mines electronic databases amassing information about a nonprofit's potential or existing donors. Target America, whose Web site says it maintains "the highest standards of security," tunnels through millions of electronic records to help nonprofits identify and cultivate future donors as well as current donors "who could be giving you more." Additionally, it unearths financial information about donor friends and business acquaintances - even offering maps of a donor's neighborhood. The breach was discovered, said UCSF officials, when the hospital was alerted that a patient's name had been queried on the Internet "and it was listed in association with UCSF." Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
6,313
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 128 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
SF Chronicle, sfgate.com
Article Title:
6,000 UCSF patients' data got put online
Author: Elizabeth Fernandez
Date Published:
5/2/2008
Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/05/01/MNKE10DRGN.DTL&tsp=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080502-01
Cornerstone Fitness
TX
4/30/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A number of documents from a now closed fitness center were found in a dumpster behind Cornerstone Fitness. ITRC has confirmed that the "personal information" noted in the article included names, SSNs and banking information. Attribution 1
Publication:
News Channel 5
Article Title:
State Investigation Requested for Contracts Found in Dumpster
Author: Lisa Cortez
Date Published:
5/1/2008
Article URL: http://www.newschannel5.tv/2008/5/1/990640/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080501-08
Windham Brannon / Mariner Health Care
US
1/2/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Medical/Healthcare
Exposed # of Records Rptd
0
Windham Brannon which provides audit services for Mariner Health Care employees 401 K program were broken into and several laptops were stolen. Included on the laptops were password protected but unencrypted names, SSNs and dates of birth. At least 2,199 MD residents were affected with the total unknown. Attribution 1
Publication:
notice to MD AG
Article Title:
Windham Brannon - Mariner Health Care and SavaSenior Care
Author: Devin Ehrlich, Exec V
Date Published:
1/18/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-146394.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080501-07
Philips Lighting
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
91
Philips Lighting North America Recruitment manager's computer was infected with a virus which potentially compromised the names and SSNs of 91 possible employees
Attribution 1
Publication:
notice to MD AG
Article Title:
Philips Lighting- North America
Author: Michelle Perez
Date Published:
1/25/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-146571.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080501-06
DCI Donor Services
US
12/20/2007
Electronic
Medical/Healthcare
DCI Donor Services which is a nonprofit that facilitates organ recovery across the US had a data breach when a laptop was stolen from an intern's home containing names and SSNS.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 129 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
notice to MD AG
Article Title:
DCI Donor Services- DCIDS
Author: Stephen Roberts
Date Published:
1/25/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-147100.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080501-05
NSK Americas
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
2,000
NKS Americas had an unsecured folder that included names, SSNs and salaries of approximately current, former and retired employees. It was accessible to NSK employees only.
Attribution 1
Publication:
notice to MD AG
Article Title:
NSK Americas breach
Author: Gerald Hope, VP
Date Published:
1/25/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-147163.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080501-04
Bob Davidson Ford Lincoln Mercury
MD
2/28/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Bob Davidson For sent their payroll processor a computer tape with names, addresses, SSNs and wages via UPS to process W-2s for their employees. The envelope arrived torn and empty.
Attribution 1
Publication:
notice to MD AG
Article Title:
Bob Davidson Ford Lincoln Mercury breach
Author: Melissa Jones
Date Published:
3/4/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-148848.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080501-03
3M Company
US
2/20/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
1,500
3M Company's Health Care reports that a employee laptop was stolen from a parked car in Atlanta. On the computer were about 1500 names and SSNS.
Attribution 1
Publication:
notice to MD AG
Article Title:
3M Company in MN
Author: Deborah Monturiol, P
Date Published:
3/11/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-148976.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080501-02
Central Licensing Bureau
AK
3/6/2008
Electronic
Business
Central Licensing Bureau released a report to 27 insurance agencies that included information on 41 individual agents including name, SSNs, address and Nebraska insurance license number.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
41
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 130 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
notice to MD AG
Article Title:
Central Licensing Bureau breach
Author: Gena Bradshaw, CEO
Date Published:
3/13/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-149180.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080501-01
Staten Island University Hospital
NY
12/29/2007
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
88,000
Computer equipment stolen from an administrative office in Rosebank in December contained personal information about 88,000 patients who have been treated at Staten Island University Hospital. The information included names, SSNs, and health insurance numbers but no patient records. Attribution 1
Publication:
Staten Island Advance
Article Title:
88,000 patients at risk after computer theft
Author: Glenn Nyback
Date Published:
5/1/2008
Article URL: http://www.silive.com/news/advance/index.ssf?/base/news/1209644107324690.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080430-06
Education Management
US
2/7/2008
Electronic
Records Exposed? Yes (Password) Published#
Business
Exposed # of Records Rptd
764
Education Management sent out a notice to 764 current and former employees whose files included SSNs, names and dates of birth were on a stolen laptop. The computer was recovered that same day. Affected states include MA, NJ, NY, MD, Attribution 1
Publication:
MD AG breach list
Article Title:
Education Management breach
Author: release to MD AG
Date Published:
3/13/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-149573.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080430-05
Figaro's Pizza
TX
4/27/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Hundreds of receipts containing personal financial information were found in boxes in a Dumpster behind Figaro's Pizza in The Woodlands, KPRC Local 2 reported Tuesday. The receipts were discovered by a woman looking for her own information in the trash after someone told her they had found it. The receipts included credit card numbers, expiration dates, names and signatures -- all printed clearly, accessible to anyone who found it. Attribution 1
Publication:
Click 2 Houston.com
Article Title:
Financial Information Tossed In Trash
Author: Daniella Guzman
Article URL: http://www.click2houston.com/news/16081596/detail.html
Copyright 2008 Identity Theft Resource Center
Date Published:
4/30/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 131 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080430-03
Stryker Instruments
US
2/18/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
An investigation of Stryker servers showed that an unauthorized person accessed the database which included SSNs of certain employees in 48 states and Puerto Rico.
Attribution 1
Publication:
notice to MD AG
Article Title:
Stryker Instruments breach
Author: Curt Hartman
Date Published:
4/10/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150513.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080430-02
Gerdau Ameristeel
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Gerdau Ameristeel recently learned that certain company files were accessed without authorization by a third party. Some of the files included names, SSNs and addresses of employees and/or family members. 13 MD residents were involved. Gerdau Ameristeel is the fourth largest overall steel company in North America. They have branches throughout the United States including mills, rebar fab, and recycling of raw materials. Attribution 1
Publication:
notice to MD AG
Article Title:
Gerdau Ameristeel breach
Author: Robert Lewis
Date Published:
4/11/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150623.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080430-01
Columbia Capital
MD
4/11/2008
Electronic
Business
Records Exposed? Yes (Password) Published#
Exposed # of Records Rptd
0
A break-in at Columbia Capital's office in Alexandria, VA resulted in the theft of a laptop containing data on limited partners including names, SSNs, and banking information. The laptop was password protected. Columbia Capital is a venture capital franchise. Attribution 1
Publication:
notice to MD AG's office
Article Title:
Columbia Capital breach
Author: Jayne Thompson, CF
Date Published:
4/21/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150839.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080429-03
Cove Creek Mortgage
CO
4/26/2008
Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Hundreds of mortgage files were dumped in a public trash bin. The files included tax returns, pay stubs, bank account numbers, SSNs, names and other data. Cove Creek's owner had abandoned his Englewood office in January, and property managers had not been able to find him, investigators said. On Saturday, the property manager had a cleaning crew clean out his office and throw all items from the office -- including complete mortgage files -- into two Dumpsters. Attribution 1
Publication:
Dnver Channel
Author: staff
Article Title: Hundreds Of Mortgage Files Found In Dumpster Article URL: http://www.thedenverchannel.com/news/16038972/detail.html
Copyright 2008 Identity Theft Resource Center
Date Published:
4/28/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 132 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080429-02
Concord Regional Visiting Nurse Assoc.
NH
4/16/2008
Electronic
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
A laptop was stolen from an employee's car resulting in the loss of names, birth dates and SSNs for about 15 clients. It include 3 levels of passwords to access the data including a hard drive lock.
Attribution 1
Publication:
notice to NH AG
Author: Violet Rounds
Date Published:
4/18/2008
Article Title: Concord Regional Visiting Nurses breach Article URL: http://doj.nh.gov/consumer/pdf/crvna.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080429-01
Kansas City Public Library
MO
4/27/2008
Paper Data
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
30
A thief stole about 30 job applications with names and SSNs from an employee's car.
Attribution 1
Publication:
KCTV 5
Author: staff
Date Published:
4/29/2008
Article Title: Job Applications Stolen From Library Article URL: http://www.kctv5.com/news/16050919/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080428-03
Hough, MacAdam & Wartnik LLC
OR
3/5/2008
Electronic
Records Exposed? Yes (Password) Published#
Government/Military
Exposed # of Records Rptd
500
Affected entities: Coos County and South Coast Hospice & Palliative Care in Coos Bay are among the four so far identified. A computer owned by an accounting firm working for Coos County was stolen from a locked vehicle. It may have contained employee names, SSNs and other personal information. Some of the information may have been on the laptop since Oct. 2007. Via an e-mail correspondence with The World, Shirley MacAdam said the March 5 letters were sent to the 482 employees of four clients — only one of which was a public agency. She demurred from identifying the clients involved, but further investigation revealed the County and South Coast Hospice & Palliative Care in Coos Bay are among the four. Attribution 1
Publication:
The World
Article Title:
Missing laptop raises fear of identity theft
Author: Jessica Musicar and J
Date Published:
4/24/2008
Article URL: http://www.theworldlink.com/articles/2008/04/24/news/doc4810bce97af34074884341.txt
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080428-02
State Highway Administration
MD
4/18/2008
Electronic
Government/Military
Sensitive personal information concerning 1,800 State Highway Administration employees, including names and Social Security numbers, was inadvertently transferred from a secure drive to a SHA shared drive.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
1,800
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 133 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
WBAL TV
Article Title:
SHA Personal Information Exposed Accidentally
Author: David Collins
Date Published:
4/25/2008
Article URL: http://www.wbaltv.com/news/15998781/detail.html
ITRC Breach ID
Company or Agency
Location
ITRC20080425-03
Verizon Wireless
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
According to information contained in a notice to the NH AG's office, a Verizon telesales employee allegedly printed out screens containing customers' names, addresses, Social Security numbers, and/or and/or Verizon 'Wireless account numbers between November 2003 and January 2005. The person is now being charged by the Somerset County, NJ prosecutor. Attribution 1
Publication:
notice to NH AG
Article Title:
Verizon breach
Author: Robert Strobel
Date Published:
4/22/2008
Article URL: http://doj.nh.gov/consumer/pdf/verizon.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080425-02
General Internal Medicine of Lancaster
PA
4/17/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
12,000
A stolen computer is causing General Internal Medicine of Lancaster to notify 12,000 of its patients. The computer contained names, SSNs, and addresses of patients from 2005-2007. According to Summers, office workers on April 17 were taking paper records bearing basic patient information and scanning them into a laptop computer so the records could then be transferred to a disk. After that process was completed, the office planned to burn the paper records. Attribution 1
Publication:
Lancaster Online
Article Title:
Computer stolen from medical office
Author: PJ Reilly
Date Published:
4/25/2008
Article URL: http://articles.lancasteronline.com/local/4/220386
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080425-01
WiseBuys and Hacketts
NY
12/1/2007
Electronic
Records Exposed? Yes Unknown #
Business
Police are investigating hundreds of reports of thefts of credit and debit card numbers belonging to customers who shopped at WiseBuys department store in December. "We have had hundreds of victims and thousands of thefts. We have had amounts as high as $3,000 and as low as $10," said Sgt. Lori A. McDougal of the village police department. "I would say at this point they total upwards of $100,000." Victims are all believed to have shopped at the Canton WiseBuys store between Dec. 5 and 20, Ms. McDougal said. Since then, stolen credit card numbers have been used to create fake cards in New York City. Attribution 1
Publication:
Watertown Daily News
Author: James Donnelly
Date Published:
Article Title: Credit card info stolen in Canton Article URL: http://www.watertowndailytimes.com/article/20080425/NEWS05/133127784
Copyright 2008 Identity Theft Resource Center
4/25/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 134 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080424-10
SwimwearBoutique.com
TX
3/28/2008
Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
8,000
In a notice to the NH AG, SwimWear Boutique.com said that certain databases including names and credit card numbers were accessed. Update: Ronald Raether Jr said that 8000 customers may have been affected. (4/25) pogowasright.org Attribution 1
Publication:
notice to NH AG
Article Title:
SwimwearBoutique.com breach
Author: Ronald Raether
Date Published:
4/16/2008
Article URL: http://doj.nh.gov/consumer/pdf/swimwear.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080424-09
First Bank and Trust
SD
Est. Date
Breach Type Breach Category Electronic
Banking/Credit/Financial
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
First Bank and Trust customers' names and social security numbers were compromised by a third party. According to a letter sent out to affected customers, a third party gained unauthorized access to one of First Bank and Trust's database servers, the third party may have accessed such information about customers as their names, addresses, social security numbers, birth dates, their card numbers and their bank account numbers. It is not sure if this is linked to the Fiserv breach. Attribution 1
Publication:
SDSU Collegian
Author: Amy Poppinga
Date Published:
4/23/2008
Article Title: Bank 'victimized' by illegal server access Article URL: http://media.www.sdsucollegian.com/media/storage/paper484/news/2008/04/23/News/Bank-victimized.By.Illegal.Ser
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080424-08
Wisc. Dept. of Health /Family Services - Harmony
WI
3/3/2008
Electronic
Government/Military
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A computer program housing personal information about Wisconsin seniors and disabled people had a "significant security hole," a state health official overseeing the program said in an e-mail obtained by The Associated Press. Volunteers reported being able to see hundred of files with people's SSN from across the country in the system run by Harmony Information Systems. Attribution 1
Publication:
Forbes.com
Author: AP -Scott Bauer
Date Published:
4/24/2008
Article Title: 'Significant security hole' found in Wisconsin database Article URL: http://www.forbes.com/feeds/ap/2008/04/24/ap4929553.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080424-07
USinternetworking
US
3/25/2008
Electronic
Business
Records Exposed? Yes (Password) Unknown#
A service company, USi that did HR and payroll for various companies had a laptop stolen from a home of an employee. It contained SSNs, names, and payroll information for current and former employees. Companies reporting breaches so far are: SPX (329 records), Chipotle, XL Global Services (400 employees), Sterling Commerce (an AT&T Company), GMACI Attribution 1
Publication:
notice to MD AG
Author: Michael Meyer
Article Title: Sterling Commerce part of Usinternetworking breach Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150841.pdf Copyright 2008 Identity Theft Resource Center
Date Published:
4/17/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 135 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
notice to NH AG
Article Title:
XL Global breach
Author:
Date Published:
4/16/2008
Author:
Date Published:
4/15/2008
Author: GMAC
Date Published:
4/2/2008
Article URL: http://doj.nh.gov/consumer/pdf/XL.pdf Attribution 3
Publication: Article Title:
notice to NH AG USinternetworking breach -
Article URL: http://doj.nh.gov/consumer/pdf/SPX.pdf Attribution 4
Publication:
notice to MD AG
Article Title:
GMAC, GMACI breach
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150111.pdf Attribution 5
Publication: Article Title:
notice to NH AG Chipotle breach- Usi
Author:
Date Published:
Article URL: http://doj.nh.gov/consumer/pdf/chipotle2.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080424-06
Solano County Health and Social Services
CA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
10,000
Jennifer Miller of Vallejo, an accounting supervisor for the Health and Social Services Department, was arrested on April 8 by the U.S. Postal Inspection Service on suspicion of bank fraud, conspiracy to commit bank fraud, and aggravated identity theft, according to Steve Pierce, Solano County public information officer. There are 15 known victim but the county is sending notices to 10,000 families. Preliminary analysis of the data indicates that the identity theft efforts were limited to people receiving food stamps in the last three years. Attribution 1
Publication:
The Reporter
Article Title:
County employee arrested on federal charges
Author:
Date Published:
4/24/2008
Article URL: http://www.thereporter.com/news/ci_9040567
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080424-05
LendingTree
MD
2/5/2008
Electronic
Records Exposed? Yes Published #
Banking/Credit/Financial
Charlotte-based LendingTree said outside loan companies may have accessed 56,000 MD based consumer's SSNs between Oct. 2006 to early 2008 and used it to market their own mortgages to LendingTree customers. According to a Q&A sent to customers, "several former employees" may have shared confidential passwords with "a handful" of lenders that were not approved by the company. The lenders then used those passwords to access customer information files that contained mortgage request data such as name, address, e-mail address, phone number, Social Security number, income and employment information. The files did not contain credit card information, LendingTree said. Update: As a result of the breach, LendingTree has sued three California lenders: Newport Lending Group and Sage Credit Company, both of Irvine, and Home Loan Consultants of Newport Beach. Attribution 1
Publication:
Charlotte Business Journal
Author: John Downey
Date Published:
8/1/2008
Article Title: Federal probe latest snag for LendingTree Article URL: http://charlotte.bizjournals.com/charlotte/stories/2008/08/04/story6.html?b=1217822400^1677831 Attribution 2
Publication:
Baltimore Sun
Article Title:
Consumers' data leaked by ex-mortgage workers
Author: Liz Kay
Date Published:
4/30/2008
Article URL: http://www.baltimoresun.com/business/realestate/bal-md.breach30apr30,0,983340.story Attribution 3
Publication:
Washington Post
Author: Ellen Nakashima
Date Published:
4/29/2008
Article Title: Mortgage Broker Sues Lenders in Privacy Breach Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/04/28/AR2008042802613.html Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
56,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 136 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 4
Publication:
KTNV, Channel 13 Las Vegas
Article Title:
Security Breach At Lending Tree Could Put Customers At Risk
Author:
Date Published:
4/23/2008
Date Published:
4/22/2008
Date Published:
4/22/2008
Article URL: http://www.ktnv.com/Global/story.asp?S=8218303 Attribution 5
Publication: Article Title:
CNET News.com Author: Elinor Mills LendingTree sues mortgage firms over security breach
Article URL: http://www.news.com/8301-10784_3-9926007-7.html?tag=nefd.top Attribution 6
Publication:
Charlotte Observer
Article Title:
LendingTree tells clients of breach
Author: Jen Aronoff
Article URL: http://www.charlotte.com/business/story/590991.html
ITRC Breach ID
Company or Agency
Location
ITRC20080424-04
University of Massachusetts
MA
Est. Date
Breach Type Breach Category Electronic
Medical/Healthcare
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Hackers breached the computer system used by the Univ. of Mass. Amherst's Health Services, potentially gaining access to thousands of medical records. More than half of the student population at UMass Amherst are patients on record at the University Health Services. Campus officials say it will be weeks before they are completely sure what information, if any, was taken off the computers. They say the entire campus system is being looked at to avoid future breaches. Attribution 1
Publication:
CBS 3 Springfield
Article Title:
Hackers Breach System At Umass
Author: Lesley Tanner
Date Published:
4/22/2008
Article URL: http://www.cbs3springfield.com/news/local/18021744.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080424-03
CollegeInvest
CO
3/28/2008
Electronic
Government/Military
Records Exposed? Yes (Password) Published#
CollegeInvest this week is sending letters to roughly 200,000 customers who had personal information stored on a computer hard drive that disappeared during a recent move. Not all of CollegeInvest customers are affected. Those who are will receive letters. CollegeInvest is a not-for-profit division of the Colorado Dept. of Higher Education and helps families with information on loans, scholarships, etc. Attribution 1
Publication:
North Denver News
Article Title:
CollegeInvest loses hard drive, customers' personal data
Author: staff
Date Published:
Article URL: http://northdenvernews.com/content/view/1306/2/ Attribution 2
Publication:
website
Article Title:
Data Privacy Information FAQ
Author: CollegeInvest
Article URL: http://www.collegeinvest.org/pdf/dataprivacyinformation.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
4/22/2008
Exposed # of Records Rptd
200,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 137 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080424-02
Univ. of Texas Health Science Center at Tyler- CBE
TX
4/17/2008
Paper Data
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
2,000
Some 2,000 medical bills were mailed around East Texas last week with patients' Social Security numbers visible on the envelope after a technical glitch skewed billing at the collection agency used by the University of Texas Health Science Center at Tyler. The breach is the fault of a subcontractor, CBE Group Inc. The number of area residents whose numbers were exposed isn't known because multiple bills could have gone to one patient, said spokeswoman Rhonda Scoby. The Social Security numbers were never floating around the public, but were sent from secure sites at UTHSCT to CBE and then straight to the post office and to the patient's home, she said. Attribution 1
Publication: Article Title:
Tyler Paper Author: Lauren Grover Social Security Numbers Exposed On Hospital Bills
Date Published:
4/23/2008
Article URL: http://www.tylerpaper.com/article/20080423/NEWS09/804220345
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080424-01
Southern Connecticut State University
CT
4/22/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
11,000
A hacker may have compromised the SSNs of 11,000 students, family and alumni. It appears that no financial information was accessed but Southern admits that social security numbers were vulnerable. "It's all our information," Desiree Pacaud, a freshman at Southern, said. "It's unsettling especially financial aid information -- because it's not just my information, it's both my parents'. Attribution 1
Publication: Article Title:
WTNH update SCSU security breach
Author: Erin Cox
Date Published:
4/23/2008
Date Published:
4/23/2008
Article URL: http://www.wtnh.com/Global/story.asp?S=8215997 Attribution 2
Publication:
WTNH
Article Title:
SCSU security breach
Author: Erin Cox
Article URL: http://www.wtnh.com/Global/story.asp?S=8215997
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080422-01
Ground Zero Workers
NY
4/17/2008
Paper Data
Records Exposed? Yes Unknown #
Government/Military
Hundreds of Ground Zero workers were exposed to potential identity theft when 300 pounds of documents including payroll sheets - which included their names and Social Security numbers - were dumped in the trash along with confidential plans for the new World Trade Center. Attribution 1
Publication:
NY Post
Article Title:
GROUND ZERO WORKERS' PERSONAL INFO EXPOSED
Author: Lukas Alpert and Matt
Date Published:
4/22/2008
Article URL: http://www.nypost.com/seven/04222008/news/regionalnews/wtc_identity_crisis_107501.htm
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 138 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080421-07
Oklahoma Corrections Dept.
OK
4/10/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
6,000
"A recent glitch in the state Corrections Department's Web site allowed bloggers to access the Social Security numbers of violent offenders in Oklahoma. Bloggers from a computer programming Web site found the information and alerted the department, said agency spokesman Jerry Massie. The list contained the names, addresses and Social Security numbers of some 6,000 people." Attribution 1
Publication:
The Oklahoman, NewsOK.com
Author: Julie Bisbee
Date Published:
4/16/2008
Article Title: Corrections Web glitch shows state IDs to bloggers Article URL: http://newsok.com/article/3230675/1208345421
ITRC Breach ID
Company or Agency
Location
ITRC20080421-06
Fishback Financial Corp
SD
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
Customers of Fishback Financial Corp are getting letters notifying them that an unauthorized person had access to a computer database with names, addresses and SSNs. Fishback Financial has banks or branches in 11 communities in South Dakota and one in Minnesota. Attribution 1
Publication:
KXMP
Author: AP
Date Published:
4/16/2008
Article Title: Company warns of security breach Article URL: http://www.kxmb.com/News/229288.asp
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080421-05
Community Bank
US
4/10/2008
Electronic
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
867
A hacking of Community Bank military customers resulted in no loss of money when the overseas military bank immediately cancelled 867 VISA cards. The compromise apparently occurred when a malicious computer program targeted an online merchant with rapid-fire fake purchases. Attribution 1
Publication:
Stars and Stripes
Article Title:
Community Bank says new Visa cards in mail after hacking incident
Author: Charlie Coon
Date Published:
4/17/2008
Article URL: http://www.stripes.com/article.asp?section=104&article=61458&archive=true
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080421-04
Central New England HealthAlliance
MA
3/12/2008
Electronic
Medical/Healthcare
The healthcare system Central New England HealthAlliance has sent letters to 384 patients notifying them that their personal information may be vulnerable because a hand-held computer used by a home health nurse is missing. Information on the PDA included names, addresses, Social Security numbers, health insurance information and records of the most recent seven days of medical treatment, HealthAlliance reported. The data was not encrypted, Mrs. Burke said. The PDA required a password when turned on, but HealthAlliance said in its letter that it could not discount a hacker’s ability to get past the password.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes (Password) Published#
Exposed # of Records Rptd
384
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 139 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Worchester Telegram and Gazette
Article Title:
Health data missing
Author: Lisa Eckelbecker
Date Published:
4/19/2008
Article URL: http://www.telegram.com/article/20080419/NEWS/804190436/1116
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080421-03
Monroe 1 BOCES
NY
4/10/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Business
600
A portable storage device containing sensitive information about 600 Penfield Central School District retirees and retirees' spouses has disappeared from Monroe 1 BOCES. The records include names, SSNs and birthdates. This is a subcontractor that the Penfield Central School District uses. Attribution 1
Publication:
Democrat and Chronicle
Article Title:
Retirees' information disappears
Author: Erica Bryant
Date Published:
4/15/2008
Article URL: http://www.democratandchronicle.com/apps/pbcs.dll/article?AID=/20080415/NEWS01/804150325/1002/NEWS
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080421-02
Helping Homeless Veterans and Families
IN
4/19/2008
Paper Data
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
Hundreds of files containing medical histories and Social Security numbers were found in the trash on Indianapolis' east side. The records belong to homeless veterans. Some of the records date back to 2004 and 24-Hour News 8 found boxes of them in a dumpster. Inside each file there were veterans names, birth dates, signatures and medical records. One file even had a copy of a veteran's driver's license. Attribution 1
Publication:
WISH TV 8
Article Title:
Two employees out of a job after discarding files incorrectly
Author: Mary McDermott
Date Published:
4/21/2008
Date Published:
4/20/2008
Article URL: http://www.wishtv.com/Global/story.asp?S=8204703&nav=0Ra7 Attribution 2
Publication: Article Title:
WISH TV Author: Daniel Miller Personal information belong to homeless veterans found in dumpster
Article URL: http://www.wishtv.com/Global/story.asp?S=8198185&nav=0Ra7
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080421-01
Central Collection Bureau
IN
3/21/2008
Electronic
Records Exposed? Yes (Password) Published#
Banking/Credit/Financial
A computer server containing Social Security numbers, some medical codes, and other personal information of 700,000 people was stolen last month from a Southside debt-collection bureau in what appears to be the largest computer security breach ever in Indiana. The information includes customer-billing records for about 100 Indiana businesses, including Citizens Gas & Coke Utility, St. Vincent Health and Methodist Medical Group. The exposed data was limited to past-due billing information that had been turned over for debt collection to the Central Collection Bureau, the agency announced Friday. Customers whose accounts were in good standing were not affected. Attribution 1
Publication:
MD AG website
Article Title:
Central Collection Bureau
Author: notice to MD AG
Date Published:
4/21/2008
Date Published:
4/19/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150956.pdf Attribution 2
Publication:
Indianapolis Star
Author: John Russell
Article Title: 700,000 Hoosier ID's compromised in computer theft Article URL: http://www.pal-item.com/apps/pbcs.dll/article?AID=/20080419/UPDATES/80419008 Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
700,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 140 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 3
Publication: Article Title:
Author:
Date Published:
4/18/2008
Date Published:
4/18/2008
CCB Press Release
Article URL: http://www.ccbinc.net/press_release_04182008.htm Attribution 4
Publication: Article Title:
WTHR Eyewitness News Author: Richard Essex 700,000 people could be affected by security breach
Article URL: http://www.wthr.com/Global/story.asp?S=8195357&nav=menu188_2
ITRC Breach ID
Company or Agency
Location
ITRC20080417-03
University of Virginia
VA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
7,000
A laptop stolen from a University of Virginia employee contained sensitive information about more than 7,000 students, staff and faculty members. Stolen from an unidentified employee from an undisclosed location in Albemarle County, the laptop contained a confidential file filled with names and Social Security numbers. Attribution 1
Publication: Article Title:
Daily Progress UVa laptop stolen, had sensitive data
Author: Brian McNeill
Date Published:
4/16/2008
Article URL: http://www.dailyprogress.com/cdp/news/local/article/uva_laptop_stolen_had_sensitive_data/17976/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080417-02
Connecticut State University System- SunGard
CT
4/9/2008
Electronic
Records Exposed? Yes (Password) Published#
Educational
Exposed # of Records Rptd
3,400
The Connecticut State University System announced Wednesday a laptop computer that was stolen from a vendor contained the data of about 3,400 current and former students from the four state universities, including Western Connecticut State University. The computer was password-protected but contained unencrypted files with personally identifiable data, including names and Social Security numbers for certain students who attended Central, Eastern, Southern and Western Connecticut State universities between September 2001 and December 2004. SunGard Higher Education, provider of the state system's student data management software, informed officials April 9 that a laptop computer owned by SunGard and in the possession of one of its employees had been stolen. Attribution 1
Publication:
News Times
Article Title:
Laptop stolen with student data, contained personal information of 3,400 CSU System pupils
Author: Eileen FitzGerald, Sta
Date Published:
4/17/2008
Article URL: http://www.newstimes.com/ci_8956150
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080417-01
University of Miami
FL
3/17/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
2,100,000
The confidential information of tens of thousands of University of Miami patients was stolen last month when thieves took a case out of a vehicle used by a private off-site storage company, UM said Thursday morning "Anyone who has been a patient of a University of Miami physician or visited a UM facility since Jan. 1, 1999, is likely included on the tapes," the university said in a news release. "The data included names, addresses, Social Security numbers or health information. The university will be notifying by mail the 47,000 patients whose data may have included credit card or other financial information regarding bill payment." ITRC is counting this as 2.1 million due to the loss of medical records and not just financial records. Attribution 1
Publication:
Business Wire
Author: press release
Date Published:
4/23/2008
Article Title: 2.1 Million University of Miami Medical Records Stolen Article URL: http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20080423005091&newsLang=en Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 141 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
Miami Herald
Article Title:
Information on 47,000 UM patients stolen
Author: John Dorschner
Date Published:
4/17/2008
Date Published:
4/17/2008
Article URL: http://www.miamiherald.com/news/breaking_dade/story/499492.html Attribution 3
Publication: Article Title:
Miami Herald Author: John Dorschner Information on thousands of UM patients stolen
Article URL: http://www.miamiherald.com/news/breaking_dade/story/499492.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080414-07
Stokes County Schools
NC
4/9/2008
Electronic
Educational
Records Exposed? Yes (Password) Published#
Exposed # of Records Rptd
800
A school computer containing the names, test scores and Social Security numbers of students from three Stokes County high schools was stolen from a locked closet, authorities said. 400-800 students at West, South, and North Stokes high schools may be affected. Attribution 1
Publication: Article Title:
WXII 12.com Author: staff Computer Containing Test Scores Missing From School
Date Published:
4/14/2008
Article URL: http://www.wxii12.com/news/15878798/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080414-06
UniCare
US
4/1/2007
Electronic
Medical/Healthcare
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
About a year ago a computer server that contained personal health and pharmacy information including member ID numbers and in some cases SSNs was not properly secured by a third party vendor. There may have been a second problem on Dec 27, 2007. It appears to affect people in various states. There is some question if this breach is linked to the WellPoint breach since it is a subsidiary of WellPoint. Attribution 1
Publication: Article Title:
notice to NH Ag UniCare breach
Author: Sean Doolan, atty
Date Published:
4/2/2008
Article URL: http://doj.nh.gov/consumer/pdf/siemens.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080414-05
Siemens Healthcare Diagnostics
IL
3/26/2008
Electronic
Medical/Healthcare
Records Exposed? Yes Published #
A company laptop was stolen on March 26, 2008 from an employee's home with about 3,542 names, SSNs and birthdates. At least 12 live in New Hampshire. This breach appears to affect individuals from multiple states. The headquarters for the company is in IL. Attribution 1
Publication: Article Title:
notice to NH AG Siemen's breach
Author: Deborah Alexander, S
Article URL: http://doj.nh.gov/consumer/pdf/siemens.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
4/3/2008
Exposed # of Records Rptd
3,542
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 142 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080414-04
Interbank FX
UT
4/2/2007
Electronic
Records Exposed? Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
Interbank FX had an employee who placed an internal file outside of the bank's computing environment. It may have included SSNs, DLs, and passport information. The file contained information provided when opening an account with Interbank FX prior to April 2, 2007. At least 16 NH residents were affected. Attribution 1
Publication:
notice to NH AG
Article Title:
Interbank FX breach
Author: Todd Crosland
Date Published:
4/9/2008
Article URL: http://doj.nh.gov/consumer/pdf/interbank.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080414-03
University of Toledo
OH
3/4/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
6,500
Personal information of nearly 6500 UT employees, the majority having worked on the Health Science Campus in 1993 and 1999 was placed on a server which all employees could access. 44 files which was used for payroll purposes, included basically what is on a W-2 - name, address, and Social Security number - and was accessible for about 24 hours were moved it to the wrong folder on the morning of March 4. Attribution 1
Publication:
Toledo Blade
Article Title:
UT tells employees of potential data breach
Author: staff
Date Published:
4/13/2008
Article URL: http://toledoblade.com/apps/pbcs.dll/article?AID=/20080413/NEWS21/804130353
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080414-02
Williamsville North High School
NY
3/26/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
1,800
Several current and former Williamsville North High School students are believed to have broken into the school district's computer system last month and copied secure files that included the personal information and Social Security numbers of school employees, authorities say. This computer breach marks the third time in the past month that students have gained unauthorized access to sensitive information in area school districts. Attribution 1
Publication:
Buffalo News
Article Title:
Williamsville warns staff about data theft
Author: Sandra Tan
Date Published:
4/12/2008
Article URL: http://www.buffalonews.com/home/story/321395.html
ITRC Breach ID
Company or Agency
Location
ITRC20080414-01
NY Presbyterian Hospital/Weill Cornell
NY
Est. Date
Breach Type Breach Category Electronic
Medical/Healthcare
A man who worked in the admissions department at a prestigious Manhattan hospital has been charged with stealing and selling information on nearly 50,000 patients. Dwight McPherson, 38, a former worker at New YorkPresbyterian Hospital/Weill Cornell Medical Center, was arrested Friday night, shortly after the hospital announced the security breach. McPherson was arraigned yesterday at a federal court in Manhattan. Prosecutors said McPherson exploited his access to the hospital's computer system to acquire lists of patient names, phone numbers and Social Security numbers over a two-year period.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
50,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 143 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
AP- San Diego Union Tribune
Article Title:
Ex-NYC hospital worker charged with selling data
Author: Verna Dobnik
Date Published:
4/13/2008
Article URL: http://www.signonsandiego.com/uniontrib/20080413/news_1n13idtheft.html Attribution 2
Publication: Article Title:
Silive.com, Staten Island Author: AP NYC hospital reports as many as 40,000 possible ID thefts
Date Published:
4/11/2008
Article URL: http://www.silive.com/newsflash/index.ssf?/base/news-33/1207944571223200.xml&storylist=simetro
ITRC Breach ID
Company or Agency
Location
ITRC20080411-05
McFarland Schools
CA
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
McFarland Unified School District employees received a letter warning them about a leak of names and SSNs recently. It is believed that an ex-employee had personal information from a previous project stored on a special drive that accidentally got dumped into a shared file. From that shared folder it went to the Internet leaking personal information. Attribution 1
Publication: Article Title:
Eye For You- 29 Eyewiness News Author: Amity Addrisi Viewer asks Eyewitness News to investigate Internet security breach
Date Published:
4/11/2008
Article URL: http://www.eyeoutforyou.com/home/17446599.html
ITRC Breach ID
Company or Agency
Location
ITRC20080411-04
UT Department of Workforce Services
UT
Est. Date
Breach Type Breach Category Paper Data
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
1,775
Federal officials said a former state employee who took applications from people seeking food stamps and other welfare aid worked with three others to steal the identity of Utah residents and charge tens of thousands of dollars in purchases. Authorities unsealed indictments against four individuals, including one state employee. Authorities said Bustamante had worked on and off with the DWS as early as 2000 and recently had worked as an eligibility specialist, taking applications from Utah residents applying for food stamps, financial aid, child care programs including CHIP and Medicaid. Deputy DWS Director Christopher Love said Bustamante had access to a database containing personal information from as many as 1,775 individuals, including addresses, Social Security numbers and images of bank statements. Attribution 1
Publication:
Deseret News
Article Title:
Authorities: State employee used confidential information in identity fraud case
Author: Geoffrey Fattah
Date Published:
4/10/2008
Article URL: http://deseretnews.com/article/1,5143,695269275,00.html
ITRC Breach ID
Company or Agency
Location
ITRC20080411-03
Bowdoin College
MA
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Unknown #
A folder containing the private files of Caitlin Gutheil, the former student health program administrator who departed Bowdoin last month for another job, was discovered unsecured on the College's "Microwave" server. The data included student Social Security numbers, insurance information, lists of students on medical and disciplinary leave, internal health center contracts and employee reviews, yearly budgets, and e-mails. The information was accessible to anyone with a Bowdoin username and password for an unknown length of time. Attribution 1
Publication:
Bowdoin Orient
Author: Joshua Miller
Date Published:
Article Title: Possible information 'breach’ exposes student files Article URL: http://orient.bowdoin.edu/orient/article.php?date=2008-04-11§ion=1&id=1
Copyright 2008 Identity Theft Resource Center
4/11/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 144 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20080411-02
WellPoint
US
Est. Date
Breach Type Breach Category Electronic
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
128,000
Personal information including SSNs, pharmacy or medical data has been exposed online for over the past year in 2 security lapses that allowed the public display of the information. About 128,000 WellPoint, Inc. customers are affected in several states but the company declines to discuss the problem further. This is not the first data security problem the company has had. The company operates in Chicago as Unicare. Attribution 1
Publication: Article Title:
Chicago Tribune Patient data faced exposure
Author: Bruce Japsen
Date Published:
4/16/2008
Article URL: http://www.chicagotribune.com/business/chi-wed-medical-records-theft-apr16,0,5204130.story Attribution 2
Publication:
Houston Chronicle
Article Title:
WellPoint Customer Information Exposed
Author: Tom Murphy - AP
Date Published:
4/8/2008
Date Published:
4/8/2008
Article URL: http://www.chron.com/disp/story.mpl/ap/fn/5684827.html Attribution 3
Publication: Article Title:
CNN Money Author: AP WellPoint Customer Information Exposed
Article URL: http://money.cnn.com/news/newsfeeds/articles/apwire/a8805254560b7e273865624f15bcfb53.htm
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080411-01
WellCare- GA DCH
GA
3/31/2008
Electronic
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
71,000
WellCare, a contractor for the GA Department of Community Health, allowed personal information including SSNs, and names to be viewed on the Internet for an undetermined period of time. There are 450,000 members of WellCare of Georgia. Those whose data was made available on the Internet included members of Medicaid, the federal health program for the poor, and PeachCare for Kids, a federal-state insurance plan for children of the working poor. Attribution 1
Publication:
Tampa Bay Business Journal
Article Title:
WellCare Health Plans discloses data difficulties
Author: staff
Date Published:
4/8/2008
Date Published:
4/8/2008
Article URL: http://www.bizjournals.com/tampabay/stories/2008/04/07/daily18.html Attribution 2
Publication:
Atlanta Journal-Constitution
Article Title:
Insurance records of 71,000 Ga. families made public
Author: Bill Hendrick
Article URL: http://www.ajc.com/metro/content/metro/stories/2008/04/08/breach_0409.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080410-02
Joliet West High School
IL
3/13/2008
Electronic
Educational
Records Exposed? Yes Unknown #
Police say a student using a school computer last month was able to access personal information about every student enrolled at Joliet West High School. The student allegedly downloaded a list of names and Social Security numbers to his iPod on March 7, according to reports. The police believe that none of the information was used. Attribution 1
Publication:
Suburban Chicago News.com- Herald N
Article Title:
Police: Student hacked JT data
Author: Brian Stanley
Date Published:
4/10/2008
Article URL: http://www.suburbanchicagonews.com/heraldnews/news/887530,4_1_JO10_HACK_S1.article
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 145 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080410-01
NIH- National Institutes of Health
US
2/23/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,281
Social Security numbers for more than 1,200 participants in a National Institutes of Health study were stored on a stolen laptop containing their medical records, putting those patients at risk of identity theft, agency officials said yesterday. Originally, it was thought that the laptop did not contain any SSNs or financial information. But an ongoing review of the computer's last-known contents has found a file had been loaded onto the laptop by a research associate. That file included Social Security numbers for at least 1,281 of the 3,078 patients enrolled in the multi-year study, which is sponsored by the NIH's National Heart, Lung and Blood Institute. The laptop was stolen from a researcher's car on 2/23/2008 Attribution 1
Publication:
Washington Post
Article Title:
Stolen NIH Laptop Held Social Security Numbers
Author: Rick Weiss and Ellen
Date Published:
4/10/2008
Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/04/09/AR2008040903680.html Attribution 2
Publication:
Government Executive.com
Author: Bob Brewin
Date Published:
3/24/2008
Article Title: NIH told patients about security breach weeks after incident Article URL: http://govexec.com/dailyfed/0308/032408bb2.htm?rss=getoday
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080408-01
Blue Flame Gas Co.
OH
4/6/2008
Paper Data
Business
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
Blue Flame Gas dumped stacks of paperwork with SSNs into a public recycling dumpster. The boxes were discovered by citizens in Ripley who called the news station.
Attribution 1
Publication:
WCPO9- ABC
Author: Neil Relyea
Date Published:
4/8/2008
Article Title: Sensitive Company Files Found In Public Dumpster Article URL: http://www.wcpo.com/news/local/story.aspx?content_id=bd993bac-88ef-4e40-bdb6-29e2679c41d0
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080407-09
People's United Bank
CT
1/1/2008
Paper Data
Banking/Credit/Financial
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
For four months, James Hastings searched through trash bins outside People's United Bank branches in Fairfield County. He pulled out bags of paperwork with private information, including customers' Social Security numbers and account information. Hastings, a home repairman, said he began sifting through trash when he spotted a bin filled with garbage bags as he exited a People's branch parking lot in Fairfield about four months ago. He said he looked more closely and saw clear garbage bags stuffed with financial documents. Attribution 1
Publication: Article Title:
Boston Globe Author: AP Taking bank trash, Fairfield man claims security lapse
Date Published:
4/7/2008
Article URL: http://www.boston.com/news/local/connecticut/articles/2008/04/07/taking_bank_trash_fairfield_man_claims_securit
Copyright 2008 Identity Theft Resource Center
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 146 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080407-08
US Army
US
11/1/2007
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
24
A spreadsheet containing a "hidden" column of Social Security numbers belonging to about two dozen officers and civilian employees of one Army agency was left on the agency's website for five months after being notified of the presence of the personal information. The Army's Acquisition Support Center has temporarily shut down its website to scrub the information from the spreadsheet, following FederalNewsRadio's request for an interview. Attribution 1
Publication:
FederalNewsRadio
Author: Patience Wait
Date Published:
4/4/2008
Article Title: Army Shuts Down Site for Scrubbing Article URL: http://www.federalnewsradio.com/index.php?sid=1380599&nid=169
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080407-07
Federal Energy Regulatory Comm.
US
3/3/2008
Paper Data
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
2,810
A three-ring binder containing the personal records of nearly 3,000 former federal employees is missing. But the government says not to worry -- because it was probably accidentally thrown out with the trash. The Federal Energy Regulatory Commission said on Friday that the binder, which first went missing last month, contained Social Security numbers of employees who left the agency between 1983 and 2007. Attribution 1
Publication:
Press Release
Author: FERC
Date Published:
4/4/2008
Date Published:
4/4/2008
Article Title: FERC Press Release Article URL: http://www.ferc.gov/news/news-releases/2008/2008-2/04-04-08.asp Attribution 2
Publication:
Interactive Investor
Article Title:
Gov't loses thousands of staff records
Author: AP
Article URL: http://www.iii.co.uk/news/?type=afxnews&articleid=6641398&action=article
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080407-06
Wayne J Griffin Electric
MA
3/15/2008
Electronic
Records Exposed? Yes (Password) Unknown#
Business
Exposed # of Records Rptd
0
Griffin Electric had a password protected computer stolen from an employee's home that contained names, SSNs and dates of birth. At least 55 New Hampshire residents are involved. The company had licenses to work in or offices in MA, NH, VT, CT, RI, ME, NC, AL, and GA. Attribution 1
Publication:
notice to NH AG
Article Title:
Griffin Electric
Author: Gerald Richards, Dir.
Date Published:
3/21/2008
Article URL: http://doj.nh.gov/consumer/pdf/griffin.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080407-05
Genworth Life and Annuity Insurance Co
TX
2/16/2008
Electronic
Business
GLIC and GLAIC had computer equipment stolen from its offices that included names, addresses, date of birth and SSNs. The computer was password protected.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes (Password) Unknown#
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 147 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
notice to NH AG
Article Title:
Genworth Life and Annuity Insurance Co and Genworth Life Insurance Company breach
Author: Luke McLaren, Assoc
Date Published:
3/31/2008
Article URL: http://doj.nh.gov/consumer/pdf/genworth.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080407-04
Seguros Internacionales
SC
4/2/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
An employee of Seguros Internacionales, a Spartanburg insurance company reported bags of trash containing personal client information were stolen. The bags were taken from a dumpster outside the store and included finished tax returns, I-10 forms, insurance forms and check receipts were stolen. The paperwork included copies of driver's licenses, birth certificates and other personal information. None of the papers were shredded before they were thrown away. Attribution 1
Publication:
GoUpstate.com
Article Title:
Trash with personal information stolen from insurance company
Author: wire and staff
Date Published:
4/5/2008
Article URL: http://www.goupstate.com/article/20080405/NEWS/804050351/-1/xml
ITRC Breach ID
Company or Agency
Location
ITRC20080407-03
FEMA
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
200
A former FEMA employee has been convicted of stealing the identities of more than 200 people and fraudulently opening credit accounts worth about $156,000. Robert Davis, 44, of Southeast D.C., pled guilty last Friday to one count of wire fraud and one count of aggravated identity theft in U.S. District Court. The U.S. Attorney says Davis stole the identities while working as a FEMA human services specialist. About 30 of his scams involved victims of natural disasters. Attribution 1
Publication:
WTOP Radio
Author: staff
Date Published:
4/7/2008
Article Title: Former FEMA Worker Convicted of Identity Theft Article URL: http://www.wtop.com/?nid=25&sid=1382076
ITRC Breach ID
Company or Agency
Location
ITRC20080407-02
Univ. of CA at Irvine
CA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
7,000
UC Irvine police and the IRS are investigating what appears to be a larger national case where students SSNs are being used to file fake tax returns. 93 Irvine students have now been told that they could not file an electronic return because one had already been filed. It appears that graduate students or former graduate students between 2004 and 2007 are the ones whose data is at risk. All computer systems have been checked and there is no indication of a breach. UCI spokeswoman Jennifer Fitzenberger said UCI sent a campus wide email alert March 20 and set up a page at uci.edu/identitytheftalert with information. There is also a news item on the university's home page, spokeswoman Cathy Lawhon said. The university has tried hard to alert all potential victims, she said. Henisey said outside contractors are being examined as a possible source for the leak, possibly including those involved with health insurance, employment and unions. UCI appears to be the only campus in the UC system or in Orange County that is having the problem UPDATE: A data breach at United Healthcare Services may be the cause. Attribution 1
Publication:
ComputerWorld
Article Title:
UnitedHealthcare data breach leads to ID theft at UC Irvine
Author: Robert McMillian
Date Published:
6/3/2008
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9092978&source=rss_news
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 148 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
Orange County Register
Article Title:
ID theft hits 93 students at UC Irvine
Author: Marla Jo Fisher
Date Published:
4/4/2008
Article URL: http://www.ocregister.com/articles/students-uci-henisey-2012204-irs-tax
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080407-01
Pfizer Inc
US
2/7/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Published#
Business
800
A password protected laptop was stolen 2/7 from the home of a contractor which included names, credit card numbers and in some cases expiration dates, addresses and hotel loyalty program numbers of about 800 former and current Pfizer employees and contractors Attribution 1
Publication:
The Day
Article Title:
Personal Pfizer Data on Stolen Laptop
Author: Lee Howard
Date Published:
4/7/2008
Article URL: http://www.theday.com/re.aspx?re=6b8c60cf-8fa2-43f1-9238-6dba8792cfa3 Attribution 2
Publication: Article Title:
letter to NH AG Pfizer breach
Author: Bernard Nash, atty.
Date Published:
3/19/2008
Article URL: http://doj.nh.gov/consumer/pdf/Pfizer5.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080403-03
CA Dept. of Public Health Fresno
CA
2/1/2008
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Government/Military
279
Fresno officials reported that an envelope with birth certificate applications arrived mangled and open. 279 of 378 birth certificate applications were missing. They contain the SSNs of the infants' parents. UPDATE- Fresno Bee reports the envelope has been found but 281 applications still are missing. 8/11/08 Attribution 1
Publication: Article Title:
Bay City News Service Author: staff Central Valley birth certificate applications missing
Date Published:
4/3/2008
Article URL: http://www.mercurynews.com//ci_8797314?IADID=Search-www.mercurynews.com-www.mercurynews.com Attribution 2
Publication:
Fresno Bee
Author:
Date Published:
Article Title: Article URL: url not showing
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080403-02
Operative Plasterers' and Cement Maso's Int'l Assoc.
WI
3/17/2008
Electronic
Business
Records Exposed? Yes Published #
The Wisconsin Privacy Protection Office reports it was notified of a breach on March 17 of 90 names, phone numbers, SSNs. On March 17, 2008 Operative Plasterers' and Cement Masons' International Association (OPCMIA) had a laptop stolen from their La Crosse office. OPCMIA has filed a police report, and there is an ongoing investigation. The information contained on the laptop may include the following information: Name, Telephone Numbers, Addresses, Social Security Numbers, Member ID Numbers, Names of Beneficiary, and Start Date with the Union. Attribution 1
Publication:
pogowasright.org
Article Title:
Breach- Operative Pasterers' and Cement Masons' International Association
Author: Wisconsin Office of P
Article URL: http://privacy.wi.gov/databreaches/databreaches.jsp
Copyright 2008 Identity Theft Resource Center
Date Published:
3/19/2008
Exposed # of Records Rptd
90
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 149 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080403-01
former Illinois Eye Center
IL
1/1/2008
Electronic
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
According to a letter the eye center sent last week to affected patients, the records obtained include patient names, Social Security numbers and birthdates. It is believed females between ages 18 and 25 were targeted. The female suspect, whose name has not been released, worked as a receptionist at the center from June to November 2007 and police believe she now lives outside Illinois. Attribution 1
Publication: Article Title:
PJ Staqr Illinois Eye Center records accessed
Author: Mike Maciag
Date Published:
4/1/2008
Article URL: http://www.pjstar.com/stories/040108/TRI_BG7EFKUT.044.php
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080401-02
Okemo Mountain Resort
VT
1/1/2006
Electronic
Business
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
Okemo Mountain Resort said Monday that hackers broke into its computer network and potentially gained access to credit card data from 28,168 transactions between Feb. 7 and Feb. 22 and 18,401 credit cards between January and March 2006. The number of affected cardholders is unknown but Okemo said it expects it to be lower than the number of transactions. Attribution 1
Publication: Article Title:
Forbes Credit cards at ski resort compromised
Author: AP
Date Published:
Article URL:
http://www.forbes.com/markets/feeds/afx/2008/03/31/afx4836433.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080401-01
Advance Auto Parts
US
2/1/2008
Electronic
Business
3/31/2008
Records Exposed? Yes Published #
Exposed # of Records Rptd
56,000
Advance Auto Parts has had 14 of its stores in Georgia, Ohio, Louisiana, Tennessee, Mississippi, Indiana, Virginia and New York affected by a network intrusion that may have exposed financial information. Advance Auto Parts did not specify how customer financial information had been revealed or how access had been gained to its network. In response to the incident, the company notified its credit, debit and check processors. Attribution 1
Publication: Article Title:
StorefrontBacktalk Author: Evan Schuman Date Published: Advance Auto Parts Breach Included Unencrypted Payment Data From 2001
4/11/2008
Article URL: http://storefrontbacktalk.com/story/041108advanceauto Attribution 2
Publication:
Forbes
Article Title:
Advance Auto says data on 56,000 customers exposed
Author: Reuters- Kevin Krolick
Date Published:
3/31/2008
Article URL: http://www.forbes.com/reuters/feeds/reuters/2008/03/31/2008-03-31T235003Z_01_N31433790_RTRIDST_0_AUTOS-A Attribution 3
Publication:
eweek
Article Title:
Auto Parts Retailer Notifies Customers of Network Breach
Author: Brian Prince
Date Published:
3/31/2008
Article URL: http://www.eweek.com/c/a/Security/Auto-Parts-Retailer-Notifies-Customers-of-Network-Breach/
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 150 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080331-03
San Quentin Prison
CA
3/4/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
3,500
A flash memory drive containing names, birth dates and driver's license numbers of more than 3,500 people who either volunteered or visited San Quentin State Prison in a group tour has been lost, a prison official said Friday. The flash drive was used to move the data each evening from the prison's administrative office near the parking lot to computers at the two entrance gates to the facility to allow guards to identify volunteers or groups, such as college students, that tour the prison, said Samuel Robinson, a San Quentin spokesman. Attribution 1
Publication:
San Francisco Chronicle Sacramento Bu Author: Matthew Yi
Date Published:
3/29/2008
Article Title: San Quentin loses data on 3,500 visitors Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/03/29/BA4KVSJ9O.DTL
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080331-02
Antioch University
US
6/9/2007
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
70,000
Antioch University reports that about 70,000 were possibly affected by a breach by an unauthorized intruder 3 times the last year. The system contains names, SSNs, and payroll documents for current and former students, applicants and employees going back to 1996. Attribution 1
Publication:
notice to NH AG
Author: Thomas Faecke
Date Published:
3/28/2008
Date Published:
3/28/2008
Article Title: Antioch breach Article URL: http://doj.nh.gov/consumer/pdf/antioch_university.pdf Attribution 2
Publication:
Washington Post
Article Title:
Computer Breach Hits Antioch University
Author: AP
Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/03/28/AR2008032802398_pf.html Attribution 3
Publication:
Washington Post
Author: AP
Date Published:
3/28/2008
Article Title: University Reports Data Breach Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/03/28/AR2008032802398.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080331-01
Museum of Science, Boston
MA
3/13/2008
Electronic
Business
Records Exposed? Yes Published #
The Museum of Science has notified 140 patrons that their names, credit card numbers, and other personal information were exposed on the museum's website because of a contractor's error. The file was created early in 2007. Attribution 1
Publication:
Boston Globe
Author: Peter Schworm
Date Published:
3/28/2008
Article Title: Museum says data of patrons was public Article URL: http://www.boston.com/news/local/articles/2008/03/28/museum_says_data_of_patrons_was_public/
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
140
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 151 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080327-07
CVS Caremark
TX
4/1/2007
Paper Data
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
1,000
CVS Caremark Corp. will overhaul its information security system and pay the state of Texas $315,000 to settle a lawsuit that accused the drugstore operator of dumping credit card numbers, medical information and other material from more than 1,000 customers into a garbage container in Liberty, TX. Texas Attorney General Greg Abbott, who sued CVS last April, announced the agreement Wednesday. Records allegedly dumped by employees behind the store included credit and debit card numbers and prescription forms that contained customers' names, addresses, dates of birth and types of medications, Abbott has said. Attribution 1
Publication:
Houston Chronicle
Article Title:
CVS, Texas Settle Over Record Dumping
Author: John Porretto, AP
Date Published:
3/26/2008
Article URL: http://www.chron.com/disp/story.mpl/ap/fn/5651103.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080327-06
Super 8 Motel- Lamar
CO
3/24/2008
Paper Data
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Bundles of credit card receipts from a Super 8 Motel in Lamar were discovered in Lamar's landfill, complete with account numbers, names, addresses and signatures. It is recommended that if you stayed at the motel in the last few years to change your credit card number according to a spokesperson. Attribution 1
Publication:
KKTV 11 News
Article Title:
Motel Receipts With Complete Credit Card Numbers, Dumped
Author: Rosie Barresi
Date Published:
3/24/2008
Article URL: http://www.kktv.com/news/headlines/16970366.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080327-05
Presbyterian Intercommunity Hospital- Systemic
CA
3/26/2008
Electronic
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
5,000
Presbyterian Intercommunity Hospital is another victim of Systematic Automation's breach. About 5,000 past and current employees have had their information potentially exposed due to the computer stolen from the Fullerton data management group on Feb. 11th. Attribution 1
Publication: Article Title:
Whittier Daily News Identity breach affects hospital
Author: Airan Scruby
Date Published:
3/26/2008
Article URL: http://www.whittierdailynews.com/news/ci_8710866
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080327-04
Labcorp
TX
3/27/2008
Paper Data
Medical/Healthcare
A box of medical record containing thousand of patient records including possibly billing information was found scattered across the road. According to a Labcorp spokesperson, a courier left the tailgate of his truck open and several boxes slid out. They were never picked up.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 152 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
WOAI news
Article Title:
Women Find Thousands of Medical Records Scattered Across Road
Author: Ryan O'Donnell
Date Published:
3/27/2008
Article URL: http://www.woai.com/news/local/story.aspx?content_id=7fae2e37-3f2b-4fdc-a256-68d4eca043c3
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080327-03
BNY Mellon Shareowner Services
MD
2/27/2008
Electronic
Banking/Credit/Financial
Records Exposed?
Exposed # of Records Rptd
Yes Published #
12,500,000
BNY Mellon Shareowner Services lost a box of computer data tapes last month which included names, SSNs and some bank account numbers. Included in the group is Synovus Financial Corp. CT AG Blumenthal said the Bank of New York Mellon on Feb. 27 gave an unencrypted backup tape as well as nine other tapes to a storage firm, Archive Systems Inc. of Fairfield, N.J., which was assigned to store the information. But when a storage company vehicle arrived at the storage facility, one of the tapes could not be found. According to a letter from Blumenthal to the Bank of New York, a lock on the truck was broken, and the truck had been left unattended several times. UPDATE: Reuters reports the number of potentially affected people is now up to 12.5 million from 4.5 million. Dozens of companies are affected. Attribution 1
Publication: Article Title:
Reuters Author: Jonathan Stempe Bank of NY Mellon data breach now affects 12.5 mln
Date Published:
8/28/2008
Date Published:
5/31/2008
Article URL: http://www.reuters.com/article/marketsNews/idUSWNAB863220080828 Attribution 2
Publication:
Courant.com
Article Title:
25 Firms With Data On Lost Tape Identified
Author: Janice Podsada
Article URL: http://www.courant.com/business/hc-mellon0531.artmay31,0,4423158.story Attribution 3
Publication:
The Day
Article Title:
People's Bank customers at risk from data breach
Author: Lee Howard
Date Published:
5/22/2008
Article URL: http://www.theday.com/re.aspx?re=1a830cf7-5c18-476e-84b5-0d8b0162ff00 Attribution 4
Publication:
New Haven Register
Article Title:
Customers’ data on missing bank tape
Author: Angela Carter
Date Published:
5/22/2008
Article URL: http://www.nhregister.com/WebApp/appmanager/JRC/BigDaily;jsessionid=xh6bL1HVPVsmG7tXLvhZy1Hp8QFMhpq Attribution 5
Publication:
UT Washington Bureau
Article Title:
Bank cannot find six backup tapes
Author: Paul Krawzak, Copley
Date Published:
5/7/2008
Article URL: http://www.signonsandiego.com/news/business/20080507-9999-1b7saic.html Attribution 6
Publication:
notice to MD AG
Article Title:
Synovus Financial Corp - Mellon breach
Author: Synovus Fin. Corp
Date Published:
3/28/2008
Date Published:
3/26/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-150110.pdf Attribution 7
Publication:
Baltimore Sun
Article Title:
Lost computer data prompts firm to notify 3,500
Author: Liz Kay
Article URL: http://www.baltimoresun.com/news/local/bal-data0326,0,5806005.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080327-02
Compass Bank
AL
5/1/2007
Electronic
Banking/Credit/Financial
A Compass Bank programmer who stole a hard drive with 1 million customer records and used some of the information has now been sentenced to 42 months in prison. While this crime occurred in 2007, this is the first news available about this crime.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
1,000,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 153 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Computerworld
Article Title:
Programmer who stole drive containing 1 million bank records gets 42 months
Author: Jaikumar Vijayan
Date Published:
3/26/2008
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9072198 Attribution 2
Publication: Article Title:
Birmingham News Two sentenced for high-tech ATM thefts
Author: Val Walton
Date Published:
3/21/2008
Article URL: http://www.al.com/news/birminghamnews/index.ssf?/base/news/1206089188208770.xml&coll=2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080327-01
Bowling Green
OH
3/27/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Educational
0
A MacBook Pro laptop containing personal information on students and scholarship recipients from "all over the world" was reported stolen on Tuesday, according to campus police reports. Music Professor Mary Natvig reported her computer stolen on Tuesday sometime between 1:15 and 1:25 p.m. from her unlocked office in the Moore Musical Arts Center. Attribution 1
Publication: Article Title:
BG News- Collegepublisher network Author: staff Laptop with personal info. reported stolen
Date Published:
3/27/2008
Article URL: http://media.www.bgnews.com/media/storage/paper883/news/2008/03/27/Campus/Laptop.With.Personal.Info.Report
ITRC Breach ID
Company or Agency
Location
ITRC20080324-06
Mitchellville's Atlantic Chiropractic Office
MD
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
A man bought the contents of a storage unit for $5. Inside were hundreds of patient records from a chiropractic office including names, medical histories, billing information and SSNs. "The owner of Atlantic Chiropractic, Dr. Douglas Weaver, said he wouldn't explain on camera, but he told an ABC 7/NewsChannel 8's Emily Schmidt he forgot the medical records were in the unit. He moved them there years ago after buying the practice from Dr. Steven Vaughn, whose name was on actually on all the records. " Attribution 1
Publication:
WJLA
Article Title:
Five Dollars Buys Man Hundreds of Private Medical Records
Author: staff
Date Published:
3/20/2008
Article URL: http://www.wjla.com/news/stories/0308/505349.html
ITRC Breach ID
Company or Agency
Location
ITRC20080324-05
Queens tax preparer
NY
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
A tax preparer has been charged with preparing false state tax returns to defraud NY out of nearly $4 million in refunds using SSNs and credit card information of dozens of individual taxpayers. "According to the charges, Paolino attempted to collect nearly $4 million in state tax refunds between May 16, 2005, and April 15, 2007, and, in fact, did unlawfully receive and retain approximately $1.8 million before the state Tax Department discovered the fraud and put a halt to other refunds. In carrying out her alleged scheme, Paolino is accused of unlawfully using the identifying information of dozens of individual taxpayers, such as their social security numbers and credit card information, to fraudulently prepare and file approximately 36 tax returns for the tax years 2003 through 2006 in which she falsely claimed investment tax credits, ranging from $13,863 to $160,811, designed specifically for the financial services industry." Attribution 1
Publication:
North Country Gazette
Author: staff
Date Published:
Article Title: Queens Tax Preparer Busted In $4M Refund Fraud Article URL: http://www.northcountrygazette.org/news/2008/03/22/tax_preparer_busted/
Copyright 2008 Identity Theft Resource Center
3/22/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 154 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080324-04
Twin River Slot Parlor
RI
3/17/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
An employee at the Twin River slot parlor in Lincoln has been fired for allegedly copying the Social Security numbers and driver's license data of winning customers.
Attribution 1
Publication:
Boston.com
Author: AP and WJAR- TV
Date Published:
3/21/2008
Article Title: Slot parlor employee allegedly stole customer data Article URL: http://www.boston.com/news/local/rhode_island/articles/2008/03/21/slot_parlor_employee_allegedly_stole_custome
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080324-03
Rhode Island Dept. of Administration
RI
3/7/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
1,400
A Rhode Island state computer disk with the SSNs of nearly 1400 is missing. The Department of Administration believes it has just been misplaced but is doing a complete investigation.
Attribution 1
Publication:
South Coast Today
Author: Associated Press
Date Published:
3/21/2008
Article Title: Rhode Island says disk with Social Security numbers is missing Article URL: http://www.southcoasttoday.com/apps/pbcs.dll/article?AID=/20080321/NEWS/803210414/-1/NEWS01
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080324-02
Agilent - Stock & Option Solutions
US
3/1/2008
Electronic
Records Exposed? Yes (Password) Published#
Banking/Credit/Financial
Exposed # of Records Rptd
51,000
A laptop containing sensitive and unencrypted personal data on 51,000 current and former employees of Agilent Technologies was stolen from the car of an Agilent vendor March 1 in San Francisco, the company said in a letter mailed to former employees this week. The data includes employee names, Social Security numbers, home addresses and details of stock options and other stock-related awards. In the letter, Agilent blamed the THQ, a vendor of San Jose vendor, Stock & Option Solutions, for failing to scramble or otherwise safeguard the data - "in violation of the contracted agreement." Update: http://doj.nh.gov/consumer/pdf/agilent_technologies.pdf Update: Infinity Pharmaceuticals also affected: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU149861.pdf Attribution 1
Publication:
notice to NH AG
Article Title:
Stock and Options Solutions, THQ breach
Author: Sean Lembree, Presi
Date Published:
3/26/2008
Computerworld Author: Jaikumar Vijayan Date Published: Yet another laptop theft: Agilent warns 51,000 workers of potential data compromise
3/25/2008
Article URL: http://doj.nh.gov/consumer/pdf/stock_options.pdf Attribution 2
Publication: Article Title:
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=mobile_and_wirele Attribution 3
Publication:
Mercury News
Article Title:
Stolen PC had Agilent workers' personal data
Author: Vindu Goel
Date Published:
Article URL: http://www.mercurynews.com/peninsula/ci_8660115?nclick_check=1&forced=true
Copyright 2008 Identity Theft Resource Center
3/22/2008
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 155 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080324-01
Western Carolina University
NC
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
555
Someone hacked into a computer at WCU and had access to 555 grads of Western Carolina University who had signed up for a newsletter. "Ironically, WCU officials discovered the breach while trying to track down and eliminate private information on unsecured computer servers. The compromised information was on a computer server managed by the Department of Business Computer Information Systems and Economics. And it was hacked several times, as long ago as 2006, said Bill Stahl, chief information officer at WCU." Attribution 1
Publication:
Citizen Times.com
Author: Carol Motsinger
Date Published:
3/23/2008
Article Title: WCU ID security breached Article URL: http://www.citizen-times.com/apps/pbcs.dll/article?AID=/20080323/NEWS01/80322062
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080321-01
GA Dept. of Human Resources
GA
3/19/2008
Electronic
Records Exposed? Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that may expose personal employee information. As a precaution, DHR is urging current and former employees to carefully review all credit records and other financial account information. Employees potentially affected by the security breach will receive a letter from Rosa Waymon, Director of the Office of Human Resources Management and Development (OHRMD). The agency warns that the breach took place on or around March 19th. An external hard drive that stored a database containing identifying information such as names, social security numbers, birth dates, home contact and federal tax information was removed by an unauthorized person. Attribution 1
Publication:
Atlanta Journal-Constitution
Article Title:
Thief steals records of former, current DHR employees
Author: Craig Schneider
Date Published:
3/27/2008
Article URL: http://www.ajc.com/traffic/content/metro/stories/2008/03/27/theft_0328.html Attribution 2
Publication:
WTOC
Author: GA Dept of Human R
Date Published:
3/20/2008
Article Title: DHR Warns Employees About Breach of Confidential Information Article URL: http://www.wtoctv.com/Global/story.asp?S=8048283&nav=0qq6
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080320-07
The Dental Network- Blue Cross
MD
2/20/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
A security breach of The Dental Network web site left access to member personal data, including names, Social Security numbers, address(es) and dates of birth unprotected for approximately two weeks. According to a letter dated March 10th to the New Hampshire Department of Justice, TDN discovered the breach on February 20th. The Dental Network is an independent licensee of the Blue Cross and Blue Shield Association. See notice to New Hampshire AG http://doj.nh.gov/consumer/pdf/identity_safeguards.pdf Attribution 1
Publication:
Baltimore Sun
Author: Liz Sun
Date Published:
3/26/2008
Article Title: Patient data exposed online Article URL: http://www.baltimoresun.com/news/health/bal-te.md.dental26mar26,0,4823354.story Attribution 2
Publication:
Personal Health Information Privacy
Article Title:
Web site breach of The Dental Network exposes patients’ information
Author: staff
Article URL: http://www.phiprivacy.net/?p=114
Copyright 2008 Identity Theft Resource Center
Date Published:
3/17/2008
Exposed # of Records Rptd
75,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 156 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080320-06
State of Penn Voter Website
PA
3/18/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Government/Military
19
A web programming flaw has exposed names, dates of birth, DL #'s and on some forms the last 4 numbers of the SSN. The site has been disabled. Because of the error the web site was allowing anyone on the Internet to view the forms. UPDATE: It appears that only 19 people may have been affected. Attribution 1
Publication:
Citizens Voice
Article Title:
A small consolation for those affected by state Web site security breach
Author: Robert Swift
Date Published:
3/30/2008
Article URL: http://www.citizensvoice.com/site/news.cfm?newsid=19437232&BRD=2259&PAG=461&dept_id=571464&rfi=6 Attribution 2
Publication:
washingtonpost.com
Article Title:
Pennsylvania Yanks Voter Site After Data Leak
Author: Robert McMillan, IDG
Date Published:
3/19/2008
Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031901259_pf.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080320-05
MO Department of Social Services
MO
3/19/2008
Paper Data
Government/Military
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Entire case files from the Missouri Department of Social Services in Jefferson City were found in unsecured recycling bins. The information included names, SSNs and even birth certificates.
Attribution 1
Publication:
KHQA
Article Title:
Missouri fails to shred sensitive documents
Author: AP
Date Published:
3/19/2008
Article URL: http://www.khqa.com/news/news_story.aspx?id=110150
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080320-04
Lasell College
MA
2/6/2008
Electronic
Educational
Records Exposed? Yes Published #
Lasell College reports one of its employees has hacked its network, gaining access to personal information of students, employees and alumni. The breach, which the school said it discovered on Feb. 6, included information on 20,000 students, employees and alumni, including social security numbers. The school, which has about 1,300 students, said the breach was carried out by a member of its IT department. Newton-based Lasell said it is not aware of any instances of the information being misused. Also see notice to New Hampshire AG- http://doj.nh.gov/consumer/pdf/Lasell.pdf Attribution 1
Publication:
MSNBC
Article Title:
Lasell College says hacker accessed personal data
Author: AP
Date Published:
3/20/2008
Date Published:
3/20/2008
Article URL: http://www.msnbc.msn.com/id/23726420 Attribution 2
Publication:
Mass High Tech, Journal of New Englan
Author: staff
Article Title: Lasell College latest to have user data stolen Article URL: http://www.bizjournals.com/masshightech/stories/2008/03/17/daily40.html
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
20,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 157 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080320-03
Wolters Kluwer
IL
2/27/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Wolters Kluwer has informed the NH AG that Lippincott Williams & Wilkins may have had personal information including credit card numbers, expiration dates and verification numbers compromised by an unauthorized intrusion into the server between August 30, 2007 to Feb. 27, 2008. These customers may have made purchases at www.stedmans.com Attribution 1
Publication:
notice to NH AG
Article Title:
breach of Lippincott Williams & Wilkins, a Wolters Kluwer business
Author: Richard Parker
Date Published:
3/10/2008
Article URL: http://doj.nh.gov/consumer/pdf/wolters.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080320-02
Binghamton University
NY
3/14/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
288
The Social Security numbers of more than 300 Binghamton University students were accidentally e-mailed to a list of hundreds of other students on Friday. A university employee mistakenly sent an e-mail attachment containing the names, grade point averages and Social Security numbers of junior and senior accounting students to another group of 288 School of Management students. Attribution 1
Publication:
Press and Sun-Bulletin
Article Title:
Some BU students' Social Security info e-mailed to others
Author: John Hill
Date Published:
3/17/2008
Article URL: http://www.pressconnects.com/apps/pbcs.dll/article?AID=/20080317/NEWS01/803170361
ITRC Breach ID
Company or Agency
Location
ITRC20080320-01
Affordable Realty
MI
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Yes Unknown #
Business
Exposed # of Records Rptd
0
Affordable Realty in Flint tossed bankruptcy statements, financial records, Social Security numbers and addresses of clients who once did business with the company. At least one person has seen people rummaging through the dumpster. The Genesee County Sheriff is on the case now. Attribution 1
Publication:
ABC 12 News
Article Title:
Personal information discovered in dumpster
Author: Dawn Jones
Date Published:
3/19/2008
Article URL: http://abclocal.go.com/wjrt/story?section=news/local&id=6029957
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080317-04
Hannaford Bros Supermarket Chain
ME
12/7/2007
Electronic
Business
Hannaford Bros. supermarket chain said a breach of its computer system led to the theft of about 4.2 million credit and debit card numbers from its Hannaford and Sweetbay stores and other locations. Hannaford operates 165 stores in the Northeast. There are 106 Sweetbay supermarkets in Florida. The company said in a statement posted to its website that the stolen data was "illegally accessed from our computer systems during transmission of card authorization.'' It is estimated this breach extended from 12/7/2007 to 3/10/2008. Update: Malware cited as possible cause of breach 3/28/07
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
4,200,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 158 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Forbes
Article Title:
Malware Cited in Hannaford Breach
Author: AP
Date Published:
3/28/2008
Date Published:
3/20/2008
Date Published:
3/20/2008
Article URL: http://www.forbes.com/feeds/ap/2008/03/28/ap4827125.html Attribution 2
Publication: Article Title:
Tecnology MIT Review Author: Associated Press Hannaford data breach offers twists from prior attacks
Article URL: http://www.technologyreview.com/Wire/20451/ Attribution 3
Publication:
Computerworld
Article Title:
Hannaford hit by class-action lawsuits in wake of data-breach disclosure
Author: Jaikumar Vijayan
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9070281&intsrc=hm_list Attribution 4
Publication: Article Title:
Washington Post.com Author: Brian Krebs Hannaford Breach May Presage '08 Trend
Date Published:
3/18/2008
Article URL: http://blog.washingtonpost.com/securityfix/2008/03/hannaford_breach_may_presage_0.html Attribution 5
Publication:
WMUR
Article Title:
Hannaford: Data Breach May Have Exposed Millions To Fraud
Author: Associated Press
Date Published:
3/17/2008
Date Published:
3/17/2008
Article URL: http://www.wmur.com/news/15621249/detail.html Attribution 6
Publication:
Boston Globe
Article Title:
Supermarket data breach affects 4.2 million accounts
Author: staff
Article URL: http://www.boston.com/business/ticker/2008/03/supermarket_dat.html
ITRC Breach ID
Company or Agency
Location
ITRC20080317-03
Utah Division of Finance
UT
Est. Date
Breach Type Breach Category Electronic
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
500
Computer files containing the personal information of approximately 500 individuals may have been accessed by unauthorized persons during a security breach at the Utah Division of Finance. After a complete audit it appears to have a very minimal risk of penetration. Attribution 1
Publication: Article Title:
Deseret Morning News State agency reports a security breach
Author: staff
Date Published:
3/15/2008
Article URL: http://deseretnews.com/article/1,5143,695261923,00.html
ITRC Breach ID
Company or Agency
Location
ITRC20080317-02
Broward School District
FL
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Published #
A Coconut Creek high school student hacked into a district computer and collected personal data including SSNs and addresses of district employees. The district is asking employees to monitor their financial records.
Attribution 1
Publication: Article Title:
Local 6.com Author: Associated Press Student Hacks Into School District Computer
Article URL: http://www.local6.com/news/15610790/detail.html
Copyright 2008 Identity Theft Resource Center
Date Published:
3/17/2008
Exposed # of Records Rptd
35,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 159 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080314-05
Starling Insurance and Associates
CO
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
A server was stolen from a locked room at Starling Insurance and may contain one or more of the following data elements: name, address, SSN and DL#.
Attribution 1
Publication:
to NH AG
Article Title:
Starling Insurance breach
Author: notification leter- Ray
Date Published:
3/3/2008
Article URL: http://doj.nh.gov/consumer/pdf/starling.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080314-04
Oklahoma Court Records
OK
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
The Social Security numbers of thousands of Oklahoma County residents are available on County Clerk Carolynn Caudill's website to anyone who wants to look, apparently in violation of federal law. The numbers are contained on numerous documents filed of record in the county and are easily found by anyone with computerized research experience. In December 2006, The Oklahoman reported on Caudill's efforts to make all county records available online. The story, in part: Almost all of some 8.7 million documents — 17 million pages — are online, from mortgage documents, mineral deeds, liens and other legal "papers,” from original land patents granted after the Land Run of 1889 to last week’s property deals, said Mark Mishoe, chief deputy for County Clerk Carolynn Caudill. Attribution 1
Publication:
Tulsa Today
Article Title:
Oklahoma County Clerk's records reveal social security numbers
Author: Mike McCarville
Date Published:
3/11/2008
Article URL: http://www.tulsatoday.com/newsdesk/index.php?option=com_content&task=view&id=1485&Itemid=2
ITRC Breach ID
Company or Agency
Location
ITRC20080314-03
Hotel Shilla- Desert Hot Springs
CA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
David Wright, 35, was arrested during a traffic stop wanted for drug-related charges. He was later identified as a suspect in defrauding Hotel Shilla guests. An ex-employee of a Desert Hot Springs hotel, which has been cited for not paying city taxes, was arrested last Thursday accused in credit card fraud at the hotel and at a restaurant. Authorities accuse Wright of acquiring credit car numbers of guests from the Hotel Shilla and customers at the Amore Restaurant in La Quinta. Wright was reportedly the head of maintenance at the Shilla. Attribution 1
Publication:
KESQ Palm Springs- Channel 3
Article Title:
Ex-DHS Hotel Employee Accused of Stealing Guests Credit Card Numbers
Author: Matt Guillermo
Date Published:
3/11/2008
Article URL: http://www.kesq.com/Global/story.asp?S=8000851&nav=menu191_2
ITRC Breach ID
Company or Agency
Location
ITRC20080314-02
United Amerindian Center
WI
Est. Date
Breach Type Breach Category Electronic
Business
"A letter from the center's board of directors sent earlier this month to the Brown County District Attorney's Office said a former employee may have had access to employee tax information on a center-owned computer that includes personal data, such as Social Security numbers and dates of birth." The Center serves needy urban Native Americans with transportation and abuse issues.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 160 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Green Bay Press Gazette
Article Title:
Amerindian Center warns about security breach
Author: Malavika Jagannatha
Date Published:
3/13/2008
Article URL: http://www.greenbaypressgazette.com/apps/pbcs.dll/article?AID=/20080313/GPG0101/803130643/1207/GPGnews
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080314-01
University Healthcare
UT
2/25/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Published#
Medical/Healthcare
4,800
University Healthcare said a thief broke into a locked room and stole a laptop and flashdrive containing the names, health policy information and some SSNS of about 4800 patients. The information is password protected. The delay in notification was to audit the database and determine the affected individuals. Attribution 1
Publication:
KLS Newsradio
Article Title:
Laptop with patient information stolen from University Health Care
Author: Sarah Dallof
Date Published:
3/13/2008
KUTV Author: staff Date Published: Possibly Thousands Of Patient's Information Compromised With Lap Top Theft
3/13/2008
Article URL: http://www.ksl.com/?nid=148&sid=2849851 Attribution 2
Publication: Article Title:
Article URL: http://www.kutv.com/content/news/topnews/story.aspx?content_id=5843cde8-1fb5-4945-b396-df5b682ddbb4
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080313-01
Harvard University
MA
2/16/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
6,600
In February 2008, hackers broke into the Harvard Graduate School of Arts and Sciences web server. At first it was believe no information was stolen. It now appears that 10,000 sets of personal information from applicants and students, including 6,600 SSNs are potentially affected. Attribution 1
Publication: Article Title:
Computerworld Author: Jaikumar Vijayan Harvard grad students hit in computer intrusion
Date Published:
3/13/2008
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9068221&intsrc=hm_list Attribution 2
Publication:
Crimson
Article Title:
Personal Data Potentially Compromised in Hack
Author: Clifford Marks
Date Published:
3/12/2008
Article URL: http://www.thecrimson.com/article.aspx?ref=522487 Attribution 3
Publication: Article Title:
Crimson Author: Abby Phillip Date Published: 2/19/2008 Hackers Break Into GSAS Computer Network, Post Protected Content to Downloading Web Site
Article URL: http://www.thecrimson.com/article.aspx?ref=521958
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080310-05
Texas Dept. of Health and Human Services
TX
3/4/2008
Electronic
Government/Military
Two computers with Medicaid patient information were stolen from the Texas Department of Health and Human Services. Stephanie Goodman, a spokeswoman with Texas Health and Human Services, said the computers could have contained personal information only on e-mails. The e-mails, however, would normally contain only an individual’s case number, she said. It is unlikely those e-mails would have listed Social Security numbers, she said. “I can’t say 100 percent that it wouldn’t be on e-mails, but that would be the only way to have access to anything,” Goodman said.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 161 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Daily News, Galveston
Article Title:
Medicaid computers stolen from office
Author: Chris Paschenko
Date Published:
3/8/2008
Article URL: http://galvestondailynews.com/story.lasso?ewcd=a3aa2e57aa6c0cc5&-session=TheDailyNews:42F941E80785800A9
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080310-04
Central Florida Regional Hospital
FL
12/1/2007
Paper Data
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Medical/Healthcare
30
About 30 patient medical records including medical histories, addresses, SSNs and insurance information were sold as scrap paper to a Utah teach for about $20 from the Central Florida Regional Hospital. "Officials are chalking this u to a shipping error." "In December, the box was one of three shipped to a Las Vegas company for a Medicare audit, said Kelly Ferrell, the hospital's risk manager. Hospital officials had been tracking the box since it was reported missing in Phoenix but had not contacted the affected patients, she said. Officials said they were unsure how the box made its way to Utah, though the package containing the records also had a document indicating it was "overgoods" — a package that was sold because the shipping company could not deliver it or find its owner." Attribution 1
Publication:
Deseret Morning News
Author: Aaron Falk
Date Published:
3/10/2008
Article Title: Health files are sold as scrap paper to Utahn Article URL: http://deseretnews.com/article/1,5143,695260327,00.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080310-03
Troy Area School District
PA
1/31/2008
Electronic
Educational
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
Troy Area Schools are investigating a breach of its network containing names, SSNs and other personal information. The memorandum reads: “We have recently learned that e-mails sent into and out of our network have been copied and forwarded to an unauthorized account and that non-public information located on our internal network has been repeatedly accessed without authorization. As a result of the unauthorized transmissions and access, certain personal, non-public information may have been compromised and disseminated.” Attribution 1
Publication:
Daily Review
Article Title:
Security breach investigated in Troy schools
Author: Eric Hrin
Date Published:
3/8/2008
Article URL: http://www.thedailyreview.com/site/news.cfm?newsid=19372545&BRD=2276&PAG=461&dept_id=465049&rfi=6
ITRC Breach ID
Company or Agency
Location
ITRC20080310-02
MTV
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Published#
5,000 MTV Network employees had their information potentially exposed when computer files with names, SSNs, birthdays, addresses and compensation information were breached, the network told employees on Friday. "MTV later said in a statement that the security breach occurred after an Internet connection in an employee's computer was compromised. Although it was not immediately clear whether the passwordprotected files were opened, MTV, a division of Viacom, notified law enforcement authorities and a credit monitoring company to safeguard the identities of the affected employees." . Attribution 1
Publication:
The Tech Herald
Article Title:
Hacker gets personal info from 5000 employees
Author: Steve Ragan
Date Published:
3/10/2008
Article URL: http://www.thetechherald.com/article.php/200811/373/Hacker-gets-personal-info-from-5000-MTV-employees
Copyright 2008 Identity Theft Resource Center
5,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 162 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
NY Times
Article Title:
Breach of MTV Computer Files
Author: Reuters
Date Published:
3/8/2008
Article URL: http://www.nytimes.com/2008/03/08/technology/08data.html?_r=1&ref=business&oref=slogin
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080310-01
Blue Cross /Blue Shield of Western NY
NY
11/1/2007
Electronic
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
40,000
Blue Cross/Blue Shield had a computer that "went missing" last November. It is now notifying 40,000 customers that vital information was involved and steps to take about identity theft concerns.
Attribution 1
Publication:
WIVB
Article Title:
Blue Cross Addresses Identity Theft Concerns
Author: staff
Date Published:
3/10/2008
WHY Sports Zone- WGRZ Author: Matt Pitts Date Published: Missing Laptop Prompts ID Theft Concern at Blue Cross-Blue Shield of WNY
3/7/2008
Article URL: http://www.wivb.com/Global/story.asp?S=7992428 Attribution 2
Publication: Article Title:
Article URL: http://www.wgrz.com/sports/sports_article.aspx?storyid=56110&provider=gnews
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080307-05
Marathon County Wide Purchase Card Program
WI
1/1/2008
Electronic
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
270
The Wisconsin Office of Privacy Protection reports that Marathon County had a data breach affecting approximately 270 county employees. A file with names, SSNs, and dates of birth was sent to the county's purchasing card administrator. More details are not available at this time. Attribution 1
Publication: Article Title:
http://privacy.wi.gov/databreaches/datab Marathon County Breach
Author: Wisconsin Office of P
Date Published:
2/27/2008
Article URL: http://privacy.wi.gov/databreaches/databreaches.jsp
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080307-04
DVA Renal Healthcare DaVita
US
2/4/2008
Electronic
Medical/Healthcare
Records Exposed? Yes (Password) Unknown#
DVA Renal Healthcare loss current and former patient names, SSNs, medical insurance numbers and other personal information when a company laptop was stolen from an employee's car. DVA is a dialysis provider that has over 1,300 outpatient dialysis facilities and acute units in over 800 hospitals. They are located in 42 states and the District of Columbia, serving approximately 103,000 patients. Attribution 1
Publication: Article Title:
Notice to NH AG breach- DVA Renal Healthcare
Author: Ann DesRuisseaux
Article URL: http://doj.nh.gov/consumer/pdf/davita.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
3/3/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 163 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080307-03
Francehethan
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Business
0
Names, credit card numbers and other person information was posted on a website available to the public. It was discovered when one person searched for her name on Google for fun. The website has been closed.
Attribution 1
Publication:
Click 2 Houston
Article Title:
Houstonians' Personal Information Found On Internet
Author: Daniella Guzman
Date Published:
3/7/2008
Article URL: http://www.click2houston.com/news/15523600/detail.html
ITRC Breach ID
Company or Agency
Location
ITRC20080307-02
Nevada Department of Public Safety
NV
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
109
An off-site firm working for the NV Dept. of Public Safety has lost the names, SSNs, address and background check information for about 109 individuals seeking jobs with the agency. The info was on a thumb drive owned by an employee of Crown, Stanley and Silverman.. Attribution 1
Publication:
Houston Chronicle
Article Title:
Nevada Firm Loses Job Seeker's Data
Author: Associated Press
Date Published:
3/5/2008
Article URL: http://www.chron.com/disp/story.mpl/ap/fn/5595764.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080307-01
Cascade Healthcare Community
OR
12/11/2007
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
11,500
A computer virus may have exposed the names, credit card numbers, dates of birth and home addresses of more than 11,500 individuals who donated to Cascade Healthcare Community, the parent company of St. Charles in Bend and Redmond. The virus penetrated the computer system Dec. 11, and the hospital’s information technology staff believed they had rebuffed it. But Feb. 5, they detected suspicious activity in the system and called in computer forensic experts to investigate. By Feb. 20, it became clear the information had been made vulnerable by the virus. Attribution 1
Publication:
The Bulletin
Author: Markian Hawryluk and
Date Published:
3/6/2008
Article Title: Hospital donor files compromised Article URL: http://www.bendbulletin.com/apps/pbcs.dll/article?AID=/20080306/NEWS0107/803060442/1006&nav_category=NEW
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080304-01
Kraft Foods
IA
1/15/2008
Electronic
Business
A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business. That group of 20,000 includes employees from Davenport's Kraft Oscar Mayer plant. It is unknown how many employees of the Davenport facility were affected. The plant employs about 1,700 people. Kraft Foods spokeswoman Cathy Pernu said the theft took place in mid-January and involved an employee who was working on a systems project. "It had migrating information that was transferring from one computer to another." She did not say where the theft took place, but said the employee does not work at the Davenport plant. "It contained the names and may have contained Social Security numbers," Pernu said. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
20,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 164 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Quad City Times.com
Article Title:
Missing laptop, data could affect Q-C Oscar Mayer employees
Author: Doug Schorpp
Date Published:
3/3/2008
Article URL: http://www.qctimes.com/articles/2008/03/03/news/local/doc47cc7e171b8bd249394271.txt?sPos=2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080303-03
Nestle Waters North AmericaSystematic Automatic
US
2/11/2008
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
8,245
Symtematic Automation, a contractor that distributes employee benefit statements of Nestle Water North America, had a break-in. A computer was stolen which contained names, birth dates and SSN for approximately 8245 people employed by NWNA in 2006. It was not encrypted. Attribution 1
Publication:
notice to NH AG
Article Title:
Nestle Waters North America Inc breach- A
Author: Yum Choi Au
Date Published:
2/26/2008
Article URL: http://doj.nh.gov/consumer/pdf/nestle_waters.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080303-02
VA Austin Corporate Data Center
TX
2/1/2008
Electronic
Government/Military
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
Another VA laptop has been stolen from an employee apartment. However the data on this laptop was encrypted. In the latest incident, the employee immediately reported the theft to VA and the Austin police department. Because VA followed information technology security policies and procedures, officials could determine that no sensitive data resided on the laptop. The police have recovered the laptop. The employee whose laptop was stolen had permission to bring the laptop home, where he had locked it down to furniture. Attribution 1
Publication:
FCW.com
Article Title:
Stolen VA laptop caught in safety net
Author: Mary Mosquera
Date Published:
3/3/2008
Article URL: http://www.fcw.com/online/news/151810-1.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080303-01
US Army Reserve Center
WI
3/1/2008
Electronic
Government/Military
Records Exposed? Yes Published #
Sometime between 3 p.m. Friday and 9:45 am. Sunday, approximately 200 military ID cards, 10 to 12 used military ID cards and a laptop computer that can be used to make them went missing from the US Army Reserve Center on Milwaukee's northwest side. Attribution 1
Publication:
WISN
Article Title:
Military IDs, Equipment Stolen Over Weekend
Author: staff
Article URL: http://www.wisn.com/news/15475867/detail.html
Copyright 2008 Identity Theft Resource Center
Date Published:
3/3/2008
Exposed # of Records Rptd
200
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 165 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080229-02
Wellesley Health Dept.
MA
2/5/2008
Paper Data
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
500
Personal information of nearly 500 seniors who received flu shots in Wellesley has been lost or stolen. An envelope that had been mailed earlier this month by the town's health department to a Medicare office in Boston arrived open and the contents were missing. The material included social security numbers, addresses and dates of birth for about 480 Wellesley seniors who had received flu shots from the town last fall. Attribution 1
Publication:
Boston Herald
Article Title:
Personal information of hundreds of seniors lost or stolen
Author: Associated Press
Date Published:
2/29/2008
Article URL: http://www.bostonherald.com/news/regional/general/view.bg?articleid=1076819&srvc=rss Attribution 2
Publication:
WPRI and Boston Globe
Article Title:
Personal information of hundreds of seniors lost or stolen
Author: Associated Press
Date Published:
2/29/2008
Article URL: http://www.wpri.com/Global/story.asp?S=7944973&nav=menu20_3
ITRC Breach ID
Company or Agency
Location
ITRC20080229-01
Salem Clinic
OR
Est. Date
Records Exposed?
Breach Type Breach Category Paper Data
Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
It was reported to KATU by a former worker of Salem Clinic that the medical records and SSNs of some patients were placed in training handbooks and allowed to be taken home by staff members. Salem Clinic officials released a statement saying no one other than clinic employees are allowed to view patient records and that "they have a duty to protect confidential information that is entrusted to them." Attribution 1
Publication:
KATU Web staf
Article Title:
Woman claims Salem Clinic mishandled records
Author: Melica Johnson
Date Published:
2/29/2008
Article URL: http://www.katu.com/news/local/16123062.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080228-05
ICS Head Start - Mount Pleasant
TN
1/27/2008
Paper Data
Records Exposed? Yes Published #
Educational
Thieves broke into the ICS Head Start Center in Mount Pleasant and stole the information of 79 files, some with multiple SSNs of young children. Investigators found some "customers" and traced the information back. "From that we developed a suspect and never let off of it and of course we have one person in custody now and we hope and expect to make more arrests by the end of the week." said Marshall County Sheriff's Investigator Kelly McMillin. Attribution 1
Publication:
News 3 WREG Memphis
Article Title:
Thieves break into Head Start center
Author: Dennis Turner
Article URL: http://www.wreg.com/Global/story.asp?S=7935190
Copyright 2008 Identity Theft Resource Center
Date Published:
2/27/2008
Exposed # of Records Rptd
79
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 166 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080228-04
NY City Dept. of Finance
NY
1/29/2008
Paper Data
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
12,000
The New York City Department of Finance has sent tax forms to thousands of people in defective envelopes that allowed Social Security numbers to be seen from the outside. The finance department mailed 2007 tax forms for unincorporated businesses in envelopes that were too big to about 12,000 people. It says the recipients' Social Security or employee identification numbers were visible through the windows on the envelopes. Attribution 1
Publication:
My Fox Raleigh
Author: Associated Press
Date Published:
2/27/2008
Article Title: NY Offers Credit Monitoring After Tax Mailing Gaffe Article URL: http://www.myfoxraleigh.com/myfox/pages/News/Detail?contentId=5896266&version=1&locale=EN-US&layoutCode
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080228-03
Liberty Hill School District
TX
2/28/2008
Paper Data
Records Exposed? Yes Unknown #
Educational
Exposed # of Records Rptd
0
CBS 42 reporter found boxes full of files with names, addresses, SSNs, medical records, copies of birth certificates and more dumped into a recycle bin. The documents appear to be the property of the Liberty Hill School District. Attribution 1
Publication:
About Austin
Author: Jacci Bear
Date Published:
2/28/2008
Article Title: Are Texas Schools Helping Thieves Steal Your Identity? Article URL: http://austin.about.com/b/2008/02/28/are-texas-schools-helping-thieves-steal-your-identity.htm
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080228-02
Marshfield Clinic-Health Net Federal Services
US
12/25/2007
Electronic
Records Exposed? Yes Published #
Government/Military
NewsCenter 13 has learned local doctors may be at risk for identity theft. The risk involves a national health insurance company and more than 100-thousand doctors in Wisconsin and ten other states. The states involved include Wisconsin, Michigan, Illinois, Indiana, Ohio, Pennsylvania, Tennessee, Iowa, Missouri, Kentucky and West Virginia. The Vice President at Marshfield Clinic confirmed Wednesday afternoon that social security numbers for his doctors and thousands of others all over the Midwest were posted on a website, accidentally. Director of Communications, Molly Tuttle, says the information was accidentally posted to the website for about two months, and involved doctors who had filed a claim with the company between September of 2005, and September of 2006. Dr. Doug Reding tells us the numbers were posted to a website by a company called Health Net Federal Services based in Rancho Cordova, California. The company is a government contractor that deals with health insurance for military families and veterans. Attribution 1
Publication:
News Center 13- WEAU
Article Title:
103,000 Doctor's Social Security Numbers Posted on Website by Accident
Author: staff
Article URL: http://www.weau.com/news/headlines/16061387.html
Copyright 2008 Identity Theft Resource Center
Date Published:
2/27/2008
Exposed # of Records Rptd
103,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 167 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080228-01
David Haltinner
WI
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
637,000
David Haltinner was sentenced to 50 months for aggravated identity theft and access device fraud. Mr. Haltinner had access to this credit card information by virtue of his responsibilities as an Information Security Analyst for his employer, and in fact had stolen all of the credit card information from his employer. He used an assumed online identity to sell approximately 637,000 stolen credit card numbers through a website frequented by individuals engaged in credit card fraud. Fortunately, Mr. Haltinner’s two biggest customers turned out to be one undercover agent of the United States Secret Service in Nashville. Mr. Haltinner twice sold the same database of approximately 637,000 stolen credit card numbers with related names and addresses to the undercover agent, who was using two different online identities. In one of the transactions, Mr. Haltinner instructed the undercover agent to send a package to a false name at the address of Mr. Haltinner’s employer in Neenah, Wisconsin. Agents of the Secret Service from the Milwaukee, Wisconsin Field Office placed the address of Mr. Haltinner’s employer under surveillance when the package from the undercover agent was delivered and observed Mr. Haltinner carry the package to his car. This case was investigated by agents from the United States Secret Service’s Nashville and Milwaukee Field Offices, with assistance from the Milwaukee Police Department. Assistant United States Attorney Byron Jones represented the United States. Attribution 1
Publication:
US Attorney's Office, Middle District of T
Author: press release- Edwar
Date Published:
2/26/2008
Article Title: DAVID U. HALTINNER SENTENCED TO 50 MONTHS OF IMPRISONMENT Article URL: http://cybersafe.gov/usao/tnm/press_releases/2008/2_26_08.html
ITRC Breach ID
Company or Agency
Location
ITRC20080227-01
Health Facilities Fed. Credit Union
SC
Est. Date
Breach Type Breach Category Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A loan officer at Health Facilities Federal Credit Union in Florence has been charged with stealing customer information between 1998-2006 and using the information to take out more than $700,000 in loans using the stolen identities. Attribution 1
Publication:
The State
Article Title:
Ex-loan officer faces identity theft charges
Author: Ishmael Tate
Date Published:
2/27/2008
Article URL: http://www.thestate.com/local/story/329264.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080226-01
Union Mortgage
OH
2/22/2008
Paper Data
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Channel 3 news found a garbage dumpster full of Clevelanders' personal information, including bank statements, credit reports, and tax returns. Thousands of pages of sensitive documents were thrown out in a dumpster located behind a pizza shop at East 105th and Superior in Cleveland. Confidential files were found on hundreds of people who applied for loans with a company called Union Mortgage, whose last known addresses were in Beachwood and Parma. The company closed its doors recently due to IRS issues. Attribution 1
Publication: Article Title:
WKYC Author: Tom Meyer Date Published: Investigator Exclusive: Mortgage company abandons customers' personal records
Article URL: http://www.wkyc.com/news/news_article.aspx?storyid=83808&provider=gnews
Copyright 2008 Identity Theft Resource Center
2/22/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 168 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080225-04
Torrance Unified School District- ASI
CA
2/11/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
2,200
Personal information about 2,200 Torrance Unified School District staffers was housed on a hard drive recently stolen from an Orange County company that helps agencies administer employee health benefits. Names, addresses, birth dates and Social Security numbers were among the personal details stored on equipment at Systematic Automation Inc. of Fullerton, district officials confirmed Friday. Attribution 1
Publication:
Daily Breeze
Article Title:
Theft compromises Torrance school district employee data
Author: Shelly Leachman
Date Published:
2/22/2008
Article URL: http://www.dailybreeze.com/ci_8342542
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080225-03
Kurt Bischoff Tax and Acct.
WI
2/21/2008
Electronic
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
600
On Feb. 21, the accounting offices of Kurt Bischoff were burglarized and a desktop computer was stolen. The computer had names, SSNs and bank account numbers. Approximately 600 records are potentially affected
Attribution 1
Publication:
WI OPP
Article Title:
Kurt Bischoff breach
Author: Wisconsin Office of P
Date Published:
2/22/2008
Article URL: http://privacy.wi.gov/databreaches/databreaches.jsp
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080225-02
Unknown counseling center
OK
2/15/2008
Electronic
Medical/Healthcare
Records Exposed? Yes Published #
Exposed # of Records Rptd
100
An OKC woman who worked at a counseling center stole patient records and then resold them to two others knowing they would use the information for identity theft.
Attribution 1
Publication:
KSWO
Article Title:
OKC woman charged with violating health privacy law
Author: Associated Press
Date Published:
2/23/2008
Article URL: http://www.kswo.com/Global/story.asp?S=7914206
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080225-01
Mecklenburg County Park and Recreation
NC
2/25/2008
Paper Data
Government/Military
Records Exposed? Yes Unknown #
WBTV News reports that bank account information of an unknown number of people in Mecklenburg County was stolen when a county employee's car was stolen. The car had a printout of bank draft transactions within the Park and Recreation Department form Jan., Feb., and June of 2006. Attribution 1
Publication:
WBTV
Article Title:
Personal Information Compromised
Author: staff
Article URL: http://www.wbtv.com/news/topstories/15934452.html
Copyright 2008 Identity Theft Resource Center
Date Published:
2/25/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 169 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080222-05
Colorado State University
CO
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
208
At Colorado State University, four files were discovered online that contained information about 300 students on the Warner College of Natural Resources Web site, including passwords and 208 Social Security numbers. The university has since removed the files and worked to get the information out of search engine caches. Attribution 1
Publication:
Redmondmag.com
Article Title:
Campus Security: 13 Data Breaches Reported So Far This Month
Author: David Nagel
Date Published:
1/29/2008
Article URL: http://redmondmag.com/news/article.asp?EditorialsID=9478 Attribution 2
Publication:
Author:
Date Published:
Article Title: Article URL: http://redmondmag.com/news/article.asp?EditorialsID=9478
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080222-04
Rowan University
NJ
11/1/2004
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
172
A file found on the Rowan University web site contained sensitive information on 370 students. The file contained names, GPAs, phone numbers, majors, e-mail address, grades, phone numbers, physical fitness information, 172 Social Security numbers, 95 birth dates, and 310 addresses. The file, belonging to a university professor, could have been online as early as November 2004. Attribution 1
Publication:
www.ssnbreach.org
Article Title:
Rowan University breach
Author: Press release
Date Published:
2/5/2008
Article URL: http://www.adamdodge.com/esi/month/2008/02?page=2&%24Version=1&%24Path=/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080222-03
Bookkeeper in Bargersville
IN
2/18/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
Tax information with names, SSNs, and bank information was left in file boxes on the front porch of a former bookkeeper for a tax preparation firm. Apparently the landlords of the building cleaned out the offices they delivered hundreds of customer files at Kathy Dietz's home, the name of the lease. She then left then on her porch and called the police. It is believed that none of the information has been tampered with. Attribution 1
Publication:
Indy Channel
Article Title:
Sensitive Tax Information Left On Front Porch Of Home
Author: staff
Date Published:
2/19/2008
Article URL: http://www.theindychannel.com/news/15339525/detail.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080222-02
Lohr Vineyards
CA
12/19/2007
Electronic
Business
One of two computers stolen from the headquarters of J. Lohr Vineyards and Wines in San Jose, CA on December 19th contained personal information on the company's employees. In a letter to those affected dated Feb. 13, James Schuett, the company's Vice President - Finance, reported that one of the two computers contained information about participants in the company 's Employee Stock Ownership/Option Plan, including the names, addresses, Social Security Numbers and dates of birth of current and former J. Lohr employees. Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 170 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
notice to NH AG
Article Title:
Lohr Vineyards
Author: James Schuett, VP Fi
Date Published:
2/13/2008
Article URL: http://doj.nh.gov/consumer/pdf/j_lohr_vineyards.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080222-01
GA Dept. of Transportation
GA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Government/Military
Exposed # of Records Rptd
55
An employee in the permit office of the GA Dept. of Transportation has been arrested for stealing at least 55 people's credit card information from applications given to the State Dept. of Transportation. Investigators said they think the theft ring may have been operating for as long as 12 months. Bracy was hired by the DOT in April of 2007. The DOT and the GBI think there are more people who don’t even know they are victims. Attribution 1
Publication:
11 Alive
Article Title:
GDOT Worker Charged With ID Theft
Author: Kevin Rowson
Date Published:
2/22/2008
Article URL: http://www.11alive.com/news/article_news.aspx?storyid=111692
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080219-05
Los Angeles Dept. of Water and Power
CA
2/12/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
8,275
Computers containing the private financial data including name, date of birth, SSN and deferred compensation balance was stolen from a private DWP contractor. Vince Foley, who serves on the board of the DWP Retired Employees Assn., said he has received anxious calls from retirees. The stolen computer equipment also contained financial data on employees who retired between July 1, 2006, and June 30, 2007. Mayor Antonio Villaraigosa's appointees on the five-member DWP commission on Tuesday plan to discuss the burglary, which occurred Monday in the Fullerton office of the data-processing company Systematic Automation Inc. "It's the first time I've ever heard of anything like this because, typically, people outside of the DWP don't have that information available," Foley said. "DWP's computers are, of course, encrypted and protected. But this is a situation where they had . . . a consultant who's given all this data so they can prepare the [benefits] statements." Attribution 1
Publication:
Los Angeles Times
Article Title:
Stolen hardware held DWP employees' personal information
Author: David Zahniser
Date Published:
2/15/2008
Article URL: http://www.latimes.com/technology/la-me-dwp16feb16,1,1965989.story?ctrack=3&cset=true
ITRC Breach ID
Company or Agency
Location
ITRC20080219-04
First Magnus Financial
FL
Est. Date
Breach Type Breach Category Paper Data
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Boxes of files and paperwork belonging to the defunct First Magnus Financial were lying inside stacked boxes inside a garbage container. The paperwork included SSNs, credit card numbers, addresses and property.
Attribution 1
Publication:
MSNBC
Article Title:
Some mortgage lenders tossing customers’ personal data in the trash
Author: Alex Johnson
Date Published:
3/6/2008
Date Published:
2/15/2008
Article URL: http://www.msnbc.msn.com/id/23505497/ Attribution 2
Publication:
CBS 4
Author: staff
Article Title: Ft. Lauderdale Dumpster Becomes A Treasure Trove Article URL: http://cbs4.com/local/Ft.Lauderdale.Trash.2.655638.html Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 171 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080219-03
Malden School Department
MA
2/12/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
233
A hard drive containing the names and Social Security numbers of more than 263 teachers, state employees, and consultants vanished from the School Department earlier this week, baffling officials. An auditor at the Department of Education's Malden headquarters arrived at work Tuesday to find his computer wasn't working. Technical workers identified the problem: His hard drive was missing. Someone had taken it. Attribution 1
Publication: Article Title:
Boston Globe Author: Megan Woolhouse Hard drive missing from School Dept.- contains data of teachers, others
Date Published:
2/16/2008
Article URL: http://www.boston.com/news/local/articles/2008/02/16/hard_drive_missing_from_school_dept/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080219-02
Kenner Food Bank
LA
10/22/2007
Electronic
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
9,000
Kenner officials recently alerted more than 8,000 Food Bank recipients by letter that a computer containing their personal information was stolen in October, city officials said. The computer had on it a list of about 9,000 recipients of the Food Bank with their personal information, such as names, addresses and in some cases Social Security numbers. Attribution 1
Publication: Article Title:
Times Picayune Author: Mary Sparacello Outbreak of ID fraud doubtedn but 8000 notified after computer stolen
Date Published:
2/16/2008
Article URL: http://www.nola.com/news/t-p/frontpage/index.ssf?/base/news-5/120314297164270.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080219-01
Crosslines Ministries of Cathage
MO
2/14/2008
Paper Data
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
2,000
One of the largest aid agencies in Carthage was burglarized overnight Thursday night or Friday morning and files, containing the personal information of about 2,000 families, were stolen. Among the items stolen were paper files containing names, addresses, social security numbers and other personal information of 2,000 individuals served by Crosslines. "They stole files, hard copies, a whole box of papers from the ministry," Det. Kaiser said. "We can't say what else they took and we have no indication of why they took the box of papers in the first place or whether they knew what they were taking." Attribution 1
Publication:
Carthage Press
Article Title:
Burglary compromises personal information for 2,000 families
Author: John Hacker
Date Published:
2/15/2008
Article URL: http://www.carthagepress.com/news/x866628075
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080215-03
Ivy Tech Community College
IN
1/29/2008
Paper Data
Educational
Ivy Tech Community College reports that a private firm compromised names, addresses and SSNs by improperly disposing of 1098's that were misprinted.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 172 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Ivy Tech Community College
Article Title:
Ivy Tech Community College breach
Author: Press Release
Date Published:
2/14/2008
Article URL: http://www.ivytech.edu/about/security/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080215-02
Texas A&M
TX
1/25/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
3,000
Computer records containing names and Social Security numbers of 3,000 current and former employees of two Texas A&M System agricultural agencies and the College of Agriculture and Life Sciences were inadvertently made accessible over the Internet. The file, which was accessible from a Web site for 21 days, was removed within a half hour of its discovery on Tuesday by information security personnel doing routine system checks, according to Dr. Mark Hussey, interim vice chancellor and interim dean of the College of Agriculture and Life Sciences at Texas A&M. The file apparently contained an 8-year-old record of employees of the Texas AgriLife Extension Service, formerly known as Texas Cooperative Extension; Texas AgriLife Research, formerly known as the Texas Agricultural Experiment Station, and the College of Agriculture and Life Sciences. An initial analysis of the records suggests the file did not include any employee hired after about May 1, 1999, Hussey said, but that review is not yet complete. Attribution 1
Publication:
Eagle
Article Title:
A&M posted 3,000 people's personal data
Author: Holly Huffman
Date Published:
2/16/2008
Article URL: http://www.theeagle.com/local/A-amp-amp-M-posted-3-000-people-s-personal-data Attribution 2
Publication:
AG News, Texas A&M Public Affairs
Article Title:
Inadvertent computer error places names of Texas A&M System Agricultural employees on Web site
Author: Dave Mayes
Date Published:
2/15/2008
Article URL: http://agnews.tamu.edu/showstory.php?id=353
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080215-01
Lexmark International
US
1/29/2008
Electronic
Business
Records Exposed? Yes Unknown #
In a letter to employees, Lexmark officials say files containing personal information from some current and former workers were accessed by two unknown parties, last month. Those files contained names, addresses and social security numbers. In another version reported by Kentucky Herald-Leader said that files were inadvertently posted on a company file transfer site which was accessed at least 2 separate times. Attribution 1
Publication:
Herald Leader
Article Title:
Lexmark describes exposed data
Author: Scott Sloan
Date Published:
2/16/2008
Date Published:
2/15/2008
Date Published:
2/15/2008
Article URL: http://www.kentucky.com/101/story/319916.html Attribution 2
Publication:
Kentucky Herald Leader, Kentucky.com
Article Title:
Lexmark employees notified of breach
Author: Scott Sloan
Article URL: http://www.kentucky.com/101/story/318946.html Attribution 3
Publication:
WKYT.com
Author: staff
Article Title: Lexmark Warns Employees About ID Theft Risk Article URL: http://www.wkyt.com/news/headlines/15667457.html Attribution 4
Publication:
Lexmark memo
Article Title:
Questions and Answers from Lexmark
Author: Lexmark
Date Published:
Article URL: http://media.kentucky.com/smedia/2008/02/15/19/Lexmark_Memo.source.prod_affiliate.79.pdf
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 173 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080214-04
University of Toledo Nursing School
OH
Est. Date
Breach Type Breach Category Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
180
The University of Toledo sent out a notice that an email with student names, grades and SSNs were sent out through more than 100 inboxes.
Attribution 1
Publication:
WTOL 11
Article Title:
UT students have ss# and grades sent out in email
Author: staff
Date Published:
2/13/2008
Article URL: http://www.wtol.com/Global/story.asp?S=7868704
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080214-03
Springfield Schools
MA
2/7/2008
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
38
The Springfield Police Department is investigating the theft of three laptop computers in eight days from the Springfield School Department's central office. The thefts began on 2/7 and at least one computer had names and SSNs of 38 school teachers. Attribution 1
Publication:
The Republican
Article Title:
Theft of 3 laptops under investigation
Author: Marla Goldberg
Date Published:
2/14/2008
Article URL: http://www.masslive.com/springfield/republican/index.ssf?/base/news-13/1202977290225050.xml&coll=1
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080214-02
Clovis Unified School District
CA
2/11/2008
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
4,000
Employee information for Clovis Unified and 15 other organizations was jeopardized when Systematic Automation of Fullerton was burglarized about 4:30 a.m. Monday. District employees were alerted in an e-mail about 3:30 p.m. Tuesday, which Avants said was the fastest the district could assemble accurate information on what to tell workers. The information included names, salaries and SSNs. Attribution 1
Publication:
Fresno Bee
Article Title:
Clovis Unified personal info stolen
Author: staff
Date Published:
2/13/2008
Article URL: http://www.fresnobee.com/263/story/396688.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080214-01
Rose-Hulman Institute of Technology
IN
2/4/2008
Electronic
Educational
Records Exposed? Yes Published #
The names, Social Security numbers and dates of birth of about 1,900 Rose-Hulman Institute of Technology students were inadvertently posted on a public Web site from last fall until Feb. 4, according to Rose-Hulman officials. The information has since been removed. An employee inadvertently posted the information to a public site accessible on the Internet. A student who was doing a search for his name came across the site on Feb. 4. Attribution 1
Publication:
Tribune Star
Author: Deb Kelly
Date Published:
Article Title: Rose-Hulman students’ vital info mistakenly put online Article URL: http://www.tribstar.com/news/local_story_044225817.html?keyword=topstory
Copyright 2008 Identity Theft Resource Center
2/13/2008
Exposed # of Records Rptd
1,900
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 174 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080213-04
Lifeblood Mid-South
TN
1/4/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Published#
Medical/Healthcare
321,000
A missing laptop sparked an internal search that uncovered a second missing laptop belonging to Lifeblood Mid-South's primary blood supplier. In letters written by Lifeblood, donors from 1990 to the present are being advised to take proactive steps. The first laptop may have been missing for up to 3 months. Stored inside both computers were donor names, birth dates and addresses at the time of the individual's last donation or attempted donation. In most cases, Lifeblood said the donor's Social Security number was also stored, along with driver's license and telephone numbers, e-mail address as well as ethnic, marital status, blood type and cholesterol levels. Attribution 1
Publication:
Commercial Appeal
Article Title:
Lawsuit targets Lifeblood
Author: Michal Erskine
Date Published:
2/19/2008
Article URL: http://www.commercialappeal.com/news/2008/feb/19/lawsuit-targets-lifeblood/ Attribution 2
Publication:
PR Newswire- Sun Herald
Author: Lifeblood Press Relea
Date Published:
2/13/2008
Date Published:
2/13/2008
Article Title: Two Laptop Computers Missing From Lifeblood's Main Office Article URL: http://www.sunherald.com/447/story/368296.html Attribution 3
Publication:
Commercialappeal.com, Memphis onlin
Article Title:
Missing: Lifeblood laptops with personal info on thousands of donors
Author: Mary Powers
Article URL: http://www.commercialappeal.com/news/2008/feb/13/missing-lifeblood-laptops-personal-information-tho/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080213-03
Middle Tennessee State University
TN
2/1/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
1,500
MTSU officials said today an unknown person accessed a computer containing the names and Social Security numbers of about 1,500 past and current students. A professor left the university computer unattended in the mass communication department about two weeks ago and an unidentified person is believed to have used the machine to send spam e-mails, MTSU spokesman Tom Tozer told The Daily News Journal. Attribution 1
Publication:
Daily News Journal, Murfreesboro TN
Article Title:
MTSU: 1,500 Social Security numbers on breached computer
Author: Brandon Puttbreses
Date Published:
2/13/2008
Article URL: http://dnj.midsouthnews.com/apps/pbcs.dll/article?AID=/20080213/NEWS01/80213045
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080213-02
Milwaukee Public Schools
WI
12/1/2007
Electronic
Records Exposed? Yes Published #
Educational
Half of Milwaukee Public Schools teachers are at risk for identity theft after a computer containing their names, Social Security numbers, birthdates and addresses was stolen, a teachers union spokesman confirmed Tuesday. Around 3,000 MPS teachers are potentially affected by the breach because they're enrolled in a group disability insurance plan underwritten by the Union Security Insurance Company, said Pam Schiefelbein, a local plan administrator. The teachers' personal information was stolen from Administrative Systems Inc., which contracts with Union Security and others in the insurance and financial services industries. Attribution 1
Publication:
JS Online
Author: Dani McClain
Article Title: MPS teachers' private data taken Article URL: http://www.jsonline.com/story/index.aspx?id=717553
Copyright 2008 Identity Theft Resource Center
Date Published:
2/12/2008
Exposed # of Records Rptd
3,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 175 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details.
ITRC Breach ID
Company or Agency
Location
ITRC20080213-01
Tenet Healthcare
TX
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
37,000
A former employee of a locally connected national hospital chain who was convicted of identity theft had access to the personal information of about 37,000 patients, according to a company spokesman. Tenet Healthcare Corp. owns 54 hospitals in a dozen states, including Hilton Head Regional Medical Center and Coastal Carolina Medical Center. The Texas employee worked in the billing center for about two years and is confirmed to have stolen names, SSNs and other information of about 90 patients. He had access to 37,000 other accounts. Attribution 1
Publication:
Beaufort Gazette
Article Title:
Identity thief had access to area information
Author: Daniel Brownstein
Date Published:
2/13/2008
Article URL: http://www.beaufortgazette.com/local/story/190720.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080212-03
Children's Home Society of Florida
FL
2/5/2008
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
On February 5th, the Children's Home Society learned that some personal information such as names, addresses, and Social Security numbers may have been provided to other independent contractors.
Attribution 1
Publication:
WMBB Gulf Coast News 13
Article Title:
Identity Information Released
Author: Jessica Chapin
Date Published:
2/12/2008
Article URL: http://www.wmbb.com/gulfcoastwest/mbb/news.apx.-content-articles-MBB-2008-02-12-0003.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080212-02
Modesto City Schools
CA
2/11/2008
Electronic
Records Exposed? Yes Published #
Educational
A computer hard drive holding the names, addresses, birth dates and Social Security numbers of Modesto City Schools' 3,500 employees was stolen early Monday from a Southern California data processing firm, district officials said. The hard drive and three monitors were stolen at 4:30 a.m. in a "window smash" burglary, said Sgt. Linda King with the Fullerton Police Department. She had no information about witnesses or suspects. The burglary happened at Systematic Automation Inc. in Fullerton. The firm prints annual, customized statements for each district employee with a summary of his or her health and other employee benefits. Attribution 1
Publication: Article Title:
Author: Merrill Balassone School workers' personal data lifted
Article URL: http://www.modbee.com/local/story/208868.html
Copyright 2008 Identity Theft Resource Center
Date Published:
2/12/2008
Exposed # of Records Rptd
3,500
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 176 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080212-01
Long Island University
NY
1/31/2008
Paper Data
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
30,000
Long Island University has sent letters to 25,000 to 30,000 students informing them that tax forms mailed to them last week in "defective mailers" might have led to identity theft. The mailers had 1098T forms but one side of each envelope was missing adhesive. The statements had the student's name, SSN and address. The potentially affected students are those who paid tuition in 2007. Attribution 1
Publication:
Newsday local NY
Article Title:
LIU: Defect puts students at risk of ID theft
Author: Andrew Scharff
Date Published:
2/12/2008
Article URL: http://www.newsday.com/news/local/ny-liiden125573734feb12,0,6745463.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080211-06
Harris County Sheriff
TX
2/7/2008
Paper Data
Records Exposed? Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
An entire stack of arrest records loaded with social security numbers, street addresses and personal information were found dumped in downtown Houston. The records were found next to a dumpster behind the Harris County Sheriff's Department in downtown Houston. Attribution 1
Publication:
ABC news
Article Title:
Inmate booking records found in trash
Author: Andy Cerota
Date Published:
2/8/2008
Article URL: http://abclocal.go.com/ktrk/story?section=news/local&id=5945867
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080211-05
ASI Seattle- Administrative Systems
WA
12/29/2007
Electronic
Records Exposed? Yes (Password) Unknown#
Business
Exposed # of Records Rptd
0
A desktop computer stolen from ASI, Administrative Systems in Seattle on December 29th contained names and SSNs according to a letter mailed on Feb 9th. It affects several of the firm's clients: Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental. According to the MD AG website: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-147544.pdf more than 14,000 MD residents were affected. This website also included a list of all of the firm clients. Attribution 1
Publication:
ASI
Author: William Hill
Date Published:
2/9/2008
Author: Wisconsin Office of P
Date Published:
2/1/2008
Article Title: notice of ASI breach Article URL: http://incident.asibpi.com/notice.html Attribution 2
Publication:
WI OPP
Article Title:
ASI breach
Article URL: http://privacy.wi.gov/databreaches/databreaches.jsp
ITRC Breach ID
Company or Agency
Location
ITRC20080211-04
United Healthcare
MO
Est. Date
Breach Type Breach Category Electronic
Business
A convicted identity thief living in a halfway house recruited employees of an Old Navy store in Chesterfield and United Healthcare to steal customer personal information. 58 victims have been reported to date. The man who set up the scheme has received a 14 year prison sentence.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Published #
Exposed # of Records Rptd
29
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 177 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
St. Louis Dispatch
Article Title:
Judge hands identity thief maximum term
Author: Robert Patrick
Date Published:
2/10/2008
Article URL: http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycounty/story/94C7C91D25F42123862573EA00202CEC? Attribution 2
Publication: Article Title:
United State AG's Eastern District of Mis Author: Catherine Hanaway Date Published: AREA MAN SENTENCED ON FEDERAL IDENTITY THEFT CONSPIRACY CHARGES
2/8/2008
Article URL: http://www.usdoj.gov/usao/moe/press_releases/archived_press_releases/2008_press_releases/february/haines_rob
ITRC Breach ID
Company or Agency
Location
ITRC20080211-03
Old Navy
MO
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
29
A convicted identity thief living in a halfway house recruited employees of an Old Navy store in Chesterfield and United Healthcare to steal customer personal information. 58 victims have been reported to date. The man who set up the scheme has received a 14 year prison sentence. Attribution 1
Publication: Article Title:
St. Louis Dispatch Author: Robert Patrick Judge hands identity thief maximum term
Date Published:
2/10/2008
Article URL: http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycounty/story/94C7C91D25F42123862573EA00202CEC?
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080211-02
Salesforce.com
US
2/1/2008
Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
An unencrypted external storage device with the personal information of current and former Salesforce.com employees including names, SSNs and dates of birth was stolen from a vehicle. A call center has been set up at
[email protected] for those affected. Attribution 1
Publication: Article Title:
notice to NH AG Salesforce breach
Author: David Schellhase
Date Published:
2/7/2008
Article URL: http://doj.nh.gov/consumer/pdf/sales_force.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080211-01
Cross Country Travcorps, NovaPro, Cross Country
US
2/1/2008
Electronic
Business
Records Exposed? Yes Published #
Cross Country Travcorps, NovaPro and Assignment America, dba as Cross Country Staffing which all provide healthcare staffing throughout the US had a laptop stolen from an employee's car. The information on the laptop included names, SSNs and addresses. Approximately 45 New Hampshire and 76 MD residents are potentially affected- other states are unknown. Attribution 1
Publication: Article Title:
notice to MD AG Cross Country Staffing
Author: Joseph Boshart VP
Date Published:
2/8/2008
Date Published:
2/8/2008
Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-147704.pdf Attribution 2
Publication:
notice to NH AG
Article Title:
Cross Country Travcorps breach
Author: Joseph Boshart
Article URL:
http://doj.nh.gov/consumer/pdf/cross_country.pdf
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
121
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 178 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-10
Canadian Standards Association Learning Centre
US
12/20/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
A security breach of the Canadian Standards Association's Learning Centre online store web site may have exposed some US consumers names, credit card account numbers and expiration dates. All affected consumers are being notified. While the site was encrypted it appears the intruder may have had access to the encryption key. Attribution 1
Publication:
notice to NH AG
Article Title:
Learning Centre Online Store, Canadian Standards Association breach
Author: Ellen Pekilis
Date Published:
1/21/2008
Article URL: http://doj.nh.gov/consumer/pdf/CSAGroup2.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-09
MLSgear.com
US
1/1/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
A series of SQL injection attacks on servers for the MLSgear.com website has compromised information included names, addresses, credit and debit card data, and MLSgear.com passwords, MLS President Mark Abbott said in a letter sent to affected individuals on Feb. 1. MLSgear.com is the soccer league's official online store. The attacks seem to have occurred between January and August 2007. Attribution 1
Publication:
Computer World
Article Title:
Soccer league's online shoppers get kicked by security breach
Author: Jaikumar Vijayan
Date Published:
2/8/2008
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=internet_business& Attribution 2
Publication:
notice to NH AG
Article Title:
MLSgear.com breach
Author: Michael Sapherstein,
Date Published:
2/1/2008
Article URL: http://doj.nh.gov/consumer/pdf/MLSgear.pdf
ITRC Breach ID
Company or Agency
Location
ITRC20080208-08
Target National Bank
US
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Banking/Credit/Financial
Exposed # of Records Rptd
0
On January 22, Target notified the New Hampshire DOJ that its fraud detection unit determined three employees of a company that provides call center support services to Target National Bank (the issuer of Target Visa credit cards) had accessed customer VISA account information including names, addresses, account numbers, social security numbers, and telephone numbers. The employees reportedly used the customer information to make fraudulent purchases. Attribution 1
Publication:
notice to NH AG
Article Title:
Target National Bank- VISA customers breach
Author: Robert Barnhard, VP
Date Published:
1/22/2008
Article URL: http://doj.nh.gov/consumer/pdf/target.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-07
NKS Americas
US
1/20/2008
Electronic
Business
On January 25, NSK Americas Inc., global manufacturer of bearings and precision motion products, notified the New Hampshire DOJ that a computer folder containing employee names, Social Security numbers and salaries of approximately 2 ,000 current, former and retired employees was not properly secured on an internal corporate server. The file may have been unsecured since June 2006 Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 179 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
notice to NH AG
Article Title:
NKS Americas breach
Author: Gerald Hope, VP
Date Published:
1/25/2008
Article URL: http://doj.nh.gov/consumer/pdf/NSK.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-06
BJ Wholesale Club
MA
1/3/2008
Electronic
Business
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A thumb drive was discovered missing on January 3, 2008. It contained the names and SSNs of Team Members. The letter to the NH AG said that an employee was updating a list of participants in the firm's tuition reimbursement program. Attribution 1
Publication:
notice to NH AG
Article Title:
BJ Wholesale Club breach
Author: Lon Povich, Exec VP
Date Published:
1/15/2008
Article URL: http://doj.nh.gov/consumer/pdf/BJ.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-05
Kansas State UniversityBerberich Trahan
KS
1/6/2008
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
23
The flash drive of a stolen laptop computer may have contained unencrypted data of 23 Kansas State University current and former students, K-State said today. An employee of Berberich Trahan & Co., P.A., reported the theft from his automobile last month. Berberich Trahan are auditors contracted by the state to conduct annual audits of state agencies. Attribution 1
Publication:
Capital-Journal, CJ Online
Article Title:
Stolen computer may have held personal data
Author: staff
Date Published:
2/8/2008
Article URL: http://cjonline.com/stories/020808/bre_theft.shtml
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-04
East Carolina University
NC
1/3/2008
Electronic
Educational
Records Exposed? Yes Published #
East Carolina University reported that a former professor had included students' personal information on a personal website including 412 SSNs. It has been taken down and Google has been notified to take the information out of any caches. Attribution 1
Publication:
WITN
Article Title:
ECU Investigating Possible Security Breach
Author: staff
Article URL: http://www.witntv.com/home/headlines/15444961.html
Copyright 2008 Identity Theft Resource Center
Date Published:
2/8/2008
Exposed # of Records Rptd
412
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 180 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-03
Memorial Hospital
IN
11/1/2007
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
4,300
Memorial Hospital has notified full, part time and retired employees that a laptop containing personal information is missing. An employee lost the laptop while traveling in November. This week employees received a letter warning them that the missing computer contains their names, addresses, birth dates, ID numbers and social security numbers. The laptop was not encrypted. Attribution 1
Publication:
WBST News
Article Title:
Memorial Hospital loses laptop containing sensitive employee data
Author: Leanne Tokars
Date Published:
2/7/2008
Article URL: www.wsbt.com/news/local/15408791.html
ITRC Breach ID
Company or Agency
Location
ITRC20080208-02
New York Oncology in Gloversville
NY
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
A financial counselor is accused of stealing Social Security numbers from cancer patients. Glenville police arrested Victoria Horton from Broadalbin. Horton is an employee of New York Oncology in Gloversville. She is charged with identity theft. She used the SSNs to acquire fraudulent Discover credit cards. Attribution 1
Publication:
Capital News 9
Article Title:
Woman charge with identity theft
Author: staff
Date Published:
2/8/2008
Article URL: http://capitalnews9.com/content/top_stories/110208/woman-charged-with-identity-theft/Default.aspx
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080208-01
undisclosed companySonoma
CA
12/1/2007
Electronic
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
A two month investigation ended in the arrest of Tina Ryan who stole credit card information from a database at an undisclosed company where she used to work. She is being charged with 152 counts of identity theft.
Attribution 1
Publication:
Press Democrat
Article Title:
Woman faces 234 charges in ID theft
Author: Mike McCoy
Date Published:
2/7/2008
Article URL: http://www1.pressdemocrat.com/article/20080207/NEWS/802070363/0/NEWS01 Attribution 2
Publication:
KTVU Baysider.com
Article Title:
Sonoma Woman Arrested For 152 Counts Of Identity Theft
Author: staff
Date Published:
2/6/2008
Article URL: http://www.ktvu.com/news/15238340/detail.html
ITRC Breach ID
Company or Agency
Location
ITRC20080207-02
a Tukwila Hotel
WA
Est. Date
Breach Type Breach Category Electronic
Business
A Tukwila hotel clerk admitted in U.S. District Court Tuesday that he used his position to steal the identities of hotel guests. Stephen Smith, 25, of Tacoma, pleaded guilty to felony counts of wire fraud and aggravated identity theft. Between August and November 2007, Smith used the stolen identities to order about $250,000 worth of Rolex watches, sports paraphernalia, Gucci handbags, cell phones, art and auto parts.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 181 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
seattlepi.com, Seattle Post Intelligencer
Article Title:
Hotel clerk pleads guilty to stealing guest IDs
Author: Paul Shukovsky
Date Published:
2/6/2008
Article URL: http://seattlepi.nwsource.com/local/350247_idtheft07.html?source=mypi
ITRC Breach ID
Company or Agency
Location
ITRC20080207-01
Sanctuary at Tuttle Crossing
OH
Est. Date
Breach Type Breach Category Electronic
Medical/Healthcare
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A woman who worked as the business office manager at the Sanctuary at Tuttle Crossing, a nursing home, stole from patient checking accounts and debit accounts. She has been arrested and is a known repeat offender. Attribution 1
Publication:
WBNC 10 TV
Article Title:
Police: Thousands Stolen From Nursing Home Patients
Author: staff
Date Published:
2/6/2008
Article URL: http://www.10tv.com/?sec=news&story=sites/10tv/content/pool/200802/886834492.html
ITRC Breach ID
Company or Agency
Location
ITRC20080206-01
Beacon Community Credit Union
KY
Est. Date
Breach Type Breach Category Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
A Louisville bank employee stole the identities of bank customers and then he and an accomplice got credit cards in the customer's names. The thief worked at Beacon Community Credit Union and is under arrest.
Attribution 1
Publication:
Kentucky.com, Lexington Herald Leder
Article Title:
Louisville bank employee charged in identity theft
Author: Associated Press
Date Published:
Article URL: http://www.kentucky.com/471/story/308823.html
ITRC Breach ID
Company or Agency
Location
ITRC20080205-02
Nationlink Wireless
US
Est. Date
Breach Type Breach Category Electronic
Business
Records Exposed? Yes Unknown #
Thousands of customers of Nationlink Wireless, an authorized dealer for Nextel and Sprint, had their records exposed by having them posted on a website. Thousands of names, birthdates SSNs and IP addresses were involved. Attribution 1
Publication:
NBC San Diego
Article Title:
Couple: 'Security Breach' On Cell Phone Web Site
Author: Tony Shin
Article URL: http://www.nbcsandiego.com/news/15224953/detail.html
Copyright 2008 Identity Theft Resource Center
Date Published:
2/4/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 182 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080205-01
Kiwanis Family Store Website
US
12/5/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
0
Kiwanis International learned of a recent intrusion into its website and database. The names, credit card numbers and expiration dates of people using the Kiwanis Family Store website and database are potentially affected. If you have questions, please contact Member Services at Kiwanis International during these hours at 800-549-2647 or 317-875-8755, extension 411, as prompted. Approximately 400 Wisconsin residents were affected but the total record number is not available. Attribution 1
Publication:
notice on WI Office of Privacy Protection
Author: staff
Date Published:
2/4/2008
Article Title: Kiwanis Family Store Website breach Article URL: http://privacy.wi.gov/databreaches/databreaches.jsp
ITRC Breach ID
Company or Agency
Location
ITRC20080204-02
Iowa State University
IA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Educational
Exposed # of Records Rptd
26
Iowa State University exposed names and SSNs of 26 students who had taken the course ME 325 in the spring of 2001. The information, along with e-mail addresses was posted on Iowa State University servers, undetected since January 10, 2002. Attribution 1
Publication:
Des Moines Register
Author: staff
Date Published:
2/4/2008
Article Title: ISU, UI posted students S.S. numbers — Web site Article URL: http://www.desmoinesregister.com/apps/pbcs.dll/article?AID=/20080204/NEWS/80204006/0/NEWS
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080204-01
Diocese of Providence
RI
1/26/2008
Electronic
Records Exposed? Yes (Password) Published#
Educational
Exposed # of Records Rptd
5,000
4 computers that contained former and current employee names and SSNs of the Diocese of Providence was stolen. It did not include the Catholic school students or parents information and is password protected.
Attribution 1
Publication:
Projo.com, Providence Journal
Article Title:
Personal information is among thieves’ haul from Diocese of Providence
Author: Timothy Barmann
Date Published:
2/2/2008
Article URL: http://www.projo.com/news/content/catholic_identity_theft_02-02-08_BK8S2PA_v13.363690c.html Attribution 2
Publication:
Boston Globe
Article Title:
Thieves remove personal information in Providence Diocese theft
Author: Associated Press
Date Published:
2/1/2008
Article URL: http://www.boston.com/news/local/rhode_island/articles/2008/02/02/thieves_remove_personal_information_in_prov Attribution 3
Publication:
Turn to 10
Author: staff
Date Published:
2/1/2008
Article Title: Computers stolen from Catholic school office Article URL: http://www.turnto10.com/northeast/jar/news.apx.-content-articles-JAR-2008-02-01-0019.html
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 183 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080201-04
Corn Belt Energy Corp
IL
1/1/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Business
1,000
About 2000 clients who wanted to opt out of the Corn Belt Energy Corp's giving program had their names and utility account numbers posted on the utility's web site for about a month. The glitch has been repaired.
Attribution 1
Publication:
Trading Markets.com
Article Title:
Corn Belt inadvertently publishes members' account info on site
Author: staff
Date Published:
2/1/2008
Article URL: http://www.tradingmarkets.com/.site/news/Stock%20News/1054684/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080201-03
Marine Corp Bases Japan New Parent Support Program
US
1/11/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Published#
Government/Military
4,000
On Jan. 11 a laptop was stolen with the names, ranks, SSNs, dates of birth, children's names and addresses of US military member, government employees and Status of Forces Agreement personnel on Okinawa and Iwakuni. They were all clients of the Marine Corps Community Services' New Parent Support Program. "The Marine Corps takes very seriously its responsibility to safeguard the personal information of its service members, their families and government employees," said 1st Lt. Garron Garn, a Marine Corps Bases Japan spokesman. "Our information systems are password protected and our users are educated on ways to protect personally identifiable information." Attribution 1
Publication: Article Title:
Consolidated Public Affairs Office Personal data potentially compromised
Author: Staff
Date Published:
2/1/2008
Article URL: http://www.okinawa.usmc.mil/Public%20Affairs%20Info/Archive%20News%20Pages/2008/080201-personal.html
ITRC Breach ID
Company or Agency
ITRC20080201-02
MN Univ. of Minnesota Reproductive Medicine Center
Location
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Medical/Healthcare
Exposed # of Records Rptd
3,100
A doctor at a fertility clinic lost a flash drive he used to back up his computer. It contained the details of treatments going back to 1999. It was not password protected.
Attribution 1
Publication: Article Title:
WCCO.com CBS 4 Author: Esme Murphy Doctor Loses Flash Drive With Patient Information
Date Published:
1/31/2008
Article URL: http://wcco.com/health/doctor.patient.information.2.642107.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080201-01
SC Department of Health and Environmental Control
SC
1/24/2008
Electronic
Government/Military
A laptop containing the names and Social Security numbers of around 400 state health department employees is missing. It was stolen from a worker's vehicle while at a store. State officials say the password-protected computer contains personal information of state health department workers from Spartanburg, Cherokee, Union, Greenville and Pickens counties.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes (Password) Published#
Exposed # of Records Rptd
400
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 184 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
WYFF 4 news
Article Title:
DHEC Laptop With Employee Information Stolen
Author: staff
Date Published:
2/1/2008
Date Published:
1/31/2008
Article URL: http://www.wyff4.com/news/15192292/detail.html Attribution 2
Publication: Article Title:
Times and Democrat Author: Associated Press Laptop with 400 state workers' Social Security numbers missing
Article URL: http://www.timesanddemocrat.com/articles/2008/01/31/ap-state-sc/d8uh6a2g1.txt
ITRC Breach ID
Company or Agency
Location
ITRC20080131-01
Tuolumne General MedicalPHNS
CA
Est. Date
Breach Type Breach Category Electronic
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
Nearly 800 former and present Tuolumne General medical customers should receive letters by this week informing them their billing information may have fallen into the hands of thieves. PHNS, a Texas-based insurance-billing firm that handles business operations for Tuolumne General Medical Facility, formerly Tuolumne General Hospital, under contract with the county, said up to 200,000 people, most in California, may be affected. The theft of four laptop computers and a desktop computer late last year at a PHNS office in Cerritos spurred the warning. Authorities have recovered two of the computers. Schunder said company computer experts determined neither of the computers' information had been breached. Billing information, not patient information, like medical records, was stored on the computers. Neither of the computers recovered had Social Security numbers on them, Schunder said. He was uncertain if the other machines did, but said the information would have been hidden through encryption. Attribution 1
Publication:
Union Democrat
Article Title:
Stolen computers may hold hospital billing information
Author: Craig Cassidy
Date Published:
1/30/2008
Article URL: http://www.uniondemocrat.com/news/story.cfm?story_no=25638
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080130-02
Davidson Companies
MT
1/10/2008
Electronic
Records Exposed? Yes Published #
Banking/Credit/Financial
Exposed # of Records Rptd
226,000
A computer hacker broke into a Davidson Companies database and obtained the names and Social Security numbers of virtually all of the Great Falls financial services company's current and former clients, a total of 226,000 affected records. The database included information such as account numbers and balances, said Jacquie Burchard, spokeswoman for Davidson Companies. However, the hacker didn't get access to the accounts. Attribution 1
Publication:
Great Falls Tribune, MT
Author: Erin Madison
Date Published:
1/30/2008
Article Title: Hacker steals Davidson Cos. clients' data Article URL: http://www.greatfallstribune.com/apps/pbcs.dll/article?AID=/20080130/NEWS01/801300301
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080130-01
Horizon Blue Cross Blue Shield New Jersey
NJ
1/5/2008
Electronic
Medical/Healthcare
Horizon Blue Cross Blue Shield of New Jersey has notified its members that an employee laptop computer containing personal information -- including Social Security numbers -- for about 300,000 individuals was stolen in early January. The health care insurer has sent letters to thousands of its members alerting them about the theft, which occurred in Newark, N.J. on Jan. 5. On its Web site, the company says a "security feature was initiated" on Jan. 28 that "destroys all the data on the stolen computer." Horizon Blue Cross Blue Shield of New Jersey says the personal information contained on the computer also included names and addresses of members, but no medical data.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes (Password) Published#
Exposed # of Records Rptd
300,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 185 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Information Week
Article Title:
Laptop Stolen With Personal Data On 300,000 Health Insurance Clients
Author: Marianne Kolbasuk M
Date Published:
1/30/2008
Article URL: http://www.informationweek.com/news/showArticle.jhtml?articleID=206100526 Attribution 2
Publication: Article Title:
Star Ledger Author: Ted Sherman Health insurer says stolen laptop had customers' data
Date Published:
1/29/2008
Article URL: http://www.nj.com/news/index.ssf/2008/01/horizon_blue_cross_blue_shield.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080129-01
Georgetown University
DC
1/3/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
38,000
A hard drive containing the Social Security numbers of nearly 40,000 Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs on Jan. 3, potentially exposing thousands of students to identity theft. The external hard drive, located on the fifth floor of the Leavey Center, was used to back up a computer that contained billing information for various student services, including activities fees and student health insurance, according to David Lambert, vice president and chief information officer for University Information Services. The files include all undergraduate students enrolled from 1998 through the middle of 2006. They also include postgraduates enrolled during that period who were assessed financial transactions that crossed between the main, Medical and Law campuses, such as student health insurance. Of the approximately 14,000 students currently at the university, roughly 7,700 - around 55 percent - had their private information on the missing hard drive, Lambert said. Attribution 1
Publication:
The Hoya.com- Georgetown University n Author: Michele Hong
Article Title:
38,000 Social Security Numbers Potentially Exposed After Theft
Date Published:
1/29/2008
Article URL: http://thehoya.com/node/15151
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-12
York Correctional Institution
CT
12/22/2007
Electronic
Records Exposed? Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
ITRC confirmed this article with prison officials in the middle of January and now can validate it for publication. The names and driver license numbers of people who were in accidents were inputted into databases by prison inmates. The DataCon center at the prison remains closed a week after Department of Correction officials shut it. The center enters and scans data for at least 11 state agencies that handle information about Connecticut residents. Attribution 1
Publication:
My TV 9
Author: staff
Date Published:
12/22/2008
Article Title: Data program at prison probed, shut Article URL: http://www.wtnh.com/Global/story.asp?S=7534354&nav=3YeX
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-11
Wake County Emergency Medical Services
NC
1/17/2008
Electronic
Medical/Healthcare
A Wake County Emergency Medical Services laptop computer with patient information disappeared from the WakeMed Emergency Department Thursday night, officials said Monday. The patient information was not cloaked by encryption, said Jeff Hammerstein, Wake EMS district chief. Computer experts say the lack of encryption makes it easier for identity thieves to access patient data from the laptop's hard drive. However it did have several layers of lesser security. Update: Count is now at 5000 and may include patients, firefighters and paramedics from across the county.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes (Password) Published#
Exposed # of Records Rptd
5,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 186 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
News Observer
Article Title:
Missing laptop has workers', patients' personal data
Author: Sam LaGrone
Date Published:
2/7/2008
Date Published:
1/29/2008
Date Published:
1/28/2008
Article URL: http://www.newsobserver.com/news/wake/story/929880.html Attribution 2
Publication: Article Title:
News and Observer Wake EMS Laptop is Missing
Author: staff
Article URL: http://www.firefightingnews.com/article-US.cfm?articleID=44430 Attribution 3
Publication:
WRAL
Article Title:
Wake EMS Laptop Missing
Author: staff
Article URL: http://www.wral.com/news/news_briefs/story/2364442/ Attribution 4
Publication: Article Title:
Author:
Date Published:
Article URL: http://www.newsobserver.com/news/wake/story/929880.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-10
Spectrum Family Medical
NV
1/26/2008
Paper Data
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
0
Dozens of boxes with patient records ended up in an apartment complex dumpster. The hundreds of records included SSNs, drivers licenses and even test results and medical files.
Attribution 1
Publication: Article Title:
Las Vegas Now Author: Amanda Hernandez Medical Records Found in Apartment Trash
Date Published:
1/28/2008
Article URL: http://www.lasvegasnow.com/Global/story.asp?S=7786273&nav=menu102_2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-09
Murray State
KY
1/3/2008
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
260
The personal information, including names, social security numbers and birth dates, was posted through a report titled "2000-2001 State Admissions Report," which was to prepare for the fall 2002 accreditation visit by the National Council for Accreditation of Teacher Education and Kentucky Education Professional Standards Board. The file was in an Excel format and had columns that could be hidden or unhidden. Watts said the hidden columns could be manipulated to show the personal information. Attribution 1
Publication:
The new.org, Murray State News
Article Title:
260 Social Security numbers released online
Author: Emily Wuchner
Date Published:
1/25/2008
Article URL: http://media.www.thenews.org/media/storage/paper651/news/2008/01/25/News/260-Social.Security.Numbers.Releas
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-08
Visa Services Northwest
WA
1/25/2008
Paper Data
Business
Visa Services Northwest threw out dozens of documents into a public bin with names, SSNs, credit card numbers and signatures in a downtown alley. This company helps people secure visas for travel.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 187 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
KOMO
Article Title:
Sensitive documents found in dumpster
Author: KOMO staff
Date Published:
1/27/2008
Article URL: http://www.komotv.com/news/local/14449977.html
ITRC Breach ID
Company or Agency
Location
ITRC20080128-07
SAIC
VA
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Exposed # of Records Rptd
Yes Unknown #
Business
0
Due to malware, SAIC employee company credit card information, including the name as it appears on the card, billing and shipping address, credit card number and security codes were compromised.
Attribution 1
Publication:
notice to NH AG
Article Title:
breach- SAIC
Author: Amy Carlson, SAIC C
Date Published:
1/18/2008
Article URL: http://doj.nh.gov/consumer/pdf/SAIC.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-06
Franklin University
OH
12/15/2007
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
6,440
A file containing the 6440 names, SSNs, term and class information, email and university identification numbers was placed on the schools web server allowing it o be viewed online. Those interested can also go to www.franklin.edu/go/securityupdate Attribution 1
Publication: Article Title:
Author: Franklin University
Date Published:
1/7/2008
website information
Article URL: http://www.franklin.edu/en_us/www.franklin.edu/Student%2BResources/Campus%2BInformation/Security+Frequen Attribution 2
Publication: Article Title:
notification to NH AG Breach- Franklin University
Author: Jane Robinson, COO
Date Published:
1/7/2008
Article URL: http://doj.nh.gov/consumer/pdf/Franklin_U.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-05
Centocor Inc- Johnson & Johnson
PA
10/1/2007
Electronic
Business
Records Exposed? Yes Unknown #
Centocor was notified by its IT vendor of a breach in early October 2007 and then of more detail on Nov. 29th. Based on this investigation, a missing computer containing name, SSNs/tax identification numbers were compromised. Centocor believes that a former contracted employee of the vendor removed the computer from its facilities in Horsham, PA. Attribution 1
Publication: Article Title:
Centocor Dept. of Medical Education, Author: Michael Varlotta, Sr. breach at Centocor- notification to NH AG
Article URL: http://doj.nh.gov/consumer/pdf/Centicor.pdf
Copyright 2008 Identity Theft Resource Center
Date Published:
1/3/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 188 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
ITRC20080128-04
T. Rowe Price-CBIZ Benefits
MD
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Published #
Business
Exposed # of Records Rptd
35,000
T. Rowe Price Retirement Plan Services alerted 35,000 current and former participants in “several hundred” plans that their names and Social Security numbers were contained in files on computers that were stolen, said Brian Lewbart, spokesman. The machines were taken from the office of CBIZ Benefits and Insurance Services Inc., which prepares the 5500s for T. Rowe Price, he said. Attribution 1
Publication:
Investment News
Article Title:
T. Rowe Price warns of computer thefts
Author: Pensions & Investme
Date Published:
1/28/2008
Article URL: http://www.investmentnews.com/apps/pbcs.dll/article?AID=/20080128/REG/672979544
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-03
Kenyon College-Village Inn
OH
11/1/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Business
32
In Gambier, OH and Kenyon College there has been a rash of identity thefts. Investigators are unsure of the source of the leak of credit card numbers. The Village Inn has been cleared and there does not seem to be evidence of a security breach at the college, the largest source of residents in the community. Both residents and students are reporting fraudulent charges in British Columbia and other places. Update: As of 1/31 it is believed the breach originated from the Village Inn's computer system. According to Joan Jones, president and CEO of the People's Bank, sheriff investigations concluded that a hacker accessed the computer system of a Gambier business, acquired customers' credit and debit card numbers, printed physical copies of their cards and "start[ed] charging as fast and heavy as they can." Attribution 1
Publication:
Kenyon Collegian
Article Title:
Gambier struck by credit-, debit-card fraud
Author: Sarah Friedman
Date Published:
1/31/2008
Article URL: http://www.kenyoncollegian.com/home/index.cfm?event=displayArticlePrinterFriendly&uStory_id=106ef524-375d-4 Attribution 2
Publication:
10 TV
Article Title:
Small Town Residents Fall Victim To ID Theft
Author: staff
Date Published:
1/28/2008
Article URL: http://www.10tv.com/?sec=news&story=sites/10tv/content/pool/200801/1755419886.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-02
Fallon Community Health Plan
MA
1/2/2008
Electronic
Records Exposed? Yes Published #
Medical/Healthcare
A vendor computer containing personal information on nearly 30,000 patients of Fallon Community Health Plan has been stolen, the insurer announced Thursday. The Worcester-based health insurer said Thursday that someone stole a vendor's laptop computer believed to contain personal information for members with Fallon Senior Plan and Summit ElderCare coverage. The data included names, dates of birth, some diagnostic information and medical ID numbers -- some of which may be based on Social Security numbers. The information did not include addresses. Attribution 1
Publication:
Telegram.com
Author: Bob Kievra
Date Published:
1/26/2008
Article Title: Federal officials probe HMO data breach Article URL: http://www.telegram.com/article/20080126/NEWS/801260320/1002/BUSINESS Attribution 2
Publication:
Boston Business Journal
Article Title:
Security breach compromises Fallon patient data
Author: Mark Hollmer
Article URL: http://boston.bizjournals.com/boston/stories/2008/01/21/daily65.html
Copyright 2008 Identity Theft Resource Center
Date Published:
1/24/2008
Exposed # of Records Rptd
30,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 189 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080128-01
Penn State University
PA
1/2/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
677
A university laptop containing archived information and social security numbers for 677 students attending Penn State between 1999 and 2004 was recently stolen from a faculty member while traveling earlier this month. Attribution 1
Publication:
Collegian
Article Title:
Laptop with students' information stolen
Author: Lauren Boyer
Date Published:
1/25/2008
Article URL: http://www.collegian.psu.edu/archive/2008/01/25/laptop_with_students_informati.aspx
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080124-04
CPA- Lucille Adgate
FL
1/22/2008
Paper Data
Records Exposed? Yes Unknown #
Business
Exposed # of Records Rptd
0
As part of an article on a doctor dumping patient files, it was revealed that on that same day additional documents from a CPA named Lucille Adgate. The forms were E-file tax forms with SSNs on the front. She claims it was a mistake made by a new employee. Attribution 1
Publication:
NBC 2
Article Title:
Patient documents found dumped in trash
Author: Cara Sapida
Date Published:
1/22/2008
Article URL: http://www.nbc-2.com/articles/readarticle.asp?articleid=17029&z=3&p=
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080124-03
Lee County Dr. Barringer
FL
1/22/2008
Paper Data
Records Exposed? Yes Unknown #
Medical/Healthcare
Exposed # of Records Rptd
0
Dr. James Barringer's office threw away hundreds of patient documents behind the doctor's office. Information included SSN and patient sensitive files. Barringer immediately began digging in the dumpster for the documents. He claims an office worker forgot to the shred the documents before throwing them away. Attribution 1
Publication:
NBC2
Article Title:
Patient documents found dumped in trash
Author: Cara Sapida
Date Published:
1/22/2008
Article URL: http://www.nbc-2.com/articles/readarticle.asp?articleid=17029&z=3&p=
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080124-02
OmniAmerican
NY
1/18/2008
Electronic
Records Exposed? Yes Published #
Banking/Credit/Financial
An international gang of cyber criminals hacked into OmniAmerican Bank's records, the bank's president disclosed. They stole scores of account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, including Russia and Ukraine, as well as in Britain, Canada and New York. Attribution 1
Publication:
Star Telegram
Article Title:
Hackers steal OmniAmerican account data
Author: Barry Schlachter
Article URL: http://www.star-telegram.com/business/story/429367.html
Copyright 2008 Identity Theft Resource Center
Date Published:
1/24/2008
Exposed # of Records Rptd
100
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 190 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080124-01
Corbin Social Services
KY
1/15/2008
Electronic
Government/Military
Records Exposed?
Exposed # of Records Rptd
None Other Protection
0
Corbin Social Services Office has several computers stolen from the office. While SSNs were on the laptops, they had several layers of security built into the computers making them unusable by thieves. This has been verified by the ITRC with the Corbin Police Dept. Attribution 1
Publication:
WYMT
Article Title:
Laptops Stolen From Corbin Social Services Office
Author: staff
Date Published:
1/18/2008
Article URL: http://www.wkyt.com/wymtnews/headlines/13906502.html
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080116-05
Univ. of Wisconsin- Madison
WI
11/26/2007
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
529
UW-Madison officials waited more than a month before advising more than 200 faculty and staff members of a potential exposure of their personal information on the Internet last year. The personal information -- including email addresses, phone numbers and Social Security-based campus ID numbers of faculty and staff who made purchases from the DoIT computer shop -- had been accessible on a campus Internet site for at least a year, said Brian Rust, communications manager for the UW's department of information technology. According to a letter to the affected faculty and staff dated Jan. 7, UW senior legal counsel Nancy Lynch wrote that the university became aware of the problem on Nov. 26. Attribution 1
Publication: Article Title:
The Daily News Author: Ryan Foley UW-Madison privacy leak was bigger than previously described
Date Published:
1/29/2008
Article URL: http://www.rhinelanderdailynews.com/articles/2008/01/28/ap-state-wi/d8ufogmo1.txt Attribution 2
Publication:
The Capital Times
Article Title:
UW staff's personal data was on public Web site at least a year
Author: David Callender
Date Published:
1/16/2008
Article URL: http://www.madison.com/tct/news/267604
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080116-04
Aspen Grove Market- Boulder
CO
1/12/2008
Electronic
Records Exposed? Yes Unknown #
Business
Several employees and customers of Aspen Grove Market in Boulder have complained about apparent identity theft and the stealing of their credit card numbers, according to police. The first report involved a computerrelated theft sometime between Jan. 12 and Jan. 13. The credit card numbers in the first case were then used to make online purchases at a variety of Internet businesses, investigators said. Aspen Grove Market is an online grocery delivery service. Attribution 1
Publication:
CBS 4 Denver
Article Title:
Credit Card Numbers At Online Grocer Stolen
Author: staff
Article URL: http://cbs4denver.com/local/boulder.id.theft.2.631138.html
Copyright 2008 Identity Theft Resource Center
Date Published:
1/16/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 191 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080116-03
Wisconsin Department of Revenue
WI
1/10/2008
Paper Data
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
5,000
About 5,000 taxpayers in some northeastern Wisconsin communities may have received a tax form in the mail with their Social Security numbers visible, authorities said. The state Department of Administration on Tuesday apologized for the error, which was believed to have appeared on 1099-G forms from the Department of Revenue. The mailing was sent to tax payers in the following communities: Freedom, Kaukauna, Keshena, Kimberly, Krakow, Lakewood, Lena, Little Chute, Little Saumico and Marinette. Attribution 1
Publication:
Wisconsin State Journal
Author: Jason Stein
Date Published:
1/16/2008
Date Published:
1/15/2008
Date Published:
1/15/2008
Article Title: More Social Security numbers revealed in state mailing Article URL: http://www.madison.com/wsj/home/local/267330&ntpid=3 Attribution 2
Publication:
Capital Times
Article Title:
State mailing glitch leaves data visible
Author: Judith Davidoff and D
Article URL: http://www.madison.com/tct/news/267329 Attribution 3
Publication:
Google.com
Author: Associated Press
Article Title: Wis. Residents Warned of Privacy Breach Article URL: http://ap.google.com/article/ALeqM5jKczyvnQEfJhS8WLPHTPBW5AwoqwD8U6FA481
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080116-02
Casa Del Sol Day Care
TX
1/14/2008
Paper Data
Records Exposed? Yes Unknown #
Educational
Exposed # of Records Rptd
0
In McAllen, TX, a woman found several boxes in a dumpster with SSNs, bank account information and medical records from the Casa Del Sol day care center. "NEWSCHANNEL 5 contacted the owner of the business, who says all the information was locked in an office they are currently leasing out. The company that is leasing the office denies dumping the information, saying their policy is to shred any sensitive information. The owner tells us he will track down how this happened and make sure it never does again." Attribution 1
Publication: Article Title:
ABC News KRGV Author: staff Woman Finds Personal Information in McAllen Dumpster
Date Published:
1/15/2008
Article URL: http://www.newschannel5.tv/2008/1/15/985234/Woman-Finds-Personal-Information-in-McAllen-Dumpster
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080116-01
Naval Surface Warfare Center
US
1/7/2008
Paper Data
Government/Military
Records Exposed? Yes Published #
A 13 year old report listing names, SSNs and birth dates for Navy employees who worked at Dahlgren prior to 1994 has been used for attempted identity theft. According to a news release, two pages of a Naval Surface Warfare Center Employment Verification Report dated July, 7, 1994, were found when four people were arrested in Bensalem Township, Pa., last week for attempted identity fraud. A Navy employee was notified by the Bensalem police that someone had stolen his identity and was trying to use his credit card to buy a television. The report found in Pennsylvania lists 100 current and former employees from various Navy offices at Dahlgren and at Naval Surface Warfare Centers in White Oak, Md., and Panama City, Fla. It is uncertain how the suspects obtained the report. UPDATE: 5/12 NSWC sending 7200 more letters to former employees through IRS service. Attribution 1
Publication:
Fredericksburg.com
Article Title:
Dahlgred mails ID warning
Author: Corey Byers
Article URL: http://fredericksburg.com/News/FLS/2008/052008/05122008/378448
Copyright 2008 Identity Theft Resource Center
Date Published:
5/12/2008
Exposed # of Records Rptd
9,300
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 192 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
Fredercksburg.com, The Free Lance Sta Author: Corey Byers
Article Title:
Dahlgren warns workers about ID theft
Date Published:
1/15/2008
Article URL: http://fredericksburg.com/News/FLS/2008/012008/01152008/348406
ITRC Breach ID
Company or Agency
ITRC20080115-02
Raymour & Flanigan Furniture NY
Location
Est. Date
Records Exposed?
Breach Type Breach Category Electronic
Yes Unknown #
Business
Exposed # of Records Rptd
0
A clerk from a Carle Place furniture store named Raymour & Flanigan was arrested after stealing customer credit card information and racking up more than $10,000 in fraudulent purchases, according to Nassau police.
Attribution 1
Publication:
Newsday.com
Article Title:
Cops: Carle Place worker nabbed in ID theft
Author: Joseph Mallia
Date Published:
1/14/2008
Article URL: http://www.newsday.com/news/local/crime/ny-liscam0115,0,5309529.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080115-01
Tennessee Tech University
TN
1/5/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
990
A portable storage drive containing the names and Social Security numbers of 990 Tennessee Tech University students has been lost, according to university officials. The school notified students today who lived in Capital Quad and Crawford residence halls during the fall 2007 semester that their information could be at risk. The flash drive was being used to transfer information and was notice that it was missing on Jan. 5. Attribution 1
Publication:
Tennessean
Article Title:
Tennessee Tech loses Social Security numbers of 990 students
Author: Colby Sledge
Date Published:
1/14/2008
Article URL: http://www.tennessean.com/apps/pbcs.dll/article?AID=/20080114/NEWS04/80114105/1001/NEWS
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080114-03
Rev. Donald Robinson
OH
1/4/2008
Electronic
Business
Records Exposed? Yes Unknown #
A clergyman is accused of stealing about $300,000 from the church he led, taking money from a fund for the poor and stealing parishioners' identities before his imprisonment last year on unrelated charges. The Rev. Donald Ray Robinson, who was released from federal prison last month after serving time for wire fraud, was indicted Monday on charges of theft, securing records by deception, identity fraud and money laundering. An investigation began after parishioners of Lane Metropolitan Christian Methodist Episcopal Church found that Robinson used church property as collateral to obtain loans and laundered money through bank accounts, prosecutor James Gutierrez said. Attribution 1
Publication:
Google.com
Author: Associated Press
Date Published:
Article Title: Minister Accused of Theft From Church Article URL: http://ap.google.com/article/ALeqM5gvU7Ermom9V2ZZicFI5pEVpX6HuAD8U24E9O0
Copyright 2008 Identity Theft Resource Center
1/9/2008
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 193 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080114-02
Transportation Security Administration - TSA
US
10/6/2006
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Published #
Government/Military
247
A report issued on Friday by the House Oversight and Government Reform Committee says that between October 6, 2006, when the TSA launched its Redress Management System [RMS] site, and February 13, 2007, when the site ceased operation following revelations about its lack of security, "[at least 247 travelers submitted their personal information through the unsecured 'file your application online' link." Names, SSNs, birthdates and documents authenticating identity were involved. During the time the unencrypted site was up thousands of people visited it. To see the full report go to http://oversight.house.gov/story.asp?ID=1680 Attribution 1
Publication: Article Title:
Washington Post Author: Brian Krebs Report: TSA Site Exposed Travelers To ID Theft
Date Published:
1/12/2008
Article URL: http://blog.washingtonpost.com/securityfix/2008/01/report_tsa_site_exposed_travel_1.html?nav=rss_blog Attribution 2
Publication:
Washington Technology
Article Title:
Waxman hammers TSA over portal contract
Author: Alice Lipowicz
Date Published:
1/11/2008
Date Published:
1/11/2008
Date Published:
1/11/2008
Article URL: http://www.washingtontechnology.com/online/1_1/32104-1.html Attribution 3
Publication: Article Title:
Cnet Author: Chris Soghoian Report: TSA site put travelers at risk...and a bit of poetic justice
Article URL: http://www.news.com/8301-10784_3-9848743-7.html Attribution 4
Publication:
Information Week
Article Title:
Congressional Report Slams TSA For Security Breach
Author: Thomas Claburn
Article URL: http://www.informationweek.com/news/showArticle.jhtml?articleID=205602931
ITRC Breach ID
Company or Agency
Location
ITRC20080114-01
Minnesota DPS
MN
Est. Date
Breach Type Breach Category Electronic
Government/Military
Records Exposed? Yes Published #
Exposed # of Records Rptd
400
ITRC confirmed with Minnesota that the driver's license numbers of some 400 prominent Minnesotans were accessed by two DPS customer service reps. SSNs and financial records were not involved. There is no indication at this time that the information has been used though they were Attribution 1
Publication:
Minnesota Public Radio, News Cut
Article Title:
Data privacy in Minnesota
Author: Bob Collins
Date Published:
1/4/2008
Article URL: http://minnesota.publicradio.org/collections/special/columns/news_cut/archive/2008/01/data_privacy_in_minnesota
Copyright 2008 Identity Theft Resource Center
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 194 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-15
CSU Stanislaus
CA
11/1/2007
Electronic
Records Exposed? Yes Unknown #
Educational
Exposed # of Records Rptd
0
A dining vendor’s server appears to be the source of a data breach at California State University, Stanislaus. Credit card numbers, cardholder names and expiration dates were exposed, leaving hundreds, possibly thousands, of university students, staff and guests open to identity theft, with victims reporting fake charges on their cards, officials said Friday. Social Security numbers were not accessible, they said. Investigators are determining how many people are affected. Credit and bank card transactions have been suspended in Stanislaus State's main dining hall, Mom's coffee shop and Pop's convenience store. Campus dining averages 2,500 customers and 300 to 400 charge transactions daily through Sodexho, the campus's food vendor. About 5,000 students are taking winter term classes this month between the fall and spring semesters. It is possible the card information was stolen as early as the fall semester, when more than 8,800 students were on campus.in which personal credit and bank card information was exposed, the university said Friday. Attribution 1
Publication:
Modesto Bee
Article Title:
Bank, credit card information stolen through Stan State eateries
Author: Michelle Hatfield
Date Published:
1/12/2008
Date Published:
1/11/2008
Article URL: http://www.modbee.com/local/story/177923.html Attribution 2
Publication:
Central Valley Business Times
Article Title:
Dining hall computer hacked at CSU Stanislaus
Author: staff
Article URL: http://www.centralvalleybusinesstimes.com/stories/001/?ID=7520
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-14
University of Iowa
IA
1/1/2008
Electronic
Records Exposed? Yes Published #
Educational
Exposed # of Records Rptd
216
The University of Iowa College of Engineering has notified some 216 of its former students that some of their personal information, including Social Security numbers, was inadvertently exposed on the Internet for several months, until the erroneous file location was discovered in early January 2008. The information did not include birth dates, specific grades, or any financial information, such as credit card numbers. Attribution 1
Publication:
Press Citizen
Article Title:
UI College of Engineering notifies former students of technology miscue
Author: staff
Date Published:
11/11/2008
Article URL: http://www.press-citizen.com/apps/pbcs.dll/article?AID=/20080111/NEWS01/80111010/1079
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-13
Citizens/Commerce Bank/Norristown car
PA
3/1/2007
Electronic
Banking/Credit/Financial
Records Exposed? Yes Unknown #
Authorities said that two employees stole names, Social Security numbers, addresses, dates of birth and driver's license numbers of five customers at Citizens Bank and Commerce Bank from last March into May. They then allegedly used the fraudulent IDs to cash bogus checks and make forged withdrawals from the bank accounts of the customers. A third person worked at a salesman at a Norristown car dealership where he had access to customer information. They then sold the information to other defendants in the case. Attribution 1
Publication:
Philadelphia Daily News
Article Title:
Grand jury cites 6 in ID theft, fraud
Author: MICHAEL HINKELMA
Date Published:
1/5/2008
Article URL: http://www.philly.com/dailynews/local/20080105_Grand_jury_cites_6_in_ID_theft__fraud.html
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 195 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-12
OH Workers Compensation
OH
1/4/2008
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
49
A state employee in Cleveland abruptly retired after she was confronted with allegations of selling information about workers' compensation claims, including birth dates and Social Security numbers, officials said Friday. Investigators for the Ohio Bureau of Workers' Compensation have turned over information to the Cuyahoga County prosecutor's office for possible criminal charges, authorities said. The employee has admitted to the crime. Attribution 1
Publication:
Plain Dealer
Author: Mark Rollenhagen
Date Published:
1/5/2008
Article Title: BWC worker quits after being questioned in sale of claims info Article URL: http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/1199525567285720.xml&coll=2
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-11
U-Care Thrift Store
AZ
12/25/2007
Paper Data
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
30
The U-Care Thrift Store dumped nearly 30 employment applications with SSNs, names, driver's license photos and dates of birth. Several of the documents were headed “AZ Management and Consulting.
Attribution 1
Publication:
East Valley Tribune- Phoenix
Author: Katie McDevitt
Date Published:
1/6/2008
Article Title: Firm’s records with employee data found in alley Article URL: http://www.eastvalleytribune.com/story/106047
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-10
College Point Bus Depot
NY
12/29/2007
Paper Data
Records Exposed? Yes Published #
Business
Exposed # of Records Rptd
100
Reams of personal information including SSNs, copies of driver's licenses and grievance papers were tossed into the trash according to a claim by the workers at the Queen's College Point Bus Depot. A witness saw a foreman throwing out the papers. The incident has been confirmed by the Metropolitan Transportation Authority. Attribution 1
Publication: Article Title:
Author: PATRICK GALLAHU
Date Published:
1/7/2008
ID PAPERS IN GARBAGE
Article URL: http://www.nypost.com/seven/01072008/news/regionalnews/id_papers_in_garbage_795682.htm
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-09
Iron Mountain- GE MoneyAmericas
US
12/21/2007
Electronic
Banking/Credit/Financial
Records Exposed? Yes Published #
A GE Money Bank backup tape from a set of 9 is missing from a secure facility at Iron Mountain. It contained some SSNs and many active credit card account numbers. At least 1851 New Hampshire residents are potentially affected. It is unknown what the total affected records are at this date. Letters are being sent to all customers of GE Money Bank explaining what information might be involved for that particular person. 230 retailers are affected including JC Penney. Attribution 1
Publication:
Consumer Affairs
Author: Martin Bosworth
Article Title: 650,000 Shoppers in Data Breach Article URL: http://www.consumeraffairs.com/news04/2008/01/iron_mountain.html Copyright 2008 Identity Theft Resource Center
Date Published:
1/20/2008
Exposed # of Records Rptd
650,000
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 196 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 2
Publication:
InfoWorld
Article Title:
230 retailers affected by data breach after tape lost
Author: Robert McMillian, IDG
Date Published:
1/18/2008
Article URL: http://www.infoworld.com/article/08/01/18/230-retailers-affected-by-data-breach_1.html Attribution 3
Publication: Article Title:
Newsday.com Author: David Koenig- AP Data Lost on 650,000 Credit Card Holders
Date Published:
1/18/2008
Article URL: http://www.newsday.com/technology/wire/sns-ap-penney-data-breach,0,5764168.story Attribution 4
Publication:
notification to NH AG/DOJ
Article Title:
GE Money-America and Iron Mountain breach
Author: Peter Costa
Date Published:
12/28/2007
Article URL: http://doj.nh.gov/consumer/pdf/ge.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-08
Harvard University
MA
1/7/2008
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Educational
0
Harvard University police and the Middlesex district attorney's office are investigating a security breach at the school after an undergraduate allegedly manufactured phony driver's licenses and university identification cards that can be used as debit cards and to enter residence halls, the university announced yesterday. The cards, which have a magnetic strip on them, are issued to Harvard students, faculty, and staff members and are encoded with an identification number. A person can put money on the ID cards, called Crimson Cash, and use them like a debit card to purchase items at stores on and off campus, buy items at campus vending machines, pay for campus laundry machines, and gain access to residence and dining halls. Attribution 1
Publication:
Boston Globe
Author: Michael Naughton an
Date Published:
1/8/2008
Article Title: Harvard uncovers ID scam that may involve debit cards Article URL: http://www.boston.com/news/local/articles/2008/01/08/harvard_uncovers_id_scam_that_may_involve_debit_cards/
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-07
Pikesville Mortgage Co.
MD
1/1/2007
Paper Data
Business
Records Exposed? Yes Published #
Exposed # of Records Rptd
325
U.S. District Judge J. Frederic Motz sentenced Robert Michael Stewart, 26, to an additional three years of supervised release for his role. Stewart sought to sell 325 folders of personal and financial information of people who had obtained mortgages, information he had access to from his job at a Pikesville mortgage company, U.S. Attorney Rod J. Rosenstein's office said today in a news release. The files included Social Security numbers, bank account and credit card numbers, copies of driver's licenses, tax statements, payroll and statement of earnings, and bank account statements. Attribution 1
Publication:
Baltimore Sun
Article Title:
Timonium man sentenced for ID theft scheme
Author: staff
Date Published:
1/8/2008
Article URL: http://www.baltimoresun.com/news/local/baltimore_county/bal-id0108,0,953421.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-06
Google Website
US
1/8/2008
Electronic
Business
A hacker posted hundreds of credit card numbers and personal information on a website hosted by Google. The Blog was shut down within 30 minutes but not before some of the information was used.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 197 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
KOAA
Article Title:
Hacker posts hundreds of credit card numbers
Author: James Jarman
Date Published:
1/9/2008
Article URL: http://www.koaa.com/aaaa_top_stories/x1457862232
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-05
Select Physical Therapy Texas
TX
10/1/2007
Paper Data
Medical/Healthcare
Records Exposed?
Exposed # of Records Rptd
Yes Published #
4,000
Investigators with the Office of the Attorney General discovered that Select Physical Therapy Texas Limited Partnership, also known as HealthSouth Rehabilitation Center, exposed more than 4,000 pieces of its customers’ sensitive information, including Social Security numbers. The state’s investigation was launched after reports from the Levelland Police Department indicated that bulk customer records were dumped in garbage containers behind a local building. Select Physical Therapy Texas Limited Partnership occupied the building until closing its office in October 2007. The records also included credit and debit card information. Attribution 1
Publication:
Daily Toreador
Article Title:
Texas attorney general announces identity theft protection lawsuit launch
Author: Adam Young
Date Published:
1/11/2008
Article URL: http://media.www.dailytoreador.com/media/storage/paper870/news/2008/01/11/News/Texas.Attorney.General.Annou Attribution 2
Publication:
Press Release
Article Title:
News Release- Select Physical Therapy Texas Limited Partnership cited for exposing customers’ medical records
Author: Texas Attorney Gener
Date Published:
1/10/2008
Article URL: http://www.oag.state.tx.us/oagnews/release.php?id=2345
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-04
University of Akron
OH
12/1/2007
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
800
The University of Akron is informing students that it lost a hard drive containing the names, addresses and SSNs of more than 800 students and graduates of the College of Education. School officials believe the drive was discarded and destroyed in December but are unable to confirm that fact. Attribution 1
Publication:
WKYC
Article Title:
University of Akron warns students of missing data
Author: Chris Hyser
Date Published:
1/11/2008
Article URL: http://www.wkyc.com/news/news_article.aspx?storyid=81190
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-03
Workers Compensation Fund
UT
12/9/2007
Electronic
Business
Records Exposed? Yes (Password) Published#
Officials with one of Utah's largest insurance companies are searching for a password protected stolen laptop containing Social Security numbers and other personal information for about 2,800 people and 1,400 companies. The computer was taken from a car parked in the home garage of an auditor for the Workers Compensation Fund (WCF) on Dec. 9. The Salt Lake City-based WCF provides worker compensation insurance coverage to more than 30,000 companies, representing about 61 percent of the businesses operating in the state. Attribution 1
Publication:
The Salt Lake Tribune
Article Title:
ID info at risk in laptop theft
Author: Dawn House
Article URL: http://www.sltrib.com/ci_7867694
Copyright 2008 Identity Theft Resource Center
Date Published:
1/2/2008
Exposed # of Records Rptd
2,800
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 198 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080111-02
Dorothy Hains Elementary School
GA
1/2/2008
Electronic
Educational
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Vandals broke into the Dorothy Hains Elementary School again this week after vandalizing the school in November. This time, a computer with all the SSNs of the students and teachers was also taken.
Attribution 1
Publication:
WRDW News 12
Article Title:
Vandals steal school computer with social security numbers
Author: Jessica Floyd
Date Published:
1/3/2008
Article URL: http://www.wrdw.com/home/headlines/13022572.html
ITRC Breach ID
Company or Agency
Location
ITRC20080111-01
Bank of the West
WA
Est. Date
Breach Type Breach Category Paper Data
Banking/Credit/Financial
Records Exposed? Yes Published #
Exposed # of Records Rptd
19
A loan officer at a West Richland, WA Bank of the West used loan applications to steal the identities of 19 individuals. Bank of the West is going to work with all the victims in the recovery of their money.
Attribution 1
Publication:
KNDO
Article Title:
Identity theft victim speaks out
Author: staff
Date Published:
1/11/2008
Article URL: http://www.kndo.com/Global/story.asp?S=7609415&nav=menu484_2_8
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080110-07
Health Net
CA
12/4/2007
Electronic
Business
Records Exposed? Yes Unknown #
Thousands of Health Net employees in Connecticut and other states have been notified that their names and Social Security numbers were on a laptop computer that was stolen more than a month ago from a company vendor. The laptop had information on about 5,000 employees companywide and an undisclosed number of health-care providers outside the Northeast. The company has about 1,600 employees in Connecticut. The laptop did not contain information on employees hired after Jan. 1, 2005. Attribution 1
Publication:
Connecticut Post
Article Title:
Stolen Health Net laptop threatens security
Author: Rob Varnon
Date Published:
1/22/2008
Date Published:
1/4/2008
Article URL: http://www.connpost.com/ci_8049019 Attribution 2
Publication:
Courant
Article Title:
Stolen Laptop Includes Health Net Workers' Data
Author: Diane Levick
Article URL: http://www.courant.com/business/hc-laptop0104.artjan04,0,6454765.story
Copyright 2008 Identity Theft Resource Center
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 199 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080110-06
Florida Dept. of Children and Families
FL
11/7/2007
Electronic
Records Exposed? Yes Unknown #
Government/Military
Exposed # of Records Rptd
0
Thousands of Central Florida day-care-center workers could be at risk of identity theft after burglars stole state computers containing personal information. Although the theft occurred two months ago, the Florida Department of Children and Families is just now notifying about 1,200 day-care providers that their employees, as well as center operations, may be at risk. Social Security numbers, birth dates and other information about day-care workers in Orange, Seminole and Osceola counties were among the data on five laptop computers that were stolen from the DCF office near Orlando Fashion Square mall in Orlando on Nov. 7-8. Attribution 1
Publication:
Orlando Sentinel
Author: Dave Weber
Date Published:
1/4/2008
Article Title: Day-care workers face risk of ID theft, DCF says Article URL: http://www.orlandosentinel.com/news/local/crime/orl-idtheft0408jan04,0,1998446.story
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080110-05
Maryland Dept. of Assessments and Taxation
MD
12/31/2007
Electronic
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
900
Officials said residents applying Monday for the homestead-tax credit at the Maryland Department of Assessments and Taxation Web site may have exposed their Social Security numbers online because the application system did not have a necessary security certificate to encrypt the information before it was sent out over the Internet. Due to technical problems, for a brief period of time, the information was not encrypted. Attribution 1
Publication:
Washington Times
Author: Gary Emerling
Date Published:
1/4/2008
Article Title: Taxpayer data exposed online Article URL: http://www.washingtontimes.com/article/20080104/METRO/73800052/1004
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080110-04
New Mexico State University
NM
12/30/2007
Electronic
Educational
Records Exposed?
Exposed # of Records Rptd
None Encrypted Data
0
An encrypted computer hard drive containing the names and Social Security numbers of current and former NMSU employees is missing, just the latest in a series of thefts from the facility since November 2006. The external hard drive was stolen sometime between Dec. 30 and Jan. 2 from an office at the NMSU Special Events Department. It contained the names and Social Security numbers of every employee hired by the department since 1999. Attribution 1
Publication:
Sun News
Article Title:
Identity info stolen from NMSU, but personnel data on laptop hard drive is inaccessible, university says
Author: Jose Medina
Date Published:
1/5/2008
Article URL: http://www.lcsun-news.com/news/ci_7886839
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080110-03
Geeks.com - Genica
CA
12/5/2007
Electronic
Business
A hacker has potentially compromised an unspecified number of customers that shop at Geeks.com. The compromised information included the names, addresses, telephone numbers and Visa credit card numbers. The potential affected population could be nationwide due to that nature of the business. The online technology retailer, whose formal name is Genica Corp., said in a warning letter that it discovered the system intrusion on Dec. 5.
Copyright 2008 Identity Theft Resource Center
Records Exposed? Yes Unknown #
Exposed # of Records Rptd
0
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 200 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. Attribution 1
Publication:
Computer World
Article Title:
'Hacker Safe' Web Site Suffers Security Breach
Author: Jaikumar Vijayan
Date Published:
1/14/2008
Article URL: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=31073 Attribution 2
Publication: Article Title:
Computer World Author: Jaikumar Vijayan Update: 'Hacker safe' Web site gets hit by hacker
Date Published:
1/7/2008
Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9056004&intsrc=hm_list
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080110-02
Wisconsin Dept. of Health and Family Services
WI
1/8/2008
Paper Data
Records Exposed? Yes Published #
Government/Military
Exposed # of Records Rptd
260,000
Social Security numbers were printed on about 260,000 informational brochures sent by a vendor hired by the state to recipients of SeniorCare and other state programs. The mailing was first reported by WKOW on January 8. The state Department of Health and Family Services issued a statement saying the mistake was the fault of EDS, a private vendor for state Medicaid services. Karen Timberlake, deputy secretary of the state department, said the mailing went to about 260,000 Medicaid, SeniorCare, and BadgerCare members. Attribution 1
Publication:
Forbes
Article Title:
Wis. Response to Security Breach Slammed
Author: Scott Bauer, AP
Date Published:
1/9/2008
Date Published:
1/8/2008
Article URL: http://www.forbes.com/feeds/ap/2008/01/09/ap4512813.html Attribution 2
Publication:
Business Week
Article Title:
Wis. mailing sent with personal info
Author: Scott Bauer
Article URL: http://www.businessweek.com/ap/financialnews/D8U201M02.htm
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080110-01
University of Georgia
GA
12/29/2007
Electronic
Educational
Records Exposed? Yes Published #
Exposed # of Records Rptd
4,250
University of Georgia officials announced that a hacker was able to access a server containing 4250 current, former and perspective residents of a university housing complex. The security breach happened sometime between Dec. 29 and Dec. 31. During that time, a computer with an overseas IP address was able to access the personal information - including Social Security numbers, names and addresses - of 540 current graduate students living in graduate family housing and 3,710 former students and applicants. University officials know what country the hacker was operating in, but would not comment on it, UGA spokesman Tom Jackson said. Attribution 1
Publication:
Redandblack.com
Author: Claire Miller
Date Published:
1/9/2008
Article Title: Univ. investigates online security breach Article URL: http://media.www.redandblack.com/media/storage/paper871/news/2008/01/09/News/Univ-Investigates.Online.Securi Attribution 2
Publication:
Rome News Tribune
Article Title:
UGA contacting 4,000 after server breached by hacker
Author: Associated Press
Article URL: http://news.mywebpal.com/partners/680/public/news866847.html
Copyright 2008 Identity Theft Resource Center
Date Published:
1/9/2008
Identity Theft Resource Center 2008 Breach List:
Report Date: 1/2/2009 Page 201 of 201
Breaches: 656 Exposed: 35,691,255
How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080107-02
Wendy's International
US
12/3/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes (Password) Published#
Business
1,092
A laptop containing names, SSNs, employees ID numbers and salary information was stolen from an employee's car. The affected individuals are employees of Wendy's International, Wendy's Restaurants of Canada and The New Bakery. Law enforcement said there were a number of car break-ins that evening and that the information may not be the target but rather the laptop. A log-in code and passwords is required to access the file. Attribution 1
Publication:
notification to NH AG's office
Author: Robert Whittington, CI
Date Published:
12/21/2008
Article Title: Wendy's International Article URL: http://doj.nh.gov/consumer/pdf/wendys.pdf
ITRC Breach ID
Company or Agency
Location
Est. Date
Breach Type Breach Category
ITRC20080107-01
Robotic Industries Association
MI
12/10/2007
Electronic
Records Exposed?
Exposed # of Records Rptd
Yes Unknown #
Business
On or around December 10, a hacker obtained credit card information from Robotic Industries Association. Law enforcement has been notified and they have deleted all credit card information from administrative sites. They are developing a stricter login policy and procedure. Attribution 1
Publication:
notification to NH DOJ
Author: Jeff Burnstein, Exec V
Date Published:
12/20/2008
Article Title: Robotic Industries breach Article URL: http://doj.nh.gov/consumer/pdf/robotic_industries.pdf
2008 Breaches Identified by the ITRC as of:
1/2/2009
Total Breaches:
656
Records Exposed: 35,691,255 The ITRC Breach database is updated on a daily basis, and published to our website on each Tuesday. These reports only cover breachs that occurred in 2008, or became public in 2008, but were not public in 2007. Each item must be previously published by a solid media source, such as TV, radio, press, etc. The item will not be included at all if ITRC is not certain that the source is real and credible. We include in each item a link or source of the article, and the information presented by that article. Many times, we have attributions from a multitude of media sources and media outlets. ITRC sticks to the facts as reported, and does not add or subtract from the previously published information. When the number of exposed records is not reported, we note that fact. When records are encrypted, we state that we do not (at this time) consider that to be a data exposure. The ITRC Breach Report presents individual information about data exposure events and running totals for the year. The ITRC Breach Stats Report develops some statistics based upon the type of entity involved in the data exposure.
This project was supported by Grant No. 2007-VF-GX-K038 awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the ITRC and do not necessarily represent the official position or policies of the U.S. Department of Justice.
Copyright 2008 Identity Theft Resource Center
0
