DATE MADE PUBLIC

NAME (Location)

TYPE OF BREACH

NUMBER

Feb. 15, 2005

ChoicePoint
(Alpharetta, GA)

Bogus accounts established by ID thieves

145,000

Feb. 25 , 2005

Bank of America
(Charlotte, NC)

Lost backup tape

1,200,000

Feb. 25, 2005

PayMaxx
(Miramar, FL)

Exposed online

25,000

March 8, 2005

DSW/Retail Ventures
(Columbus, OH)

Hacking

100,000

March 10, 2005

LexisNexis
(Dayton, OH)

Passwords compromised UPDATE (06.30.06): Last week, five men were arrested in connection with this breach.

32,000

March 11, 2005

Univ. of CA, Berkeley
(Berkeley, CA)

Stolen laptop

98,400

March 11, 2005

Boston College
(Boston, MA)

Hacking

120,000

March 12, 2005

NV Dept. of Motor Vehicle

Stolen computer, later recovered.

[8,900]
Not included
in total below

March 20, 2005

Northwestern Univ.
(Evanston, IL)

Hacking

21,000

March 20, 2005

Univ. of NV., Las Vegas
(Las Vegas, NV)

Hacking

5,000

March 22, 2005

Calif. State Univ.
(Chico, CA)

Hacking

59,000

March 23, 2005

Univ. of CA.
(San Francisco, CA)

Hacking

7,000

March 28, 2005

Univ. of Chicago Hospital
(Chicago, IL)

Dishonest insider

Unknown

April ?, 2005

Georgia DMV

Dishonest insider

465,000

April 5, 2005

MCI
(Ashburn, VA)

Stolen laptop

16,500

April 8, 2005

Eastern National

Hacker

15,000

April 8, 2005

San Jose Med. Group
(San Jose, CA)

Stolen computer

185,000

April 11, 2005

Tufts University
(Boston, MA)

Hacking

106,000

April 12, 2005

LexisNexis
(Dayton, OH)

Passwords compromised
UPDATE (06.30.06): Last week, five men were arrested in connection with this breach.

Additional
280,000

April 14, 2005

Polo Ralph Lauren/HSBC
(New York, NY)

Hacking

180,000

April 14, 2005

Calif. Fastrack

Dishonest Insider

4,500

April 15, 2005

CA Dept. of Health Services

Stolen laptop

21,600

April 18, 2005

DSW/ Retail Ventures
(Columbus, OH)

Hacking

Additional
1,300,000

April 20, 2005

Ameritrade
(Bellevue, NE)

Lost backup tape

200,000

April 21, 2005

Carnegie Mellon Univ.
(Pittsburg, PA)

Hacking

19,000

April 26, 2005

Mich. State Univ's Wharton Center

Hacking

40,000

April 26, 2005

Christus St. Joseph's Hospital
(Houston, TX)

Stolen computer

19,000

April 28, 2005

Georgia Southern Univ.

Hacking

"tens of
thousands"

April 28, 2005

Wachovia,
Bank of America,
PNC Financial Services Group and
Commerce Bancorp

Dishonest insiders

676,000

April 29, 2005

Oklahoma State Univ.

Missing laptop

37,000

May 2, 2005

Time Warner
(New York, NY)

Lost backup tapes

600,000

May 4, 2005

CO. Health Dept.

Stolen laptop

1,600
(families)

May 5, 2005

Purdue Univ.
(West Lafayette, IN)

Hacking

11,360

May 7, 2005

Dept. of Justice
(Washington, D.C.)

Stolen laptop

80,000

May 11, 2005

Stanford Univ.
(Stanford, CA)

Hacking

9,900

May 12, 2005

Hinsdale Central High School
(Hinsdale, IL)

Hacking

2,400

May 16, 2005

Westborough Bank
(Westborough, MA)

Dishonest insider

750

May 18, 2005

Jackson Comm. College
(MI)

Hacking

8,000

May 18, 2005

Univ. of Iowa

Hacking

30,000

May 19, 2005

Valdosta State Univ.
(GA)

Hacking

40,000

May 26, 2005

Duke Univ.
(Durham, NC)

Hacking

5,500

May 27, 2005

Cleveland State Univ.
(Cleveland, OH).

Stolen laptop
Update 12/24: CSU found the stolen laptop

[44,420]
Not included
in total below

May 28, 2005

Merlin Data Services
(Kalispell, MT)

Bogus acct. set up

9,000

May 30, 2005

Motorola

Computers stolen

Unknown

June 6, 2005

CitiFinancial

Lost backup tapes

3,900,000

June 10, 2005

Fed. Deposit Insurance Corp. (FDIC)

Not disclosed

6,000

June 16, 2005

CardSystems

Hacking

40,000,000

June 17, 2005

Kent State Univ.

Stolen laptop

1,400

June 18, 2005

Univ. of Hawaii

Dishonest Insider

150,000

June 22, 2005

Eastman Kodak

Stolen laptop

5,800

June 22, 2005

East Carolina Univ.

Hacking

250

June 25, 2005

Univ. of CT (UCONN)

Hacking

72,000

June 28, 2005

Lucas Cty. Children Services (OH)

Exposed by email

900

June 29, 2005

Bank of America

Stolen laptop

18,000

June 30, 2005

Ohio State Univ. Med. Ctr.

Stolen laptop

15,000

July 1, 2005

Univ. of CA, San Diego

Hacking

3,300

July 6, 2005

City National Bank

Lost backup tapes

Unknown

July 7, 2005

Mich. State Univ.

Hacking

27,000

July 19, 2005

Univ. of Southern Calif. (USC)

Hacking

270,000
possibly accessed; "dozens"exposed

July 21, 2005

Univ. of Colorado-Boulder

Hacking

42,000

July 30, 2005

San Diego Co. Employees Retirement Assoc.

Hacking

33,000

July 30, 2005

Calif. State Univ., Dominguez Hills

Hacking

9,613

July 31, 2005

Cal Poly-Pomona

Hacking

31,077

Aug. 2, 2005

Univ. of Colorado

Hacking

36,000

Aug. 9, 2005

Sonoma State Univ.

Hacking

61,709

Aug. 9, 2005

Univ. of Utah

Hacking

100,000

Aug. 10, 2005

Univ. of North Texas

Hacking

39,000

Aug. 17, 2005

Calif. State University, Stanislaus

Hacking

900

Aug. 19, 2005

Univ. of Colorado

Hacking

49,000

Aug. 22, 2005

Air Force

Hacking

33,300

Aug. 27, 2005

Univ. of Florida, Health Sciences Center/ChartOne

Stolen Laptop

3,851

Aug. 30, 2005

J.P. Morgan, Dallas

Stolen Laptop

Unknown

Aug. 30, 2005

Calif. State University, Chancellor's Office

Hacking

154

Sept. 10, 2005

Kent State Univ.

Stolen computers

100,000

Sept. 15, 2005

Miami Univ.

Exposed online

21,762

Sept. 16, 2005

ChoicePoint 
(2nd notice, see 2/15/05 for 145,000)
(Alpharetta, GA)

ID thieves accessed; also misuse of IDs & passwords.

9,903

Sept. 17, 2005

North Fork Bank, NY

Stolen laptop (7/24/05) with mortgage data

9,000

Sept. 19, 2005

Children's Health Council, San Jose CA

Stolen backup tape

5,000 - 6,000

Sept. 22, 2005

City University of New York

Exposed online

350

Sept. 23,
2005

Bank of America

Stolen laptop with info of Visa Buxx users (debit cards)

Not disclosed

Sept. 28, 2005

RBC Dain Rauscher

Illegitimate access to customer data by former employee

100+ customers' records compromised out of 300,000

Sept. 29, 2005

Univ. of Georgia

Hacking

At least 1,600

Oct. 12, 2005

Ohio State Univ. Medical Center

Exposed online. Appointment information including SSN, DOB, address, phone no., medical no., appointment reason, physician.

2,800 

Oct. 15, 2005

Montclair State Univ.

Exposed online

9,100

Oct. 21, 2005

Wilcox Memorial Hospital, Hawaii

Lost backup tape

130,000

Nov. 1, 2005

Univ. of Tenn. Medical Center

Stolen laptop

3,800

Nov. 4, 2005

Keck School of Medicine, USC

Stolen computer

50,000

Nov. 5, 2005

Safeway, Hawaii

Stolen laptop

1,400 in Hawaii, perhaps more elsewhere

Nov. 8, 2005

ChoicePoint
(Alpharetta, GA)

Bogus accounts established by ID thieves. Total affected now reaches 162,000
(See Feb. 15 & Sept. 16)

17,000 more

Nov. 9, 2005

TransUnion

Stolen computer

3,623

Nov. 11, 2005

Georgia Tech
Ofc. of Enrollment Services

Stolen computer,
Theft 10/16/05

13,000

Nov. 11, 2005

Scottrade Troy Group

Hacking

Unknown

Nov. 19, 2005

Boeing

Stolen laptop with HR data incl. SSNs and bank account info.

161,000

Dec. 1, 2005

Firstrust Bank

Stolen laptop

100,000

Dec. 1, 2005

Univ. of San Diego
(San Diego, CA)

Hacking. Faculty, students and employee tax forms containing SSNs

7,800

Dec. 2, 2005

Cornell Univ.

Hacking. Names, addresses, SSNs, bank names and acct. numbers.

900

Dec. 6, 2005

WA Employment Security Dept.

Stolen laptop. Names, SSNs and earnings of former employees.

530

Dec. 12, 2005

Sam's Club/Wal-Mart

Exposed credit card data at gas stations.

Unknown

Dec. 16, 2005

La Salle Bank, ABN AMRO Mortgage Group

Backup tape with residential mortgage customers lost in shipment by DHL, containing SSNs and account information.
Update 12/20: DHL found the lost tape

[2,000,000]
Not included in total below.

Dec. 16, 2005

Colorado Tech. Univ.

Email erroneously sent containing names, phone numbers, email addresses, Social Security numbers and
class schedules.

1,200

Dec. 20, 2005

Guidance Software, Inc.

Hacking. Customer credit card numbers

3,800

Dec. 22, 2005

Ford Motor Co.

Stolen computer. Names and SSNs of current and former employees.

70,000

Dec. 25, 2005

Iowa State Univ.

Hacking. Credit card information and Social Security numbers.

5,500

Dec. 28, 2005

Marriot International

Lost backup tape. SSNs, credit card data of time-share owners

206,000

Late Dec.

Ameriprise

Stolen laptop containing names and Social Security numbers and in some cases, Ameriprise account information.

Unknown

2005
[Exact Date Unknown]

Dept. of Veterans Affairs
(Washington, D.C.)

A laptop being stored in the trunk of a car was stolen in Minneapolis, Minnesota. 2 people later reported identity fraud problems.

66

Jan. 1, 2006

University of Pittsburgh Medical Center, Squirrel Hill Family Medicine

6 Stolen computers. Names, Social Security numbers, birthdates

700

Jan. 2, 2006

H&R Block

SSNs exposed in 40-digit number string on mailing label

Unknown

Jan. 9, 2006

Atlantis Hotel - Kerzner Int'l

Dishonest insider or hacking. Names, addresses, credit card details, Social Security numbers, driver's licence numbers and/or bank account data.

55,000

Jan. 12, 2006

People's Bank

Lost computer tape containing names, addresses, Social Security numbers, and checking account numbers.

90,000

Jan. 17, 2006

City of San Diego, Water & Sewer Dept.
(San Diego, CA)

Dishonest employee accessed customer account files, including SSNs, and committed identity theft on some individuals.

Unknown

Jan. 20, 2006

Univ. Place Conference Center & Hotel, Indiana Univ.

Hacking. Reservation information including credit card account number compromised.

Unknown

Jan. 21, 2006

California Army National Guard

Stolen briefcase with personal information of National Guardsmen including a "seniority roster," Social Security numbers and dates of birth.

"hundreds of officers"

Jan. 23, 2006

Univ. of Notre Dame

Hackers accessed Social Security numbers, credit card information and check images of school donors.

Unknown

Jan. 24, 2006

Univ. of WA Medical Center

Stolen laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data.

1,600

Jan. 25, 2006

Providence Home Services (OR)

Stolen backup tapes and disks containing Social Security numbers, clinical and demographic information. In a small number of cases, patient financial data was stolen.

365,000

Jan. 27, 2006

State of RI web site (www.RI.gov)

Hackers obtained credit card information in conjunction with names and addresses.

4,117

Jan. 31, 2006

Boston Globe and The Worcester Telegram & Gazette

Inadvertently exposed. Credit and debit card information along with routing information for personal checks printed on recycled paper used in wrapping newspaper bundles for distribution.

240,000 potentially exposed

Feb. 1, 2006

Blue Cross and Blue Shield of North Carolina

Inadvertently exposed. SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan.

600

Feb. 4, 2006

FedEx

Inadvertently exposed. W-2 forms included other workers' tax information such as SSNs and salaries.

8,500

Feb. 9, 2006

Unknown retail merchants, apparently OfficeMax and perhaps others.

Hacking. Debit card accounts exposed involving bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo).
[3/13/06 Crime ring arrested.]

200,000, although total number is unknown.

Feb. 9, 2006

Honeywell International

Exposed online. Personal information of current and former employees including Social Security numbers and bank account information posted on an Internet Web site.

19,000

Feb. 13, 2006

Ernst & Young
(UK)

Laptop stolen from employee's car with customers' personal information including Social Security numbers.

38,000 BP employees in addition to Sun, Cisco and IBM employees.

Feb. 15, 2006

Dept. of Agriculture

Inadvertently exposed Social Security and tax identification numbers in FOIA request.

350,000

Feb. 15, 2006

Old Dominion Univ.

Exposed online. Instructor posted a class roster containing names and Social Security numbers to a web site.

601

Feb. 16, 2006

Blue Cross and Blue Shield of Florida

Contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.

27,000

Feb. 17, 2006

Calif. Dept. of Corrections, Pelican Bay
(Sacramento, CA)

Inmates gained access to files containing employees' Social Security numbers, birth dates and pension account information stored in warehouse.

Unknown

Feb. 17, 2006

Mount St. Mary's Hospital (1 of 10 hospitals with patient info. stolen)
(Lewiston, NY)

Two laptops containing date of birth, address and Social Security numbers of patients was stolen in an armed robbery in the New Jersey.

17,000

Feb. 18, 2006

Univ. of Northern Iowa

Hacking. Laptop computer holding W-2 forms of student employees and faculty was illegally accessed.

6,000

Feb. 23, 2006

Deloitte & Touche (McAfee employee information)

External auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee employees.

9,290

Mar. 1, 2006

Medco Health Solutions
(Columbus, OH)

Stolen laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories.

4,600

Mar. 1, 2006

OH Secretary of State's Office

SSNs, dates of birth, and other personal data of citizens routinely posted on a State web site as part of standard business practice.

Unknown

Mar. 2, 2006

Olympic Funding
(Chicago, IL)

3 hard drives containing clients names, Social Security numbers, addresses and phone numbers stolen during break