1 (888) 400-5530
Toll-Free, No-Cost
Victim Assistance

DATA BREACHES

Information management is critically important to all of us - as employees and consumers. For that reason, the Identity Theft Resource Center has been tracking security breaches since 2005, looking for patterns, new trends and any information that may better help us protect data and assist companies in their activities.

The ITRC breach list is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies. This list is updated daily, and published each Tuesday. To qualify, breaches must include personal identifying information that could lead to identity theft, especially the loss of Social Security numbers. ITRC follows U.S. Federal guidelines about what combination of personal information comprise a unique individual, and the exposure of which will constitute a data breach.

There are currently two ITRC breach reports which are updated and posted on-line on a weekly basis. The ITRC Breach Report presents individual information about data exposure events and running totals for a specific year. The ITRC Breach Stats Report develops some statistics based upon the type of entity involved in the data exposure. Breaches are broken down into five categories, as follows: business, financial/credit, educational, governmental/military and health care. Other more detailed reports are generated throughout the year and posted on a quarterly basis.

It should be noted that data breaches are not all alike. Security breaches can be broken down into a number of categories. What they all have in common is that they usually contain personal identifying information in a format easily read by thieves, in other words, not encrypted. The ITRC tracks five categories of data loss methods:

  • Data on the Move
  • Accidental Exposure
  • Insider Theft
  • Subcontractors
  • Hacking

Click here to go the recent High Profile Breaches:

Click here for the 2010 ITRC Breach Report (PDF):

Click here for the 2010 ITRC Breach Stats Report (PDF):

Click here for the 2009 ITRC Breach Report (PDF):

Click here for the 2009 ITRC Breach Stats Report (PDF):

Regarding the rules of inclusion, the ITRC has given a considerable amount of thought to the development of the criteria used when assessing breaches and the integrity of its sources. For example, breaches that occurred in any given year or a previous year are included in the year in which the breach was publicized. Each selected incident is required to have been published by a credible media source, such as TV, radio, press, etc. The item will not be included at all if ITRC is not certain that the source is real and credible. Larger breaches often have multiple attributions, and we usually cite more than one source.

We include in each reported data breach item a link or source of the article, and the information presented by that article. Many times, we have attributions from a multitude of media sources and outlets. ITRC adheres to the facts as reported, and does not alter the previously published information. We always attempt to provide live links back to the original article, but these remain good only as long as the source retains the article at that web URL.

When the number of records exposed is not reported, we note that fact. When records are encrypted, we state that we do not (at this time) consider that to be a data exposure. We do, however, consider “password protected” as not sufficient protection under most circumstances, and do post these events as breaches.

As an authority on data breach exposures, the ITRC is frequently asked if there are more security breaches now than ever before. This question is hard to answer. More companies are revealing that they have had a data breach, either due to laws or public pressure. It is the opinion of the ITRC that the criminal population is stealing more data from companies, AND data breaches are being more frequently publicized. ITRC is aware that many breaches go unreported, and we are certain that our ITRC Breach List underreports the problem. One thing we can say with certainty is that this is NOT a new problem.

Click here for 2010 synopsis and reports
Click here for 2009 synopsis and reports
Click here for 2008 synopsis and reports
Click here for 2007 synopsis and reports
Click here for 2006 synopsis and reports
Click here for 2005 synopsis and reports

Other websites and resources for data breaches include:

 

The following breach report contains only those high profile breaches recently publicized. This report is updated as necessary. For full annual reports, go to the links above.


High Profile Breaches Report

Listed in Alphabetical Order

Full Information on a breach may be found in the ITRC Breach Report by

searching for the ITRC Breach ID#
ITRC Breach Company or Agency

State
Publish Date
Breach Type Breach Category Records Exposed? Records #
________________________________________________________________________________________________________________________
ITRC20091111-01 ^TD Ameritrade (advisory only)

US
10/27/2009
Electronic Business None - Other 0
In September 2007, Ameritrade announced that the names, addresses, phone numbers and trading information of potentially all of its more than 6
million retail and institutional customers at that time had been compromised by an intrusion into one of its databases. The stolen information was later
used to spam those customers. Consistently the company has said that while SSNs were in that same database they have investigated the situation
and has affirmed that SSNs were not compromised.
ITRC has confirmed with a source that worked with Ameritrade on this breach that SSNs were not breached. This is not a breach by ITRC criteria
but is listed as an advisory only due to media attention.
________________________________________________________________________________________________________
ITRC20091123-09 ACORN

CA
11/23/2009
Paper Data Business Yes - Unknown # 0
A private investigator in San Diego found thousands of sensitive documents dumped outside a California ACORN (Association of Community
Organizations for Reform Now) office on October 9, just days after the state attorney general announced an inquiry into the community organizing
group. "We're talking people's driver's license numbers, dates of birth, Social Security numbers, credit card numbers, bank account numbers, tax
returns, credit reports" — all tossed in public view in the Dumpster, the investigator said.
________________________________________________________________________________________________________
ITRC20081111-02 AIG - Medical Excess LLC

US
10/1/2008
Electronic Medical/Healthcare Yes - Published # 900,000
A special agent for the FBI and other law enforcement officials announced the arrest of a person who stole a computer server with the personal
identifying and health care sensitive information for over 900,000 policy holders and then trying to extort AIG for its return.
________________________________________________________________________________________________________
ITRC20090313-03 Binghamton University

NY
3/10/2009
Paper Data Educational Yes - Unknown # 0
Binghamton University kept payment information for every student, possibly dating back at least ten years in a storage area next to one of the most
trafficked lecture halls on campus, behind a door that was not only unlocked but taped open. The information itself contained social security numbers,
credit card numbers, scans of tax forms, business information (including social security numbers and salary information for employees of students’
parents), asylum records and more, all kept in a haphazard and disorganized fashion, sprawled out in boxes, in unlocked (yet lockable) filing cabinets
and shelving units.
________________________________________________________________________________________________________
ITRC20091005-04 BlueCross BlueShield - Highmark

US
10/3/2009
Electronic Medical/Healthcare Yes - Published # 850,000
The Blue Cross Blue Shield national office had a laptop stolen from an employee of the national office in August. The breach involves “tens of
thousands’’ of physicians nationwide, although the precise number is unclear, according to a national Blue Cross-Blue Shield spokesman. Thirty-
nine affiliates feed information about providers into a database maintained by the association’s national headquarters. "Jeff Smokler, national Blue
Cross-Blue Shield spokesman, said the insurance giant - roughly 90 percent of physicians nationwide are in its network - encrypts all of its
information on company computers, but an employee who was authorized to have the information violated company rules by downloading an
unencrypted version onto a personal laptop. Smokler said the data breach was perhaps the most serious for Massachusetts physicians and other
providers because they typically use their Social Security number as their tax identification number. Physicians in most other states, he said, choose
separate tax ID numbers."
Update: Highmark is also notifying 50,000 doctors, mainly in PA that their information may have been on the laptop also.
________________________________________________________________________________________________________
ITRC20091006-02 BlueCross BlueShield - TN

US
10/6/2009
Electronic Medical/Healthcare None - Encrypted 0
68 hard drives are missing from the BlueCross BlueShield office in Eastgate, TN. Investigators also want to know why *these* drives might have
been targeted. "We don't know what's on the hard drive files. Only blue cross blue shield does, but as with the medical files and anything else that
contains personal information and social security numbers and financial information, there's always the possibility for identity theft," says Sgt. Weary.
A Blue Cross spokesperson says she doesn't know if the missing drives contain private patient information. But they are cooperating in the event of
possible identity theft.
Update: BCBS announced that the theft affects about 2 million clients. However, a call from ITRC to BCBS TN headquarters confirmed that
specialized equipment would be needed to read the disks which lowers risk factor.
________________________________________________________________________________________________________
ITRC20090911-03 Chase Bank, JPMorgan Chase

US
8/18/2009
Electronic Banking/Credit/Financial None - Other 0
Chase Bank is notifying customers that a tape used as a backup for system information is missing at a secure offsite storage unit. It may have
included name, address and SSN. The information "can be read only with special equipment and software…"
________________________________________________________________________________________________________
ITRC20091019-03 Cheers Liquor Mart

CO
10/16/2009
Electronic Business Yes - Unknown # 0
A debit card breach affecting thousands of Colorado Springs area cardholders resulted from outside hackers gaining access to Cheers Liquor
Mart’s computer system sometime last month, owners of the Springs-based retailer said Friday. "Police spokesman Lt. David Whitlock said Friday no
new information on the investigation is available. He said Thursday that “thousands” of customers from five financial institutions operating in the
Springs area had their numbers stolen from an unidentified local merchant. He declined to identify either the merchant or the financial institutions."
________________________________________________________________________________________________________
ITRC20100119-04 ExposeObama.com

US
1/15/2010
Electronic Business Yes - Published # 100
Credit card numbers and other personal information about more than a hundred contributors to a conservative Web site unexpectedly showed up by
fax at a Democratic lawmaker's office. Faxes have been received by 50 legislators with this information and a letter urging them to oppose certain
legislation. One Representative said his office has received 139 faxes with this information.
________________________________________________________________________________________________________
ITRC20090212-08 Federal Aviation Administration (FAA)

US
2/9/2009
Electronic Government/Military Yes - Published # 45,000
A FAA union leader says hackers broke into the Federal Aviation Administration's computer system last week, accessing the names and Social
Security numbers of 45,000 employees and retirees as of Feb. 2006. The FAA said the hackers hijacked 48 files, two containing sensitive personal
information that could expose the employees and retirees to identity theft.
________________________________________________________________________________________________________
ITRC20091006-01 Federal Reserve Bank of New York

NY
10/6/2009
Electronic Banking/Credit/Financial Yes - Unknown # 0
A federal bank information analyst from Elm Park has admitted he stole his fellow employees’ identities so he and his brother could apply for more
than $1 million in student and boat loans. Curtis Wiltshire, 34, committed the fraud from 2006 and 2008, while he was working as an information and
technical analyst at the Federal Reserve Bank of New York in lower Manhattan. He had access to computer files with other employees’ names, dates
of birth, social security numbers and photographs.
________________________________________________________________________________________________________
ITRC20081021-05 FEMA

TX
10/16/2008
Electronic Government/Military Yes - Published # 1,000
As many as 1,000 hurricane victims may have had their personal information exposed to a stranger. FEMA says an error by its mailing subcontractor
placed one person's aid application under a cover page addressed to another person and each subsequent envelope in the batch was improperly
stuffed.
FEMA plans to offer monitoring to anyone whose most private data, including social security numbers, bank account numbers, insurance policy
numbers and even annual income, was mistakenly sent to another applicant .
________________________________________________________________________________________________________
ITRC20081223-01 FEMA - Katrina

LA
12/22/2008
Electronic Government/Military Yes - Published # 17,000
FEMA says 16,857 names, Social Security & telephone numbers and other private information were publicly posted on 2 websites last week. The
names belonged to applicants from Hurricane Katrina who'd evacuated to Texas, but now live all across the Gulf Coast. FEMA's Acting press
secretary Terry Monrad says when the agency found out, the names were immediately removed. As of 3/35/09, those affected are just now being
notified
________________________________________________________________________________________________________
ITRC20091217-01 Fort Belvoir Morale, Welfare and Recreation

FL
12/17/2009
Electronic Government/Military Yes - Published # 42,000
An Army Morale, Welfare and Recreation Academy employee's laptop containing personal data including SSNs was stolen over holiday weekend.
The Army says the data guarded by layers of security and encryption. CNN obtained the notification letter sent, almost two weeks later, to those
affected. It says, in part, that the alleged compromised information "includes your name, Social Security number, home address, date of birth,
encrypted credit card information, personal e-mail address, personal telephone numbers, and family member information."
________________________________________________________________________________________________________
ITRC20090224-01 Govtrip.com

DC
2/18/2009
Electronic Government/Military Yes - Unknown # 0
Govtrip.com, which handles travel reservations for at least a dozen U.S. government agencies, last week was infected with a virus that tried to install
malicious software when users visited the site, causing some agencies to block employees from accessing it, Security Fix has learned. Sometime on
Feb. 11, hackers changed the Govtrip.com Web site to redirect visitors to a site that installed malicious software. A number of agencies, including
the departments of Agriculture, Energy, Health & Human Services, Interior, Transportation, and Treasury, use the site exclusively to book travel
arrangements. Govtrip.com also is used to reimburse workers via direct deposit, which means that many federal employees' checking account
information is stored there as well.
________________________________________________________________________________________________________
ITRC20091123-04 Health Net

US
11/19/2009
Electronic Medical/Healthcare Yes - Published # 1,500,000
A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers was lost six months ago and was first
reported Wednesday. A portable, external hard drive with Social Security numbers and medical records “disappeared” and is still missing from the
insurer’s Northeast headquarters in Shelton, a Health Net spokeswoman said Wednesday. The hard drive contains Social Security numbers, medical
records and health information dating to 2002 for 1.5 million customers — past and present — in Arizona, Connecticut, New Jersey and New York,
the spokeswoman said. State AG's are very upset.
________________________________________________________________________________________________________
ITRC20090122-02 Heartland Payment Systems

US
1/20/2009
Electronic Business Yes - Published # 130,000,000
Hundreds of credit and debit card holders appear to have been victims of a nationwide data theft carried out against Heartland Payment Systems,
which processes cards for 250,000 restaurants, retailers and other businesses. Several Maine credit unions have been told by Visa and MasterCard
that fraudulent charges were placed on members' cards between May 16 and August 19, 2008, according to Jon Paradise, a spokesman for the
Maine Credit Union League. Many of the charges were tallied at Wal-Mart stores in Texas, he said. According to the Washington Post (Brian
Krebs), tens of millions of people may be affected. Baldwin said Heartland does not know how long the malicious software was in place, how it got
there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates. "The
transactional data crossing our platform, in terms of magnitude... is about 100 million transactions a month," Baldwin said. "At this point, though, we
don't know the magnitude of what was grabbed."
Update: As of the end of May 2009, more than 656 institutions have been impacted As of October the number of records seems to have stabilized at
130 million. ITRC wants to remind all readers: the number of records does not mean number of people
________________________________________________________________________________________________________
ITRC20090520-01 National Archives

US
5/20/2009
Electronic Government/Military Yes - Published # 250,000
An external hard drive containing 1 terabyte of data from the Clinton Administration is missing from the National Archives and Recording
Administration. The information includes more than 100,000 SSNs and home addresses of people who visited or worked at the White House. The
drive also contained details on the security procedures used by the Secret Service at the White House, as well as event logs, social gathering logs,
political records and other information from the Clinton administration. Rep. Darrell Issa, (R-Calif.), ranking member of the House Committee on
Oversight and Government Reform, in a statement yesterday said that the loss is believed to have occurred between October 2008 and March 2009.
According to Issa, the Archives was in the process of converting information from the drive to a digital records system when it apparently
disappeared. The hard drive was apparently removed from a secure storage area to a workplace where at least 100 "badge-holders" had access to it,
Issa noted. In addition to those with official access to the area, the IG said that janitors, visitors, interns and others passed through the area, Issa
said.
Update: now updated to 250,000 records
________________________________________________________________________________________________________
ITRC20090902-02 Naval Hospital Pensacola

US
9/2/2009
Electronic Government/Military Yes - Published # 38,000
Naval Hospital Pensacola will be notifying thousands of beneficiaries who use its pharmacy services, following the disappearance of a laptop
computer August 18. The computer's database contains 38,000 pharmacy service customers' names, Social Security numbers and dates of birth on
all patients that used the pharmacy in the last year.
________________________________________________________________________________________________________
ITRC20090304-01 New York Police Department (NYPD) - Pension

NY
3/4/2009
Electronic Government/Military Yes - Published # 80,000
A civilian official of the NYPD’s pension fund has been charged with stealing the identities of 80,000 current and retired cops, sources said. Anthony
Bonelli allegedly got into a secret backup-data warehouse on Staten Island last month and walked out with eight tapes packed with Social Security
numbers, direct-deposit information for bank accounts, and other sensitive material. Bonelli was the fund's director of communications.
________________________________________________________________________________________________________
ITRC20090313-02 Norm Coleman Campaign

MN
3/11/2009
Electronic Business Yes - Published # 4,721
Wikileaks published information to substantiate a rumor that sensitive information belonging to thousands of Coleman's supporters had been floating
around the Internet since Jan. 28 "as a result of sloppy handling by the campaign."
Wikileaks said the decision to publish the information was prompted by claims from Coleman's campaign that no data been compromised and by its
failure to apologize for the "initial leak" or its subsequent "cover-up." The statement said that Coleman's campaign had known about the breach since
January but had failed to notify anyone of the potential compromise of their personal data. Wikileaks claimed that the senator collected detailed
information on every supporter and Web site visitor and retained unencrypted credit card information from donors, including their security codes, on
the campaign's Web site.
________________________________________________________________________________________________________
ITRC20091231-02 North Carolina ATM and POS machines

NC
12/29/2009
Electronic Business Yes - Unknown # 0
The State Employees Credit Union informed about 300 customers in recent days that their account information had been obtained by skimmers and
used to make withdrawals and purchases. Account information has been stolen through the state, according to SECU security officer Cory Mathes.
"He said the widespread nature of the thefts leads him to believe either a large skimming network is involved or someone has hacked into the
computer system of a company that processes debit card transactions."
________________________________________________________________________________________________________
ITRC20090427-04 Oklahoma Department of Human Services

OK
4/23/2009
Electronic Government/Military Yes - (Password) 1,000,000
Officials with the Department of Human Services said a computer was stolen from a worker's car on April 3. The machine had names, Social Security
numbers and birthdates of people who receive state assistance. Those affected include clients who receive aid from Medicaid, Child Care
Assistance, Temporary Assistance to Needy Families, Aid to the Aged, Blind and Disabled and the Supplemental Nutrition Assistance Program.
________________________________________________________________________________________________________
ITRC20091222-10 P2P networks

US
12/8/2009
Electronic Business Yes - Unknown # 0
Jeffrey Steven Girandola and Kajohn Phommavong have been charged in a previously sealed 16-count indictment with Conspiracy, Computer Fraud,
Access Device Fraud and Aggravated Identity Theft. According to the indictment, which was handed up by a federal grand jury in San Diego, the
defendants installed peer-to-peer file sharing software on computers under their control and searched the available peer-to-peer file sharing
networks for account login information and passwords inadvertently exposed to the file sharing network by other users of the peer-to-peer file sharing
software. They then used account information they found for their own benefit.
________________________________________________________________________________________________________
ITRC20091016-01 PayChoice

US
10/16/2009
Electronic Business Yes - Unknown # 0
Payroll services provider PayChoice took its Web-based service offline for the second time in a month in response to yet another data breach caused
by hackers. PayChoice, provides direct payroll processing services and licenses its online employee payroll management product to at least 240
other payroll processing firms, serving 125,000 organizations. The company sent a notice to its customers saying it had closed onlineemployer.com
- the portal for PayChoice's online payroll service -- after some clients began noticing bogus employees being added to their payroll.
________________________________________________________________________________________________________
ITRC20091130-08 Radiant Systems, Aloha POS System - various

US
11/27/2009
Electronic Business Yes - Unknown # 0
The seven restaurateurs, who filed suit in a Louisiana state court in March, are suing Radiant Systems of Alpharetta and Computer World, a
Louisiana retailer that sold Radiant’s payment processing program called “Aloha.” This software has caused a number of breaches throughout the
US and some were listed in 2008 breach list including the "Spicy Pickle." The suit alleges the Aloha program illegally stored all the magnetic strip
information after the card was swiped. Storage of card information violates the security standards with Visa, MasterCard, American Express and
Discover.
________________________________________________________________________________________________________
ITRC20081224-01 RBS WorldPay

US
12/23/2008
Electronic Banking/Credit/Financial Yes - Published # 1,500,000
RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, today announced that its computer
system had been improperly accessed by an unauthorized party. Pre-paid cardholders and other individuals were affected and identified on November
10. RBS WorldPay's internal security professionals and outside experts are working with federal and state law enforcement authorities in an
investigation of this event. The affected pre-paid cards include payroll cards and open-loop gift cards. The fraud that has been identified to-date is
associated with RBS WorldPay's computer system supporting its U.S. pre-paid and open-loop gift card issuing business. Actual fraud has been
committed on approximately 100 cards. Cardholders will not be responsible for unauthorized activity associated with this event. Certain personal
information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1
million people may have been accessed.
________________________________________________________________________________________________________
ITRC20081231-08 Science Applications International Corporation

CA
12/9/2008
Electronic Business Yes - Unknown # 0
Science Applications International Corporation (”SAIC”), recipient of a number of large government contracts, notified the New Hampshire Attorney
General on December 9th of a security breach involving malware. The specific malware was not named, but was described as “designed to provide
backdoor access.”
The breach was detected on October 28th. In its letter to an unspecified number of affected individuals, SAIC wrote: This letter is to notify you of a
potential compromise of your personal information, including your name and social security number, date of birth, home address, home phone number
and clearance level and possibly other personal information necessary to complete government security clearance questionnaires (e.g., SF-8SP or
SF-86).
________________________________________________________________________________________________________
ITRC20090312-01 Sprint

US
3/11/2009
Electronic Business Yes - Unknown # 0
Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission between Dec.
2008 and Jan 2009. The information that may have been compromised includes your name, address, wireless phone number, Sprint account number,
the answer to your security question, and the name of the authorized point of contact on your account."
________________________________________________________________________________________________________
ITRC20070308-02 TJX

US
1/17/2007
Electronic Business Yes - Published # 94,000,000
TJX Cos reporter that intruders broke into computers sometime in mid December and stolen an unknown amount of customer data including credit
card, debit card, check and merchandise return transactions for TJ Maxx, Marshalls, HomeGoods and AJ Wright stores in the US. TJX's Bob's
Stores and TK MAX stores are also involved. In addition, Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, said at least eight
banks have been affected by a similar breach of information, related to debit cards they issued. The breach may have started as early as 2003. A
multi-state and FBI investigation is underway.
Update: March- the number of affected consumers revealed in a filing with the SEC is 45.7 million customer records. TJX also reported in the filing
that another 455,000 customers who returned merchandise without receipts had their personal data stolen, including drivers' license numbers.
Update: A settlement has been reached based on info from VISA and Mastercard. Total records updated to 94 million.
________________________________________________________________________________________________________
ITRC20091201-03 U.S. Department of Defense

US
11/20/2009
Electronic Government/Military Yes - Published # 72,000
According to GAO Report 10-56 to Congress, 72,000 Post Deployment Health Reassessment forms (PDHRA) are unaccounted for from 72,000
service members who returned from deployment to Iraq or Afghanistan between Jan 1, 2007 to May 31, 2008. ITRC has examined said forms which
are filed electronically and clearly ask for the service member's SSN,. Name, date of birth. While disclosure of any item is voluntary, they are
"encouraged to answer each question." (in bold print). Quote: The discovery "suggests either that not all of these service members filled out the
questionnaire or that questionnaires were filled out, but were not incorporated into Defense's central repository," wrote Randall Williamson, director
of health care at the Government Accountability Office in a report to Congress.
________________________________________________________________________________________________________
ITRC20090219-01 University of Florida - Grove

FL
2/19/2009
Electronic Educational Yes - Published # 97,200
On January 14, 2009, the University of Florida discovered that a server was accessed by an unauthorized intruder from outside UF. This server
contained a file with names, and Social Security Numbers (SSNs) for 97,200 people that used the "Grove" system between 1996 and 2009. Although
no evidence was found that this information was accessed, there is no absolute certainty that it was not.
________________________________________________________________________________________________________
ITRC20090925-02 University of North Carolina Chapel Hill, Dept.

NC
9/25/2009
Electronic Medical/Healthcare Yes - Published # 163,000
A hacker has infiltrated a computer server housing the personal data of 236,000 women enrolled in a UNC-Chapel Hill research study. Among the
information exposed: the Social Security numbers of 163,000 study participants." Though the intrusion was detected in late July, computer forensics
experts say it may have happened two years ago, said Matthew Mauro, chairman of the UNC-CH Department of Radiology. The medical school will
send letters to all 236,000 study participants about the security breach. School officials said they held off on notifying participants until they had
completed their investigation and would be able to field questions."
________________________________________________________________________________________________________
ITRC20091113-01 US Army Corps of Engineers

US
11/13/2009
Electronic Government/Military Yes - Published # 60,000
The Corps of Engineers is investigating the recent loss of an external hard drive that had names and Social Security numbers, on a number of
current and former soldiers and some civilian employees, according to information provided by the Southwest Division, which is where the drive was
stored. Most of the affected population includes soldiers whose files went before the Fiscal 2008 sergeant first class and 2008 master sergeant
promotion boards, and the 2007 colonel promotion board and the 2009 lieutenant colonel command board.
________________________________________________________________________________________________________
ITRC20091002-02 US Military

US
10/1/2009
Electronic Government/Military Yes - Published # 76,000,000
The Inspector General of the National Archives and Records Administration is looking into a potential data breach of millions of records about US
military veterans. The issue involves a defective hard drive the agency sent back to its vendor for repair and recycling without first destroying the data.
The drive was part of a RAID array of six drives containing an Oracle database that held detailed records on 76 million veterans, including millions
of Social Security numbers dating to 1972. The Pentagon requires that old drives be degaussed (de-magnified) or physically destroyed.
________________________________________________________________________________________________________
ITRC20090410-01 Vavrinek, Trine, Day and Co.

CA
4/10/2009
Electronic Business Yes - (Password) 0
The theft of six laptop computers from an auditing firm has led the Borrego Springs Bank to send warning letters to all of its customers saying their
personal financial information may be in the hands of criminals. The bank released this brief statement: “Borrego Springs Bank is promptly
responding to an isolated incident involving customer information provided to a contracted third party accounting firm. The computer files contain
sensitive personal financial information including account name, number and balance.” Update: More than 50 banks now involved. "There was some
information, I would say 99.9 percent of it is information someone could get off of your check," said bank president Darrell Lautaret. "It was just name,
account number and balances as of August 31, (2008)."
________________________________________________________________________________________________________

Copyright 2010 Identity Theft Resource Center

| TOP |

Contact Us | Privacy Policy | Legal Notice | Site Map  
Copyright © Identity Theft Resource Center. All rights reserved.
Web design by Savvy Sites.