I ran across this website today and was very surprised to see how many security breaches of our data
are going on every month in this country, including data from the following sources:
"Sensitive information posted publicly on a website, mishandled or sent to the wrong party via email, fax or mail.
Hacking or malware (HACK) - Electronic entry by an outside party, malware and spyware.
Payment Card Fraud (CARD) - Fraud involving debit and credit cards that is not accomplished via hacking. For example, skimming devices at
point-of-service terminals.
Insider ( INSD) - Someone with legitimate access intentionally breaches information - such as an employee or contractor.
Physical loss (PHYS) - Lost, discarded or stolen non-electronic records, such as paper documents
Portable device (PORT) - Lost, discarded or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc
Stationary device (STAT) - Lost, discarded or stolen stationary electronic device such as a computer or server not designed for mobility.
Unknown or other (UNKN) Select organization type(s):
BSO - Businesses - Other
BSF - Businesses - Financial and Insurance Services
BSR - Businesses - Retail/Merchant
EDU - Educational Institutions
GOV - Government and Military
MED - Healthcare - Medical Providers
NGO - Nonprofit Organizations "
Source:
www.privacyrights.org...
Here's just a small portion of the list starting with January of 2011 breaches of government and NGO breaches:
Amazing how few of these breaches we actually hear about from the MSM. Wondering why?
January 26, 2011 North Carolina Department of Health and Human Services
Raleigh, North Carolina GOV PORT Unknown
A set of computer disks may have been accidentally discarded during an office renovation. The disks contained data from the Division of Services for
the Deaf and Hard of Hearing and would have been taken to a landfill if they were accidentally discarded. Those who applied for services from the
Division's Equipment Distribution Service between January of 2005 and December of 2008 may have had their information exposed.
Information Source:
PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
January 19, 2011 U.S. Postal Service
St. Louis, Missouri GOV PHYS Unknown
The back door of a contractor truck popped open during its journey between a St. Louis distribution center and Memphis, Tennessee. Hundreds of pieces
of U.S. mail were scattered across 70 miles of highway. A recovery effort was launched by police officers and postal workers within 24 hours. Most of
the mail included statements and bills that were headed for the West Coast.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
January 15, 2011 South Carolina State Employee Insurance Program
Columbia, South Carolina GOV HACK 5,600
People who are covered by South Carolina's state insurance program may have had their personal information obtained. A virus affected one of the
Insurance Program's computers. The breach occurred sometime between November 8 and November 18. Insured current and former employees, dependents and
survivors may have had their names, Social Security numbers, addresses and dates of birth exposed.
Information Source:
Databreaches.net records from this breach used in our total: 5,600
--------------------------------------------------------------------------------
January 14, 2011 International Union of Operating Engineers Health and Welfare Fund, Zenith Administrators, Inc.
Baltimore, Maryland NGO PHYS 800 (No SSNs or financial information reported)
Papers pertaining to Union's employee benefits program were stolen from Zenith's office on November 3. Zenith administers the benefits program. The
papers contained health information.
Information Source:
HHS via PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
January 13, 2011 New Mexico National Guard
Sante Fe, New Mexico GOV STAT 650
A computer with the deployment records and Social Security information of soldiers throughout the state was stolen from the National Guard
Headquarters in Sante Fe. The theft occurred sometime between December 23 and 28.
Information Source:
Databreaches.net records from this breach used in our total: 650
--------------------------------------------------------------------------------
January 8, 2011 Washington State Employment Security Division
Olympia, Washington GOV PHYS 1,000
Authorities discovered that names and Social Security numbers of hundreds of Employment Security Division state employees were in the possession of a
man who intended to misuse and profit from the information. The man was arrested and held on 50 counts of identity theft. It appears that the employee
information was stolen from a car parked on the state Capital campus sometime in 2009. Authorities are still notifying those who were affected by
incident.
Information Source:
Databreaches.net records from this breach used in our total: 1,000
--------------------------------------------------------------------------------
January 8, 2011 Duval Clerk of Courts
Jacksonville, Florida GOV DISC Unknown
People who want to check their information in the Duval system must go to
www.duvalclerk.com..., scroll to the bottom of the page, click "search
court and official records", click "OnCore" and type in their name.
Someone discovered sensitive information on the government website. Some Social Security numbers and bank account numbers were viewable. Records
entered after and around 2002 are carefully checked for Social Security numbers and bank accounts, but some records prior to that time still contain
sensitive information. The clerk's office removed sensitive information from several records after being notified of the problem.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
digital camera with veteran information was discovered missing on November 21. It contained the names, Social Security numbers, dates of birth and
images of patients. Images of veterans who had been photographed in the last three weeks were on the camera.
Information Source:
PHIPrivacy.net records from this breach used in our total: 55
--------------------------------------------------------------------------------
digits of Social Security number exposed. The information was deleted from the web page on November 29.
Information Source:
PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
December 15, 2010 Social Security Administration Office of Temporary Disability Assistance
New York, New York GOV INSD 15,000
A subcontractor illegally downloaded around 15,000 Social Security numbers while performing upgrades. People who had made Social Security disability
claims may have been affected.
UPDATE (1/4/2011): Dates of birth, addresses and phone numbers may have also been accessed.
Information Source:
Databreaches.net records from this breach used in our total: 15,000
--------------------------------------------------------------------------------
December 14, 2010 Department of Education Federal Student Aid (FSA) Division
Dolton, Illinois GOV INSD Unknown
A former FSA employee repeatedly accessed the National Student Loan Database System (NSLDS) during her employment. The employee searched and viewed
confidential student loan records of several hundred people without reason between April of 2006 and May of 2009. The former employee pleaded guilty
and is scheduled to be sentenced on February 22 of 2011.
Information Source:
Media records from this breach used in our total: 0
--------------------------------------------------------------------------------
December 10, 2010 Southwestern Indiana Regional Council on Aging (SWIRCA)
Evansville, Indiana NGO PORT 757
Client information was on a case manager's laptop that was stolen from the SWIRCA office. Files on the laptop contained patient names, Social Security
numbers, dates of birth, addresses, phone numbers, demographic information, medical condition information and case information. The laptop was stolen
sometime between November 4 and 8.
Information Source:
Databreaches.net records from this breach used in our total: 757
--------------------------------------------------------------------------------
December 8, 2010 Illinois Secretary of State Drivers License Division
Libertyville, Illinois GOV INSD Unknown
An executive turned himself into authorities after being accused of selling Libertyville customer database information to identity thieves in exchange
for sports tickets and gift cards. The executive faces three counts of conspiracy to commit identity theft.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
December 3, 2010 Mesa County, Western Colorado Drug Task Force
Grand Junction, Colorado GOV DISC 200,000 (Unknown number of SSNs)
A former employee accidentally posted sensitive information in a place that was publicly accessible on the Internet. The home addresses of sheriff's
deputies, names of confidential drug informants, confidential emails between officers and other sensitive information were accessible from April until
the discovery in November. The FBI is investigating which computer users may have accessed the information. The breach was discovered on November 24
when an individual searched the Internet and found one of the files mentioning his or her name.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
December 1, 2010 State Department of Labor and Industries, Washington State Employees Credit Union, Court of Appeals
Tacoma, Washington GOV PHYS Unknown
Confidential paper files from at least three tenants of the state-owned Rhodes Building were found in an unsecured recycling bin. Some documents
included names, Social Security numbers, checking account information, health information and dates of birth. A news report claimed the documents
numbered in the dozens. Representatives for some of the organizations claimed that the files were supposed to be shredded.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
November 18, 2010 Federal Reserve Bank of Cleveland
Cleveland, Ohio GOV HACK Unknown
A foreign national responsible for fraudulently obtaining or holding 400,000 credit card numbers was caught in the U.S. while attempting to meet
hackers and utilize stolen financial information. The man is also accused of hacking into the Cleveland Federal Reserve Bank in June, though the
amount of information he was able to obtain is unknown and separate from the 400,000 card numbers found on his computer.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
November 17, 2010 Oklahoma Veterans Affairs Medical Center
Oklahoma City, Oklahoma GOV PHYS 1,950
An employee noticed that some pages were missing from a laboratory log book on October 15. The pages may have contained the names, last four digits
of Social Security numbers, appointment information and tests of 1,950 VAMC visitors. Veterans who visited between January 1 and October 8 may have
been affected. The military believes the most likely cause of the loss is that the pages were shredded.
UPDATE (12/2/10): An VA investigation determined that the information was most likely accidentally shredded.
Information Source:
PHIPrivacy.net records from this breach used in our total: 1,950
--------------------------------------------------------------------------------
November 16, 2010 Education Department, Department of Veterans Affairs
Bronx, New York GOV PHYS 146
A box was left unsecured during an October 25 relocation. Employee names and Social Security numbers may have been accessed by volunteers and
employees during that time. The information was from employees who took the Cardiopulmonary Resuscitation (CPR) test.
Information Source:
PHIPrivacy.net records from this breach used in our total: 146
--------------------------------------------------------------------------------
November 15, 2010 University of Nebraska
Lincoln, Nebraska GOV DISC Unknown
Thousands of students had their financial aid and loan information posted on the state treasurer's website. The office is refusing to remove the
information for the time being because of limited staff resources. The treasurer's office also claims that the University was given ample time to edit
the data so that student names and financial information were not included. Students who received loans, scholarships and other aid for the 2008-2009
school year had their information posted on the website. Some people are concerned that con artists could contact the students on the list and pretend
to be a lender who holds their student loan information. Information for 2009-2010 school year spending was also submitted with detailed student
information and is scheduled to be uploaded sometime in November.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
November 9, 2010 New Hanover County
Wilmington, North Carolina GOV DISC Unknown
A list of 9,845 property owner accounts was published online. Social Security numbers were attached to 163 of the accounts, though some people had
multiple accounts. The list of delinquent accounts was mistakenly published before the Social Security numbers were removed. It is unclear how long
the information was available online.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
November 6, 2010 General Services Administration
Washington, District Of Columbia GOV INSD 12,000
An employee sent an email with the names and Social Security numbers of the entire staff to a private, outside address. Though notification emails
were sent at the end of September, many employees learned of the incident in November.
Information Source:
Databreaches.net records from this breach used in our total: 12,000
--------------------------------------------------------------------------------
October 31, 2010 Robins Airforce Base
Warner Robins, Georgia GOV HACK 50
Around 50 employees noticed fraudulent charges on their credit or debit cards after using them on base in August of 2010. Officials became aware of
the problem and notified employees within two weeks of the incidents.
Information Source:
Databreaches.net records from this breach used in our total: 50
--------------------------------------------------------------------------------
October 28, 2010 Emergency Medical Services Bureau
Baton Rouge, Louisiana GOV HACK 56,000
The Louisiana Department of Health and Hospitals notified emergency medical technicians that a hacker may have had access to their names, Social
Security numbers and other personal information. The incident occurred on September 17 and a lack of funding for letters and postage caused a delay in
notification.
Information Source:
Databreaches.net records from this breach used in our total: 56,000
--------------------------------------------------------------------------------
October 21, 2010 California Men's Colony (CMC)
San Luis Obispo, California GOV PHYS 8
An attorney mishandled the records of eight inmates who had been found guilty of murder. The names, criminal history, psychological evaluations,
Social Security numbers and observations about their family relationships and behavior in prison were found in a public dumpster.
Information Source:
PHIPrivacy.net records from this breach used in our total: 8
--------------------------------------------------------------------------------
October 18, 2010 Milwaukee County
Milwaukee, Wisconsin GOV INSD 30
A temporary employee who was hired through the staffing agency Adecco was convicted of identity theft. Over thirty county employees had their
identities stolen. The temporary employee began working in the human resources department in December of 2009.
Information Source:
Databreaches.net records from this breach used in our total: 30
--------------------------------------------------------------------------------
October 14, 2010 Accomack County Virginia residents
Accomac, Virginia GOV PORT 35,000
The theft occurred in Las Vegas, NV and affects residents of Accomack County. Citizens are advised to call one of the three credit bureaus at
888-397-3742, 888-766-0008 or 800-680-7289 for a credit report fraud alert.
A stolen laptop contained the names and Social Security numbers of Accomack County, Virginia residents. Full addresses of some residents were also
exposed. The laptop was county property and was stolen from an employee's car during a vacation to Las Vegas. The incident happened on October 7; as
of October 14, residents had not been notified.
Information Source:
Databreaches.net records from this breach used in our total: 35,000
--------------------------------------------------------------------------------
October 14, 2010 Boston Veterans Benefits Administration Regional Office
Boston, Massachusetts GOV PHYS 3,936
Some veteran benefit information was mailed to the wrong addresses on August 25. Of the 6,299 letters sent to incorrect addresses, 3,913 had full
Social Security numbers and 2,386 had Veterans Benefits Administration claim numbers. A program error caused some of the letters to be mailed to the
incorrect addresses.
Information Source:
Databreaches.net records from this breach used in our total: 3,936
--------------------------------------------------------------------------------
October 14, 2010 Plymouth Road Department of Children's Services
Johnson City, Tennessee GOV PHYS Unknown
A person or persons broke into the building during the weekend of October 10. Personal information of clients may have been viewed or recorded, but
does not appear to have been stolen. Police believe their suspect entered the building to retrieve a car title document.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
October 11, 2010 Wright-Patterson Air Force Base
Dayton, Ohio GOV PHYS 2,123 (No reports of SSNs or financial information)
Paper records were improperly disposed of on July 29. The incident affected 2,123 patients.
Information Source:
HHS via PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
October 8, 2010 Mississippi National Guard
Jackson, Mississippi GOV DISC 2,672
It was discovered that personnel records had been posted online for several weeks. Administrative information collected from the 155th Brigade Combat
Team between 2006 and 2008 was accessible online. Names, Social Security numbers, rank, pay grade, dates of birth and phone numbers were exposed.
Information Source:
Databreaches.net records from this breach used in our total: 2,672
--------------------------------------------------------------------------------
October 8, 2010 AmeriCorps
Washington, District Of Columbia GOV DISC Unknown
A website flaw dating back to 2006 may have allowed people to view applicant and participant personal information. Individuals who manipulated the
website URL and guessed or knew user log-in names could have accessed participant and applicant contact information, names, and partial or full Social
Security numbers.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
September 23, 2010 Alaskan AIDS Assistance Association (Four A's)
Anchorage, Alaska NGO PORT 2,000 (Unknown number of SSNs reported)
The Four A's is a business associate of the State of Alaska Department of Health and Human Services.
A data storage device containing client names and contact information was stolen from Four A's executive director's car. Some clients had their
Social Security numbers on the device.
Information Source:
PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
September 18, 2010 New York City Human Resources Administration and New York City Department of Health and Mental Hygiene
New York, New York GOV INSD Unknown
Two New York City employees from different agencies were involved in an identity fraud ring. One employee worked for the New York City Human Resources
Administration and sold copies of welfare recipients' birth certificates and Social Security numbers. The second employee worked for the New York City
Department of Health and Mental Hygiene and sold parental identification information from birth certificates. The employees were sentenced to eight
months to two years of prison time and one to two years of probation for identification fraud. These crimes happened between 2005 and 2008.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
September 16, 2010 Martin Luther King Jr. Multi-Service Ambulatory Care Center
Los Angeles, California GOV INSD 33,000 (No reports of SSNs or financial information)
A janitor removed 14 boxes of patient records and sold them to a recycling center. The records had names, genders, dates of birth, addresses, medical
record numbers and financial batch numbers. Patients who received services from the outpatient facility between January and October of 2008 were
affected. The files were discovered missing on July 29 of 2010 and the custodial worker admitted to selling them. The custodian is being charged
with one count of felony commercial burglary. Those affected will be mailed notifications during the week of September 20 of 2010.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
September 13, 2010 City of Shreveport
Shreveport, Louisiana GOV PHYS Unknown
Personal city government documents were easily accessible during a public auction. Buyers looking for city furniture were able to search through city
payroll information, law enforcement reports and a variety of other documents which contained people's names, contact information and Social Security
numbers. City employees admit the exposure was a mistake and removed the documents within an hour of notification. It is believed that the documents
escaped from a stack that was scheduled to be burned.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
September 13, 2010 Florida Department of Children and Families, Department of Juvenile Justice
Tallahassee, Florida GOV UNKN Unknown
Seven people worked together to collect 880 fraudulent tax refunds between 2006 and 2008. It is believed that people served through the Florida
Department of Children and Families and people connected to the Department of Juvenile Justice were affected. The conspirators somehow gained access
to names, Social Security numbers and other information on the state databases.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
September 9, 2010 California Department of Health Care Services
Sacramento, California GOV DISC 5,000 (No reports of SSNs or financial information)
The California Department of Health Care Services released confidential and identifying information about HIV positive Medi-Cal recipients to a third
party service provider. A network of organizations have deemed this action illegal and unauthorized. A letter was sent by the network asking for an
explanation of how this happened and reassurance that it will not happen again.
Information Source:
PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
September 4, 2010 Essex Youth Commision Summer Program
Essex, Massachusetts GOV PHYS Unknown
Paper records and digital files with personal health and personally identifiable information from youth participants, parents and staff were reported
missing.
Information Source:
PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
August 31, 2010 Armed Forces Recruiting Center
Cape Girardeau, Missouri GOV PHYS Unknown (8 SSNs reported)
Dozens of records with high school diplomas were found in a dumpster outside of the recruiting center on William Street. In eight cases, copies of
people's birth certificates, Social Security cards, or both were also with their diplomas.
Information Source:
Media records from this breach used in our total: 8
--------------------------------------------------------------------------------
August 24, 2010 Oak Ridge National Laboratory
Columbus, Ohio GOV STAT Unknown
About 1,500 unused hard drives were mismanaged, abandoned, and unsecured in the offices. The hard drives had sensitive information such as names,
medical information, dates of birth and salary information. Auditors found hard drives in hallways, unused offices and docks. Only 55 unused hard
drives were being stored properly; computer security officers destroyed the others.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
August 20, 2010 Cook County Health and Hospital Systems (CCHHS)
Chicago, Illinois GOV PORT 7,000
On June 1, a laptop with patient information was stolen from a locked office in an administration building. The password protected-computer included
names, dates of birth and Social Security numbers.
Information Source:
PHIPrivacy.net records from this breach used in our total: 7,000
--------------------------------------------------------------------------------
August 18, 2010 Baton Rouge Police Department
Baton Rouge, Louisiana GOV INSD 30
A man pled guilty to using a printout with the information of around 30 current and retired Baton Rouge officers to commit credit fraud. An insider
sold him the computer printout.
Information Source:
Databreaches.net records from this breach used in our total: 30
--------------------------------------------------------------------------------
August 13, 2010 Metro Nashville
Nashville, Tennessee GOV PORT 500
In February of 2009, an auditor lost a USB device. The bank account information of victims of juvenile crime was on the unencrypted device.
Information Source:
Media records from this breach used in our total: 500
--------------------------------------------------------------------------------
August 13, 2010 Nashville Career Advancement Center
Nashville, Tennessee GOV DISC 160
Outdated software is believed to have caused the Social Security numbers of clients of the Center to be exposed online.
Information Source:
Media records from this breach used in our total: 160
--------------------------------------------------------------------------------
August 10, 2010 College Center for Library Automation (CCLA)
Tallahassee, Florida GOV DISC 126,000
Personal data from students, faculty and staff from six colleges was accessible through an Internet search for five days. The information may have
included full names, Social Security numbers, driver's license numbers, and Florida identification card numbers. The institutions were Broward
College, Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College, and
Tallahassee Community College.
Information Source:
Databreaches.net records from this breach used in our total: 126,000
--------------------------------------------------------------------------------
August 10, 2010 Baltimore Chesapeake Bay Outward Bound Center
Baltimore, Maryland NGO STAT Unknown
After the theft of two office computers it was discovered that a file cabinet with employment documents was unlocked. The documents included names,
Social Security numbers, addresses and bank account numbers. The robbery occurred sometime around February 1.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
August 9, 2010 Cathedral Square Corporation
South Burlington, Vermont NGO HACK Unknown
Residents of CSC may have had their names, bank account numbers and routing numbers exposed if they paid their rent electronically. Staff Health
Savings Account information may have also been accessed.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
August 9, 2010 Brookings Institution
Washington, District Of Columbia NGO PORT 143
A CD with employee W-2 statement information was lost in transit during December of 2009. Employee names, addresses and Social Security numbers were
in the W-2 files. Around 143 employees from Maryland alone were affected.
Information Source:
Databreaches.net records from this breach used in our total: 143
--------------------------------------------------------------------------------
August 4, 2010 Rockland town government
Rockland, Massachusetts GOV PHYS Hundreds (at least 200)
On July 23, canceled payroll checks with Social Security numbers and bank account numbers were lost when wind knocked them off of a recycling truck.
Current and former employees of Rockland's government between 1992 and 2002 were affected.
Information Source:
Databreaches.net records from this breach used in our total: 200
--------------------------------------------------------------------------------
August 4, 2010 Hingham city government
Hingham, Massachusetts GOV DISC 1,300
An email with the Social Security numbers, names, and employee identification numbers of Hingham city employees was accidentally emailed to about 30
department heads. Some of the emails were automatically forwarded to personal accounts and personal devices.
Information Source:
Databreaches.net records from this breach used in our total: 1,300
--------------------------------------------------------------------------------
August 3, 2010 Metro Assessor of Property
Nashville, Tennessee GOV DISC 68
Flood victims who were applying for property tax cuts had their personal information exposed online. The online application involved uploading
canceled checks; these checks, tax returns, and other sensitive information were all available online because the system's password requirements had
been removed. According to the Organization: "The staff were trying to make it easier for people to enter information online."
Information Source:
Databreaches.net records from this breach used in our total: 68
--------------------------------------------------------------------------------
August 1, 2010 Guttenberg Housing Authority
Guttenberg, New Jersey GOV HACK Unknown
An unauthorized individual may have accessed sensitive information on housing applicants and residents in late December 2009. The information may have
included Social Security numbers, names and other personal identifying information.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
July 30, 2010 Texas Children's Hospital and Baylor College of Medicine
Houston, Texas NGO PORT 694 (No SSNs or financial information reported)
A physician's laptop was stolen from an office on May 13th. The laptop contained personal information on cardiology patients. Affected persons were
notified that their names, dates of service, medical record numbers, diagnoses and dates of birth were on the password-protected laptop.
UPDATE (9/2/10): Only 694 patients were affected. The original notice on the website stated that 1600 patients were at risk.
Information Source:
PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
July 26, 2010 Natchez Police Department
Natchez, Mississippi GOV INSD Unknown
A police officer with the Natchez department fraudulently used and encouraged others to use stolen credit and debit cards.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
July 22, 2010 Colorado Department of Health Care Policy and Financing
Denver, Colorado GOV PORT 105,470 (0 SSNs and financial information reported)
A hard drive containing personal information for clients enrolled in state-provided health insurance was stolen from the Colorado Office of
Information Technology. The information included names, state ID number and the name of the client's program. The Agency is certain that contact
information, financial information and Social Security numbers were not involved.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
July 22, 2010 Iowa Department of Agriculture and Land Stewardship
Des Moines, Iowa GOV PORT 3,404
A laptop containing personal information from Iowa residents was stolen from a locked state vehicle. The computer was encryption protected and
contained names, addresses, phone numbers and Social Security numbers. Iowa residents who participate in the Iowa Horse and Dog Breeding Program were
notified.
Information Source:
Databreaches.net records from this breach used in our total: 3,404
--------------------------------------------------------------------------------
July 20, 2010 Maryland Department of Human Resources
Baltimore, Maryland GOV INSD 3,000
An employee posted Social Security numbers and other personal information of around 3,000 clients on an outside website. The organization provides
food stamps and other benefits and aid to clients. The employee was placed on administrative leave.
Information Source:
Databreaches.net records from this breach used in our total: 3,000
--------------------------------------------------------------------------------
July 16, 2010 Connecticut Department of Labor
Bridgeport, Connecticut GOV PORT 5,000
A highly encrypted laptop was stolen from the office of the Connecticut Department of Labor. The laptop contained confidential information about
unemployment insurance claims, wage discrepancy complaints and some Bridgeport area employers.
Information Source:
Databreaches.net records from this breach used in our total: 5,000
--------------------------------------------------------------------------------
July 15, 2010 Prince William County Intellectual Disabilities Case Management
Woodbridge, Virginia GOV PORT 669
On June 18th or 19th, a government-issued Blackberry was stolen from an employee's car. The Blackberry had personal information on patients enrolled
in the program. The County notified residents that their Social Security numbers, names, addresses, dates of birth, phone numbers, and Medicaid
numbers may have been accessed.
Information Source:
PHIPrivacy.net records from this breach used in our total: 669
--------------------------------------------------------------------------------
July 15, 2010 Utah Department of Workforce Services
Salt Lake City, Utah GOV INSD 1,300 (Unknown number of SSNs)
A leak that allowed anti-immigration activists to post and circulate the names, Social Security numbers, medical information, addresses, workplaces,
and phone numbers of alleged illegal immigrants in Utah has been linked to Utah's Department of Workforce Services. A large number of employees had
access to this information.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
July 12, 2010 Connecticut Department of Education, State Teachers' Retirement Board
Hartford, Connecticut GOV PORT 58,000
An encrypted flash drive containing 2007-2008 Connecticut Teachers' Retirement Board member annual statement data has been lost or stolen. It is
unlikely that outside parties could read the pension and employment credit.
UPDATE (8/5/10): The total number of retirees exposed to ID theft is reported as 58,000.
Information Source:
Databreaches.net records from this breach used in our total: 58,000
--------------------------------------------------------------------------------
July 8, 2010 Waukesha County
Big Bend, Wisconsin GOV PORT Unknown
A laptop was stolen from a payroll services provider of the county. It is unknown what types of Big Bend employee payroll information were contained
on the laptop.
Information Source:
Dataloss DB records from this breach used in our total: 0
--------------------------------------------------------------------------------
July 7, 2010 Massachusetts Secretary of State, Securities Division
Boston, Massachusetts GOV PORT 139,000
The Massachusetts Secretary of State's office accidentally released confidential personal information earlier this year on 139,000 investment advisers
registered with the state. The data, including the advisers' Social Security numbers, were on a CD-ROM sent to IA Week, an investment industry
publication that had requested public information from the Securities Division. Secretary of State IA Week had asked for a list of registered
investment companies. The Securities Division responded by sending a list of individual investment professionals. In addition to their names and
Social Security numbers, this list included their dates and locations of birth, height, weight, hair color, and eye color.
Information Source:
Dataloss DB records from this breach used in our total: 139,000
--------------------------------------------------------------------------------
July 6, 2010 Massachusetts Secretary of State Office
Boston, Massachusetts GOV PHYS 139,000
In an attempt to release public information from the Securities Division, the Massachusetts Secretary of State's office released the Social Security
and driver's license information of 139,000 investment advisers registered with the state. The information was sent on a CD-ROM sent to IA Week, an
investment industry publication.
Information Source:
Databreaches.net records from this breach used in our total: 139,000
--------------------------------------------------------------------------------
July 2, 2010 Cornerstone
Nashville, Tennessee NGO PHYS 1,537
According to Cornerstone: "During the weekend of April 30th, 2010, flood waters broke windows of our administrative office for School-Based
Services... As a result of the unprecedented flooding that occurred, some clinical record information, along with name, Centerstone ID#, Social
Security number, and date of birth, may have been removed from the building by flood waters."
Information Source:
PHIPrivacy.net records from this breach used in our total: 1,537
--------------------------------------------------------------------------------
June 29, 2010 Sparta Board of Education
Sparta Township, New Jersey GOV DISC 200
Several vendor Social Security numbers and tax identification numbers were accidentally sent out via email to a local activist requesting information
on Sparta Board of Education vendors.
UPDATE (7/8/10): The activist mentioned is Jesse Wolosky and he has not returned the information because "they could get lost in cyberspace or go to
the wrong inbox." Wolosky also claims that state agencies are looking into the matter. The number of Social Security numbers is still unknown since
Wolosky claims 600-800 and the district claims 200-300.
Information Source:
Databreaches.net records from this breach used in our total: 200
--------------------------------------------------------------------------------
June 26, 2010 Federal Aviation Administration
Washington, District Of Columbia GOV DISC 0
This is an update to the February 9, 2009 breach entry.
An investigation that was launched in response to the 2009 breach of the Federal Aviation Administration's computer system (see Feb. 9, 2009, entry)
was released June 26, 2010. The findings reveal that the names addresses, Social Security numbers, medical data and other personal information of
airmen are still vulnerable and that "serious security lapses" exist.
NOTE (12/2/2010): This entry has been updated to correct an error. Prior to December 2, 2010, this entry erroneously implied that a new breach had
occurred involving 3 million records. We apologize for our mistake.
Information Source:
www.oig.dot.gov...
Information Source:
PHIPrivacy.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
June 22, 2010 Oregon National Guard
Portland, Oregon GOV PORT 3,500
A laptop belonging to an Oregon National Guard member was stolen and the military is contacting service members who might be affected by the theft.
According to the Oregon National Guard, the laptop was stolen from a vehicle. The Guard member had been using the laptop to conduct work from home.
Although this laptop is password protected, there is still potential for exposure of individual personal information.
UPDATE (7/1/10): The 3,500 National Guard members who were affected have been notified.
Information Source:
Dataloss DB records from this breach used in our total: 3,500
--------------------------------------------------------------------------------
June 14, 2010 Franklin County Treasurer's Office
Columbus, Ohio GOV DISC 0
Although it has a newer and better protected website for paying property taxes, the Franklin County Treasurer's Office continues to allow taxpayers to
use an older URL which was recently discovered to be vulnerable to hackers. This may expose taxpayer credit card and checking account numbers.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
June 13, 2010 Butler County Department of Job and Family Services
Middle, Ohio GOV PHYS 10,600
The Agency learned in 2008 that confidential records were being left in public dumpsters without being shredded. Documents from Medicaid, Food
Stamps, Ohio Works First, and child care programs included information such as Social Security number, name, address, phone number and pay stub. The
agency failed to notify those who were affected.
Information Source:
Databreaches.net records from this breach used in our total: 10,600
--------------------------------------------------------------------------------
June 12, 2010 Middle Township Municipal Hall
Middle Township, New Jersey GOV PHYS Unknown
Personal information from Municipal Hall was found in a public dumpster. The information was not shredded and included police reports, Social Security
numbers, home addresses, telephone numbers, names, and tax records. The improper disposal of information continued after the first dumpster
discovery.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
June 10, 2010 City of Springfield
Springfield, Illinois GOV DISC Unknown
The city of Springfield put documents online that contained sensitive information such as Social Security numbers, driver’s license numbers, home
and work telephone numbers, bank account numbers and the name of someone who called the state anonymously to report suspected child abuse. The
documents were posted on the city’s website in response to Freedom of Information Act requests as part of an initiative to make public information
available to anyone with a computer. But personal information such as home phone numbers, Social Security numbers and driver’s license numbers are
exempt from disclosure under state law.
Information Source:
Dataloss DB records from this breach used in our total: 0
--------------------------------------------------------------------------------
June 10, 2010 Durham County Government
Durham, North Carolina GOV PHYS 8,700
A group of people obtained a list of Durham employees which included Social Security numbers, birth dates, and employment information. They then used
their personal information to commit credit card fraud and identity theft. Police report that more than 200 employees were victims.
Information Source:
Databreaches.net records from this breach used in our total: 8,700
--------------------------------------------------------------------------------
June 8, 2010 Los Angeles County Department of Public Social Services
Los Angeles, California GOV INSD 155
A dishonest employee used welfare beneficiary information to file for two million dollars worth of tax refunds. The employee was caught and charged
with 11 counts of identity theft and 11 counts of making false claims to the United States.
Information Source:
Databreaches.net records from this breach used in our total: 155
--------------------------------------------------------------------------------
June 5, 2010 National Highway Traffic Safety Administration (NHTSA)
Washington, District Of Columbia GOV DISC Unknown
A limited search of NHTSA's public complaint database uncovered Social Security numbers, names, birth dates, addresses, VINs, and drivers' license
numbers. Public access to the database of 792,000 complaint cases was temporarily ended.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
May 28, 2010 Interior National Business Center
Denver, Colorado GOV PORT 7,500 (0 SSNs reported)
A disc containing employee information was lost or stolen. The Interior Department reported that it was encrypted and password-protected personally
identifiable federal employee information.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
May 25, 2010 City of Charlotte
Charlotte, North Carolina GOV PHYS 5,220
(888) 435-6031
The city of Charlotte says the personal information of 5,220 current and former city employees and elected officials has been lost. The loss affects
individuals who received health insurance from the city in early 2002. Two DVDs containing the Social Security numbers of the affected individuals
failed to arrive at the offices of Towers Watson & Co., the city’s benefits consulting firm, in Atlanta. The discs also contained prescription-drug
information for five individuals.
Information Source:
Dataloss DB records from this breach used in our total: 5,220
--------------------------------------------------------------------------------
May 14, 2010 Department of Veterans Affairs
Washington, District Of Columbia GOV PORT 616
The Department of Veterans Affairs has suffered another possible breach of private data as a thief recently stole an unencrypted laptop that had held
the Social Security numbers and other information of 616 veterans. Theft of the laptop was owned by a contractor and not the VA.
Information Source:
Dataloss DB records from this breach used in our total: 616
--------------------------------------------------------------------------------
May 13, 2010 Army Reserve/Serco Inc.
Morrow, Georgia GOV PORT 207,000
A laptop containing the names, address and Social Security numbers of more than 207,000 Army reservists has been stolen from a government contractor
in Georgia. A CD-Rom containing the personal identifiable information was in one of three laptops stolen from the Morrow, Ga., offices of Serco Inc.,
a government contractor based in Reston, Va. The other laptops did not contain sensitive personal information. Serco had a contract with the U.S.
Army's Family and Morale, Welfare and Recreation Division, so some of the pilfered information also could belong to reservists' family members.
Information Source:
Dataloss DB records from this breach used in our total: 207,000
--------------------------------------------------------------------------------
May 11, 2010 New Mexico Medicaid
Santa Fe, New Mexico GOV PORT 9,500
(877) 453-8424
A employee of a subcontractor for the company that processes claims and provides dental benefits for the State’s Medicaid program, filed a stolen
car report for a vehicle whose trunk contained an ”unencrypted” laptop loaded with patient information. The patient information in the laptop
included name, health plan identification number, which in some cases is the individual’s Social Security number, and a provider identification
number but not the name of the provider. The agency sent out a message today saying that it was in the process of notifying 9,500 New Mexicans who use
its Medicaid Salud plan of a possible security breach.
Information Source:
Dataloss DB records from this breach used in our total: 9,500
--------------------------------------------------------------------------------
April 26, 2010 South Carolina Department of Health and Environmental Control
Columbia, South Carolina GOV PHYS 1,824 (0 SSNs and financial information reported)
Over 1,824 people's information was found in a dumpster. It is not known what kind of personal information was included in the documents.
Information Source:
NAID records from this breach used in our total: 0
--------------------------------------------------------------------------------
April 21, 2010 US Army Reserve
Fort Totten, New York GOV PHYS 12,000
The Army is warning about 12,000 military and civilian personnel once associated with a reserve command based at Fort Totten that they should check
their credit records, after discovering that it cannot locate files containing information that could make them vulnerable to identity theft. The
records cover reservists from Long Island, New York City and upstate who were assigned to the 77th Regional Readiness Command and its subordinate
units from 2001 until the unit was absorbed by the 99th Regional Support Command in 2008. The files were discovered missing when the new command asked
for an accounting of the old unit’s records. They could have been burned, shredded or stolen.
Information Source:
Dataloss DB records from this breach used in our total: 12,000
--------------------------------------------------------------------------------
April 14, 2010 Bay Pines VA Medical Center
Bay Pines, Florida GOV PHYS Nearly 800 (unknown number of SSNs)
Up to 800 police files were left in an area where the general public could easily access them. Some of the files contained Social Security numbers,
patient addresses, and treatment information.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
April 13, 2010 Virginia Beach Dept. of Social Services
Virginia Beach, Virginia GOV INSD Unknown
At least eight human services employees, including supervisors, have been fired or disciplined in the past year for wrongfully accessing confidential
and personal information about former employees, family members and clients. The violations include a boss who forced her employees to gather
information from a state database about her husband's child and a worker who checked on the status of a dead client's Medicaid benefits to help the
client's family. Most of the cases stemmed from the agency's financial assistance department, which handles food stamps, Medicaid assistance, grants
for the disabled and emergency relief for needy families. As part of their jobs, the 330 employees in the department who provide social services have
varying degrees of access to secured databases. They need the information to determine whether a client qualifies for financial help.
Information Source:
Dataloss DB records from this breach used in our total: 0
--------------------------------------------------------------------------------
April 13, 2010 Atlanta Firefighters
Atlanta, Georgia GOV DISC 1000
While attending a seminar on security, Atlanta police officers were astonished to discover that personal information from city firefighters was being
used as an example of what could be found on the Internet. The information included Social Security numbers, names and addresses. It is believed that
the information was hacked and/or uploaded to a file sharing website from a city employee's off-site laptop.
Information Source:
Databreaches.net records from this breach used in our total: 1,000
--------------------------------------------------------------------------------
April 12, 2010 Kern County Employee's Retirment Association
Bakersfield, California GOV INSD 37,000
A former employee was convicted of using the Social Security number of a member to create a false identity. The county employee opened a line of
credit and had committed felonies before being hired at KCERA in a position with access to retirees' personal information.
Information Source:
Databreaches.net records from this breach used in our total: 37,000
--------------------------------------------------------------------------------
April 3, 2010 Middletown City Government Building: Public Works, Utilities, Police, and Finance Departments
Middletown, Ohio GOV PHYS Unknown
Personal documents that originated from the city building were left in a dumpster. Most of the documents were from the public works and utilities
departments. An unknown number of Middletown residents had their Social Security numbers, phone numbers, and carbon copies of checks exposed.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
April 2, 2010 Naval Facilities Engineering Service Center
Port Hueneme, California GOV PHYS 244
More than 200 employees were notified that a non-government entity may have seen their personal information. The non-government entity were lawyers
for two of three workers who fought a security access suspension against them. It take the Navy 17 months to inform employees at the Naval Facilities
Engineering Service Center in Port Hueneme, Calif., that their Social Security numbers had been inadvertently released.
Information Source:
Dataloss DB records from this breach used in our total: 244
--------------------------------------------------------------------------------
March 25, 2010 New York State DMV
, New York GOV INSD Over 200 (0 reports of SSNs or financial information)
Two employees from the New York City office
Seven people, including two former New York State DMV employees from New York City, were indicted in a theft ring. The identify fraud ring involved
New York State driver's licenses, learner's permits, and identification cards. The information was then sold to felons. Fifteen other people were
charged with buying the stolen information.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
March 25, 2010 Yuma Proving Ground
Yuma, Arizona GOV HACK 700
A home computer that contained personnel data may have picked up a virus from the Internet. This breach puts employee names and Social Security
numbers at risk.
Information Source:
Databreaches.net records from this breach used in our total: 700
--------------------------------------------------------------------------------
March 23, 2010 Connecticut Office of Policy and Management
Hartford, Connecticut GOV INSD 11,000
Police are investigating the theft of personal information — including Social Security numbers, names and addresses — from as many as 11,000
people who had applied for furnace rebate programs with the state. The investigation by Hartford and state police has led them to a woman who worked
at the state Office of Policy and Management from May 2008 until May 2009. There have been no arrests. The state collected Social Security numbers
because the refunds are federally taxable and the state was required to send a 1099 tax form to the recipients.
Information Source:
Dataloss DB records from this breach used in our total: 11,000
--------------------------------------------------------------------------------
March 16, 2010 Albany Police Department (ADP Georgia)
Albany, Georgia GOV DISC Unknown
Sensitive city documents were found near a garbage can in an alley. The documents may have contained Social Security numbers. It is believed that
officers failed to shred the documents and dispose of them properly.
Information Source:
Databreaches.net records from this breach used in our total: 0
--------------------------------------------------------------------------------
March 13, 2010 St. Louis Metropolitan Police Department
St. Louis, Missouri GOV HACK 24
24 people may have had their personal information compromised following the cyber attack of one computer in the St. Louis Metropolitan Police
Department. The attack came through an e-mail. The department’s website was not attacked. The names, addresses and Social Security numbers of the 24
people may have been viewed.
Information Source:
Dataloss DB records from this breach used in our total: 24
--------------------------------------------------------------------------------
March 5, 2010 Arkansas Army National Guard
Camp Robinson, Arkansas GOV PORT 35,000
An external hard drive has gone missing. Approximately 35,000 current and former members of the Arkansas Army National Guard are affected by the loss.
The drive included names, Social Security numbers and other personal information which potentially places the affected soldiers at risk for identity
theft.
UPDATE (5/18/10): The external hard drive containing personal information on over 32,000 current and former Arkansas Guardsmen that was reported
missing on February 22 has now been recovered and destroyed. The drive was reported missing by an Arkansas Soldier who used the device as a personal
backup of his work related information. This included a copy of the Guard's personnel database which contained personal information on all Soldiers
who have served in the Arkansas Army National Guard since 1991.
Information Source:
Dataloss DB records from this breach used in our total: 35,000
--------------------------------------------------------------------------------
March 5, 2010 University of Texas Southwestern Medical Center
Dallas, Texas GOV INSD 200
A former employee was arrested on patient information and identity theft. The stolen patient information includes names, Social Security numbers,
birth dates, addresses, phone numbers and financial data. The employee allegedly sold the patient information of at least 200 people to an outside
party for the purpose of creating bank accounts and misusing credit and loans.
Information Source:
Databreaches.net records from this breach used in our total: 200
--------------------------------------------------------------------------------
February 25, 2010 Wyoming Department of Health
Cheyenne, Wyoming GOV DISC 9,000
The personal information of about 9,000 children in the state's children's health insurance program could have been exposed on the Internet. The error
resulted in the names, birthdays, Social Security numbers, addresses and phone numbers of Kid Care CHIP participants being accessible on an unsecured
Web page for months.
Information Source:
Dataloss DB records from this breach used in our total: 9,000
--------------------------------------------------------------------------------
February 16, 2010 New York Social Security Administration
New York, New York GOV PORT 969
A computer disc containing detailed personal information about 969 New Yorkers was lost by a Social Security Administration employee traveling to
Queens from the Bronx. The disc was lost as the employee was going to the Queens Social Security hearing office, and the information on it included
administrative decisions, medical evidence and internal agency documents containing people’s names and Social Security numbers.
Information Source:
Dataloss DB records from this breach used in our total: 969
--------------------------------------------------------------------------------
February 15, 2010 West Memphis Police Department
Memphis, Tennessee GOV INSD Unknown
FBI is investigating, after the security of the West Memphis Police Department's computer network was apparently compromised. The FBI had information
that somebody had used a computer that shouldn't have used it. The suspect in the breach was a detective in the police department. Files containing
the names and Social Security numbers of police department employees were stored on the computer network, making the employees vulnerable to identity
theft.
Information Source:
Dataloss DB records from this breach used in our total: 0
--------------------------------------------------------------------------------
February 9, 2010 California Department of Health Care Services
Sacramento, California GOV DISC 50,000
The personal security of nearly 50,000 people may have been breached by the California Department of Health Care Services. Social Security numbers
were printed on the address labels of letters that were mailed by the department. State employees mistakenly included the numbers in a list of patient
addresses. The list was sent to an outside contractor, who printed and mailed the envelopes.
Information Source:
Dataloss DB records from this breach used in our total: 50,000
--------------------------------------------------------------------------------
February 9, 2010 Ohio Department of Administrative Services
Columbus, Ohio GOV DISC 6,000
Personal banking information for 6,000 state employees was inadvertently included in a e-mail distributed to dozens of payroll
edit on
28-1-2011 by manta78 because: (no reason given)