A laptop computer containing Social Security numbers and other personal information for about 2,800 people and 1,400 companies was stolen from one of Utah's largest insurance companies. The laptop was stolen on December 9, 2007 from a car that was parked in the home garage of an auditor for the Utah Workers' Compensation Fund. The Utah Workers' Compensation Fund decided not to make an announcement about the theft of the laptop immediately because it did not want to alert the thieves that the computer contained any information that could be used for identity theft. All employees and companies who may have been affected have now been notified and the Utah Workers' Compensation Fund is providing identity theft protection for those who are at risk.
In Richmond County, Georgia, Dorothy Hains Elementary School was vandalized and burglarized over the holiday vacation. Windows were broken, American flags were burned, parts of the building were set on fire and electronics at the school were stolen. This was the second break-in at the school since November. During this incident, the library door at the school was kicked in and the circulation computer containing the Social Security numbers of all the students and teachers was stolen.
A laptop computer that was stolen more than a month ago contained the names and Social Security numbers of thousands of Health Net employees in Connecticut and other states. So far there have been no reports of identity theft as a result of the breached data. Data files on the computer had information on about 5,000 Health Net employees as well as an undisclosed number of health-care providers. The company has hired Kroll Inc. to provide credit monitoring and identity theft protection for employees affected by this data breach. These efforts will hopefully lessen the risk of bankruptcy as well.
In Florida, five state computers that contained personal information were stolen from a Department of Children and Families office in Orange County on November 7th and 8th, 2007. The stolen computers contained applications for child care center licenses and the theft has compromised the Social Security numbers, birth dates and other personal information of thousands of day care workers.
A privacy advocate reportedly discovered a data leak on a website that allows consumers to compare prices for digital phone, Internet and television services. The website, DigitalLanding.com, is owned by Acceller, Inc. and is leaking the addresses of people with unlisted telephone numbers. Initially, Acceller claimed that since the information was publicly available, there actually is no data breach on the site. When a telephone customer pays to have their number unlisted, the address connected with the telephone number is not meant to be made public. Apparently Acceller realized this and has since said that they are in the process of securing their data so that the information of people with unlisted telephone numbers will not be available to the public in the future. As of December 27, 2007 the information was still available on the site, which also raises questions about how well the telephone companies are actually protecting the information that they are paid to protect.
An identity thief has used the website of the Franklin County Municipal Court in Ohio to steal Social Security numbers. Police have indicated that hundreds of people in five states have been victims of identity theft in connection with this data breach. The thief manually entered random numbers into the Social Security number search field on the website until matches were made. Once the thief made a match, the victim's name, address, age and other personal information was supplied by the website to go with the Social Security number. Many of the victims may not even know yet that their identities were stolen. People in Ohio, Kentucky, South Carolina, Texas and Wyoming were affected in this data breach.
In Connecticut, the Department of Motor Vehicles lost a computer from a mobile service center vehicle when it was stolen while the vehicle was in the shop for repairs. The Connecticut DMV is now notifying 155 customers that their personal data may have been contained on the stolen computer's hard drive. The personal data on the computer included the names, addresses, birth dates, driver's license numbers and digital copies of the signatures of Connecticut DMV customers. The DMV says that the data would probably not be accessed because it was protected by a number of security features on the computer, including a program that automatically begins to delete data when the computer is turned on. The data did not contain any Social Security numbers, and any credit card information that was on the hard drive of the computer was encrypted.
In South Carolina, the personal information of hundreds of current and former Greenville County School District employees was stolen from computers containing state insurance information. The school district notified employees about the data theft and informed them that their names, home phone numbers and Social Security numbers have been stolen. The Department of Homeland security monitors all government computers for suspicious activity and alerted South Carolina state information security officials who notified the district that the data on their computers had been compromised. According to the Department of Homeland Security, the school district was one of several governmental agencies who experienced data theft in a similar manner.
In New York, several computer data tapes that contained the Social Security numbers, addresses and phone numbers of up to 800 current and former employees of the state Dormitory Authority vanished from a UPS envelope while in transit. The agency funds and oversees the construction of college dorms and other projects. They contacted employees via e-mail to let them know about the missing data tapes and to offer advice on how to learn about identity theft precautions. The data contained on the tapes was not encrypted, but the tapes do require special equipment in order for the data on them to be read. UPS has conducted a trace to try to find the tapes, but they were not found and now have the official status of "lost."
In Pennsylvania, a laptop computer owned by the state Department of Aging was stolen during a home break-in on December 5th. The laptop contained the personal information of almost 21,000 senior citizens including names, addresses, Social Security numbers, some medical information and the services that the clients had received. The laptop was stolen from a department employee who works with the agencies on aging in Indiana, Union, Snyder and Clearfield counties in Pennsylvania. Police have said that they believe the computer was stolen for its street value, rather than by someone attempting to steal the data on the computer. There has been no report of misuse of the data that was stolen, and the computer was double password protected. The department has since encrypted the information on its computer systems. All of the senior citizens who were affected in the breach are being notified, and credit protection from TransUnion will be provided for 90 days at a cost to the state of $23,000. Seniors will then have the option of having the credit protection extended for a year at the state's expense.
In Texas, employees of the Brownsville school district were startled to learn that forms with the personal information of employees were littered along the fence of the school district's warehouse. Included in the information were confidential letters with names, bank account numbers and Social Security numbers. Some of the forms were more than 10 years old, but still contained valuable information. The district has a department that is in charge of these old records, and these documents should have been shredded; however, the district says that these documents slipped through the cracks. The mess has been cleaned up and the district says they will take measures to prevent such incidents in the future.
Due to a glitch in the Ohio Child Welfare system, information from sealed adoption records is being revealed. Some child advocates say this is a massive violation of confidentiality. The data breach involves children who were in the foster-care system but have been adopted and are now enrolled in a children's health insurance program. When medical personnel look up a child's health records using the Medicaid cards that have been issued, the system reveals certain sealed data such as the child's birth mother's name.
A laptop containing the names, social security numbers, phone numbers, addresses and patient care information of 42,000 patients in the Pittsburgh, Pennsylvania area was stolen from a home care nurse's home. The West Penn Allegheny Health System said they are not aware of any inappropriate use of patient information. The hospital has said that the data on the laptop was protected once the computer was either shut off or the battery ran down.
The personal information of an undisclosed number of Deloitte & Touche partners, principals and other employees was contained on a laptop which was stolen from a contractor who was responsible for scanning the accounting firm's pension fund documents. The computer contained the personal data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates of employees. The information on the laptop was not encrypted, but was protected by a password.
A security firm says a new variant on the "Prg Banking Trojan" malware which targets commercial banking customers is believed to have come from Russia. The botnet-controlled Trojan is robbing commercial online bank customers in the United States, UK, Spain and Italy with a botnet called Zbot.
At least 45 customers, but possibly as many as 100, have been victimized at an Arco gas station in El Monte, California. Police say that the debit card information of the customers was stolen, and thieves got away with thousands of dollars in stolen funds. A computerized theft device was apparently used to steal information concealed in the magnetic strip of customer's debit cards. The information was picked up from the outside pay-at-the-pump terminals.
A contractor working for the Department of Natural Resources in Des Moines, Iowa, has lost or misplaced a computer jump drive that contains the names and Social Security numbers of 7,000 people. The worker believes that the jump drive likely fell off of his desk and into the trash. That's why he did not announce that it was missing on November 21st and waited until he was sure it wouldn't turn up when making his December 5th announcement that it was lost.
Sutter Lakeside Hospital in Lake County, California has announced that a laptop computer which contains the personal and medical information of around 45,000 former patients, employees and physicians was stolen from the residence of a contractor. The information on the laptop dates from 2005 and earlier, and was supposed to be transferred as part of an equipment upgrade. However, the contractor violated hospital policy and downloaded the information to the laptops's hard drive. When the hospital learned what the contractor had done, they terminated the business relationship.
In Texas, Cameron County employees are being notified that their personal information, including their names, Social Security numbers and salaries, was sent out in an e-mail. Former county auditor Mark Yates is being investigated in connection with the e-mail, and may face criminal charges for releasing the information.
Oak Ridge National Laboratory in Oak Ridge,Tennessee announced on December 6th that hackers may have gained access to a non-classified database containing the names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004. The sophisticated cyber attack may have been an attempt to gain access to the computer's access of many laboratories and institutions across the country. The data thieves sent out phony e-mails containing Trojan attachments, which when opened, allowed hackers to gain access to the lab's computer security. The lab notified approximately 12,000 potential victims of this data breach.
A laptop containing the names, addresses and Social Security numbers of current and former employees and directors of Forrester Research in Cambridge, Massachusetts was stolen from the home of an employee. The laptop may have not been encrypted, but it was password protected. Forrester has not disclosed how many people may have been affected in this data breach, but they sent out letters to the affected parties on December 3rd advising them of the potential beach. The obvious irony is that Forrester Research is a technology consultancy company, and they failed to encrypt this sensitive data. Simple password protection does not protect information on a hard drive from identity theft thieves.
Memorial Blood Centers in Duluth, Minnesota have reported that a laptop computer which contained personal information of donors was stolen. They have begun the process of notifying 268,000 blood donors who may have had their name and Social Security numbers compromised. Luckily, the information contained on the laptop had been secured through multiple layers of password protection, and access to the information by thieves would require the use of other technologies. Memorial Blood Centers have said that the information on the stolen laptop did not contain any medical information of donors. A hotline has been set up to assist donors who may have questions and that number is 888-333-1491. Anyone with knowledge of this theft is encouraged to call the Minneapolis Police at 612-692-TIPS.
At Duke University in Durham, North Carolina, the Social Security numbers of approximately 1,400 law school applicants may have been exposed when illegal access to a school computer occurred. School officials don't know for sure that the information was accessed, but they are contacting the people who may have been affected as a precaution. The hacker could have possibly gained access to other personal information such as e-mail addresses and passwords created to view the application status of 1,900 current applicants.
Electric service customers of Indianapolis Power and Light may be startled to learn that the private information of 3,000 residential customers was posted online for about four years. The breach occurred between 2003 until November 2007. The personal data that was freely available on the Internet included names, addresses and Social Security numbers of the customers. IPL has set up a hotline for questions about the situation, and concerned people can call 317-261-4845 for more information.
United Healthcare posted the Social Security numbers of doctors at Columbia University's faculty practice on a public Web site. United posted the taxpayer identification numbers, some of which were Social Security numbers, alongside the names of 993 providers at Columbia University who participate in the insurer's network. The list was supposed to be accessible only to Columbia University employees during the current open enrollment period.
More than 500 former University of Florida students might have been put at risk for identity theft after their Social Security numbers were posted on the university's Computing & Networking Services Web site. A news release from the Liberty Coalition, a group that works to preserve the privacy of individuals, said 14 files on the Web site contained "sensitive information" of 534 former University of Florida students, including 415 Social Security numbers. Students who suspect that their Social Security numbers were exposed can do a search at www.ssnbreach.org.
A laptop stolen from an auditing firm contained the personal information of employees from up to 10 businesses, including Springfield-based Ohio Masonic Home Battelle & Battelle LLC has not disclosed the exact number of individuals affected by the theft but Masonic Home officials said information on 600 of its employees was stored in the laptop.
During an investigation at a man's home, police discovered a computer that held about 1.8 million Social Security numbers from the U.S. Department of Veteran Affairs. The man had worked as an auditor at the Veterans Affairs office. Officials have said only 185,000 numbers are at risk because many were repeated in the file.
A.J. Falciani Realty Company of Vineland, New Jersey announced on November 16, 2007 that computers containing the personal information of between 500 and 1,000 clients of A.J. Falciani Realty Company were taken in a burglary. Many of the stolen computers stored the names, addresses, Social Security numbers, dates of birth, telephone numbers and other information on the company's clients.
On November 15, 2007, Roudebush VA Medical Center in Indianapolis, Indiana announced that two personal computers and a laptop had allegedly been stolen from an unsecured room. One of the stolen computers contained the names, Social Security numbers and dates of service of approximately 12,000 veterans.
On November 13, 2007, Commerce Bancorp Inc. revealed that an employee in Cherry Hill, Pennsylvania gave out personal information on an unspecified number of the Cherry Hill Bank's customers. The Bank discovered the breach through an internal investigation and sent letters to the affected customers. The bank does not know if the information included account numbers and Social Security numbers.
On November 7, 2007 it was reported that a paramedic working for Carolinas Medical Center - Northeast in Concord, North Carolina left a laptop on the back bumper of an ambulance and drove away. The lost laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.
Jonathan Murray was fishing in a trash container for boxes in Sarasota, Florida when he found what could have been a thief's dream come true.
He was searching near the trash from a Blockbuster video store and found that the store had discarded completed membership forms and employment applications that included names, addresses, credit card numbers and Social Security numbers.
Murray said, "The sad part is that even after I told Blockbuster about it, I went back the next day to go get some more boxes, and this time I found credit card stuff."
Federal and state officials said no law was broken in the incident, but Florida law requires Blockbuster to inform its customers of the potential data breach.
"There is a statute that requires businesses who maintain records and databases with consumer personal identification to alert them if their information has been breached or hacked," said Sandi Copes, spokeswoman for the attorney general's office. "They do have to reach out to consumers."
Randy Hargrove, a spokesman for Blockbuster Inc. said "According to our corporate policy, documents generated in store, including customer information, must be destroyed when no longer kept on file."
Hargrove said that Blockbuster is conducting its own investigation into the matter and those responsible will be subject to disciplinary action.
Murray has turned the documents over to the Sarasota County Sheriff's Office. It is a very lucky thing that an honest person found these documents and a serious data breach was avoided, this time.
Dixie State College in St. George, Utah has announced that an unauthorized person gained access to college's computer system and gained access to personal information of 11,000 people, which included Social Security numbers, birth date information and addresses for some alumni and current Dixie State College employees.
The incident reportedly took place on September 11 and the college says that no credit card of financial data was accessed.
The compromised files were apparently accessible through an internal Dixie State College search engine for a period of up to 14 months, but it seems that the files were not available through public search engines such as Google or Yahoo!.
Those potentially affected by this data breach are urged to take precautionary measures by monitoring their bank and credit card statements. In addition, individuals are encouraged to request a free copy of their credit report and review it thoroughly and, if necessary, place a fraud alert on their credit.
To further assist, update and provide as much information as possible, Dixie State College has created a Web site dedicated to this issue at www.dixie.edu/idprotect. Dixie State College has also established a toll-free telephone hotline accessible at 1-866-295-3033. Individuals may also e-mail questions and concerns to email@example.com.
Two documents that were inadvertently made publicly accessible by Bates College contained the records of nearly 500 recipients of the federal Perkins Loan. Included in the breached data was each recipient's address, date of birth, Social Security number, legal name and loan amount. The documents were uncovered on the Bates network by The Bates Student on Oct. 13. The files containing all of the information were easily accessed by anyone with a Bates College username and password. The mistake was attributed to the Information and Library Services Office at Bates.
Because this information could be used for identity theft, Maine statute 1346 known as "the Notice of Risk to Personal Data Act," which was enacted this past spring, requires Bates to notify the affected students that their personal data has been potentially breached.
A Federal Perkins Loan is a need-based student loan provided by the U.S. Department of Education with a fixed interest rate of five percent. Loan limits for undergraduates are $4,000 per year with a lifetime maximum loan of $20,000.
The restaurant chain Not Your Average Joe's in Massachusetts issued a statement that said that its restaurants have been targeted by one or more people who were seeking to illegally obtain the credit card data of the restaurant's customers. The chain said that an external investigation into the matter was ongoing.
The company's statement said in part, "The activity occurred largely between early August and late September; there has been no evidence of any fraudulent activity subsequent to September 29. Based on preliminary conversations with the credit card companies, it appears that this issue has impacted significantly fewer than one percent of the nearly 350,000 customers we served during that period. Investigations indicate that no member of the Not Your Average Joe's staff was involved."
Not Your Average Joe's said that the data compromised included credit card numbers, expiration dates and names associated with the cards. The restaurant chain did not offer details about how the data was accessed but has posted a Q&A section on its web site for customers who have questions about the data breach.
Administaff, Inc. of Houston, Texas has said that their current and former workers personal data may be compromised because of a stolen laptop. The data was not encrypted when it was stored on the portable computer, but the computer was password protected. About 159,000 people may now be at risk for identity theft, as data stored on the laptop included names, addresses and Social Security numbers for most employees paid by Administaff during 2006.
Home Depot has announced a data breach affecting 10,000 of their employees. A laptop computer containing employees' personal data was stolen from a regional manager's car. The laptop was password protected and did not contain any information about Home Depot customers. The computer did have the names, home addresses and Social Security numbers of around 10,000 Home Depot employees though.
A major data breach affecting almost all Louisiana college applicants and their parents for the last 9 years has happened. Sensitive personal data was contained in a case lost last month during a move. The personal data included Social Security numbers for applicants and their parents. Bank account information for START account holders was also involved in the data breach. For more information, please contact the Louisiana Office of Student Financial Assistance or visit http://www.osfa.state.la.us/notice.htm
Thousands of University of Cincinnati students and graduates are now at risk for identity theft because their personal information has been stolen. A flash drive that contained the Social Security numbers and other personal information of more than 7,000 people was taken from a University of Cincinnati employee last month.
Two laptops that belonged to a Transportation Security Administration (TSA) contractor, Integrated Biometric Technology, that contained detailed information on 3,930 people have disappeared. The laptops had the names, addresses, birthdays and commercial driver's license numbers, and in some cases Social Security numbers of commercial drivers from across the county who transport hazardous materials. The Social Security numbers for drivers who needed security clearances were the ones contained in the stolen data. Integrated Biometric Technology was advised by the TSA to encrypt the data on its hard drives after it was discovered that previously deleted information on the missing laptops could be recovered.
An unknown hacker remotely accessed an online server at Montana State University. The server contains the personal data, including Social Security numbers and credit card numbers of 1,400 students who enrolled online for MSU Extended University courses. Luckily, the data was encrypted and the university says that it is unlikely that personal information was actually stolen.
King County Transportation Department, in Seattle, Washington has announced that a laptop computer containing the records and personal data of 1,400 current and former employees has been stolen. The employees' names, Social Security numbers and addresses were on the password protected laptop, but the information on the laptop was not encrypted.
Commerce Bank in Wichita, Kansas has reported that a hacker gained access to a database that contains about 3,000 customer records and accessed the data of about 20 customers. The bank says that they are contacting those customers who could have been affected. The hacker was detected quickly, and then denied further access. The incident was reported to law enforcement.
A data breach at Wheels, Inc., the company that provides cars to Pfizer for the use of their sales force, may have exposed the personal data of over 1,800 people, including the spouses and domestic partners of Pfizer employees. After the breach at Wheels, the names, addresses, birth dates and driver's license numbers, but not Social Security numbers of those affected were exposed on the Internet.
Pembroke Schools in Pembroke, Massachusetts, has said that because of a weakness in the school district's computer system, the personal data of anyone who worked or volunteered for the Pembroke Schools in the last four years was accessible via the Internet. The information at was exposed included names, Social Security numbers and birthdates.
Semtech of Camarillo, California has said that a laptop computer and personal belongings were stolen from one of its vendors. Although the computer was not stolen from a Semtech facility, it may have contained computerized data relating to Semtech employees.
Two laptop computers were stolen from the office of a computer science professor at Carnegie Mellon University in Pittsburgh, Pennsylvania. Both of the computers were believed to have contained significant personal identifying data, such as Social Security numbers.
The Massachusetts Division of Professional Licensure has said that the Social Security numbers of about 450,000 licensed professionals were accidentally released. The information was mailed last month to agencies that submitted a public records request for the names and addresses of professionals licensed by the division. The division mailed out 28 computer disks to 23 agencies that use the information as a marketing or promotional tool. The disks would normally contain only the names and addresses of individuals licensed through the Division of Professional Licensure and the Division of Health Professions Licensure. However, another mistake was made and the disks also included Social Security numbers.
The personal data of approximately 800,000 people who applied for jobs at one of Gap, Inc.'s brand stores was contained on a laptop computer which has been stolen. The computer was stolen from the offices of an experienced third-party vendor that manages job applicant data for Gap Inc. The data stolen was that of the people who applied online or by phone for store positions with the company between July 2006 and June 2007. The Social Security numbers of applicants were included in the information on the laptop. For more information and assistance please visit: http://www.gapsecurityassistance.com/.
Voxant customers may be at risk for identity theft because the Voxant online ecommerce store server was reportedly hacked using what appeared to be a typical phishing scheme. The server is separate from the primary business at www.voxant.com. The affected server was immediately taken offline and the offending phishing pages were removed. Customers should be aware that encrypted credit card numbers could have been accessed during the incident. Although the credit card numbers were encrypted, the encryption key was not well protected. The database up through June 19-20 could have been affected, and the data of approximately 4,500 U.S. customers was potentially exposed.
Americhoice, Inc has announced that 67,000 TennCare enrollees are at risk of identity theft after a courier service lost their personal information. The lost information includes names, Social Security Numbers, birthdays and addresses. The company is offering free identity theft protection for those people who were affected at (800) 690-1606.
Gander Mountain has said that a computer potentially containing the credit card information of anyone who had shopped at their Greensburg store has been lost or stolen. The store opened five years ago and the computer could have contained the data of all shoppers at the store since it opened. The company said credit card information for 112,000 customers might have been compromised. That includes 10,000 records with names, card numbers and expiration dates.
The Pennsylvania Public Welfare Department has said that two of their computers containing the mental health histories of more than 300,000 medical-assistance recipients were stolen. The computers were stolen when an office was burglarized. Luckily, the mental health information on the computers identified people by codes and not by name, but the information is still out there. The information was protected by multiple passwords, but the full names and Social Security numbers of nearly 2,000 people were also on the computers.
Purdue University has warned those who were students in the fall of 2004 that information about them was inadvertently posted on the Internet. The information was contained in a document that had the names and Social Security numbers of 111 students of the Animal Sciences 102 class. The page was no longer in use but was on a computer server connected to the Internet. An internal search recently discovered the document and it was reported to the chief information security officer at Purdue University.
McKesson Health, a health care services company in San Francisco, California, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.
De Anza College in Cupertino, California has announced that 4,375 former students might be at risk for identity theft after an instructor's laptop computer, containing students' personal information, was stolen last month. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.
University of South Carolina in Columbia, South Carolina has announced that 1482 files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may have been a computer novice and did not realize that the information could be accessed outside the university system.
On August 29, the Connecticut Department of Revenue Service started notifying taxpayers whose personal information was on an agency laptop that was stolen on August 17. The data breach may cost the state as much as $1 million, depending on how many taxpayers use the free credit monitoring service the department are providing via a third party. The Governor, M. Jodi Rell ordered new security controls over all state laptop computers. Taxpayers can search the Connecticut Department of Revenue website to find out if their personal information was on the stolen computer.
An Ohio Court of Claims judge dismissed a lawsuit brought by two Ohio University graduates against the school for data breaches. The lawsuit only requested the school pay for credit monitoring services for the individuals whose personal data was compromised. The judge said the plaintiffs failed to prove they suffered damages for which they could be compensated. The Attorneys for the University argued that the two students were basing their claims on unsubstantiated fears since no identity theft has been reported as a result of the breaches that occurred in April.
A Maryland Department of the Environment laptop computer was stolen from an employee's car at the end of August. Investigators found the car but they did not recover the stolen laptop. The sensitive data on the computer included individuals licensed by the Board of Well Drillers, Board of Environmental Sanitarians, Board of Waterworks and a database on septic inspectors. The Department notified, by mail, all 10,000 people whose names, addresses and phone numbers were on the stolen laptop.
John Hopkins Hospital experienced a data breach in July but did not notify patients affected until five weeks later. Thieves stole a desktop computer that contained personal information for 5,783 patients. The hospital filed a report with the police department two weeks after the theft occurred. Officials at the hospital delayed making a public announcement about the theft to avoid sabotaging efforts to find the computer.
Gregory Kopiloff was arrested last week and charged with mail fraud, accessing a protected computer without authorization and two counts of aggravated identity theft. According to the Federal charges, he used peer-to-peer (P2P) file-sharing software to steal personal information from other users. Kopiloff allegedly sifted through credit reports and income information from tax returns to determine which users had the best credit so he could have more purchasing power. He used the stolen information to set up fake bank accounts and credit cards in order to buy items worth thousands. So far investigators have identified 83 victims of identity theft by Kopiloff.
A federal grand jury charged three men with stealing credit card numbers and using them to buy 3,200 books of stamps from Seattle-area post offices. They trio purchased almost $24,000 in just a little more than one week's time. The men allegedly used a credit-card reader to imprint stolen credit-card numbers onto retail gift cards. They then were able to use the gift cards just like a credit card to buy books of stamps from postage machines. Investigators suspect they are part of a larger ring of identity thieves.
A laptop was stolen last month from Vista Financial in California, which handles student loan applications for Pennsylvania college students. The laptop contained the names, addresses and social security numbers for 5,200 student loan borrowers from Pennsylvania. PHEAA is providing the borrowers with a free one-year subscription to a credit monitoring service including identity theft insurance.
Yuba County officials were skeptical that the data contained on a laptop computer that was stolen this week would ever be accessed and used fraudulently. The laptop was stolen from Child Support Services in Linda, California and contained birth dates, Social Security numbers and other personal information for 70,000 clients. County officials are in the process of warning everyone, whose personal data was on the laptop, to check their credit and possibly freeze their accounts.
VeriSign current and former employees received a letter recently telling them that a laptop possibly containing their personal information was stolen last month from a VeriSign employee's vehicle. The letter states that the laptop may have contained unencrypted names, birthdates, addresses, phone numbers and Social Security numbers for the employees. Even though the laptop requires passwords to access the information, they are recommending the employees put a "fraud alert" on their credit files. The company offered the employees a free one-year credit monitoring service subscription.
Staffing and personal financial information for 33,000 Merrill Lynch employees may have been contained on a computer stolen from the corporate offices in New Jersey. The brokerage firm announced it would provide free credit monitoring to the employees affected by the data breach. Merrill stated there haven't been any reports of the data being used illegally and that no client data was contained on the computer.
Paris Hilton, Jennifer Lopez, Whitney Houston and Donovan McNabb are on a list of targeted identity theft victims in a case under investigation by the Secret Service and Philadelphia police. Andre Holmes and his alleged accomplice used change of address forms to get their victims mail sent to their homes. The identity theft ring then created fake checks and credit cards with at least 17 and as many as hundreds of victims, including the celebrities mentioned. The pair, who operated out of their home in Northeast Philadelphia, is now in custody while the authorities work on the case.
The IRS and the FBI completed their investigation with the Alabama Attorney General in an identity theft case involving Kwantrice Thornton, a former employee of Electronic Data Systems. Thornton was arrested this week in connection with the Alabama Medicaid agency data breach. Thornton allegedly stole the names and personal information for 498 Medicaid recipients and sold 50 of them to other people. The stolen identity information was then used to file fraudulent federal tax returns.
In July, Disney Movie Club members were notified that an employee of a contractor sold their credit-card information. A federal undercover agent purchased the information from the employee who has since been fired from Alta Resources. A letter from the Disney Movie Club was sent to members detailing the data breach. The number of victims has not been disclosed and the investigation is still ongoing by the Secret Service.
Potentially 580,000 military persons private information may have been stolen in a massive data breach just announced by the military support contractor SAIC. The company transmitted names, addresses, birth dates, health data and Social Security numbers over the web without encrypting the data first. SAIC notified the affected families including Army, Navy, Air Force and Department of Homeland Security personnel. The company says the security problems are fixed now to prevent future breaches.
A laptop containing names, addresses and credit/debit card numbers for Hotel.com was stolen sometime in February. The employee of the travel website's auditor, Ernst and Young Global Ltd., didn't notify Hotels.com until May 3 that his laptop was stolen in February. The computer was stolen in an unnamed Texas City, possibly not too far from Hotel.com's parent company Expedia Inc. The companies notified the approximately 243,000 customers affected by the data breach.
A data breach that has been going on for two years was just discovered by school officials at the University of Virginia. The stolen data included Social Security numbers and other private information about faculty. The hackers entered through the web site that officials said mistakenly contained the instructors' personal information. No students were affected in the breach. The FBI is assisting campus technology experts to make sure the data is secure now.
A $15 backup device for Ohio Department of Commerce was stolen from an intern's vehicle. The device contained personal information on 225,000 taxpayers, 84,000 welfare recipients, 64,000 state employees and others. The department is in the process of sending letters to financial institutions to make them aware of the potential compromise of their customer's accounts. Governor Ted Strickland subsequently issued an executive order which addresses changes in the state's procedures for handling data.
A professor from Texas A&M Corpus Christi reportedly lost a computer flash drive while vacationing in Madagascar, located off the coast of Africa. The device contained personal information on approximately 8,000 students. School officials are not sure exactly which students' data was contained on the device. They believe it included Social Security numbers and birth dates for students enrolled in classes during 2006. Students plan to watch their credit reports for any unusual transactions.
All of the 2007-09 UC Davis student application files were breached when a hacker gained access to the data. The breach was not discovered for the 1,100 students until one tried to set up a campus computer account and was notified that it was already used. Campus officials are working with law enforcement to find out how the computer-security system was bypassed. Letters were sent out to the applicants stating the school would pay for one year of a credit monitoring service.
Fidelity National Information Services Inc. announced that a database administrator for the electronic payment processing company stole and sold customer information. The information included bank and credit card records for possibly more than 2 million customers. The employee sold the information to a data broker who sold it to direct marketers. So far there is no evidence indicating the data was used in any other way. The Secret Service is assisting with the investigation while the company puts the remaining database administrators under close watch.
On May 3 of this year, the Illinois Department of Financial and Professional Regulation discovered a security breach in one of its servers. Up to 300,000 Social Security numbers and other personal data used by real estate brokers, mortgage brokers, loan originators and pawn shop owners was compromised. The department didn't report the data breach until one month later to minimize the impact on the investigation. It appears the breach actually occurred in January of this year. The department is contacting all the licensees and recommending anyone potentially affected by the breach watch their credit reports carefully.
Each and every police officer in Texas may be at risk for identity theft after a laptop containing their personal information was stolen from a Houston software company that maintains the Texas Commission on Law Enforcement records. Approximately, 97,000 law enforcement employees' personal information was contained in the database. Everyone on the list was e-mailed about the theft while the Houston Police department works to find the thieves.
Another northern New Jersey bank security breach occurred at the Columbia Bank in Fair Lawn. The bank issued notices to all the customers affected by the breach that accessed their names and Social Security numbers. There is no further information on exactly how the breach occurred. In 2005, three other banks in New Jersey experienced security breaches. In response to the 2005 data breaches, the state passed one of the toughest identity theft prevention laws in the country.
Two individuals in Davidson County, North Carolina were charged with creating fake alien registration cards and Social Security cards by a federal grand jury. Silvia Hernandez Figueroa and Carlos Conejo Jimenez were originally arrested on May 8 in Lexington after special agents from the Department of State's Diplomatic Security Service and other agencies completed their investigation. This is just one example of small time identity theft that can have a big impact on Americans throughout our country.
During this year's hurricane season, Florida residents are being warned by the state's Attorney General to safeguard their personal documents. Identity thieves seek any opportunity they can find to steal documents that can be sold or used to steal personal data from individuals. During natural disasters, identity thieves can take advantage of residents if they leave their sensitive papers behind when they leave to go to a shelter.
Customers of TJX, parent company of stores across the U.S. and the U.K., may have fallen victim to the largest data theft in history. TJX retailers include TJ Maxx and Marshalls. TJX estimates that credit and debit card information from more than 45 million cards has been stolen, and acknowledges that further investigation may reveal that the number is even higher. Data purchased from the hackers is believed to have been used to purchase Wal-Mart gift cards, which were then used to purchase approximately $1 million worth of jewelry and electronics.
Before the TJX breach, the largest known data theft affected about 40 million consumers. That breach was disclosed by CardSystems in June of 2005.
The Texas Attorney General's office has charged Radio Shack with various violations after state investigators discovered sensitive consumer data in a bin behind the store. According to the Attorney General's office, the records included social security numbers, credit card and debit card information, names, addresses, and telephone numbers of consumers. Radio Shack could face fines of up to $50,000 per violation.
According to InformationWeek, personal e-mail addresses and passwords for hundreds of GMail, MSN and Yahoo members were exposed on the Splash Magazines Worldwide entertainment website. The e-mail addresses and passwords were showing up in Google searches today. The breach may have occurred while password protected pages were open for maintenance by Splash personnel.
On Thursday, California Secretary of State Debra Bowen revealed that Social Security numbers, addresses and signatures for 650,000 Californians on a website operated by the state were available to the public. The information was available at a cost of $6 for each record of a Uniform Commercial Code filing frequently used by banks researching loan data. The website was operating since 2004 and had been accessed 300 times per day. The documents have been removed from the website and will not be returned until the personal information is removed.
The Swedish Urology Group of Seattle notified patients and former patients from up to four years ago that their personal data was stolen. Three external hard drives which contained the patient data were discovered missing from an office at the medical groups headquarters. There was no sign of forced entry and no suspects have been named. The Urology Group is not affiliated with Swedish Medical Center.
A laptop containing personal information on 16,000 Fort Monroe employees was stolen from a personal vehicle. The computer contains the names, payroll data and Social Security numbers for the civilian employees who all work at the U.S. Army Training and Doctrine Command. The army sent letters to each of the employees affected by the data breach. Officials from the Army Criminal Investigation Command along with local police are actively investigating the theft.
Orlando Police are searching for thieves who are stealing computers from businesses in the downtown area. More than 15 companies have reported laptop thefts this year in the city. At one company 11 computers were taken. In some cases the thieves are also stealing credit cards from purses left in the open at the same business. Stolen laptops, whether for personal or business use may contain personal data for a number of people including the owner. This personal data can be used by the thieves themselves or sold to third parties who can use the data to illegally open bank accounts or credit card accounts using the victims' name and social security numbers.
The navy reported a National Guard computer was discovered missing February 23 from inside the San Diego Naval Base. The computer contains identifying information for soldiers who are serving on the border patrol. The specific data breached includes the home addresses and birth dates as well as other information on 1,300 soldiers. The Guard notified the soldiers and recommended they watch their credit card statements and credit reports carefully. Military officials have not determined whether the data was stolen on purposed by data thieves or whether there is some other reason the computer is missing.
A laptop was stolen from the car of an auditor for the Springfield City Schools on February 22. The car was parked in the auditor's home garage at the time of the theft. Personal information for approximately 2,000 current and former employees is on the laptop. Names, social security numbers and payroll information is in the hands of the computer thief. The Ohio school district informed the affected employees by issuing a letter to them indicating there is no reason to believe at this time that their personal information was accessed. The big three credit reporting agencies were also notified of the data breach.
Yet again, WellPoint is notifying members of another data breach. This time, the breach impacts 75,000 members of the WellPoint Empire Blue Cross and Blue Shield health plan of New York. A CD containing the personal data was lost in shipment. It was shipped in January but not found until now. Even though there is no reason to show it was stolen or accessed, the company is sending out letters to the affected members. WellPoint Empire is offering the members one free year of credit monitoring from Equifax. The other data breach occurred last month impacting 196,000 WellPoint members when backup tapes were stolen.
An identity theft ringleader pleaded guilty in federal court on Wednesday to credit card fraud. Claudiu Hotea, a 34 year old Romanian living in Orange County allegedly put card readers on gas stations in Placer County, California and other nearby counties. The reader captured ATM numbers and pins while customers purchased fuel. Hotea made face cards and programmed the numbers so he could use them at ATM machines. He was caught at a casino using multiple cards to make ATM withdrawals. The Assistant United States Attorney Matthew Segal is prosecuting the case with sentencing scheduled for June 14.
Data thieves using the stolen TJX customer information have purchased nearly $8 million in merchandise from Wal-Mart stores. The thieves created dummy gift cards using the customers' credit card information and made purchases at Wal-Mart stores in 50 Florida counties. Employees of Wal-Mart were the first to notice the thieves using multiple gift cards to pay for purchases. Six suspects were arrested and four other warrants were issued in Broward and Dade counties in Florida. The Florida Department of Law Enforcement did not indicate whether these suspects originally stole the data from TJX or purchased it from underground economy servers.
Westerly Hospital in Rhode Island reported a data breach affecting up to 2,000 patients. The social security numbers, birth dates, addresses, phone numbers and insurance data for the patients were posted online. In some cases, medical information was also included in the posting. Federal and local authorities were notified as soon as the hospital learned of the data breach.
Data thieves hacked into the web site of Johnny's Selected Seeds based in Winslow, Maine. The servers are actually located in Kentucky. The data breach resulted in 11,500 credit card numbers stolen. Already, 20 of the cards have been used fraudulently. This appears to be a deliberate attack to steal and use the credit card numbers. The thieves hacked into the company's internal system to learn passwords and other access information then went to the website and stole the credit card data.
Up to 7.800 patients' data is at risk after a Seton Hospital Group laptop was stolen from an Austin, Texas clinic. Security cameras recorded the thief carrying the laptop out of the hospital. Patients who visited the clinic since July 2005 will need to watch carefully for fraudulent use of their personal data. The laptop contained social security numbers and dates of birth for the affected patients.
The College of Denver reported a computer theft from a faculty member's office on February 28. The computer contains the names and Social Security numbers of nearly 1000 former students. The affected students would have been enrolled in this particular instructor's class between 1999 and 2002. The social security numbers should not have been on the computers in the first place. The college is currently completing a project to review the information stored on all college-owned computers.
TD Banknorth has reissued 200,000 credit cards in response to the massive data breach of T.J. Maxx and Marshalls stores. The bank has locations in Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania and Vermont. Supplies of credit cards are actually running out since so many banks are also reissuing cards for their customers also affected by the breach at the Massachusetts-based TJX Company.
The U.S. Bureau of the Census revealed it posted personal information for 302 families on a public website. The data breach occurred for about six months between 2006 and 2007. The personal data posted included names and Social Security numbers. The bureau was using the data to test new software, but ended up using real data as well. The bureau states the employees involved in this mistake will face administrative action.
The New York Department of Labor issued a warning to more than 500 people whose identities have been compromised. Personal information for unemployment claimants was contained on an auditor's computer that was stolen from his car on January 21. The Labor Department mailed letters to the 549 people whose personal identity information was breached. The letter tells the victims to put fraud alerts on their credit accounts and monitor them closely.
More information came was reported this week on the Birmingham, Alabama VA Hospital portable hard drive stolen around January 22. The VA first reported that personal information for 48,000 veterans might have been compromised. Now, the VA reports the drive may have contained personal data, including Social Security numbers on about 535,000 people. Additionally, the drives may also contain billing information for 1.3 million doctors across the nation. The VA will provide a free year of credit monitoring to anyone affected by this data breach.
John Hopkins Hospital reported backup tapes missing last week. The tapes contain personal data on 135,000 employees, retirees and patients. The patient information on the tapes includes name, date of birth and sex but does not contain medical or other personal financial information. However, some of the payroll backup tapes missing did in fact include Social Security numbers and bank account information for current and former employees. The employees are most at risk for identity theft in this situation. The Baltimore, Maryland hospital is hopeful but not positive the tapes were destroyed and not lost.
Personal data for 109 Wisconsin lawmakers was stolen this month from a state employee's car. The data breach included the Social Security numbers on the lawmakers and some aides. The employee had taken some work home, which contained the sensitive data. Madison police are still investigating the data theft but have not released any information related to the case.
CTS Tax Service owner Lotte Kirstein had to call almost 900 customers this week to tell them their personal information was stolen from her office. Someone broke into her shop, located in Jefferson Township, Michigan, on February 2 and stole a computer containing information which could be used by identity thieves. The Cass County Sheriff's Department is urging everyone affected to watch their credit reports closely and even put a credit freeze on their file.
A laptop containing the medical data and other personal information on over 1000 patients was stolen from the Salina Regional Health Center in Salina, Kansas in early January. The hospital sent out letters to the patients whose data was on the missing computer. The letter advises the patients to notify their financial institutions about the data breach.
Vanguard University of Southern California sent out letters to 10,000 students last month notifying them about a data breach that occurred in the university's financial aid department. Officials noticed a computer was missing from the department on January 16. The computer stored Federal Applications for Federal Student Aid, which contains tax and earnings information as well as social security numbers for students and parents.
Eastern Illinois University Fraternity and Sorority members are at risk for identity theft. A data breach occurred when someone stole a computer from a building on the campus last month. Social Security numbers, birth dates and addresses for 1,400 students was among the personal data stored on the computer. A university spokesperson from the Charlotte, Illinois campus said there have been no reports of misuse of the stolen data at this point.
Nora J. Carpenter, the executive director of the Better Business Bureau of Southwest Idaho and Eastern Oregon issued a scam alert regarding identity thieves targeting consumers at the gym. The alert states police are finding a pattern of credit card theft from health club patrons in Western States. The identity thieves are working in groups of four to six people. They enter the club and steal the credit cards from lockers, bags or backpacks of club members.
Another identity theft scam is targeting taxpayers. Identity thieves send out an e-mail that appears to be from the Internal Revenue Service (IRS). The e-mail says it is informing the taxpayer about an e-audit and asks the receiver to respond with their social security number and other identify information. The IRS does not send e-mails to taxpayers and anyone who receives such an e-mail should call 1-800-829-1040.
The U.S. Department of Veterans Affairs is conducting its own investigation of a missing portable hard drive containing personal data on possibly 48,000 veterans. The drive was reported missing from the Birmingham VA Medical Center on January 22. The Inspector General of the VA's office notified the FBI one day after learning of the data breach. Rep. Spencer Bachus (R-Alabama) said he initially heard that of the 48,000 records, up to 20,000 are not encrypted.
Kansas City officials admitted that 26 computer tapes from the Internal Revenue Service are missing. The tapes, which contain taxpayer data, were delivered to City Hall in August. The IRS is not revealing how many taxpayer records are on the tapes nor what type of information may be included in the records. The Treasury Department is continuing the investigation and has not notified any specific taxpayers yet.
Xerox company employees are upset not only because their personal and financial data was on a laptop stolen from the company. They are complaining that the company did not disclose the data breach to employees until December, four months after it was first discovered. The company offered free-credit monitoring, but employees contend it's a little late for it.
Another data breach occurred at the Chicago Board of Elections as 100 computer discs containing 1.3 million Chicago voter's personal information were inadvertently distributed to city alderman and ward committeemen. At least six of the discs are completely unaccounted for. The discs contain voters' social security numbers, birth dates and addresses-the perfect formula for identity theft.
A Minnesota real estate broker is charged with stealing identities and $3 million from her clients. Ida Mae James, 35, faces 15 felony counts of identity theft. Hennepin County investigators found James forged client names to file fake loans and purchased properties in the victim's names but did not pay the mortgages. Her victims trusted her, especially since she met many of them at a Pentecostal church where her father-in-law is the bishop. The scariest part of this case is the fact that she still has her real estate license and is not in custody while her trial is pending.
The Federal Trade Commission (FTC) just announced that ChoicePoint Inc. would pay $15 million to settle charges for failing to protect consumer's personal data. This is the largest civil penalty related to data security in the history of the FTC. As part of the settlement, the data warehouser is required to set up a $5 million fund those consumers who were victims of identity theft related to these charges. The data breach occurred almost a year ago when ChoicePoint sold personal data for 163,000 consumers to a crime ring.
News of the data breach at the Women Infants and Children program in Wahiawa, Hawaii is the last thing 11,500 families enrolled or previously enrolled in the low-income program want to hear. Already three families are confirmed victims of identity theft that was caused by this data breach. A Health Department employee allegedly stole information from a client database. This case is raising questions about how personal information is stored in other government offices in Hawaii.
The personal data of approximately 79,000 MoneyGram customers was compromised when hackers accessed the company's server last month. The money-transfer company issued a statement notifying the public that names, addresses, telephone numbers and bank account numbers may have been accessed. The Minneapolis-based company is offering one year of free credit monitoring services for any customers affected by the data breach.
Consumers who used their credit cards to purchase items from T.J. Maxx or Marshalls in 2003 or between May and December of 2006 may be at risk for identity theft. TJX Companies announced Wednesday that hackers accessed its computer system late last year. TJX did not disclose how many customers' accounts were exposed in the data breach, but the Wall Street Journal reported that 40 million cards might be affected.
Fitchburg Savings Bank in Worcester County Massachusetts deactivated 1,300 debit-ATM cards on Wednesday after Visa USA notified the bank of a data breach that may have included its check cards. At this point, none of the cards were used by data thieves and the bank is replacing all of them. It was later discovered these accounts were related to the TJX data breach impacting T.J. Maxx and Marshalls customers.
A Charleston, South Carolina homebuilder sent letters to 2,700 people on Friday warning them to monitor their credit reports after one of the company's computers was stolen. KB Home reported a computer was stolen from their sales office on December 30. The computer contained the personal information of anyone who had visited the Foxbank Plantation new home community near Charleston.
Credit card data for 500 California water customers was stored on two computers stolen from the Rincon del Diablo Municipal Water District on Tuesday. Burglars broke through a glass wall to steal one computer from the customer service department and the other from the engineering department. Customers' names and credit card numbers are on the customer services computer.
Data on 30,000 North Carolina taxpayers was on a laptop computer that was stolen from the car of a North Carolina Department of Revenue employee last month. The department issued letters to everyone affected by the data breach. The computer contained social security numbers and the tax debt amounts owed to the state for the taxpayers.
The FBI and the Dallas Police Computer Crimes Squad are investigating an attempted data breach on the University of Texas at Dallas network. According to the Information Resources department at the university, the personal information of 6,000 applicants, students, faculty and staff was potentially exposed by a weakness in the computer network. In December, department staff noticed activities similar to an Internet "bot" which is an automated computer program searching and scanning large amounts of information on private networks.
As many as 331,000 University of Idaho alumni, donors, employees and students are at risk for identity theft. Approximately 70,000 social security numbers, names and addresses were on the three desktop computers found missing from the university's Advancement Services office over Thanksgiving weekend. Officials planned to notify everyone whose personal data may have been exposed. Anyone who thinks they may be affected by this data breach can call the hotline at 1-866-351-1860 or go to the website www.identityalert.uidaho.edu established by the university.
An arrest was made in New York for the theft of five laptop computers that contained the personal data of up to 18,000 past and present employees of Altria, which is the parent company of Kraft Foods and Philip Morris. The laptops were stolen form the offices of Towers Perrin, a benefit consulting company used by Altria. Altria and Towers Perrin chose to wait to inform the affected employees until after the arrest was made on December 28 even though the computers were stolen back in November. Towers Perrin stated in the letter that they had no indication of misuse of any personal information contained in the data breach.
Moneygram International Inc. is the latest company to experience a data breach in which hackers accessed personal customer data. The data breach occurred on Friday, when a hacker accessed the company's server via the internet. The second largest money transfer company, based in Minneapolis, is notifying the 79,000 customers who may be affected by this data breach and at risk for identity theft.
In an identity theft case investigated by the Naval Criminal Investigative Service, the U.S. Postal Inspection Service and the FBI, two navy men and a civilian were charged in an identity theft scheme whereby they stole more than $83,000 from one person's home equity account with and cashed $40,000 in credit card convenience checks from another person. Both identity thefts were committed when the thieves used personal information stolen from mail receptacles to pose as the victims in phone conversations with the victims' banks and credit card carriers.
Notre Dame University employees recently learned that their personal information might be at risk in the hands of identity thieves. A laptop was reported stolen from by university's director sometime before Christmas. Notre Dame employees were notified of the data breach by letter on January 2. The letter stated the stolen laptop contained their social security numbers and salary information. Officials at the university, located just northeast of South Bend, Indiana suggested the affected employees monitor all activity on their personal accounts.
Portland, Oregon prosecutors reached a plea bargain with an identity theft ringleader who stole credit cards from a pastor's office and wallets from parent's coats in a closet at a preschool music classroom. Carol Crane committed identity theft affecting 80 people and totaling $150,000 in losses. The 43-year-old woman pleaded guilty to a federal charge of bank fraud and agreed to a sentence of 100 months in prison.
University of Northern Iowa students, faculty and staff were notified about a security breach in the Wellness/Recreation Center computer that stores their names, addresses and phone numbers. Steve Moon, the associate vice president for information technology at the college in Cedar Falls, called the breach "pretty typical". He said someone outside of the university stored thousands of music files in the same place as the users' data. Fortunately, the database no longer contained social security numbers, which would have made this data breach much worse.
Identity thieves are stealing debit card information from victims in southeast Volusia County, Florida. Nearly 400 people have reported unauthorized transactions on their debit card accounts since December 15. Police believe the identity thieves are using a skimmer which copies and stores data from a debit card's magnetic strip. The thieves are using the data to make purchases in the Las Vegas area. The Secret Service is working with authorities in both Florida and Nevada to try to catch the thieves.
Emory University in Atlanta, Georgia, had to notify 38,000 cancer patients that a computer holding their personal information was stolen. Emory contacts with Electronic Registry Systems in Cincinnati where the computer was actually located and stolen on November 23. While security on the computer was double password-protected, it did contain social security numbers, medical data and treatment information along with the names and addresses of the cancer patients. Patients were notified and urged to put a fraud alert on their credit reports.
Names, Social Security numbers and other data for 42,000 New York City employees were contained in a computer stolen during a burglary at Concentra Preferred Systems in Massachusetts. The data was actually on tapes that Concentra maintains for Group Health Insurance Inc., the company that provides health insurance for the city employees. GHI spokesperson Ilene Margolin indicated that it was highly unlikely the data could be retrieved without commercial equipment equipped with special software.
Bank of America officials notified Charleston, South Carolina customers in writing that their personal data might have been stolen. The region's largest financial institution, indicated the data breach contained social security numbers, names, addresses and telephone numbers of certain customers. Law enforcement is working closely with the bank to investigate the data breach. The company did not indicate how many customers were affected by the data theft.
Santa Clara County's employment agency reported a stolen computer last week. The computer contained social security and other information for 2,500 jobseekers. Security alarms were not functioning while electrical work was being done at the construction site where the computers were stolen.
Pima County, Arizona sheriffs arrested five alleged heavy methamphetamine users involved in an identity theft ring targeting current and former Raytheon employees. Personal information from about 40 people was stolen and used to open credit card accounts online. Employees brought the issue to Raytheon managers who then notified police. The identity thefts have netted more than $100,000 so far for Raytheon employees.
A report analyzing lost and stolen Census Bureau computer data equipment was just released by the House Government Reform Subcommittee on Federalism and the Census. The report concludes that the bureau's leadership failed to comply with its duties outlined in the Census Bureau's Strategic Plan for FY 2006-10. Secretary Carlos Gutierrez of the Commerce Department originally reported that 1,137 laptops, 46 thumb drives and 16 handheld computers had been lost or stolen since 2001.
Pennsylvania state officials from the transportation department told reporters at a news conference Thursday that a major data breach occurred at the driver's license center in Dunsmore. Thieves stole a camera, printer and card stock which would enable them to make 750 fake drivers licenses. The same thieves also stole two computers with identity data of 11,384 Pennsylvania drivers. The stolen personal information included names, addresses, birthdates, partial social security numbers and drivers license numbers for the Pennsylvania drivers.
A skilled computer hacker accessed a restricted database at UCLA that contained names and personal information of 800,000 current and former students and staff members. Information for applicants and the parents of applicants was also stored in the database. School officials informed those affected and urged anyone who thinks they were victim of identity theft due to this breach to call the FBI immediately. Identity theft victims can contact the FBI's Internet Crime Complaint Center.
Boeing fired the employee whose laptop containing personal information on 382,000 current and former employees was stolen when he left it unattended. Two other Boeing computers containing sensitive personal information were stolen in the last 13 months. Boeing will provide three years of credit-monitoring services for anyone affected by this recent data breach.
Cincinnati-based Electronic Registry Systems reported a computer stolen which contained Geisinger Health System patient information including names, addresses, social security numbers and medical record numbers. The health system is using AIG insurance coverage to protect any of the patients affected by identity theft caused by this data breach.
Massachusetts's regulators reached a settlement with Ameriprise Financial Inc. regarding the company's loss of a laptop computer on December 24, 2005. The laptop contained personal and financial information for more than 200,000 people including thousands of Massachusetts' residents. The financial planning company, based in Minneapolis, Minnesota did not admit to wrongdoing or liability under the settlement but agreed to hire an independent consultant to review its policies and procedures for security related to laptops containing sensitive information.
Thieves stole a lockbox from Concentra Preferred Systems in Dayton, Ohio. The lockbox contained personal information for 130,000 Aetna health insurance members. Aetna will offer members who might be affected by the data breach free credit monitoring service to guard against identity theft.
An actual printout of 21,000 students' personal information disappeared from a Student Activities Office desk at the Nassau Community College in Garden City, New York. The printout contained social security numbers, addresses and phone numbers for 21,000 students. The college is offering to pay for enrollment fees in a credit-monitoring service for anyone on the list who might be exposed to identity theft.
Starbucks recently admitted two laptops with personal data of 60,000 employees and contractors were missing for two months. Starbucks knew about the missing laptops since September but chose not to report the theft to the public until now. The computers were stolen from the coffee company's headquarters in Seattle, Washington along with two other laptops containing undisclosed data. The company sent letters to those affected to tell them about the data breach and offer them free credit-protection services to guard against identity theft.
Another data breach occurred in Puget Sound last month when the Port of Seattle reported missing CDs. The disks contained personal identity information for 7000 employees working at Sea-Tac Airport. The information included date of birth, Social Security number, driver's license number, address, phone number, employer, height and weight for the employees. The Port of Seattle is putting safeguards in place to ensure all personal data is secure and all employees who handle the data are trained to use the highest standard of privacy protection.
Akron Children's Hospital finally notified 230,000 patients that their personal data was stolen nearly two months after a security breach was discovered. Hackers broke through the hospital network's firewall and obtained patient records including Social Security and bank account numbers. The FBI is currently investigating the Ohio hospital's data breach case that puts both the patients and their families at risk for identity theft.
An apparent security breach at the Wesco gas station and convenience store in Muskegon, Michigan has impacted several financial institutions and thousands of customers. MasterCard notified the banking companies of the fraudulent identity theft transactions. The banking companies quickly canceled any credit or debit cards used at Wesco between July 25 and September 7. The U.S. Secret service is investigating the data breach case that experts speculate may have involved a point-of sale system connected to an IP-based network which could be vulnerable to hackers.
Connors State College officials in Warner, OK are still trying to determine whether thousands of college student's personal information was used illegally. The Social Security numbers for 22,500 students was stored on a laptop which was stolen and recovered. Computer experts are not able to determine if any of the information on the computer was actually accessed. The school is encouraging students to check their credit report and review their bills for unauthorized charges.
Approximately 25,000 guns permit records were exposed on the internet in September. The Social Security numbers, names and addresses of gun holders were mistakenly published on the web. The contractor who designed the web-based computer records program may be responsible for this data breach at the Berks County Sheriff's office in Pennsylvania.
When retailer Gymboree reported three stolen laptops to San Francisco police recently, they weren't satisfied with the response. Police explained to Gymboree personnel that the police rarely recover stolen computer hardware. Gymboree officials, unsatisfied with this response, hired a private investigator to look into the theft. The private investigator is working with the San Francisco police department on the case. In the meantime, Gymboree sent letters informing nearly 20,000 employees that their personal data was stolen. The company is also providing free credit monitoring to the employees most at risk for identity theft.
LimeWire file sharing service users will need to monitor their credit reports carefully since investigators arrested a person hacking into the system. The hacker stole information directly from the LimeWire users' computers including bank account information and bill paying records. The police investigating the case found information for 75 people and businesses from multiple states. The Denver DA is recommending that people who use any file-sharing program review their computer security or delete the file sharing software off their computer.
The next generation of credit cards uses radio waves instead of swipe machines in an effort to make paying for purchases easier for consumers. Unfortunately, these credit card holders are more susceptible to identity theft. The cards may end up making it much easier for thieves to steal credit card numbers as consumers wait in line at a store to pay for their purchase. The cards can be read from a distance without card owner ever knowing his card number was stolen. Two computer scientists from the University of Massachusetts bought a radio-wave card reader online and proceeded to test its range. The pair was able to read credit cards in people's wallets and even one in an unopened piece of mail. The data they retrieved included the credit card number, name and expiration date.
Social Security recipients are the latest victims of an identity theft scam. An e-mail is being sent telling people that their social security records need to be confirmed. The reader is then sent to a fake website that looks like the real Social Security web site. Then he or she is asked to confirm personal information including bank account numbers, credit card numbers, pins and social security number. The Social Security Administration has stated that this e-mail is not from their office and that consumers should not disclose their personal information over the internet or the phone.
Minneapolis-St. Paul women who were provided in home care by Allina nurses for their high risk pregnancies are now a high risk for identity theft. One of the nurses working for the Allina Hospitals and Clinics found her laptop stolen from her car while she entered a lab to drop off a specimen. Hospital officials estimate that the social security numbers of 14,000 women were on the laptop. The hospital chose to notify nearly 28,000 women just to be on the safe side. Effective immediately, the hospital will not store social security numbers on laptops anymore.
Some 260,000 Indiana and Illinois residents are just now finding out that their personal data, including social security numbers, was compromised in July when a medical records error occurred at Sisters of St. Francis Health Services Inc. Hospital officials contacted customers to tell them that their personal data was downloaded to CDs and misplaced for three days. Most likely, no one accessed this information since the next person to come in contact with the CDs was a Presbyterian minister who notified the hospital immediately once he realized what he had found. However, many of the people affected by this data breach are concerned about how the hospital could allow this to happen and why it took so long for the hospital to publicly disclose it.
A report commissioned by the House Committee on Government Reform shows that data was lost or stolen in 788 separate incidents. The US Treasury is at fault for 43 percent of the government's data breaches. Nearly all of the incidents were not reported to anyone until the House committee requested the information and issued the Agency Breach Summary report. The House committee decided to survey all the agencies after a computer containing the personal information of 26.5 million veterans was stolen from a Veterans Affairs employee.
The names and social security numbers of 4624 people were erroneously posted online by the Florida Labor department. The department did not discover the posting, which was uploaded last month, until a man performing a search of his name discovered the data online. While the information was not linked to any website, the agency still sent out letters notifying the more than 4600 jobseekers about the data breach.
University of Texas at Arlington is advising 2500 students that their social security numbers and grades were on two computers that were stolen from an instructor's home. The data theft affects current and former computer science and engineering students from the Texas University.
Residents of Camp Pendleton had their personal data compromised this week when a computer was stolen from Lincoln BP Management, the company that manages the housing units at the base in California. Lincoln is trying to coordinate with Equifax to monitor the credit records of the 2400 people affected by the theft.
The names, addresses, driver's license numbers and pictures of 2200 North Kitsap residents were on a data storage device that is missing. The Department of Licensing notified the people affected that they should beware of "phishing" scams such as someone posing as the Washington Department of Licensing employees calling to verify their personal information.
A Denver doctor was evicted from his office this week and some patient documents with social security numbers were put out in the parking lot. It is not known how many patients were affected by this incident. One patient contacted local, state and federal agencies to determine whether her personal information was safe or not.