Personal information on 150,000 voters disappears from Denver office

Jeez, why does this keep happening???

Interesting that it was veterans, and now it's right in Denver, site of the impending NWO headquarters where they've already relocated the CIA to, and they do have that groovy airport mural there showing the demise of the planet.

I guess they want to get that area populated how they like first. (I.E. depopulated of anti-NWO folks, liberals and libertarians, people with unseemly genetic lines, maybe a few religions they despise, etc)

U.S. Veterans Affairs Secretary Jim Nicholson said Tuesday that personal data on about 2.2 million active-duty military and Guard personnel -- not just 50,000 as initially believed -- were among those stolen from a Veterans Affairs employee last month.
\

Earlier this month, Hotels.com revealed that a laptop computer containing the personal information of thousands of the site's customers was stolen.

In late May, a laptop computer containing the credit-card and Social Security numbers, as well as other sensitive information, of roughly 65,000 YMCA members was stolen from a locked office in Rhode Island.

A computer containing data on 232 people and 216 businesses was stolen from a California Department of Financial Institutions employee on May 26.

On May 2, a laptop computer containing the pension data of former employees of supermarket chains Stop & Shop, Giant, and Tops was stolen during a commercial flight. It was not disclosed how many former supermarket employees were affected.


[link to www.wnbc.com]


Personal Information Goes Missing For People Taking State Test

POSTED: 9:00 am EDT June 7, 2006
Email This Story | Print This Story
TRENTON, N.J. -- New Jersey personnel officials have alerted law enforcement that pages with personal information went missing from a test-taking site for people seeking state and local law enforcement jobs.

The missing information involved names and Social Security numbers for 1,200 law enforcement candidates, state Personnel Commissioner Rolando Torres Jr. said Tuesday evening.

The information was on 12 pages that disappeared Saturday from the desk of a Personnel Department staff member working at East Orange High School, where law enforcement candidates were preparing to take the Law Enforcement Entry-Level Examination.

The staff member had left the desk to check with a supervisor about whether a law enforcement candidate should be allowed to take the test. When the worker returned, some test-takers had already picked up materials from the desk, Torres said.


"We believe that the information was not taken intentionally and, therefore, do not believe it will be used inappropriately. However, it is our responsibility to ensure that applicants' personal information is properly safeguarded," Torres said.

Torres said all the 1,200 whose information was missing were being notified so they could contact credit agencies to take measures to avoid identity theft. State police had also been notified.

Torres said the agency is considering whether to take disciplinary action against the worker.

A spokesman for Gov. Jon S. Corzine said the governor was deeply disturbed by the case.

"This profound breech of privacy is simply unacceptable and inexcusable," said Corzine spokesman Anthony Coley, who added that the governor was directing all Cabinet officers to review safeguards to protect personal information in files.

"However, he has yet to answer some critical questions: What was an employee of the VA doing with the names, Social Security numbers and dates of birth of all these veterans, the vast majority of whom have never availed themselves of VA services? Why is the VA collecting this information in the first place?"




Active-duty troop information part of stolen VA data


Woensdag 7 juni 2006, 09:38 - The names, Social Security numbers and dates of birth of some 50,000 active-duty military personnel were included in the data on 26.5 million U.S. veterans stolen from the residence of a U.S. Department of Veterans Affairs (VA) employee, exposing them to possible identity theft, the department announced Saturday.
Geen reacties
Door Linda Rosencrance

Several veterans' groups announced Tuesday that they have filed a lawsuit against the VA for failing to protect their personalinformation.

In its efforts to better just what information was contained in a duplicate database stolen from the VA employee last month, the VA said it had hired its own independent forensic experts to analyze the original data, Secretary of Veterans Affairs R. James Nicholson said in the statement.
The VA said it has not received any reports that the stolen data has been used for fraudulent purposes.

As for the active-duty personnel whose personal information may have been breached, the VA said that group includes up to 20,000 National Guard and Reserve personnel who were on at least their second federalized active duty call-up as well as 30,000 U.S. Navy personnel. That group could include members of the U.S. Navy who remain on active duty and completed their first enlistment term prior to 1991, the VA said.

"This happened because these individuals were issued a "DD-214" – or a separation from active service notification – by the Department of Defense (DOD) upon completion of their first enlistments," according to the statement. "This triggered an automatic notification to VA that these individuals were no longer on active duty. Subsequent to VA receiving the initial DD-214, these individuals re-enlisted for another term of active duty, meaning their information could still be in VA's data files."
The VA said it is working with the DOD to match data and verify those potentially affected. The VA is sending letters to those whose personal information may have been stolen, and said it has no evidence that other full-time, active duty personnel from the other military branches are affected.

In the wake of the data theft, the Vietnam Veterans of America (VVA) has joined four other national organizations and several individual veterans in a class-action lawsuit seeking judicial oversight and protection of the VA computer files.

"It is appalling to all veterans that their personal information -- information that is supposed to be held in confidence -- is potentially in the hands of individuals who can wreak identity-theft havoc," John Rowan, national president of VVA and a plaintiff in the lawsuit, said in the statement. "VA Secretary Nicholson has said he is ‘mad as hell' over this incident and the breakdown in command and control of his department, and we believe him.

"However, he has yet to answer some critical questions: What was an employee of the VA doing with the names, Social Security numbers and dates of birth of all these veterans, the vast majority of whom have never availed themselves of VA services? Why is the VA collecting this information in the first place?"


The lawsuit was filed in U.S. District Court for the District of Columbia Tuesday by attorney Douglas Rosinski, of the law firm Ogletree, Deakins, Nash, Smoak & Stewart P.C. The other organizations who have joined the suit are the National Gulf War Resource Center, Radiated Veterans of America, Citizen Soldier and Veterans for Peace.


"Saying ‘We're sorry' is hardly comforting to veterans and their families," said Rowan in the statement. "The VA has been criticized for years about lax information security and that includes criticism from the VA's own Inspector General. The VA still hasn't properly secured all the personal information under its control. We've just seen the largest known unauthorized disclosure of Social Security numbers in history. We hope this lawsuit will help Secretary Nicholson correct the known vulnerabilities in how the VA protects private information. If the VA can't solve the problem, maybe the courts can help."
The lawsuit seeks:

-- A declaratory judgment that the VA's loss of these records violated and continues to violate both the Privacy and Administrative Procedure Acts.

-- A court order that the VA disclose the exact nature of its compromised records system and to individually inform each veteran of every record it maintains on him or her.

-- An injunction preventing the VA from altering any data storage system and prohibiting any further use of the data until a court-appointed panel of experts determines how best to implement safeguards to prevent any further breaches.

-- A judgment awarding US$1,000 to each veteran who can show that he or she has been harmed by the VA's violation of the Privacy Act.
The VA said it does not comment on specific litigation.

"VA continues to conduct a complete and thorough investigation into this incident, and has hired independent data forensic experts to better determine what information may be involved," VA spokesman Matt Burns said in a statement e-mailed to Computerworld. "VA is providing additional details about the nature of the data as new information is learned. VA is also taking aggressive steps to improve its policies and procedures regarding the handling of sensitive data, and the Department continues to notify individuals whose personal information may have been involved. Additionally, VA is in ongoing discussions with several entities regarding credit-monitoring services to determine how veterans and others potentially affected can best be served...."

[link to www.webwereld.nl]

A Chronology of Data Breaches
Reported Since the ChoicePoint Incident

The data breaches noted below have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. A few breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of individuals affected in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws.

For tips on what to do if your personal information has been exposed due to a security breach, read our guide.

The catalyst for reporting data breaches to the affected individuals has been the California law that requires notice of security breaches, the first of its kind in the nation, implemented July 2003.
www.privacyrights.org/ar/SecurityBreach.htm
www.privacy.ca.gov/recommendations/secbreach.pdf

This chronology below begins with ChoicePoint's 2/15/05 announcement of its data breaches because it was a watershed event in terms of disclosure to the affected individuals. Since then, the "best practice" has been to disclose breaches to individuals nationwide -- in a sense, adopting California's notice requirement nationally.

In the meantime, at least 23 states have passed laws requiring that individuals be notified of security breaches. For a list of states enacting security breach and freeze laws, visit the Consumers Union web site here:

Security breach notice laws: www.consumersunion.org/campaigns/Breach_laws_May05.pdf
Security freeze laws: www.consumersunion.org/campaigns/learn_more/002355indiv.html
State security freeze bills pending in 2006: www.consumersunion.org/campaigns//learn_more/002906indiv.html​
And visit the PIRG site here: www.pirg.org/consumer/credit/statelaws.htm.

Congress is considering several bills this year in which security breach notices would be mandated nationwide. See [link to thomas.loc.gov.] See also EPIC's bill-track list, www.epic.org/privacy/bill_track.html.

Here are other sources for security breach information:
Adam Shostack's blog, www.emergentchaos.com/archives/cat_breaches.html
Attrition, www.attrition.org/errata/dataloss.html (includes links to news articles and offers free list-serve on the latest breaches, [link to attrition.org]
World Privacy Forum, Security Breaches in the Digital Medical Environment (scroll to section D of testimony), www.worldprivacyforum.org/testimony/NCVHStestimony_092005.htm​l
Security Breach Resources (Chris Walsh)
www.cwalsh.org/BreachInfo

DATE MADE PUBLIC
NAME (Location)
TYPE OF BREACH
NUMBER
Feb. 15, 2005
ChoicePoint
(Alpharetta, GA)
Bogus accounts established by ID thieves
145,000
Feb. 25 , 2005
Bank of America
(Charlotte, NC)
Lost backup tape
1,200,000
Feb. 25, 2005
PayMaxx
(Miramar, FL)
Exposed online
25,000
March 8, 2005
DSW/Retail Ventures
(Columbus, OH)
Hacking
100,000
March 10, 2005
LexisNexis
(Dayton, OH)
Passwords compromised
32,000
March 11, 2005
Univ. of CA, Berkeley
(Berkeley, CA)
Stolen laptop
98,400
March 11, 2005
Boston College
(Boston, MA)
Hacking
120,000
March 12, 2005
NV Dept. of Motor Vehicle
Stolen computer, later recovered.
[8,900]
Not included
in total below
March 20, 2005 Northwestern Univ.
(Evanston, IL) Hacking 21,000
March 20, 2005
Univ. of NV., Las Vegas
(Las Vegas, NV)
Hacking
5,000
March 22, 2005
Calif. State Univ.
(Chico, CA)
Hacking
59,000
March 23, 2005
Univ. of CA.
(San Francisco, CA)
Hacking
7,000
March 28, 2005 Univ. of Chicago Hospital
(Chicago, IL) Dishonest insider unknown
April ?, 2005 Georgia DMV Dishonest insider 465,000
April 5, 2005 MCI
(Ashburn, VA) Stolen laptop 16,500
April 8, 2005 Eastern National Hacker 15,000
April 8, 2005
San Jose Med. Group
(San Jose, CA)
Stolen computer
185,000
April 11, 2005
Tufts University
(Boston, MA)
Hacking
106,000
April 12, 2005
LexisNexis
(Dayton, OH)
Passwords compromised
Additional
280,000
April 14, 2005
Polo Ralph Lauren/HSBC
(New York, NY)
Hacking
180,000
April 14, 2005 Calif. Fastrack Dishonest Insider 4,500
April 15, 2005 CA Dept. of Health Services Stolen laptop 21,600
April 18, 2005
DSW/ Retail Ventures
(Columbus, OH)
Hacking
Additional
1,300,000
April 20, 2005
Ameritrade
(Bellevue, NE)
Lost backup tape
200,000
April 21, 2005 Carnegie Mellon Univ.
(Pittsburg, PA) Hacking 19,000
April 26, 2005 Mich. State Univ's Wharton Center Hacking 40,000
April 26, 2005 Christus St. Joseph's Hospital
(Houston, TX) Stolen computer 19,000
April 28, 2005 Georgia Southern Univ. Hacking "tens of
thousands"
April 28, 2005 Wachovia,
Bank of America,
PNC Financial Services Group and
Commerce Bancorp Dishonest insiders 676,000
April 29, 2005 Oklahoma State Univ. Missing laptop 37,000
May 2, 2005 Time Warner
(New York, NY) Lost backup tapes 600,000
May 4, 2005 CO. Health Dept. Stolen laptop 1,600
(families)
May 5, 2005 Purdue Univ.
(West Lafayette, IN) Hacking 11,360
May 7, 2005 Dept. of Justice
(Washington, D.C.) Stolen laptop 80,000
May 11, 2005 Stanford Univ.
(Stanford, CA) Hacking 9,900
May 12, 2005 Hinsdale Central High School
(Hinsdale, IL) Hacking 2,400
May 16, 2005 Westborough Bank
(Westborough, MA) Dishonest insider 750
May 18, 2005 Jackson Comm. College
(MI) Hacking 8,000
May 18, 2005 Univ. of Iowa Hacking 30,000
May 19, 2005 Valdosta State Univ.
(GA) Hacking 40,000
May 26, 2005 Duke Univ.
(Durham, NC) Hacking 5,500
May 27, 2005 Cleveland State Univ.
(Cleveland, OH). Stolen laptop
Update 12/24: CSU found the stolen laptop [44,420]
Not included
in total below
May 28, 2005 Merlin Data Services
(Kalispell, MT) Bogus acct. set up 9,000
May 30, 2005 Motorola Computers stolen Unknown
June 6, 2005 CitiFinancial Lost backup tapes 3,900,000
June 10, 2005 Fed. Deposit Insurance Corp. (FDIC) Not disclosed 6,000
June 16, 2005
CardSystems Hacking 40,000,000
June 17, 2005 Kent State Univ. Stolen laptop 1,400
June 18, 2005 Univ. of Hawaii Dishonest Insider 150,000
June 22, 2005 Eastman Kodak Stolen laptop 5,800
June 22, 2005 East Carolina Univ. Hacking 250
June 25, 2005 Univ. of CT (UCONN) Hacking 72,000
June 28, 2005 Lucas Cty. Children Services (OH) Exposed by email 900
June 29, 2005 Bank of America Stolen laptop 18,000
June 30, 2005 Ohio State Univ. Med. Ctr. Stolen laptop 15,000
July 1, 2005 Univ. of CA, San Diego Hacking 3,300
July 6, 2005 City National Bank Lost backup tapes unknown
July 7, 2005 Mich. State Univ. Hacking 27,000
July 19, 2005 Univ. of Southern Calif. (USC) Hacking 270,000
possibly accessed; "dozens"exposed
July 21, 2005 Univ. of Colorado-Boulder Hacking 42,000
July 30, 2005 San Diego Co. Employees Retirement Assoc. Hacking 33,000
July 30, 2005 Calif. State Univ., Dominguez Hills Hacking 9,613
July 31, 2005 Cal Poly-Pomona Hacking 31,077
Aug. 2, 2005 Univ. of Colorado Hacking 36,000
Aug. 9, 2005 Sonoma State Univ. Hacking 61,709
Aug. 9, 2005 Univ. of Utah Hacking 100,000
Aug. 10, 2005 Univ. of North Texas Hacking 39,000
Aug. 17, 2005 Calif. State University, Stanislaus Hacking 900
Aug. 19, 2005 Univ. of Colorado Hacking 49,000
Aug. 22, 2005 Air Force Hacking 33,300
Aug. 27, 2005 Univ. of Florida, Health Sciences Center/ChartOne Stolen Laptop 3,851
Aug. 30, 2005 J.P. Morgan, Dallas Stolen Laptop Unknown
Aug. 30, 2005 Calif. State University, Chancellor's Office Hacking 154
Sept. 10, 2005 Kent State Univ. Stolen computers 100,000
Sept. 15, 2005 Miami Univ. Exposed online 21,762
Sept. 16, 2005 ChoicePoint
(2nd notice, see 2/15/05 for 145,000)
(Alpharetta, GA)

ID thieves accessed; also misuse of IDs & passwords.
9,903

Sept. 17, 2005 North Fork Bank, NY Stolen laptop (7/24/05) with mortgage data 9,000
Sept. 19, 2005 Children's Health Council, San Jose CA Stolen backup tape 5,000 - 6,000
Sept. 22, 2005 City University of New York Exposed online 350

Sept. 23,
2005
Bank of America Stolen laptop with info of Visa Buxx users (debit cards) Not disclosed
Sept. 28, 2005 RBC Dain Rauscher Illegitimate access to customer data by former employee 100+ customers' records compromised out of 300,000
Sept. 29, 2005 Univ. of Georgia Hacking At least 1,600
Oct. 12, 2005 Ohio State Univ. Medical Center Exposed online. Appointment information including SSN, DOB, address, phone no., medical no., appointment reason, physician.

2,800


Oct. 15, 2005 Montclair State Univ. Exposed online 9,100
Oct. 21, 2005 Wilcox Memorial Hospital, Hawaii Lost backup tape 130,000
Nov. 1, 2005 Univ. of Tenn. Medical Center Stolen laptop 3,800
Nov. 4, 2005 Keck School of Medicine, USC Stolen computer 50,000
Nov. 5, 2005 Safeway, Hawaii Stolen laptop 1,400 in Hawaii, perhaps more elsewhere
Nov. 8, 2005 ChoicePoint
(Alpharetta, GA) Bogus accounts established by ID thieves. Total affected now reaches 162,000
(See Feb. 15 & Sept. 16)
17,000 more
Nov. 9, 2005 TransUnion Stolen computer 3,623
Nov. 11, 2005 Georgia Tech
Ofc. of Enrollment Services Stolen computer,
Theft 10/16/05 13,000
Nov. 11, 2005 Scottrade Troy Group Hacking Unknown
Nov. 19, 2005 Boeing Stolen laptop with HR data incl. SSNs and bank account info.
161,000
Dec. 1, 2005 Firstrust Bank Stolen laptop 100,000
Dec. 1, 2005 Univ. of San Diego
(San Diego, CA) Hacking. Faculty, students and employee tax forms containing SSNs 7,800
Dec. 2, 2005 Cornell Univ. Hacking. Names, addresses, SSNs, bank names and acct. numbers. 900
Dec. 6, 2005 WA Employment Security Dept. Stolen laptop. Names, SSNs and earnings of former employees. 530
Dec. 12, 2005 Sam's Club/Wal-Mart Unknown. Exposed credit card data at gas stations. Unknown
Dec. 16, 2005 La Salle Bank, ABN AMRO Mortgage Group
Backup tape with residential mortgage customers lost in shipment by DHL, containing SSNs and account information.
Update 12/20: DHL found the lost tape
[2,000,000]
Not included in total below.
Dec. 16, 2005 Colorado Tech. Univ. Email erroneously sent containing names, phone numbers, email addresses, Social Security numbers and
class schedules. 1,200
Dec. 20, 2005 Guidance Software, Inc. Hacking. Customer credit card numbers 3,800
Dec. 22, 2005 Ford Motor Co. Stolen computer. Names and SSNs of current and former employees. 70,000
Dec. 25, 2005 Iowa State Univ. Hacking. Credit card information and Social Security numbers. 5,500
Dec. 28, 2005 Marriot International Lost backup tape. SSNs, credit card data of time-share owners 206,000
Late Dec. Ameriprise Stolen laptop containing names and Social Security numbers and in some cases, Ameriprise account information. Unknown
Jan. 1, 2006 University of Pittsburgh Medical Center, Squirrel Hill Family Medicine 6 Stolen computers. Names, Social Security numbers, birthdates 700
Jan. 2, 2006 H&R Block SSNs exposed in 40-digit number string on mailing label Unknown
Jan. 9, 2006 Atlantis Hotel - Kerzner Int'l Dishonest insider or hacking. Names, addresses, credit card details, Social Security numbers, driver's licence numbers and/or bank account data. 55,000
Jan. 12, 2006 People's Bank Lost computer tape containing names, addresses, Social Security numbers, and checking account numbers. 90,000
Jan. 17, 2006 City of San Diego, Water & Sewer Dept.
(San Diego, CA) Dishonest employee accessed customer account files, including SSNs, and committed identity theft on some individuals. Unknown
Jan. 20, 2006 Univ. Place Conference Center & Hotel, Indiana Univ. Hacking. Reservation information including credit card account number compromised. Unknown
Jan. 21, 2006 California Army National Guard Stolen briefcase with personal information of National Guardsmen including a "seniority roster," Social Security numbers and dates of birth. "hundreds of officers"
Jan. 23, 2006 Univ. of Notre Dame Hackers accessed Social Security numbers, credit card information and check images of school donors. Unknown
Jan. 24, 2006 Univ. of WA Medical Center Stolen laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data. 1,600
Jan. 25, 2006 Providence Home Services (OR) Stolen backup tapes and disks containing Social Security numbers, clinical and demographic information. In a small number of cases, patient financial data was stolen. 365,000
Jan. 27, 2006 State of RI web site (www.RI.gov) Hackers obtained credit card information in conjunction with names and addresses.
4,117
Jan. 31, 2006 Boston Globe and The Worcester Telegram & Gazette Inadvertently exposed. Credit and debit card information along with routing information for personal checks printed on recycled paper used in wrapping newspaper bundles for distribution. 240,000 potentially exposed
Feb. 1, 2006 Blue Cross and Blue Shield of North Carolina Inadvertently exposed. SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan. 600
Feb. 4, 2006 FedEx Inadvertently exposed. W-2 forms included other workers' tax information such as SSNs and salaries. 8,500
Feb. 9, 2006 Unknown retail merchants, apparently OfficeMax and perhaps others. Hacking. Debit card accounts exposed involving bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo).
[3/13/06 Crime ring arrested.] 200,000, although total number is unknown.
Feb. 9, 2006 Honeywell International Exposed online. Personal information of current and former employees including Social Security numbers and bank account information posted on an Internet Web site. 19,000
Feb. 13, 2006 Ernst & Young
(UK) Laptop stolen from employee's car with customers' personal information including Social Security numbers. 38,000 BP employees in addition to Sun, Cisco and IBM employees.
Feb. 15, 2006 Dept. of Agriculture Inadvertently exposed Social Security and tax identification numbers in FOIA request. 350,000
Feb. 15, 2006 Old Dominion Univ. Exposed online. Instructor posted a class roster containing names and Social Security numbers to a web site. 601
Feb. 16, 2006 Blue Cross and Blue Shield of Florida Contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies. 27,000
Feb. 17, 2006 Calif. Dept. of Corrections, Pelican Bay
(Sacramento, CA) Inmates gained access to files containing employees' Social Security numbers, birth dates and pension account information stored in warehouse. Unknown
Feb. 17, 2006 Mount St. Mary's Hospital (1 of 10 hospitals with patient info. stolen)
(Lewiston, NY)
Two laptops containing date of birth, address and Social Security numbers of patients was stolen in an armed robbery in the New Jersey. 17,000
Feb. 18, 2006 Univ. of Northern Iowa Hacking. Laptop computer holding W-2 forms of student employees and faculty was illegally accessed. 6,000
Feb. 23, 2006 Deloitte & Touche (McAfee employee information) External auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee employees. 9,290
Mar. 1, 2006 Medco Health Solutions
(Columbus, OH) Stolen laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories. 4,600
Mar. 1, 2006 OH Secretary of State's Office SSNs, dates of birth, and other personal data of citizens routinely posted on a State web site as part of standard business practice. Unknown
Mar. 2, 2006 Olympic Funding
(Chicago, IL) 3 hard drives containing clients names, Social Security numbers, addresses and phone numbers stolen during break in. Unknown
Mar. 2, 2006 Los Angeles Cty. Dept. of Social Services
(Los Angeles, CA) File boxes containing names, dependents, Social Security numbers, telephone numbers, medical information, employer, W-2, and date of birth were left unattended and unshredded. [Potentially 2,000,000, but number unknown]
Not included in number below.
Mar. 2, 2006 Hamilton County Clerk of Courts
(OH) SSNs, other personal data of residents posted on county web site, were stolen and used to commit identity theft. [1,300,000]
Not included in number below.
Mar. 3, 2006 Metropolitan State College
(Denver, CO) Stolen laptop containing names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester. 93,000
Mar. 5, 2006 Georgetown Univ.
(Washington, D.C.) Hacking. Personal information including names, birthdates and Social Security numbers of District seniors served by the Office on Aging. 41,000
Mar. 8, 2006 Verizon Communications
(New York, NY) 2 stolen laptops containing employees' personal information including Social Security numbers. "Significant number"
Mar. 8, 2006 iBill
(Deerfield Beach, FL) Dishonest insider or possibly malicious software linked to iBill used to post names, phone numbers, addresses, e-mail addresses, Internet IP addresses, logins and passwords, credit card types and purchase amount online. Credit card account numbers, expiration dates, security codes, and SSNs were NOT included, but in our opinion the affected individuals could be vulnerable to social engineering to obtain such information. [17,781,462]
Not included in total below.
Mar. 11, 2006 CA Dept. of Consumer Affairs (DCA)
(Sacramento, CA) Mail theft. Applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms include full or partial Social Security numbers, driver's license numbers, and potentially payment checks.
"A small number"
Mar. 14, 2006 General Motors
(Detroit, MI) Dishonest insider keep Social Security numbers of co-workers to perpetrate identity theft. 100
Mar. 14
2006 Buffalo Bisons and Choice One Online
(Buffalo, NY) Hacker accessed sensitive financial information including credit card numbers names, passwords of customers who ordered items online. Unknown
Mar. 15,
2006 Ernst & Young
(UK) Laptop lost containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP employees exposed. Unknown
Mar. 16,
2006 Bananas.com
(San Rafael, CA)

Hacker accessed names, addresses, phone numbers and credit card numbers of customers.
274
Mar. 23,
2006 Fidelity Investments
(Boston, MA) Stolen laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was stolen. 196,000
Mar. 24,
2006 CA State Employment Development Division
(Sacramento, CA)
Computer glitch sends state Employment Development Division 1099 tax forms containing Social Security numbers and income information to the wrong addresses, potentially exposing those taxpayers to identity theft. 64,000
Mar. 24,
2006 Vermont State Colleges (VT) Laptop stolen containing Social Security numbers and payroll data of students, faculty and staff associated with the five-college system from as long ago as 2000. 14,000
Mar. 30,
2006 Marines
(Monterey, CA) Portable drive lost that contains personal information used for research on re-enlistment bonuses. 207,750

Mar. 30,
2006
Georgia Technology Authority
(Atlanta, GA) Hacker exploited security flaw to gain access to confidential information including Social Security numbers and bank-account details of state pensioners. 573,000
Mar. 30,
2006 Conn. Technical High School System
(Middletown, CT) Social Security numbers of students and faculty mistakenly distributed via email. 1,250
April 4,
2006 Authorize.Net Hackers access credit card information of online shoppers through software vulnerability in web site's "shopping cart" feature. Suspicious transactions, most for $500 or $700, were pushed through the merchant accounts of at least three companies including Sportbike Track Time (Delta, OH) 3,000
April 6,
2006 Progressive Casualty Insurance
(Mayfield Village, OH) Dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure properties she was interested in buying. 13
April 7,
2006 DiscountDomain
Registry.com
(Brooklyn, NY) Exposed online. Domain registrants' personal information including usernames, passwords and credit card numbers were accessible online. "thousands of domain name registrations"
April 9,
2006 University of Medicine and Dentistry of New Jersey
(Newark, NJ) Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni. 1,850
April 12,
2006 Ross-Simons
(Providence, RI) Security breach exposed account and personal information of those who applied for its private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants. Unknown
April 14,
2006 Univ. of South Carolina
(Columbia, SC) Social Security numbers of students were mistakenly e-mailed to classmates. 1,400
April 21,
2006 University of Alaska, Fairbanks
(Fairbanks, AK) Hacker accessed names, Social Security numbers and partial e-mail addresses of current and former students, faculty and staff. 38,941
April 24,
2006 University of Texas' McCombs School of Business
(Austin, TX)
Hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members. 197,000
April 26,
2006 Purdue University
(West Lafayette, IN) Hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships. 1,351
April 26,
2006 Aetna -- health insurance records for employees of 2 members, including Omni Hotels and the Dept. of Defense NAF
(Hartford, CT) Laptop containing personal information including names, addresses and Social Security numbers of Dept. of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car. 38,000
April 27,
2006 MasterCard
(Potentially UK only) Though MasterCard refused to say how the breach occurred, fraudsters stole the credit card details of holders in a major security breach. [2,000]
Not included in total below.
April 27,
2006 Long Island Rail
Road
(Jamaica, NY) Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of "virtually everyone" who worked for the agency was lost by delivery contractor Iron Mountain while enroute. Data tapes belonging to the U.S. Department of Veterans Affairs may also have been affected. 17,000
April 28,
2006 Ohio's Secretary of State
(Cleveland, OH)
The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained SSNs, which were not supposed to have been included on the CDs. "Potentially millions of registered voters"
April 28,
2006 Dept. of Defense
(Washington, DC) Hacker accessed a Tricare
Management Activity (TMA) public server containing personal information about military employees. Unknown
May 2,
2006 Ohio University
(Athens, OH) Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum. 300,000
May 2,
2006 Georgia State Government
(Atlanta, GA) Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens. Unknown
May 4,
2006 Idaho Power Co.
(Boise, ID) Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO. Unknown
May 5,
2006 Wells Fargo
(San Francisco, CA) Computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another. Unknown
May 11,
2006 Ohio University
Hudson Health Center
(Athens, OH) Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students. 60,000
May 12,
2006 Mercantile Potomac Bank
(Gaithersburg, MD) Laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates. 48,000
May 19,
2006 American Institute of Certified Public Accountants (AICPA)
(New York, NY) An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company.
300,000
May 19,
2006 Unknown retail merchant Visa, MasterCard, and other debit and credit card numbers from banks across the country were stolen when a national retailer's database was breached. No names, Social Security numbers or other personal identification were taken. Unknown
May 22,
2006 Dept. of Veterans Affairs
(Washington, DC) Data of all American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone numbers and addresses, was stolen from a VA employee's home. The employee was not authorized to take the files home to work on a data collation project. The data did not contain medical or financial information, but may have disability numerical rankings. 26,500,000
May 23,
2006 Univ. of Delaware
(Newark, DE) Security breach of a Department of Public Safety computer server potentialy exposes names, Social Security numbers and driver's license numbers. 1,076
May 23,
2006 M&T Bank
(Buffalo, NY) Laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name. Unknown
May 24,
2006 Sacred Heart Univ.
(Fairfield, CT) Computer containing personal information including names, addreses and Social Security numbers was breached. Unknown
May 24,
2006 American Red Cross, St. Louis Chapter
(St. Louis, Dishonest employee had access to Social Security numbers of donors to call urging them to give blood again. The employee misused the persoal information of at least 3 people to perpetrate identity theft and had access to the personal information of 1 million donors. 1,000,000
May 30,
2006 Texas Guaranteed Student Loan Corp.
(Round Rock, TX)
via subcontractor, Hummingbird
(Toronto, Canada) Texas Guaranteed (TG) was notified by subcontractor Hummingbird that an employee had lost a piece of equipment containing names and Social Security numbers of TG borrowers. 1,300,000
May 30,
2006 Florida Int'l Univ.
(Miami, FL) Hacker accessed a database that contained personal information, such as student and applicant names and Social Security numbers. Unknown
June 1,
2006 Miami University
(Oxford, OH) An employee lost a hand-held personal computer containing personal information of students who were enrolled between July 2001 and May 2006. 851
June 1,
2006 Ernst & Young
(UK) A laptop containing names, addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas. 243,000
June 1,
2006 Univ. of Kentucky
(Lexington, KY) Personal information of current and former University of Kentucky employees including Social Security numbers was inadvertently accessible online for 19 days last month. 1,300
June 2,
2006 Buckeye Community Health Plan
(Columbus, OH) Four laptop computers containing customer names, Social Security numbers, and addresses were stolen from the Medicaid insurance provider. 72,000
June 2,
2006 Ahold USA
(Landover, MD)
Parent company of Stop & Shop, Giant stores and Tops stores via subcontractor Electronic Data Systems
(Plano, TX)
An EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts. Unknown
June 2,
2006 YMCA
(Providence, RI) Laptop computer containing personal information of members was stolen. The information included credit card and debit card numbers, checking account information, Social Security numbers, the names and addresses of children in daycare programs and medical information about the children, such as allergies and the medicine they take, though the type of stolen information about each person varies. 65,000

TOTAL

84,797,096

[link to www.privacyrights.org]

Some missing voters' records found in Denver


DENVER More than half of the 150-thousand voting records reported missing from Denver files have been found. That's raising hopes the records were simply misplaced when city election commission staff moved in February, not lost or stolen.

The lost microfilmed voter registration records from 1989 to 1998 include voters' Social Security numbers, addresses and other personal information. Commission officials have recommended that people who registered during that period file a fraud alert with credit agencies as a precaution.Denver Election Commission staff searched its former building late Friday and found 87-thousand records in a plastic box marked for the move to the agency's new headquarters.


[link to www.wbay.com]